README
apiserver
Generic library for building a Kubernetes aggregated API server.
Purpose
This library contains code to create Kubernetes aggregation server complete with delegated authentication and authorization,
kubectl
compatible discovery information, optional admission chain, and versioned types. It's first consumers are
k8s.io/kubernetes
, k8s.io/kube-aggregator
, and github.com/kubernetes-incubator/service-catalog
.
Compatibility
There are NO compatibility guarantees for this repository, yet. It is in direct support of Kubernetes, so branches will track Kubernetes and be compatible with that repo. As we more cleanly separate the layers, we will review the compatibility guarantee. We have a goal to make this easier to use in the future.
Where does it come from?
apiserver
is synced from https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver.
Code changes are made in that location, merged into k8s.io/kubernetes
and later synced here.
Things you should NOT do
- Directly modify any files under
pkg
in this repo. Those are driven fromk8s.io/kubernetes/staging/src/k8s.io/apiserver
. - Expect compatibility. This repo is changing quickly in direct support of Kubernetes and the API isn't yet stable enough for API guarantees.
Directories
Path | Synopsis |
---|---|
pkg/admission | |
pkg/admission/configuration | |
pkg/admission/initializer | |
pkg/admission/metrics | |
pkg/admission/plugin/namespace/lifecycle | |
pkg/admission/plugin/webhook | |
pkg/admission/plugin/webhook/config | |
pkg/admission/plugin/webhook/config/apis/webhookadmission | |
pkg/admission/plugin/webhook/config/apis/webhookadmission/install | Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery. |
pkg/admission/plugin/webhook/config/apis/webhookadmission/v1 | Package v1 is the v1 version of the API. |
pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1 | Package v1alpha1 is the v1alpha1 version of the API. |
pkg/admission/plugin/webhook/errors | Package errors contains utilities for admission webhook specific errors |
pkg/admission/plugin/webhook/generic | |
pkg/admission/plugin/webhook/initializer | |
pkg/admission/plugin/webhook/mutating | Package mutating delegates admission checks to dynamically configured mutating webhooks. |
pkg/admission/plugin/webhook/namespace | Package namespace defines the utilities that are used by the webhook plugin to decide if a webhook should be applied to an object based on its namespace. |
pkg/admission/plugin/webhook/object | Package object defines the utilities that are used by the webhook plugin to decide if a webhook should run, as long as either the old object or the new object has labels matching the webhook config's objectSelector. |
pkg/admission/plugin/webhook/request | Package request creates admissionReview request based on admission attributes. |
pkg/admission/plugin/webhook/rules | |
pkg/admission/plugin/webhook/testcerts | Package testcerts contains generated key pairs used by the unit tests of mutating and validating webhooks. |
pkg/admission/plugin/webhook/testing | |
pkg/admission/plugin/webhook/testing/main | |
pkg/admission/plugin/webhook/util | |
pkg/admission/plugin/webhook/validating | Package validating makes calls to validating (i.e., non-mutating) webhooks during the admission process. |
pkg/admission/testing | |
pkg/apis/apiserver | Package apiserver is the internal version of the API. |
pkg/apis/apiserver/install | |
pkg/apis/apiserver/v1 | Package v1 is the v1 version of the API. |
pkg/apis/apiserver/v1alpha1 | Package v1alpha1 is the v1alpha1 version of the API. |
pkg/apis/apiserver/v1beta1 | Package v1beta1 is the v1beta1 version of the API. |
pkg/apis/apiserverinternal | Package apiserverinternal contains the "internal" version of the API used by the apiservers themselves. |
pkg/apis/apiserverinternal/fuzzer | |
pkg/apis/apiserverinternal/install | Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery. |
pkg/apis/apiserverinternal/v1alpha1 | Package v1alpha1 contains the v1alpha1 version of the API used by the apiservers themselves. |
pkg/apis/apiserverinternal/validation | |
pkg/apis/audit | |
pkg/apis/audit/fuzzer | |
pkg/apis/audit/install | Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery. |
pkg/apis/audit/v1 | |
pkg/apis/audit/v1alpha1 | |
pkg/apis/audit/v1beta1 | |
pkg/apis/audit/validation | |
pkg/apis/config | |
pkg/apis/config/v1 | Package v1 is the v1 version of the API. |
pkg/apis/config/validation | Package validation validates EncryptionConfiguration. |
pkg/apis/example | package example contains an example API used to demonstrate how to create api groups. |
pkg/apis/example/fuzzer | |
pkg/apis/example/install | Package install installs the example API group, making it available as an option to all of the API encoding/decoding machinery. |
pkg/apis/example/v1 | |
pkg/apis/example2 | +k8s:deepcopy-gen=package +groupName=example2.k8s.io package example2 contains an example API whose internal version is defined in another group ("example"). |
pkg/apis/example2/install | Package install installs the example2 API group, making it available as an option to all of the API encoding/decoding machinery. |
pkg/apis/example2/v1 | Package v1 is a generated protocol buffer package. |
pkg/apis/flowcontrol/bootstrap | |
pkg/audit | TODO: Delete this file if we generate a clientset. |
pkg/audit/event | |
pkg/audit/policy | |
pkg/authentication/authenticator | |
pkg/authentication/authenticatorfactory | |
pkg/authentication/group | |
pkg/authentication/request/anonymous | |
pkg/authentication/request/bearertoken | |
pkg/authentication/request/headerrequest | |
pkg/authentication/request/union | |
pkg/authentication/request/websocket | |
pkg/authentication/request/x509 | Package x509 provides a request authenticator that validates and extracts user information from client certificates |
pkg/authentication/serviceaccount | |
pkg/authentication/token/cache | |
pkg/authentication/token/tokenfile | |
pkg/authentication/token/union | |
pkg/authentication/user | Package user contains utilities for dealing with simple user exchange in the auth packages. |
pkg/authorization/authorizer | |
pkg/authorization/authorizerfactory | |
pkg/authorization/path | Package path contains an authorizer that allows certain paths and path prefixes. |
pkg/authorization/union | Package union implements an authorizer that combines multiple subauthorizer. |
pkg/endpoints | Package endpoints contains the generic code that provides a RESTful Kubernetes-style API service. |
pkg/endpoints/deprecation | |
pkg/endpoints/discovery | |
pkg/endpoints/filters | Package filters contains all the http handler chain filters which _are_ api related, i.e. |
pkg/endpoints/handlers | Package handlers contains HTTP handlers to implement the apiserver APIs. |
pkg/endpoints/handlers/fieldmanager | |
pkg/endpoints/handlers/fieldmanager/internal | |
pkg/endpoints/handlers/negotiation | Package negotiation contains media type negotiation logic. |
pkg/endpoints/handlers/responsewriters | Package responsewriters containers helpers to write responses in HTTP handlers. |
pkg/endpoints/metrics | |
pkg/endpoints/openapi | |
pkg/endpoints/openapi/testing | |
pkg/endpoints/request | Package request contains everything around extracting info from a http request object. |
pkg/endpoints/testing | |
pkg/endpoints/warning | |
pkg/features | |
pkg/registry | Package registry contains the generic implementation of the storage and system logic. |
pkg/registry/generic | Package generic provides a generic object store interface and a generic label/field matching type. |
pkg/registry/generic/registry | Package etcd has a generic implementation of a registry that stores things in etcd. |
pkg/registry/generic/rest | Package rest has generic implementations of resources used for REST responses |
pkg/registry/generic/testing | |
pkg/registry/rest | Package rest defines common logic around changes to Kubernetes-style resources. |
pkg/registry/rest/resttest | |
pkg/server | Package server contains the plumbing to create kubernetes-like API server command. |
pkg/server/dynamiccertificates | |
pkg/server/egressselector | |
pkg/server/egressselector/metrics | |
pkg/server/filters | Package filters contains all the http handler chain filters which are not api related. |
pkg/server/healthz | Package healthz implements basic http server health checking. |
pkg/server/httplog | Package httplog contains a helper object and functions to maintain a log along with an http response. |
pkg/server/mux | Package mux contains abstractions for http multiplexing of APIs. |
pkg/server/options | package options is the public flags and options used by a generic api server. |
pkg/server/options/encryptionconfig | |
pkg/server/resourceconfig | Package resourceconfig contains the resource config related helper functions. |
pkg/server/routes | Package routes holds a collection of optional genericapiserver http handlers. |
pkg/server/storage | Package storage contains the plumbing to setup the etcd storage of the apiserver. |
pkg/storage | Interfaces for database-related operations. |
pkg/storage/cacher | |
pkg/storage/errors | Package storage provides conversion of storage errors to API errors. |
pkg/storage/etcd3 | |
pkg/storage/etcd3/metrics | |
pkg/storage/etcd3/preflight | |
pkg/storage/etcd3/testing | |
pkg/storage/etcd3/testing/testingcert | |
pkg/storage/names | |
pkg/storage/storagebackend | |
pkg/storage/storagebackend/factory | |
pkg/storage/testing | |
pkg/storage/value | Package value contains methods for assisting with transformation of values in storage. |
pkg/storage/value/encrypt/aes | Package aes transforms values for storage at rest using AES-GCM. |
pkg/storage/value/encrypt/envelope | Package envelope transforms values for storage at rest using a Envelope provider Package envelope transforms values for storage at rest using a Envelope provider |
pkg/storage/value/encrypt/envelope/testing | |
pkg/storage/value/encrypt/envelope/v1beta1 | Package v1beta1 contains definition of kms-plugin's gRPC service. |
pkg/storage/value/encrypt/identity | |
pkg/storage/value/encrypt/secretbox | Package secretbox transforms values for storage at rest using XSalsa20 and Poly1305. |
pkg/util/apihelpers | |
pkg/util/dryrun | |
pkg/util/feature | |
pkg/util/flowcontrol | |
pkg/util/flowcontrol/counter | |
pkg/util/flowcontrol/debug | |
pkg/util/flowcontrol/fairqueuing | |
pkg/util/flowcontrol/fairqueuing/promise | |
pkg/util/flowcontrol/fairqueuing/promise/lockingpromise | |
pkg/util/flowcontrol/fairqueuing/queueset | Package queueset implements a technique called "fair queuing for server requests". |
pkg/util/flowcontrol/fairqueuing/testing | |
pkg/util/flowcontrol/fairqueuing/testing/clock | |
pkg/util/flowcontrol/format | |
pkg/util/flowcontrol/metrics | |
pkg/util/flushwriter | Package flushwriter implements a wrapper for a writer that flushes on every write if that writer implements the io.Flusher interface |
pkg/util/openapi | |
pkg/util/proxy | |
pkg/util/shufflesharding | |
pkg/util/webhook | Package webhook implements a generic HTTP webhook plugin. |
pkg/util/wsstream | Package wsstream contains utilities for streaming content over WebSockets. |
pkg/warning | |
plugin/pkg/audit | Package audit contains implementations for pkg/audit/AuditBackend interface |
plugin/pkg/audit/buffered | Package buffered provides an implementation for the audit.Backend interface that batches incoming audit events and sends batches to the delegate audit.Backend. |
plugin/pkg/audit/fake | Package fake provides a fake audit.Backend interface implementation for testing. |
plugin/pkg/audit/log | |
plugin/pkg/audit/truncate | Package truncate provides an implementation for the audit.Backend interface that truncates audit events and sends them to the delegate audit.Backend. |
plugin/pkg/audit/webhook | Package webhook implements the audit.Backend interface using HTTP webhooks. |
plugin/pkg/authenticator | Package authenticator contains implementations for pkg/auth/authenticator interfaces |
plugin/pkg/authenticator/token/oidc | oidc implements the authenticator.Token interface using the OpenID Connect protocol. |
plugin/pkg/authenticator/token/tokentest | |
plugin/pkg/authenticator/token/webhook | Package webhook implements the authenticator.Token interface using HTTP webhooks. |
plugin/pkg/authorizer/webhook | Package webhook implements the authorizer.Authorizer interface using HTTP webhooks. |