origin

package
v3.11.0-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 15, 2018 License: Apache-2.0 Imports: 192 Imported by: 0

Documentation

Overview

Package origin provides objects for creating an OpenShift Origin server

Index

Constants

This section is empty.

Variables

View Source 
var (
	// OriginLegacyKinds lists all kinds that are locked to the legacy Origin API schema.
	// This list should not grow and adding a new types to the locked Origin API schema will
	// cause a unit test failure.
	OriginLegacyKinds = sets.NewString(
		"AppliedClusterResourceQuota",
		"AppliedClusterResourceQuotaList",
		"BinaryBuildRequestOptions",
		"Build",
		"BuildConfig",
		"BuildConfigList",
		"BuildList",
		"BuildLog",
		"BuildLogOptions",
		"BuildRequest",
		"ClusterNetwork",
		"ClusterNetworkList",
		"ClusterResourceQuota",
		"ClusterResourceQuotaList",
		"ClusterRole",
		"ClusterRoleBinding",
		"ClusterRoleBindingList",
		"ClusterRoleList",
		"DeploymentConfig",
		"DeploymentConfigList",
		"DeploymentConfigRollback",
		"DeploymentLog",
		"DeploymentLogOptions",
		"DeploymentRequest",
		"EgressNetworkPolicy",
		"EgressNetworkPolicyList",
		"Group",
		"GroupList",
		"HostSubnet",
		"HostSubnetList",
		"Identity",
		"IdentityList",
		"Image",
		"ImageList",
		"ImageSignature",
		"ImageStream",
		"ImageStreamImage",
		"ImageStreamImport",
		"ImageStreamList",
		"ImageStreamMapping",
		"ImageStreamTag",
		"ImageStreamTagList",
		"IsPersonalSubjectAccessReview",
		"LocalResourceAccessReview",
		"LocalSubjectAccessReview",
		"NetNamespace",
		"NetNamespaceList",
		"OAuthAccessToken",
		"OAuthAccessTokenList",
		"OAuthAuthorizeToken",
		"OAuthAuthorizeTokenList",
		"OAuthClient",
		"OAuthClientAuthorization",
		"OAuthClientAuthorizationList",
		"OAuthClientList",
		"OAuthRedirectReference",
		"PodSecurityPolicyReview",
		"PodSecurityPolicySelfSubjectReview",
		"PodSecurityPolicySubjectReview",
		"ProcessedTemplate",
		"Project",
		"ProjectList",
		"ProjectRequest",
		"ResourceAccessReview",
		"ResourceAccessReviewResponse",
		"Role",
		"RoleBinding",
		"RoleBindingList",
		"RoleBindingRestriction",
		"RoleBindingRestrictionList",
		"RoleList",
		"Route",
		"RouteList",
		"SelfSubjectRulesReview",
		"SubjectAccessReview",
		"SubjectAccessReviewResponse",
		"SubjectRulesReview",
		"Template",
		"TemplateConfig",
		"TemplateList",
		"User",
		"UserIdentityMapping",
		"UserList",
	)

	// OriginLegacyResources lists all Origin resources that are locked for the legacy v1
	// Origin API. This list should not grow.
	OriginLegacyResources = sets.NewString(
		"appliedClusterResourceQuotas",
		"buildConfigs",
		"builds",
		"clusterNetworks",
		"clusterResourceQuotas",
		"clusterRoleBindings",
		"clusterRoles",
		"deploymentConfigRollbacks",
		"deploymentConfigs",
		"egressNetworkPolicies",
		"groups",
		"hostSubnets",
		"identities",
		"imageStreamImages",
		"imageStreamImports",
		"imageStreamMappings",
		"imageStreamTags",
		"imageStreams",
		"images",
		"imagesignatures",
		"localResourceAccessReviews",
		"localSubjectAccessReviews",
		"netNamespaces",
		"oAuthAccessTokens",
		"oAuthAuthorizeTokens",
		"oAuthClientAuthorizations",
		"oAuthClients",
		"podSecurityPolicyReviews",
		"podSecurityPolicySelfSubjectReviews",
		"podSecurityPolicySubjectReviews",
		"policies",
		"policyBindings",
		"processedTemplates",
		"projectRequests",
		"projects",
		"resourceAccessReviews",
		"roleBindingRestrictions",
		"roleBindings",
		"roles",
		"routes",
		"selfSubjectRulesReviews",
		"subjectAccessReviews",
		"subjectRulesReviews",
		"templates",
		"userIdentityMappings",
		"users",
	)

	// OriginLegacySubresources lists all Origin sub-resources that are locked for the
	// legacy v1 Origin API. This list should not grow.
	OriginLegacySubresources = sets.NewString(
		"clusterResourceQuotas/status",
		"processedTemplates",
		"imageStreams/status",
		"imageStreams/secrets",
		"generateDeploymentConfigs",
		"deploymentConfigs/log",
		"deploymentConfigs/instantiate",
		"deploymentConfigs/scale",
		"deploymentConfigs/status",
		"deploymentConfigs/rollback",
		"routes/status",
		"builds/clone",
		"builds/log",
		"builds/details",
		"buildConfigs/webhooks",
		"buildConfigs/instantiate",
		"buildConfigs/instantiatebinary",
	)
)
View Source 
var GRPCThreadLimit = 0

Functions

func LegacyStorage 

func LegacyStorage(storage map[schema.GroupVersion]map[string]rest.Storage) map[string]rest.Storage

LegacyStorage returns a storage for locked legacy types.

func NewAuthenticator added in v3.7.0 

func NewAuthenticator(
	options configapi.MasterConfig,
	privilegedLoopbackConfig *rest.Config,
	informers InformerAccess,
) (authenticator.Request, map[string]genericapiserver.PostStartHookFunc, error)

func NewAuthorizer added in v3.7.0 

func NewAuthorizer(informers InformerAccess, projectRequestDenyMessage string) authorizer.Authorizer

func NewInformers added in v3.10.0 

func NewInformers(clientConfig *rest.Config) (*informerHolder, error)

NewInformers is only exposed for the build's integration testing until it can be fixed more appropriately.

func NewOAuthServerConfigFromMasterConfig added in v3.7.0 

func NewOAuthServerConfigFromMasterConfig(masterConfig *MasterConfig, listener net.Listener) (*oauthserver.OAuthServerConfig, error)

TODO this is taking a very large config for a small piece of it. The information must be broken up at some point so that we can run this in a pod. This is an indication of leaky abstraction because it spent too much time in openshift start

func NewRuleResolver added in v3.10.0 

func NewRuleResolver(informers rbacinformers.Interface) rbacregistryvalidation.AuthorizationRuleResolver

func NewServiceProxyHandler added in v3.10.0 

func NewServiceProxyHandler(serviceName string, serviceNamespace string, serviceResolver ServiceResolver, caBundle []byte, applicationDisplayName string) (*serviceProxyHandler, error)

NewServiceProxyHandler is a simple proxy that doesn't handle upgrades, passes headers directly through, and doesn't assert any identity.

func NewSubjectLocator added in v3.10.0 

func NewSubjectLocator(informers rbacinformers.Interface) rbacauthorizer.SubjectLocator

func PanicOnGRPCStuckThreads added in v3.10.0 

func PanicOnGRPCStuckThreads(interval time.Duration, stopCh <-chan struct{})

func StartProfiler added in v3.10.0 

func StartProfiler()

func WithPatternPrefixHandler added in v3.7.0 

func WithPatternPrefixHandler(handler http.Handler, patternHandler http.Handler, prefixes ...string) http.Handler

Types

type CompletedConfig added in v3.8.0 

type CompletedConfig struct {
	// contains filtered or unexported fields
}

func (CompletedConfig) New added in v3.8.0 

func (c CompletedConfig) New(delegationTarget genericapiserver.DelegationTarget) (*OpenshiftAPIServer, error)

type CompletedOpenshiftNonAPIConfig added in v3.8.0 

type CompletedOpenshiftNonAPIConfig struct {
	// contains filtered or unexported fields
}

func (CompletedOpenshiftNonAPIConfig) New added in v3.8.0 

func (c CompletedOpenshiftNonAPIConfig) New(delegationTarget genericapiserver.DelegationTarget) (*OpenshiftNonAPIServer, error)

type GenericResourceInformer added in v3.10.0 

type GenericResourceInformer interface {
	ForResource(resource schema.GroupVersionResource) (kexternalinformers.GenericInformer, error)
	Start(stopCh <-chan struct{})
}

type InformerAccess 

type InformerAccess interface {
	GetInternalKubeInformers() kinternalinformers.SharedInformerFactory
	GetExternalKubeInformers() kinformers.SharedInformerFactory
	GetAppInformers() appinformer.SharedInformerFactory
	GetAuthorizationInformers() authorizationinformer.SharedInformerFactory
	GetBuildInformers() buildinformer.SharedInformerFactory
	GetImageInformers() imageinformer.SharedInformerFactory
	GetNetworkInformers() networkinformer.SharedInformerFactory
	GetOauthInformers() oauthinformer.SharedInformerFactory
	GetQuotaInformers() quotainformer.SharedInformerFactory
	GetSecurityInformers() securityinformer.SharedInformerFactory
	GetRouteInformers() routeinformer.SharedInformerFactory
	GetUserInformers() userinformer.SharedInformerFactory
	GetTemplateInformers() templateinformer.SharedInformerFactory
	ToGenericInformer() GenericResourceInformer

	Start(stopCh <-chan struct{})
}

type MasterConfig 

type MasterConfig struct {
	Options configapi.MasterConfig

	// RESTOptionsGetter provides access to storage and RESTOptions for a particular resource
	RESTOptionsGetter restoptions.Getter

	RuleResolver   rbacregistryvalidation.AuthorizationRuleResolver
	SubjectLocator rbacauthorizer.SubjectLocator

	ProjectAuthorizationCache     *projectauth.AuthorizationCache
	ProjectCache                  *projectcache.ProjectCache
	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController
	LimitVerifier                 imageadmission.LimitVerifier

	// RegistryHostnameRetriever retrieves the name of the integrated registry, or false if no such registry
	// is available.
	RegistryHostnameRetriever imageapi.RegistryHostnameRetriever

	// PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components
	// To apply different access control to a system component, create a client config specifically for that component.
	PrivilegedLoopbackClientConfig restclient.Config

	// PrivilegedLoopbackKubernetesClientsetInternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetInternal kclientsetinternal.Interface
	// PrivilegedLoopbackKubernetesClientsetExternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetExternal kclientsetexternal.Interface

	AuditBackend audit.Backend

	// TODO inspect uses to eliminate them
	InternalKubeInformers  kinternalinformers.SharedInformerFactory
	ClientGoKubeInformers  kubeclientgoinformers.SharedInformerFactory
	AuthorizationInformers authorizationinformer.SharedInformerFactory
	RouteInformers         routeinformer.SharedInformerFactory
	QuotaInformers         quotainformer.SharedInformerFactory
	SecurityInformers      securityinformer.SharedInformerFactory
	// contains filtered or unexported fields
}

MasterConfig defines the required parameters for starting the OpenShift master

func BuildMasterConfig 

func BuildMasterConfig(
	options configapi.MasterConfig,
	informers InformerAccess,
) (*MasterConfig, error)

BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options

func (*MasterConfig) RouteAllocator 

func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController

RouteAllocator returns a route allocation controller.

func (*MasterConfig) Run 

func (c *MasterConfig) Run(stopCh <-chan struct{}) error

Run launches the OpenShift master by creating a kubernetes master, installing OpenShift APIs into it and then running it. TODO this method only exists to support the old openshift start path. It should be removed a little ways into 3.10.

func (*MasterConfig) RunDNSServer 

func (c *MasterConfig) RunDNSServer()

RunDNSServer starts the DNS server

func (*MasterConfig) RunKubeAPIServer added in v3.10.0 

func (c *MasterConfig) RunKubeAPIServer(stopCh <-chan struct{}) error

func (*MasterConfig) RunOpenShift added in v3.10.0 

func (c *MasterConfig) RunOpenShift(stopCh <-chan struct{}) error

type NonAPIExtraConfig added in v3.8.0 

type NonAPIExtraConfig struct {
	OAuthMetadata []byte
}

type OpenshiftAPIConfig 

type OpenshiftAPIConfig struct {
	GenericConfig *genericapiserver.RecommendedConfig
	ExtraConfig   OpenshiftAPIExtraConfig
}

func (*OpenshiftAPIConfig) Complete 

func (c *OpenshiftAPIConfig) Complete() completedConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

type OpenshiftAPIExtraConfig added in v3.8.0 

type OpenshiftAPIExtraConfig struct {
	KubeAPIServerClientConfig *restclient.Config
	KubeClientInternal        kclientsetinternal.Interface
	KubeInternalInformers     kinternalinformers.SharedInformerFactory

	QuotaInformers    quotainformer.SharedInformerFactory
	SecurityInformers securityinformer.SharedInformerFactory

	// these are all required to build our storage
	RuleResolver   rbacregistryvalidation.AuthorizationRuleResolver
	SubjectLocator rbacauthorizer.SubjectLocator

	// for Images
	LimitVerifier imageadmission.LimitVerifier
	// RegistryHostnameRetriever retrieves the internal and external hostname of
	// the integrated registry, or false if no such registry is available.
	RegistryHostnameRetriever          imageapi.RegistryHostnameRetriever
	AllowedRegistriesForImport         *configapi.AllowedRegistries
	MaxImagesBulkImportedPerRepository int

	RouteAllocator *routeallocationcontroller.RouteAllocationController

	ProjectAuthorizationCache *projectauth.AuthorizationCache
	ProjectCache              *projectcache.ProjectCache
	ProjectRequestTemplate    string
	ProjectRequestMessage     string

	// oauth API server
	ServiceAccountMethod configapi.GrantHandlerType

	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController

	// SCCStorage is actually created with a kubernetes restmapper options to have the correct prefix,
	// so we have to have it special cased here to point to the right spot.
	SCCStorage *sccstorage.REST
}

func (*OpenshiftAPIExtraConfig) Validate added in v3.8.0 

func (c *OpenshiftAPIExtraConfig) Validate() error

Validate helps ensure that we build this config correctly, because there are lots of bits to remember for now

type OpenshiftAPIServer 

type OpenshiftAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftAPIServer is only responsible for serving the APIs for Openshift It does NOT expose oauth, related oauth endpoints, or any kube APIs.

type OpenshiftNonAPIConfig 

type OpenshiftNonAPIConfig struct {
	GenericConfig *genericapiserver.RecommendedConfig
	ExtraConfig   NonAPIExtraConfig
}

func (*OpenshiftNonAPIConfig) Complete 

func (c *OpenshiftNonAPIConfig) Complete() completedOpenshiftNonAPIConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

type OpenshiftNonAPIServer 

type OpenshiftNonAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftNonAPIServer serves non-API endpoints for openshift.

type ServiceResolver added in v3.10.0 

type ServiceResolver interface {
	ResolveEndpoint(namespace, name string) (*url.URL, error)
}

A ServiceResolver knows how to get a URL given a service.

type TooManyThreadsStuckHealth added in v3.10.0 

type TooManyThreadsStuckHealth struct {
	// contains filtered or unexported fields
}

TooManyThreadsStuckHealth is a health checker that indicates when we have too many thread in a particular method. This condition usually indicates that we got stuck and we should restart ourselves

func NewGRPCStuckThreads added in v3.10.0 

func NewGRPCStuckThreads() *TooManyThreadsStuckHealth

func (*TooManyThreadsStuckHealth) Check added in v3.10.0 

func (h *TooManyThreadsStuckHealth) Check(req *http.Request) error

func (*TooManyThreadsStuckHealth) Count added in v3.10.0 

func (h *TooManyThreadsStuckHealth) Count() int

func (*TooManyThreadsStuckHealth) Name added in v3.10.0 

func (h *TooManyThreadsStuckHealth) Name() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.