origin

package
v3.10.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 2, 2018 License: Apache-2.0 Imports: 192 Imported by: 0

Documentation

Overview

Package origin provides objects for creating an OpenShift Origin server

Index

Constants

This section is empty.

Variables

View Source 
var (
	// OriginLegacyKinds lists all kinds that are locked to the legacy Origin API schema.
	// This list should not grow and adding a new types to the locked Origin API schema will
	// cause a unit test failure.
	OriginLegacyKinds = sets.NewString(
		"AppliedClusterResourceQuota",
		"AppliedClusterResourceQuotaList",
		"BinaryBuildRequestOptions",
		"Build",
		"BuildConfig",
		"BuildConfigList",
		"BuildList",
		"BuildLog",
		"BuildLogOptions",
		"BuildRequest",
		"ClusterNetwork",
		"ClusterNetworkList",
		"ClusterResourceQuota",
		"ClusterResourceQuotaList",
		"ClusterRole",
		"ClusterRoleBinding",
		"ClusterRoleBindingList",
		"ClusterRoleList",
		"DeploymentConfig",
		"DeploymentConfigList",
		"DeploymentConfigRollback",
		"DeploymentLog",
		"DeploymentLogOptions",
		"DeploymentRequest",
		"EgressNetworkPolicy",
		"EgressNetworkPolicyList",
		"Group",
		"GroupList",
		"HostSubnet",
		"HostSubnetList",
		"Identity",
		"IdentityList",
		"Image",
		"ImageList",
		"ImageSignature",
		"ImageStream",
		"ImageStreamImage",
		"ImageStreamImport",
		"ImageStreamList",
		"ImageStreamMapping",
		"ImageStreamTag",
		"ImageStreamTagList",
		"IsPersonalSubjectAccessReview",
		"LocalResourceAccessReview",
		"LocalSubjectAccessReview",
		"NetNamespace",
		"NetNamespaceList",
		"OAuthAccessToken",
		"OAuthAccessTokenList",
		"OAuthAuthorizeToken",
		"OAuthAuthorizeTokenList",
		"OAuthClient",
		"OAuthClientAuthorization",
		"OAuthClientAuthorizationList",
		"OAuthClientList",
		"OAuthRedirectReference",
		"PodSecurityPolicyReview",
		"PodSecurityPolicySelfSubjectReview",
		"PodSecurityPolicySubjectReview",
		"ProcessedTemplate",
		"Project",
		"ProjectList",
		"ProjectRequest",
		"ResourceAccessReview",
		"ResourceAccessReviewResponse",
		"Role",
		"RoleBinding",
		"RoleBindingList",
		"RoleBindingRestriction",
		"RoleBindingRestrictionList",
		"RoleList",
		"Route",
		"RouteList",
		"SelfSubjectRulesReview",
		"SubjectAccessReview",
		"SubjectAccessReviewResponse",
		"SubjectRulesReview",
		"Template",
		"TemplateConfig",
		"TemplateList",
		"User",
		"UserIdentityMapping",
		"UserList",
	)

	// OriginLegacyResources lists all Origin resources that are locked for the legacy v1
	// Origin API. This list should not grow.
	OriginLegacyResources = sets.NewString(
		"appliedClusterResourceQuotas",
		"buildConfigs",
		"builds",
		"clusterNetworks",
		"clusterResourceQuotas",
		"clusterRoleBindings",
		"clusterRoles",
		"deploymentConfigRollbacks",
		"deploymentConfigs",
		"egressNetworkPolicies",
		"groups",
		"hostSubnets",
		"identities",
		"imageStreamImages",
		"imageStreamImports",
		"imageStreamMappings",
		"imageStreamTags",
		"imageStreams",
		"images",
		"imagesignatures",
		"localResourceAccessReviews",
		"localSubjectAccessReviews",
		"netNamespaces",
		"oAuthAccessTokens",
		"oAuthAuthorizeTokens",
		"oAuthClientAuthorizations",
		"oAuthClients",
		"podSecurityPolicyReviews",
		"podSecurityPolicySelfSubjectReviews",
		"podSecurityPolicySubjectReviews",
		"policies",
		"policyBindings",
		"processedTemplates",
		"projectRequests",
		"projects",
		"resourceAccessReviews",
		"roleBindingRestrictions",
		"roleBindings",
		"roles",
		"routes",
		"selfSubjectRulesReviews",
		"subjectAccessReviews",
		"subjectRulesReviews",
		"templates",
		"userIdentityMappings",
		"users",
	)

	// OriginLegacySubresources lists all Origin sub-resources that are locked for the
	// legacy v1 Origin API. This list should not grow.
	OriginLegacySubresources = sets.NewString(
		"clusterResourceQuotas/status",
		"processedTemplates",
		"imageStreams/status",
		"imageStreams/secrets",
		"generateDeploymentConfigs",
		"deploymentConfigs/log",
		"deploymentConfigs/instantiate",
		"deploymentConfigs/scale",
		"deploymentConfigs/status",
		"deploymentConfigs/rollback",
		"routes/status",
		"builds/clone",
		"builds/log",
		"builds/details",
		"buildConfigs/webhooks",
		"buildConfigs/instantiate",
		"buildConfigs/instantiatebinary",
	)
)
View Source 
var GRPCThreadLimit = 0

Functions

func LegacyStorage 

func LegacyStorage(storage map[schema.GroupVersion]map[string]rest.Storage) map[string]rest.Storage

LegacyStorage returns a storage for locked legacy types.

func NewAuthenticator 

func NewAuthenticator(
	options configapi.MasterConfig,
	privilegedLoopbackConfig *rest.Config,
	informers InformerAccess,
) (authenticator.Request, map[string]genericapiserver.PostStartHookFunc, error)

func NewAuthorizer 

func NewAuthorizer(informers InformerAccess, projectRequestDenyMessage string) authorizer.Authorizer

func NewInformers 

func NewInformers(clientConfig *rest.Config) (*informerHolder, error)

NewInformers is only exposed for the build's integration testing until it can be fixed more appropriately.

func NewOAuthServerConfigFromMasterConfig 

func NewOAuthServerConfigFromMasterConfig(masterConfig *MasterConfig, listener net.Listener) (*oauthserver.OAuthServerConfig, error)

TODO this is taking a very large config for a small piece of it. The information must be broken up at some point so that we can run this in a pod. This is an indication of leaky abstraction because it spent too much time in openshift start

func NewRuleResolver 

func NewRuleResolver(informers rbacinformers.Interface) rbacregistryvalidation.AuthorizationRuleResolver

func NewServiceProxyHandler 

func NewServiceProxyHandler(serviceName string, serviceNamespace string, serviceResolver ServiceResolver, caBundle []byte, applicationDisplayName string) (*serviceProxyHandler, error)

NewServiceProxyHandler is a simple proxy that doesn't handle upgrades, passes headers directly through, and doesn't assert any identity.

func NewSubjectLocator 

func NewSubjectLocator(informers rbacinformers.Interface) rbacauthorizer.SubjectLocator

func PanicOnGRPCStuckThreads 

func PanicOnGRPCStuckThreads(interval time.Duration, stopCh <-chan struct{})

func StartProfiler 

func StartProfiler()

func WithPatternPrefixHandler 

func WithPatternPrefixHandler(handler http.Handler, patternHandler http.Handler, prefixes ...string) http.Handler

Types

type CompletedConfig 

type CompletedConfig struct {
	// contains filtered or unexported fields
}

func (CompletedConfig) New 

func (c CompletedConfig) New(delegationTarget genericapiserver.DelegationTarget) (*OpenshiftAPIServer, error)

type CompletedOpenshiftNonAPIConfig 

type CompletedOpenshiftNonAPIConfig struct {
	// contains filtered or unexported fields
}

func (CompletedOpenshiftNonAPIConfig) New 

func (c CompletedOpenshiftNonAPIConfig) New(delegationTarget genericapiserver.DelegationTarget) (*OpenshiftNonAPIServer, error)

type GenericResourceInformer 

type GenericResourceInformer interface {
	ForResource(resource schema.GroupVersionResource) (kexternalinformers.GenericInformer, error)
	Start(stopCh <-chan struct{})
}

type InformerAccess 

type InformerAccess interface {
	GetInternalKubeInformers() kinternalinformers.SharedInformerFactory
	GetExternalKubeInformers() kinformers.SharedInformerFactory
	GetAppInformers() appinformer.SharedInformerFactory
	GetAuthorizationInformers() authorizationinformer.SharedInformerFactory
	GetBuildInformers() buildinformer.SharedInformerFactory
	GetImageInformers() imageinformer.SharedInformerFactory
	GetNetworkInformers() networkinformer.SharedInformerFactory
	GetOauthInformers() oauthinformer.SharedInformerFactory
	GetQuotaInformers() quotainformer.SharedInformerFactory
	GetSecurityInformers() securityinformer.SharedInformerFactory
	GetRouteInformers() routeinformer.SharedInformerFactory
	GetUserInformers() userinformer.SharedInformerFactory
	GetTemplateInformers() templateinformer.SharedInformerFactory
	ToGenericInformer() GenericResourceInformer

	Start(stopCh <-chan struct{})
}

type MasterConfig 

type MasterConfig struct {
	Options configapi.MasterConfig

	// RESTOptionsGetter provides access to storage and RESTOptions for a particular resource
	RESTOptionsGetter restoptions.Getter

	RuleResolver   rbacregistryvalidation.AuthorizationRuleResolver
	SubjectLocator rbacauthorizer.SubjectLocator

	ProjectAuthorizationCache     *projectauth.AuthorizationCache
	ProjectCache                  *projectcache.ProjectCache
	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController
	LimitVerifier                 imageadmission.LimitVerifier

	// RegistryHostnameRetriever retrieves the name of the integrated registry, or false if no such registry
	// is available.
	RegistryHostnameRetriever imageapi.RegistryHostnameRetriever

	// PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components
	// To apply different access control to a system component, create a client config specifically for that component.
	PrivilegedLoopbackClientConfig restclient.Config

	// PrivilegedLoopbackKubernetesClientsetInternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetInternal kclientsetinternal.Interface
	// PrivilegedLoopbackKubernetesClientsetExternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetExternal kclientsetexternal.Interface

	AuditBackend audit.Backend

	// TODO inspect uses to eliminate them
	InternalKubeInformers  kinternalinformers.SharedInformerFactory
	ClientGoKubeInformers  kubeclientgoinformers.SharedInformerFactory
	AuthorizationInformers authorizationinformer.SharedInformerFactory
	RouteInformers         routeinformer.SharedInformerFactory
	QuotaInformers         quotainformer.SharedInformerFactory
	SecurityInformers      securityinformer.SharedInformerFactory
	// contains filtered or unexported fields
}

MasterConfig defines the required parameters for starting the OpenShift master

func BuildMasterConfig 

func BuildMasterConfig(
	options configapi.MasterConfig,
	informers InformerAccess,
) (*MasterConfig, error)

BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options

func (*MasterConfig) RouteAllocator 

func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController

RouteAllocator returns a route allocation controller.

func (*MasterConfig) Run 

func (c *MasterConfig) Run(stopCh <-chan struct{}) error

Run launches the OpenShift master by creating a kubernetes master, installing OpenShift APIs into it and then running it. TODO this method only exists to support the old openshift start path. It should be removed a little ways into 3.10.

func (*MasterConfig) RunDNSServer 

func (c *MasterConfig) RunDNSServer()

RunDNSServer starts the DNS server

func (*MasterConfig) RunKubeAPIServer 

func (c *MasterConfig) RunKubeAPIServer(stopCh <-chan struct{}) error

func (*MasterConfig) RunOpenShift 

func (c *MasterConfig) RunOpenShift(stopCh <-chan struct{}) error

type NonAPIExtraConfig 

type NonAPIExtraConfig struct {
	OAuthMetadata []byte
}

type OpenshiftAPIConfig 

type OpenshiftAPIConfig struct {
	GenericConfig *genericapiserver.RecommendedConfig
	ExtraConfig   OpenshiftAPIExtraConfig
}

func (*OpenshiftAPIConfig) Complete 

func (c *OpenshiftAPIConfig) Complete() completedConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

type OpenshiftAPIExtraConfig 

type OpenshiftAPIExtraConfig struct {
	KubeAPIServerClientConfig *restclient.Config
	KubeClientInternal        kclientsetinternal.Interface
	KubeInternalInformers     kinternalinformers.SharedInformerFactory

	QuotaInformers    quotainformer.SharedInformerFactory
	SecurityInformers securityinformer.SharedInformerFactory

	// these are all required to build our storage
	RuleResolver   rbacregistryvalidation.AuthorizationRuleResolver
	SubjectLocator rbacauthorizer.SubjectLocator

	// for Images
	LimitVerifier imageadmission.LimitVerifier
	// RegistryHostnameRetriever retrieves the internal and external hostname of
	// the integrated registry, or false if no such registry is available.
	RegistryHostnameRetriever          imageapi.RegistryHostnameRetriever
	AllowedRegistriesForImport         *configapi.AllowedRegistries
	MaxImagesBulkImportedPerRepository int

	RouteAllocator *routeallocationcontroller.RouteAllocationController

	ProjectAuthorizationCache *projectauth.AuthorizationCache
	ProjectCache              *projectcache.ProjectCache
	ProjectRequestTemplate    string
	ProjectRequestMessage     string

	// oauth API server
	ServiceAccountMethod configapi.GrantHandlerType

	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController

	// SCCStorage is actually created with a kubernetes restmapper options to have the correct prefix,
	// so we have to have it special cased here to point to the right spot.
	SCCStorage *sccstorage.REST
}

func (*OpenshiftAPIExtraConfig) Validate 

func (c *OpenshiftAPIExtraConfig) Validate() error

Validate helps ensure that we build this config correctly, because there are lots of bits to remember for now

type OpenshiftAPIServer 

type OpenshiftAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftAPIServer is only responsible for serving the APIs for Openshift It does NOT expose oauth, related oauth endpoints, or any kube APIs.

type OpenshiftNonAPIConfig 

type OpenshiftNonAPIConfig struct {
	GenericConfig *genericapiserver.RecommendedConfig
	ExtraConfig   NonAPIExtraConfig
}

func (*OpenshiftNonAPIConfig) Complete 

func (c *OpenshiftNonAPIConfig) Complete() completedOpenshiftNonAPIConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

type OpenshiftNonAPIServer 

type OpenshiftNonAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftNonAPIServer serves non-API endpoints for openshift.

type ServiceResolver 

type ServiceResolver interface {
	ResolveEndpoint(namespace, name string) (*url.URL, error)
}

A ServiceResolver knows how to get a URL given a service.

type TooManyThreadsStuckHealth 

type TooManyThreadsStuckHealth struct {
	// contains filtered or unexported fields
}

TooManyThreadsStuckHealth is a health checker that indicates when we have too many thread in a particular method. This condition usually indicates that we got stuck and we should restart ourselves

func NewGRPCStuckThreads 

func NewGRPCStuckThreads() *TooManyThreadsStuckHealth

func (*TooManyThreadsStuckHealth) Check 

func (h *TooManyThreadsStuckHealth) Check(req *http.Request) error

func (*TooManyThreadsStuckHealth) Count 

func (h *TooManyThreadsStuckHealth) Count() int

func (*TooManyThreadsStuckHealth) Name 

func (h *TooManyThreadsStuckHealth) Name() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.