Merge pull request #20777 from deads2k/server-22-scrub-start

clean up construction to make creating types more obvious
openshift · Aug 29, 2018 · 9c9f668 · 9c9f668
2 parents 2f53b45 + 3563995
commit 9c9f668
Show file tree

Hide file tree

Showing 47 changed files with 275 additions and 510 deletions.
diff --git a/pkg/apps/apiserver/registry/deployconfig/etcd/etcd.go b/pkg/apps/apiserver/registry/deployconfig/etcd/etcd.go
@@ -27,7 +27,6 @@ import (
 	"github.com/openshift/origin/pkg/apps/apiserver/registry/deployconfig"
 	appsutil "github.com/openshift/origin/pkg/apps/util"
 	printersinternal "github.com/openshift/origin/pkg/printers/internalversion"
-	"github.com/openshift/origin/pkg/util/restoptions"
 )
 
 // REST contains the REST storage for DeploymentConfig objects.
@@ -52,7 +51,7 @@ func (r *REST) ShortNames() []string {
 // NewREST returns a deploymentConfigREST containing the REST storage for DeploymentConfig objects,
 // a statusREST containing the REST storage for changing the status of a DeploymentConfig,
 // and a scaleREST containing the REST storage for the Scale subresources of DeploymentConfigs.
-func NewREST(optsGetter restoptions.Getter) (*REST, *StatusREST, *ScaleREST, error) {
+func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, *ScaleREST, error) {
 	store := &registry.Store{
 		NewFunc:                  func() runtime.Object { return &appsapi.DeploymentConfig{} },
 		NewListFunc:              func() runtime.Object { return &appsapi.DeploymentConfigList{} },

diff --git a/pkg/authorization/apiserver/registry/rolebindingrestriction/etcd/etcd.go b/pkg/authorization/apiserver/registry/rolebindingrestriction/etcd/etcd.go
@@ -12,7 +12,6 @@ import (
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization"
 	"github.com/openshift/origin/pkg/authorization/apiserver/registry/rolebindingrestriction"
 	printersinternal "github.com/openshift/origin/pkg/printers/internalversion"
-	"github.com/openshift/origin/pkg/util/restoptions"
 )
 
 type REST struct {
@@ -22,7 +21,7 @@ type REST struct {
 var _ rest.StandardStorage = &REST{}
 
 // NewREST returns a RESTStorage object that will work against nodes.
-func NewREST(optsGetter restoptions.Getter) (*REST, error) {
+func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) {
 	store := &registry.Store{
 		NewFunc:                  func() runtime.Object { return &authorizationapi.RoleBindingRestriction{} },
 		NewListFunc:              func() runtime.Object { return &authorizationapi.RoleBindingRestrictionList{} },

diff --git a/pkg/build/apiserver/registry/build/etcd/etcd.go b/pkg/build/apiserver/registry/build/etcd/etcd.go
@@ -15,7 +15,6 @@ import (
 	buildapi "github.com/openshift/origin/pkg/build/apis/build"
 	buildregistry "github.com/openshift/origin/pkg/build/apiserver/registry/build"
 	printersinternal "github.com/openshift/origin/pkg/printers/internalversion"
-	"github.com/openshift/origin/pkg/util/restoptions"
 )
 
 type REST struct {
@@ -31,7 +30,7 @@ func (r *REST) Categories() []string {
 }
 
 // NewREST returns a RESTStorage object that will work against Build objects.
-func NewREST(optsGetter restoptions.Getter) (*REST, *DetailsREST, error) {
+func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *DetailsREST, error) {
 	store := &registry.Store{
 		NewFunc:                  func() runtime.Object { return &buildapi.Build{} },
 		NewListFunc:              func() runtime.Object { return &buildapi.BuildList{} },

diff --git a/pkg/build/apiserver/registry/buildconfig/etcd/etcd.go b/pkg/build/apiserver/registry/buildconfig/etcd/etcd.go
@@ -12,7 +12,6 @@ import (
 	buildapi "github.com/openshift/origin/pkg/build/apis/build"
 	"github.com/openshift/origin/pkg/build/apiserver/registry/buildconfig"
 	printersinternal "github.com/openshift/origin/pkg/printers/internalversion"
-	"github.com/openshift/origin/pkg/util/restoptions"
 )
 
 type REST struct {
@@ -34,7 +33,7 @@ func (r *REST) ShortNames() []string {
 }
 
 // NewREST returns a RESTStorage object that will work against BuildConfig.
-func NewREST(optsGetter restoptions.Getter) (*REST, error) {
+func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) {
 	store := &registry.Store{
 		NewFunc:                  func() runtime.Object { return &buildapi.BuildConfig{} },
 		NewListFunc:              func() runtime.Object { return &buildapi.BuildConfigList{} },

diff --git a/pkg/cmd/openshift-apiserver/openshiftapiserver/config.go b/pkg/cmd/openshift-apiserver/openshiftapiserver/config.go
@@ -25,7 +25,6 @@ import (
 	"github.com/openshift/origin/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing"
 	configapi "github.com/openshift/origin/pkg/cmd/server/apis/config"
 	originadmission "github.com/openshift/origin/pkg/cmd/server/origin/admission"
-	originrest "github.com/openshift/origin/pkg/cmd/server/origin/rest"
 	"github.com/openshift/origin/pkg/image/apiserver/registryhostname"
 	sccstorage "github.com/openshift/origin/pkg/security/apiserver/registry/securitycontextconstraints/etcd"
 	usercache "github.com/openshift/origin/pkg/user/cache"
@@ -49,7 +48,7 @@ func NewOpenshiftAPIConfig(openshiftAPIServerConfig *configapi.MasterConfig) (*O
 	if err != nil {
 		return nil, err
 	}
-	restOptsGetter, err := originrest.StorageOptions(*openshiftAPIServerConfig)
+	restOptsGetter, err := NewRESTOptionsGetter(*openshiftAPIServerConfig)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/cloud.go b/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/cloud.go
@@ -0,0 +1,15 @@
+package configprocessing
+
+import "fmt"
+
+func GetCloudProviderConfigFile(args map[string][]string) (string, error) {
+	filenames, ok := args["cloud-config"]
+	if !ok {
+		return "", nil
+	}
+	if len(filenames) != 1 {
+		return "", fmt.Errorf(`one or zero "--cloud-config" required, not %v`, filenames)
+	}
+
+	return filenames[0], nil
+}
diff --git a/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/etcd.go b/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing/etcd.go
@@ -0,0 +1,48 @@
+package configprocessing
+
+import (
+	configapi "github.com/openshift/origin/pkg/cmd/server/apis/config"
+	cmdflags "github.com/openshift/origin/pkg/cmd/util/flags"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	utilerrors "k8s.io/apimachinery/pkg/util/errors"
+	"k8s.io/apiserver/pkg/server/options"
+	"k8s.io/apiserver/pkg/storage/storagebackend"
+)
+
+// GetEtcdOptions takes configuration information and flag overrides to produce the upstream etcdoptions.
+func GetEtcdOptions(startingFlags map[string][]string, etcdConnectionInfo configapi.EtcdConnectionInfo, storagePrefix string, defaultWatchCacheSizes map[schema.GroupResource]int) (*options.EtcdOptions, error) {
+	storageConfig := storagebackend.NewDefaultConfig(storagePrefix, nil)
+	storageConfig.Type = "etcd3"
+	storageConfig.ServerList = etcdConnectionInfo.URLs
+	storageConfig.KeyFile = etcdConnectionInfo.ClientCert.KeyFile
+	storageConfig.CertFile = etcdConnectionInfo.ClientCert.CertFile
+	storageConfig.CAFile = etcdConnectionInfo.CA
+
+	etcdOptions := options.NewEtcdOptions(storageConfig)
+	etcdOptions.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
+	etcdOptions.DefaultWatchCacheSize = 0
+	if err := cmdflags.ResolveIgnoreMissing(startingFlags, etcdOptions.AddFlags); len(err) > 0 {
+		return nil, utilerrors.NewAggregate(err)
+	}
+
+	if etcdOptions.EnableWatchCache {
+		watchCacheSizes := map[schema.GroupResource]int{}
+		for k, v := range defaultWatchCacheSizes {
+			watchCacheSizes[k] = v
+		}
+
+		if userSpecified, err := options.ParseWatchCacheSizes(etcdOptions.WatchCacheSizes); err == nil {
+			for resource, size := range userSpecified {
+				watchCacheSizes[resource] = size
+			}
+		}
+
+		var err error
+		etcdOptions.WatchCacheSizes, err = options.WriteWatchCacheSizes(watchCacheSizes)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return etcdOptions, nil
+}
diff --git a/pkg/cmd/openshift-apiserver/openshiftapiserver/restoptionsgetter.go b/pkg/cmd/openshift-apiserver/openshiftapiserver/restoptionsgetter.go
@@ -0,0 +1,103 @@
+package openshiftapiserver
+
+import (
+	"strconv"
+
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	genericregistry "k8s.io/apiserver/pkg/registry/generic"
+	"k8s.io/apiserver/pkg/server/options"
+	apiserverstorage "k8s.io/apiserver/pkg/server/storage"
+	serverstorage "k8s.io/apiserver/pkg/server/storage"
+	"k8s.io/kubernetes/pkg/api/legacyscheme"
+
+	"github.com/openshift/origin/pkg/cmd/openshift-apiserver/openshiftapiserver/configprocessing"
+	configapi "github.com/openshift/origin/pkg/cmd/server/apis/config"
+)
+
+// NewConfigGetter returns a restoptions.Getter implemented using information from the provided master config.
+func NewRESTOptionsGetter(masterOptions configapi.MasterConfig) (genericregistry.RESTOptionsGetter, error) {
+	var err error
+	targetRAMMB := 0
+	if targetRamString := masterOptions.KubernetesMasterConfig.APIServerArguments["target-ram-mb"]; len(targetRamString) == 1 {
+		targetRAMMB, err = strconv.Atoi(targetRamString[0])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	etcdOptions, err := configprocessing.GetEtcdOptions(
+		masterOptions.KubernetesMasterConfig.APIServerArguments,
+		masterOptions.EtcdClientInfo,
+		masterOptions.EtcdStorageConfig.OpenShiftStoragePrefix,
+		newHeuristicWatchCacheSizes(targetRAMMB),
+	)
+
+	storageFactory := apiserverstorage.NewDefaultStorageFactory(
+		etcdOptions.StorageConfig,
+		etcdOptions.DefaultStorageMediaType,
+		legacyscheme.Codecs,
+		apiserverstorage.NewDefaultResourceEncodingConfig(legacyscheme.Scheme),
+		&serverstorage.ResourceConfig{},
+		specialDefaultResourcePrefixes,
+	)
+	restOptionsGetter := &options.StorageFactoryRestOptionsFactory{
+		Options:        *etcdOptions,
+		StorageFactory: storageFactory,
+	}
+	return restOptionsGetter, nil
+}
+
+// newHeuristicWatchCacheSizes returns a map of suggested watch cache sizes based on total
+// memory. It reuses the upstream heuristic and adds OpenShift specific resources.
+func newHeuristicWatchCacheSizes(expectedRAMCapacityMB int) map[schema.GroupResource]int {
+	// TODO: Revisit this heuristic, copied from upstream
+	clusterSize := expectedRAMCapacityMB / 60
+
+	// default enable watch caches for resources that will have a high number of clients accessing it
+	// and where the write rate may be significant
+	watchCacheSizes := make(map[schema.GroupResource]int)
+	watchCacheSizes[schema.GroupResource{Group: "network.openshift.io", Resource: "hostsubnets"}] = maxInt(5*clusterSize, 100)
+	watchCacheSizes[schema.GroupResource{Group: "network.openshift.io", Resource: "netnamespaces"}] = maxInt(5*clusterSize, 100)
+	watchCacheSizes[schema.GroupResource{Group: "network.openshift.io", Resource: "egressnetworkpolicies"}] = maxInt(10*clusterSize, 100)
+	return watchCacheSizes
+}
+
+func maxInt(a, b int) int {
+	if a > b {
+		return a
+	}
+	return b
+}
+
+// specialDefaultResourcePrefixes are prefixes compiled into Kubernetes.
+var specialDefaultResourcePrefixes = map[schema.GroupResource]string{
+	{Resource: "clusterpolicies"}:                                            "authorization/cluster/policies",
+	{Resource: "clusterpolicies", Group: "authorization.openshift.io"}:       "authorization/cluster/policies",
+	{Resource: "clusterpolicybindings"}:                                      "authorization/cluster/policybindings",
+	{Resource: "clusterpolicybindings", Group: "authorization.openshift.io"}: "authorization/cluster/policybindings",
+	{Resource: "policies"}:                                                   "authorization/local/policies",
+	{Resource: "policies", Group: "authorization.openshift.io"}:              "authorization/local/policies",
+	{Resource: "policybindings"}:                                             "authorization/local/policybindings",
+	{Resource: "policybindings", Group: "authorization.openshift.io"}:        "authorization/local/policybindings",
+
+	{Resource: "oauthaccesstokens"}:                                      "oauth/accesstokens",
+	{Resource: "oauthaccesstokens", Group: "oauth.openshift.io"}:         "oauth/accesstokens",
+	{Resource: "oauthauthorizetokens"}:                                   "oauth/authorizetokens",
+	{Resource: "oauthauthorizetokens", Group: "oauth.openshift.io"}:      "oauth/authorizetokens",
+	{Resource: "oauthclients"}:                                           "oauth/clients",
+	{Resource: "oauthclients", Group: "oauth.openshift.io"}:              "oauth/clients",
+	{Resource: "oauthclientauthorizations"}:                              "oauth/clientauthorizations",
+	{Resource: "oauthclientauthorizations", Group: "oauth.openshift.io"}: "oauth/clientauthorizations",
+
+	{Resource: "identities"}:                             "useridentities",
+	{Resource: "identities", Group: "user.openshift.io"}: "useridentities",
+
+	{Resource: "clusternetworks"}:                                      "registry/sdnnetworks",
+	{Resource: "clusternetworks", Group: "network.openshift.io"}:       "registry/sdnnetworks",
+	{Resource: "egressnetworkpolicies"}:                                "registry/egressnetworkpolicy",
+	{Resource: "egressnetworkpolicies", Group: "network.openshift.io"}: "registry/egressnetworkpolicy",
+	{Resource: "hostsubnets"}:                                          "registry/sdnsubnets",
+	{Resource: "hostsubnets", Group: "network.openshift.io"}:           "registry/sdnsubnets",
+	{Resource: "netnamespaces"}:                                        "registry/sdnnetnamespaces",
+	{Resource: "netnamespaces", Group: "network.openshift.io"}:         "registry/sdnnetnamespaces",
+}
diff --git a/pkg/cmd/openshift-apiserver/server.go b/pkg/cmd/openshift-apiserver/server.go
@@ -14,7 +14,6 @@ import (
 	configapi "github.com/openshift/origin/pkg/cmd/server/apis/config"
 	"github.com/openshift/origin/pkg/cmd/server/apis/config/validation"
 	"github.com/openshift/origin/pkg/cmd/util"
-	"github.com/openshift/origin/pkg/cmd/util/variable"
 )
 
 func RunOpenShiftAPIServer(masterConfig *configapi.MasterConfig) error {
@@ -51,11 +50,6 @@ func RunOpenShiftAPIServer(masterConfig *configapi.MasterConfig) error {
 	preparedOpenshiftAPIServer := openshiftAPIServer.GenericAPIServer.PrepareRun()
 
 	glog.Infof("Starting master on %s (%s)", masterConfig.ServingInfo.BindAddress, version.Get().String())
-	glog.Infof("Public master address is %s", masterConfig.MasterPublicURL)
-	imageTemplate := variable.NewDefaultImageTemplate()
-	imageTemplate.Format = masterConfig.ImageConfig.Format
-	imageTemplate.Latest = masterConfig.ImageConfig.Latest
-	glog.Infof("Using images from %q", imageTemplate.ExpandOrDie("<component>"))
 
 	if err := preparedOpenshiftAPIServer.Run(utilwait.NeverStop); err != nil {
 		return err

diff --git a/pkg/cmd/openshift-controller-manager/controller_manager.go b/pkg/cmd/openshift-controller-manager/controller_manager.go
@@ -10,6 +10,7 @@ import (
 	origincontrollers "github.com/openshift/origin/pkg/cmd/openshift-controller-manager/controller"
 	configapi "github.com/openshift/origin/pkg/cmd/server/apis/config"
 	"github.com/openshift/origin/pkg/cmd/util"
+	"github.com/openshift/origin/pkg/cmd/util/variable"
 	"github.com/openshift/origin/pkg/version"
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -38,6 +39,19 @@ func RunOpenShiftControllerManager(config *configapi.OpenshiftControllerConfig,
 		}
 	}
 
+	{
+		imageTemplate := variable.NewDefaultImageTemplate()
+		imageTemplate.Format = config.Deployer.ImageTemplateFormat.Format
+		imageTemplate.Latest = config.Deployer.ImageTemplateFormat.Latest
+		glog.Infof("DeploymentConfig controller using images from %q", imageTemplate.ExpandOrDie("<component>"))
+	}
+	{
+		imageTemplate := variable.NewDefaultImageTemplate()
+		imageTemplate.Format = config.Build.ImageTemplateFormat.Format
+		imageTemplate.Latest = config.Build.ImageTemplateFormat.Latest
+		glog.Infof("Build controller using images from %q", imageTemplate.ExpandOrDie("<component>"))
+	}
+
 	originControllerManager := func(stopCh <-chan struct{}) {
 		if err := waitForHealthyAPIServer(kubeClient.Discovery().RESTClient()); err != nil {
 			glog.Fatal(err)

diff --git a/pkg/cmd/server/kubernetes/master/master_config.go b/pkg/cmd/server/kubernetes/master/master_config.go
@@ -30,7 +30,6 @@ import (
 	apiserverstorage "k8s.io/apiserver/pkg/server/storage"
 	"k8s.io/apiserver/pkg/storage"
 	storagefactory "k8s.io/apiserver/pkg/storage/storagebackend/factory"
-	utilflag "k8s.io/apiserver/pkg/util/flag"
 	"k8s.io/client-go/rest"
 	"k8s.io/kube-aggregator/pkg/apis/apiregistration"
 	apiregistrationv1beta1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1"
@@ -73,15 +72,6 @@ var LegacyAPIGroupPrefixes = sets.NewString(apiserver.DefaultLegacyAPIPrefix, le
 // BuildKubeAPIserverOptions constructs the appropriate kube-apiserver run options.
 // It returns an error if no KubernetesMasterConfig was defined.
 func BuildKubeAPIserverOptions(masterConfig configapi.MasterConfig) (*kapiserveroptions.ServerRunOptions, error) {
-	host, portString, err := net.SplitHostPort(masterConfig.ServingInfo.BindAddress)
-	if err != nil {
-		return nil, err
-	}
-	port, err := strconv.Atoi(portString)
-	if err != nil {
-		return nil, err
-	}
-
 	portRange, err := knet.ParsePortRange(masterConfig.KubernetesMasterConfig.ServicesNodePortRange)
 	if err != nil {
 		return nil, err
@@ -97,11 +87,10 @@ func BuildKubeAPIserverOptions(masterConfig configapi.MasterConfig) (*kapiserver
 	server.ServiceNodePortRange = *portRange
 	server.Features.EnableProfiling = true
 
-	server.SecureServing.BindAddress = net.ParseIP(host)
-	server.SecureServing.BindPort = port
-	server.SecureServing.BindNetwork = masterConfig.ServingInfo.BindNetwork
-	server.SecureServing.ServerCert.CertKey.CertFile = masterConfig.ServingInfo.ServerCert.CertFile
-	server.SecureServing.ServerCert.CertKey.KeyFile = masterConfig.ServingInfo.ServerCert.KeyFile
+	server.SecureServing, err = configprocessing.ToServingOptions(masterConfig.ServingInfo)
+	if err != nil {
+		return nil, err
+	}
 	server.InsecureServing.BindPort = 0
 
 	// disable anonymous authentication
@@ -121,29 +110,15 @@ func BuildKubeAPIserverOptions(masterConfig configapi.MasterConfig) (*kapiserver
 		}
 	}
 
-	server.Etcd.EnableGarbageCollection = true
-	server.Etcd.StorageConfig.Type = "etcd3"
-	server.Etcd.DefaultStorageMediaType = "application/json" // TODO(post-1.6.1-rebase): enable protobuf with etcd3 as upstream
-	server.Etcd.StorageConfig.Quorum = true
-	server.Etcd.StorageConfig.Prefix = masterConfig.EtcdStorageConfig.KubernetesStoragePrefix
-	server.Etcd.StorageConfig.ServerList = masterConfig.EtcdClientInfo.URLs
-	server.Etcd.StorageConfig.KeyFile = masterConfig.EtcdClientInfo.ClientCert.KeyFile
-	server.Etcd.StorageConfig.CertFile = masterConfig.EtcdClientInfo.ClientCert.CertFile
-	server.Etcd.StorageConfig.CAFile = masterConfig.EtcdClientInfo.CA
-	server.Etcd.DefaultWatchCacheSize = 0
+	server.Etcd, err = configprocessing.GetEtcdOptions(masterConfig.KubernetesMasterConfig.APIServerArguments, masterConfig.EtcdClientInfo, masterConfig.EtcdStorageConfig.KubernetesStoragePrefix, nil)
+	if err != nil {
+		return nil, err
+	}
 
 	server.GenericServerRunOptions.CorsAllowedOriginList = masterConfig.CORSAllowedOrigins
 	server.GenericServerRunOptions.MaxRequestsInFlight = masterConfig.ServingInfo.MaxRequestsInFlight
 	server.GenericServerRunOptions.MaxMutatingRequestsInFlight = masterConfig.ServingInfo.MaxRequestsInFlight / 2
 	server.GenericServerRunOptions.MinRequestTimeout = masterConfig.ServingInfo.RequestTimeoutSeconds
-	for _, nc := range masterConfig.ServingInfo.NamedCertificates {
-		sniCert := utilflag.NamedCertKey{
-			CertFile: nc.CertFile,
-			KeyFile:  nc.KeyFile,
-			Names:    nc.Names,
-		}
-		server.SecureServing.SNICertKeys = append(server.SecureServing.SNICertKeys, sniCert)
-	}
 
 	server.KubeletConfig.ReadOnlyPort = 0
 	server.KubeletConfig.Port = masterConfig.KubeletClientInfo.Port