/
server.go
73 lines (61 loc) · 3.13 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package openshift_kube_apiserver
import (
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/admission"
genericapiserver "k8s.io/apiserver/pkg/server"
"k8s.io/klog"
"k8s.io/kube-aggregator/pkg/apiserver"
"k8s.io/kubernetes/cmd/kube-apiserver/app"
"k8s.io/kubernetes/pkg/capabilities"
"k8s.io/kubernetes/pkg/kubeapiserver/options"
kubelettypes "k8s.io/kubernetes/pkg/kubelet/types"
"k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy"
kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1"
"github.com/openshift/origin/pkg/admission/customresourcevalidation/customresourcevalidationregistration"
"github.com/openshift/origin/pkg/cmd/openshift-kube-apiserver/kubeadmission"
"github.com/openshift/origin/pkg/cmd/openshift-kube-apiserver/openshiftkubeapiserver"
// for metrics
_ "k8s.io/kubernetes/pkg/client/metrics/prometheus"
)
func RunOpenShiftKubeAPIServerServer(kubeAPIServerConfig *kubecontrolplanev1.KubeAPIServerConfig, stopCh <-chan struct{}) error {
// This allows to move cluster resource quota to CRD
apiserver.AddAlwaysLocalDelegateForPrefix("/apis/quota.openshift.io/v1/clusterresourcequotas")
// This allows the CRD registration to avoid fighting with the APIService from the operator
apiserver.AddOverlappingGroupVersion(schema.GroupVersion{Group: "authorization.openshift.io", Version: "v1"})
apiserver.AddOverlappingGroupVersion(schema.GroupVersion{Group: "security.openshift.io", Version: "v1"})
// Allow privileged containers
capabilities.Initialize(capabilities.Capabilities{
AllowPrivileged: true,
PrivilegedSources: capabilities.PrivilegedSources{
HostNetworkSources: []string{kubelettypes.ApiserverSource, kubelettypes.FileSource},
HostPIDSources: []string{kubelettypes.ApiserverSource, kubelettypes.FileSource},
HostIPCSources: []string{kubelettypes.ApiserverSource, kubelettypes.FileSource},
},
})
bootstrappolicy.ClusterRoles = bootstrappolicy.OpenshiftClusterRoles
bootstrappolicy.ClusterRoleBindings = bootstrappolicy.OpenshiftClusterRoleBindings
options.AllOrderedPlugins = kubeadmission.NewOrderedKubeAdmissionPlugins(options.AllOrderedPlugins)
kubeRegisterAdmission := options.RegisterAllAdmissionPlugins
options.RegisterAllAdmissionPlugins = func(plugins *admission.Plugins) {
kubeRegisterAdmission(plugins)
kubeadmission.RegisterOpenshiftKubeAdmissionPlugins(plugins)
customresourcevalidationregistration.RegisterCustomResourceValidation(plugins)
}
options.DefaultOffAdmissionPlugins = kubeadmission.NewDefaultOffPluginsFunc(options.DefaultOffAdmissionPlugins())
configPatchFn, serverPatchContext := openshiftkubeapiserver.NewOpenShiftKubeAPIServerConfigPatch(genericapiserver.NewEmptyDelegate(), kubeAPIServerConfig)
app.OpenShiftKubeAPIServerConfigPatch = configPatchFn
app.OpenShiftKubeAPIServerServerPatch = serverPatchContext.PatchServer
cmd := app.NewAPIServerCommand(stopCh)
args, err := openshiftkubeapiserver.ConfigToFlags(kubeAPIServerConfig)
if err != nil {
return err
}
if err := cmd.ParseFlags(args); err != nil {
return err
}
klog.Infof("`kube-apiserver %v`", args)
if err := cmd.RunE(cmd, nil); err != nil {
return err
}
return nil
}