Skip to content

Commit ad6a1da

Browse files
Merge pull request #20207 from openshift-cherrypick-robot/cherry-pick-20074-to-release-3.10
[release-3.10] openshift-kube-apiserver: use in-process loopback client config from Kube
2 parents 83bd74f + 5b24f11 commit ad6a1da

File tree

3 files changed

+44
-44
lines changed

3 files changed

+44
-44
lines changed

pkg/cmd/openshift-kube-apiserver/server.go

+1-14
Original file line numberDiff line numberDiff line change
@@ -43,20 +43,7 @@ func RunOpenShiftKubeAPIServerServer(masterConfig *configapi.MasterConfig) error
4343
return kerrors.NewInvalid(configapi.Kind("MasterConfig"), "master-config.yaml", validationResults.Errors)
4444
}
4545

46-
// informers are shared amongst all the various api components we build
47-
// TODO the needs of the apiserver and the controllers are drifting. We should consider two different skins here
48-
clientConfig, err := configapi.GetClientConfig(masterConfig.MasterClients.OpenShiftLoopbackKubeConfig, masterConfig.MasterClients.OpenShiftLoopbackClientConnectionOverrides)
49-
if err != nil {
50-
return err
51-
}
52-
informers, err := origin.NewInformers(clientConfig)
53-
if err != nil {
54-
return err
55-
}
56-
if err := informers.AddUserIndexes(); err != nil {
57-
return err
58-
}
59-
46+
informers := origin.InformerAccess(nil) // use real kube-apiserver loopback client with secret token instead of that from masterConfig.MasterClients.OpenShiftLoopbackKubeConfig
6047
openshiftConfig, err := origin.BuildMasterConfig(*masterConfig, informers)
6148
if err != nil {
6249
return err

pkg/cmd/server/kubernetes/master/master_config.go

+24-28
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@ import (
4747
auditlog "k8s.io/apiserver/plugin/pkg/audit/log"
4848
auditwebhook "k8s.io/apiserver/plugin/pkg/audit/webhook"
4949
pluginwebhook "k8s.io/apiserver/plugin/pkg/audit/webhook"
50+
"k8s.io/client-go/rest"
5051
"k8s.io/kube-aggregator/pkg/apis/apiregistration"
5152
apiregistrationv1beta1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1"
5253
openapicommon "k8s.io/kube-openapi/pkg/common"
@@ -375,12 +376,13 @@ func buildPublicAddress(masterConfig configapi.MasterConfig) (net.IP, error) {
375376
return publicAddress, nil
376377
}
377378

378-
func buildKubeApiserverConfig(
379-
masterConfig configapi.MasterConfig,
380-
admissionControl admission.Interface,
381-
originAuthenticator authenticator.Request,
382-
kubeAuthorizer authorizer.Authorizer,
383-
) (*master.Config, error) {
379+
type incompleteKubeMasterConfig struct {
380+
options *kapiserveroptions.ServerRunOptions
381+
incompleteConfig *apiserver.Config
382+
masterConfig configapi.MasterConfig
383+
}
384+
385+
func BuildKubernetesMasterConfig(masterConfig configapi.MasterConfig) (*incompleteKubeMasterConfig, error) {
384386
apiserverOptions, err := BuildKubeAPIserverOptions(masterConfig)
385387
if err != nil {
386388
return nil, err
@@ -391,6 +393,20 @@ func buildKubeApiserverConfig(
391393
return nil, err
392394
}
393395

396+
return &incompleteKubeMasterConfig{apiserverOptions, genericConfig, masterConfig}, nil
397+
}
398+
399+
func (rc *incompleteKubeMasterConfig) LoopbackConfig() *rest.Config {
400+
return rc.incompleteConfig.LoopbackClientConfig
401+
}
402+
403+
func (rc *incompleteKubeMasterConfig) Complete(
404+
admissionControl admission.Interface,
405+
originAuthenticator authenticator.Request,
406+
kubeAuthorizer authorizer.Authorizer,
407+
) (*master.Config, error) {
408+
genericConfig, apiserverOptions, masterConfig := rc.incompleteConfig, rc.options, rc.masterConfig
409+
394410
proxyClientCerts, err := buildProxyClientCerts(masterConfig)
395411
if err != nil {
396412
return nil, err
@@ -566,33 +582,13 @@ func buildKubeApiserverConfig(
566582
)
567583
}
568584

569-
return kubeApiserverConfig, nil
570-
}
571-
572-
// TODO this function's parameters need to be refactored
573-
func BuildKubernetesMasterConfig(
574-
masterConfig configapi.MasterConfig,
575-
admissionControl admission.Interface,
576-
originAuthenticator authenticator.Request,
577-
kubeAuthorizer authorizer.Authorizer,
578-
) (*master.Config, error) {
579-
apiserverConfig, err := buildKubeApiserverConfig(
580-
masterConfig,
581-
admissionControl,
582-
originAuthenticator,
583-
kubeAuthorizer,
584-
)
585-
if err != nil {
586-
return nil, err
587-
}
588-
589585
// we do this for integration tests to be able to turn it off for better startup speed
590586
// TODO remove the entire option once openapi is faster
591587
if masterConfig.DisableOpenAPI {
592-
apiserverConfig.GenericConfig.OpenAPIConfig = nil
588+
kubeApiserverConfig.GenericConfig.OpenAPIConfig = nil
593589
}
594590

595-
return apiserverConfig, nil
591+
return kubeApiserverConfig, nil
596592
}
597593

598594
func defaultOpenAPIConfig(config configapi.MasterConfig) *openapicommon.Config {

pkg/cmd/server/origin/master_config.go

+19-2
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,24 @@ func BuildMasterConfig(
126126
options configapi.MasterConfig,
127127
informers InformerAccess,
128128
) (*MasterConfig, error) {
129+
incompleteKubeAPIServerConfig, err := kubernetes.BuildKubernetesMasterConfig(options)
130+
if err != nil {
131+
return nil, err
132+
}
133+
if informers == nil {
134+
// use the real Kubernetes loopback client (using a secret token and preferibly localhost networking), not
135+
// the one provided by options.MasterClients.OpenShiftLoopbackKubeConfig. The latter is meant for out-of-process
136+
// components of the master.
137+
realLoopbackInformers, err := NewInformers(incompleteKubeAPIServerConfig.LoopbackConfig())
138+
if err != nil {
139+
return nil, err
140+
}
141+
if err := realLoopbackInformers.AddUserIndexes(); err != nil {
142+
return nil, err
143+
}
144+
informers = realLoopbackInformers
145+
}
146+
129147
restOptsGetter, err := originrest.StorageOptions(options)
130148
if err != nil {
131149
return nil, err
@@ -181,8 +199,7 @@ func BuildMasterConfig(
181199
return nil, err
182200
}
183201

184-
kubeAPIServerConfig, err := kubernetes.BuildKubernetesMasterConfig(
185-
options,
202+
kubeAPIServerConfig, err := incompleteKubeAPIServerConfig.Complete(
186203
admission,
187204
authenticator,
188205
authorizer,

0 commit comments

Comments
 (0)