README

apiserver

Generic library for building a Kubernetes aggregated API server.

Purpose

This library contains code to create Kubernetes aggregation server complete with delegated authentication and authorization, kubectl compatible discovery information, optional admission chain, and versioned types. It's first consumers are k8s.io/kubernetes, k8s.io/kube-aggregator, and github.com/kubernetes-incubator/service-catalog.

Compatibility

There are NO compatibility guarantees for this repository, yet. It is in direct support of Kubernetes, so branches will track Kubernetes and be compatible with that repo. As we more cleanly separate the layers, we will review the compatibility guarantee. We have a goal to make this easier to use in the future.

Where does it come from?

apiserver is synced from https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver. Code changes are made in that location, merged into k8s.io/kubernetes and later synced here.

Things you should NOT do

  1. Directly modify any files under pkg in this repo. Those are driven from k8s.io/kubernetes/staging/src/k8s.io/apiserver.
  2. Expect compatibility. This repo is changing quickly in direct support of Kubernetes and the API isn't yet stable enough for API guarantees.
Expand ▾ Collapse ▴

Directories

Path Synopsis
pkg/admission
pkg/admission/configuration
pkg/admission/initializer
pkg/admission/metrics
pkg/admission/plugin/namespace/lifecycle
pkg/admission/plugin/webhook
pkg/admission/plugin/webhook/config
pkg/admission/plugin/webhook/config/apis/webhookadmission
pkg/admission/plugin/webhook/config/apis/webhookadmission/install Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
pkg/admission/plugin/webhook/config/apis/webhookadmission/v1 Package v1 is the v1 version of the API.
pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1 Package v1alpha1 is the v1alpha1 version of the API.
pkg/admission/plugin/webhook/errors Package errors contains utilities for admission webhook specific errors
pkg/admission/plugin/webhook/generic
pkg/admission/plugin/webhook/initializer
pkg/admission/plugin/webhook/mutating Package mutating delegates admission checks to dynamically configured mutating webhooks.
pkg/admission/plugin/webhook/namespace Package namespace defines the utilities that are used by the webhook plugin to decide if a webhook should be applied to an object based on its namespace.
pkg/admission/plugin/webhook/object Package object defines the utilities that are used by the webhook plugin to decide if a webhook should run, as long as either the old object or the new object has labels matching the webhook config's objectSelector.
pkg/admission/plugin/webhook/request Package request creates admissionReview request based on admission attributes.
pkg/admission/plugin/webhook/rules
pkg/admission/plugin/webhook/testcerts Package testcerts contains generated key pairs used by the unit tests of mutating and validating webhooks.
pkg/admission/plugin/webhook/testing
pkg/admission/plugin/webhook/testing/main
pkg/admission/plugin/webhook/util
pkg/admission/plugin/webhook/validating Package validating makes calls to validating (i.e., non-mutating) webhooks during the admission process.
pkg/admission/testing
pkg/apis/apiserver Package apiserver is the internal version of the API.
pkg/apis/apiserver/install
pkg/apis/apiserver/v1 Package v1 is the v1 version of the API.
pkg/apis/apiserver/v1alpha1 Package v1alpha1 is the v1alpha1 version of the API.
pkg/apis/apiserver/v1beta1 Package v1beta1 is the v1beta1 version of the API.
pkg/apis/apiserverinternal Package apiserverinternal contains the "internal" version of the API used by the apiservers themselves.
pkg/apis/apiserverinternal/fuzzer
pkg/apis/apiserverinternal/install Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
pkg/apis/apiserverinternal/v1alpha1 Package v1alpha1 contains the v1alpha1 version of the API used by the apiservers themselves.
pkg/apis/apiserverinternal/validation
pkg/apis/audit
pkg/apis/audit/fuzzer
pkg/apis/audit/install Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
pkg/apis/audit/v1
pkg/apis/audit/v1alpha1
pkg/apis/audit/v1beta1
pkg/apis/audit/validation
pkg/apis/config
pkg/apis/config/v1 Package v1 is the v1 version of the API.
pkg/apis/config/validation Package validation validates EncryptionConfiguration.
pkg/apis/example package example contains an example API used to demonstrate how to create api groups.
pkg/apis/example/fuzzer
pkg/apis/example/install Package install installs the example API group, making it available as an option to all of the API encoding/decoding machinery.
pkg/apis/example/v1
pkg/apis/example2 +k8s:deepcopy-gen=package +groupName=example2.k8s.io package example2 contains an example API whose internal version is defined in another group ("example").
pkg/apis/example2/install Package install installs the example2 API group, making it available as an option to all of the API encoding/decoding machinery.
pkg/apis/example2/v1 Package v1 is a generated protocol buffer package.
pkg/apis/flowcontrol/bootstrap
pkg/audit TODO: Delete this file if we generate a clientset.
pkg/audit/event
pkg/audit/policy
pkg/authentication/authenticator
pkg/authentication/authenticatorfactory
pkg/authentication/group
pkg/authentication/request/anonymous
pkg/authentication/request/bearertoken
pkg/authentication/request/headerrequest
pkg/authentication/request/union
pkg/authentication/request/websocket
pkg/authentication/request/x509 Package x509 provides a request authenticator that validates and extracts user information from client certificates
pkg/authentication/serviceaccount
pkg/authentication/token/cache
pkg/authentication/token/tokenfile
pkg/authentication/token/union
pkg/authentication/user Package user contains utilities for dealing with simple user exchange in the auth packages.
pkg/authorization/authorizer
pkg/authorization/authorizerfactory
pkg/authorization/path Package path contains an authorizer that allows certain paths and path prefixes.
pkg/authorization/union Package union implements an authorizer that combines multiple subauthorizer.
pkg/endpoints Package endpoints contains the generic code that provides a RESTful Kubernetes-style API service.
pkg/endpoints/deprecation
pkg/endpoints/discovery
pkg/endpoints/filters Package filters contains all the http handler chain filters which _are_ api related, i.e.
pkg/endpoints/handlers Package handlers contains HTTP handlers to implement the apiserver APIs.
pkg/endpoints/handlers/fieldmanager
pkg/endpoints/handlers/fieldmanager/internal
pkg/endpoints/handlers/negotiation Package negotiation contains media type negotiation logic.
pkg/endpoints/handlers/responsewriters Package responsewriters containers helpers to write responses in HTTP handlers.
pkg/endpoints/metrics
pkg/endpoints/openapi
pkg/endpoints/openapi/testing
pkg/endpoints/request Package request contains everything around extracting info from a http request object.
pkg/endpoints/testing
pkg/endpoints/warning
pkg/features
pkg/registry Package registry contains the generic implementation of the storage and system logic.
pkg/registry/generic Package generic provides a generic object store interface and a generic label/field matching type.
pkg/registry/generic/registry Package etcd has a generic implementation of a registry that stores things in etcd.
pkg/registry/generic/rest Package rest has generic implementations of resources used for REST responses
pkg/registry/generic/testing
pkg/registry/rest Package rest defines common logic around changes to Kubernetes-style resources.
pkg/registry/rest/resttest
pkg/server Package server contains the plumbing to create kubernetes-like API server command.
pkg/server/dynamiccertificates
pkg/server/egressselector
pkg/server/egressselector/metrics
pkg/server/filters Package filters contains all the http handler chain filters which are not api related.
pkg/server/healthz Package healthz implements basic http server health checking.
pkg/server/httplog Package httplog contains a helper object and functions to maintain a log along with an http response.
pkg/server/mux Package mux contains abstractions for http multiplexing of APIs.
pkg/server/options package options is the public flags and options used by a generic api server.
pkg/server/options/encryptionconfig
pkg/server/resourceconfig Package resourceconfig contains the resource config related helper functions.
pkg/server/routes Package routes holds a collection of optional genericapiserver http handlers.
pkg/server/storage Package storage contains the plumbing to setup the etcd storage of the apiserver.
pkg/storage Interfaces for database-related operations.
pkg/storage/cacher
pkg/storage/errors Package storage provides conversion of storage errors to API errors.
pkg/storage/etcd3
pkg/storage/etcd3/metrics
pkg/storage/etcd3/preflight
pkg/storage/etcd3/testing
pkg/storage/etcd3/testing/testingcert
pkg/storage/names
pkg/storage/storagebackend
pkg/storage/storagebackend/factory
pkg/storage/testing
pkg/storage/value Package value contains methods for assisting with transformation of values in storage.
pkg/storage/value/encrypt/aes Package aes transforms values for storage at rest using AES-GCM.
pkg/storage/value/encrypt/envelope Package envelope transforms values for storage at rest using a Envelope provider Package envelope transforms values for storage at rest using a Envelope provider
pkg/storage/value/encrypt/envelope/testing
pkg/storage/value/encrypt/envelope/v1beta1 Package v1beta1 contains definition of kms-plugin's gRPC service.
pkg/storage/value/encrypt/identity
pkg/storage/value/encrypt/secretbox Package secretbox transforms values for storage at rest using XSalsa20 and Poly1305.
pkg/util/apihelpers
pkg/util/dryrun
pkg/util/feature
pkg/util/flowcontrol
pkg/util/flowcontrol/counter
pkg/util/flowcontrol/debug
pkg/util/flowcontrol/fairqueuing
pkg/util/flowcontrol/fairqueuing/promise
pkg/util/flowcontrol/fairqueuing/promise/lockingpromise
pkg/util/flowcontrol/fairqueuing/queueset Package queueset implements a technique called "fair queuing for server requests".
pkg/util/flowcontrol/fairqueuing/testing
pkg/util/flowcontrol/fairqueuing/testing/clock
pkg/util/flowcontrol/format
pkg/util/flowcontrol/metrics
pkg/util/flushwriter Package flushwriter implements a wrapper for a writer that flushes on every write if that writer implements the io.Flusher interface
pkg/util/openapi
pkg/util/proxy
pkg/util/shufflesharding
pkg/util/webhook Package webhook implements a generic HTTP webhook plugin.
pkg/util/wsstream Package wsstream contains utilities for streaming content over WebSockets.
pkg/warning
plugin/pkg/audit Package audit contains implementations for pkg/audit/AuditBackend interface
plugin/pkg/audit/buffered Package buffered provides an implementation for the audit.Backend interface that batches incoming audit events and sends batches to the delegate audit.Backend.
plugin/pkg/audit/fake Package fake provides a fake audit.Backend interface implementation for testing.
plugin/pkg/audit/log
plugin/pkg/audit/truncate Package truncate provides an implementation for the audit.Backend interface that truncates audit events and sends them to the delegate audit.Backend.
plugin/pkg/audit/webhook Package webhook implements the audit.Backend interface using HTTP webhooks.
plugin/pkg/authenticator Package authenticator contains implementations for pkg/auth/authenticator interfaces
plugin/pkg/authenticator/token/oidc oidc implements the authenticator.Token interface using the OpenID Connect protocol.
plugin/pkg/authenticator/token/tokentest
plugin/pkg/authenticator/token/webhook Package webhook implements the authenticator.Token interface using HTTP webhooks.
plugin/pkg/authorizer/webhook Package webhook implements the authorizer.Authorizer interface using HTTP webhooks.