2014-06-16 02:29:07 -04:00
/ *
2016-06-02 20:25:58 -04:00
Copyright 2014 The Kubernetes Authors .
2014-06-16 02:29:07 -04:00
Licensed under the Apache License , Version 2.0 ( the "License" ) ;
you may not use this file except in compliance with the License .
You may obtain a copy of the License at
http : //www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing , software
distributed under the License is distributed on an "AS IS" BASIS ,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
See the License for the specific language governing permissions and
limitations under the License .
* /
2020-09-02 12:08:35 -04:00
package controlplane
2014-06-16 02:29:07 -04:00
import (
2014-11-02 15:52:31 -05:00
"fmt"
2016-10-31 15:51:52 -04:00
"net"
2016-10-07 15:30:45 -04:00
"reflect"
2016-10-31 15:51:52 -04:00
"strconv"
2014-06-16 02:29:07 -04:00
"time"
2019-06-28 18:24:56 -04:00
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
2022-10-04 00:46:55 -04:00
admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
2023-07-19 17:10:07 -04:00
admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
2020-02-24 18:28:51 -05:00
apiserverinternalv1alpha1 "k8s.io/api/apiserverinternal/v1alpha1"
2017-09-28 14:08:12 -04:00
appsv1 "k8s.io/api/apps/v1"
2017-06-22 14:04:37 -04:00
authenticationv1 "k8s.io/api/authentication/v1"
2022-07-21 20:01:52 -04:00
authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1"
2023-03-08 18:42:33 -05:00
authenticationv1beta1 "k8s.io/api/authentication/v1beta1"
2017-06-22 14:04:37 -04:00
authorizationapiv1 "k8s.io/api/authorization/v1"
autoscalingapiv1 "k8s.io/api/autoscaling/v1"
2021-07-06 04:02:42 -04:00
autoscalingapiv2 "k8s.io/api/autoscaling/v2"
2017-06-22 14:04:37 -04:00
batchapiv1 "k8s.io/api/batch/v1"
2020-06-01 21:26:28 -04:00
certificatesapiv1 "k8s.io/api/certificates/v1"
2022-11-04 15:20:25 -04:00
certificatesv1alpha1 "k8s.io/api/certificates/v1alpha1"
2024-07-31 08:58:56 -04:00
certificatesv1beta1 "k8s.io/api/certificates/v1beta1"
2018-12-19 10:22:05 -05:00
coordinationapiv1 "k8s.io/api/coordination/v1"
2024-10-04 10:43:11 -04:00
coordinationv1alpha2 "k8s.io/api/coordination/v1alpha2"
2025-02-19 16:43:35 -05:00
coordinationv1beta1 "k8s.io/api/coordination/v1beta1"
2017-06-22 14:24:23 -04:00
apiv1 "k8s.io/api/core/v1"
2021-03-03 01:47:10 -05:00
discoveryv1 "k8s.io/api/discovery/v1"
2020-06-01 11:03:13 -04:00
eventsv1 "k8s.io/api/events/v1"
2017-06-22 14:04:37 -04:00
networkingapiv1 "k8s.io/api/networking/v1"
2024-06-29 06:06:55 -04:00
networkingapiv1beta1 "k8s.io/api/networking/v1beta1"
2020-11-11 14:22:32 -05:00
nodev1 "k8s.io/api/node/v1"
2021-02-20 15:56:31 -05:00
policyapiv1 "k8s.io/api/policy/v1"
2017-07-26 10:36:43 -04:00
rbacv1 "k8s.io/api/rbac/v1"
2025-07-03 09:17:35 -04:00
resourcev1 "k8s.io/api/resource/v1"
2024-09-26 04:34:41 -04:00
resourcev1alpha3 "k8s.io/api/resource/v1alpha3"
resourcev1beta1 "k8s.io/api/resource/v1beta1"
2025-03-20 03:04:41 -04:00
resourcev1beta2 "k8s.io/api/resource/v1beta2"
2019-02-20 14:42:42 -05:00
schedulingapiv1 "k8s.io/api/scheduling/v1"
2026-04-24 06:08:37 -04:00
schedulingapiv1alpha3 "k8s.io/api/scheduling/v1alpha3"
2017-06-22 14:04:37 -04:00
storageapiv1 "k8s.io/api/storage/v1"
2018-04-24 08:21:23 -04:00
storageapiv1alpha1 "k8s.io/api/storage/v1alpha1"
2017-06-22 14:04:37 -04:00
storageapiv1beta1 "k8s.io/api/storage/v1beta1"
2025-10-29 15:34:32 -04:00
svmv1beta1 "k8s.io/api/storagemigration/v1beta1"
2022-02-07 13:32:01 -05:00
"k8s.io/apimachinery/pkg/runtime/schema"
2017-06-22 14:24:23 -04:00
utilnet "k8s.io/apimachinery/pkg/util/net"
"k8s.io/apiserver/pkg/endpoints/discovery"
genericapiserver "k8s.io/apiserver/pkg/server"
serverstorage "k8s.io/apiserver/pkg/server/storage"
2019-08-28 20:59:21 -04:00
utilfeature "k8s.io/apiserver/pkg/util/feature"
2019-09-09 10:17:00 -04:00
"k8s.io/client-go/kubernetes"
2017-06-23 16:56:37 -04:00
corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
2021-03-05 00:43:10 -05:00
discoveryclient "k8s.io/client-go/kubernetes/typed/discovery/v1"
2020-11-04 15:03:13 -05:00
"k8s.io/klog/v2"
2017-11-08 17:34:54 -05:00
api "k8s.io/kubernetes/pkg/apis/core"
2023-10-09 14:21:51 -04:00
flowcontrolv1 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1"
2020-11-04 03:33:14 -05:00
flowcontrolv1beta1 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta1"
2021-08-16 16:57:07 -04:00
flowcontrolv1beta2 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta2"
2022-09-07 18:38:24 -04:00
flowcontrolv1beta3 "k8s.io/kubernetes/pkg/apis/flowcontrol/v1beta3"
2023-06-27 06:07:05 -04:00
controlplaneapiserver "k8s.io/kubernetes/pkg/controlplane/apiserver"
2023-06-26 10:35:30 -04:00
"k8s.io/kubernetes/pkg/controlplane/apiserver/options"
2023-03-13 12:25:27 -04:00
"k8s.io/kubernetes/pkg/controlplane/controller/defaultservicecidr"
2023-07-03 14:23:20 -04:00
"k8s.io/kubernetes/pkg/controlplane/controller/kubernetesservice"
2020-09-02 13:47:23 -04:00
"k8s.io/kubernetes/pkg/controlplane/reconcilers"
2023-03-29 20:20:25 -04:00
"k8s.io/kubernetes/pkg/features"
2020-09-02 13:49:40 -04:00
kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options"
kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
2016-09-23 15:10:47 -04:00
// RESTStorage installers
2017-05-23 22:07:40 -04:00
admissionregistrationrest "k8s.io/kubernetes/pkg/registry/admissionregistration/rest"
2020-02-24 18:28:51 -05:00
apiserverinternalrest "k8s.io/kubernetes/pkg/registry/apiserverinternal/rest"
2016-09-23 15:10:47 -04:00
appsrest "k8s.io/kubernetes/pkg/registry/apps/rest"
authenticationrest "k8s.io/kubernetes/pkg/registry/authentication/rest"
authorizationrest "k8s.io/kubernetes/pkg/registry/authorization/rest"
autoscalingrest "k8s.io/kubernetes/pkg/registry/autoscaling/rest"
batchrest "k8s.io/kubernetes/pkg/registry/batch/rest"
certificatesrest "k8s.io/kubernetes/pkg/registry/certificates/rest"
2018-05-23 06:45:31 -04:00
coordinationrest "k8s.io/kubernetes/pkg/registry/coordination/rest"
2016-09-26 07:51:04 -04:00
corerest "k8s.io/kubernetes/pkg/registry/core/rest"
2019-07-30 15:48:34 -04:00
discoveryrest "k8s.io/kubernetes/pkg/registry/discovery/rest"
2017-09-13 10:46:26 -04:00
eventsrest "k8s.io/kubernetes/pkg/registry/events/rest"
2019-11-04 04:46:03 -05:00
flowcontrolrest "k8s.io/kubernetes/pkg/registry/flowcontrol/rest"
2017-03-13 10:31:16 -04:00
networkingrest "k8s.io/kubernetes/pkg/registry/networking/rest"
2019-02-22 13:45:00 -05:00
noderest "k8s.io/kubernetes/pkg/registry/node/rest"
2016-09-23 15:10:47 -04:00
policyrest "k8s.io/kubernetes/pkg/registry/policy/rest"
rbacrest "k8s.io/kubernetes/pkg/registry/rbac/rest"
2022-11-04 09:01:00 -04:00
resourcerest "k8s.io/kubernetes/pkg/registry/resource/rest"
2017-05-16 20:46:57 -04:00
schedulingrest "k8s.io/kubernetes/pkg/registry/scheduling/rest"
2016-09-23 15:10:47 -04:00
storagerest "k8s.io/kubernetes/pkg/registry/storage/rest"
2023-10-10 16:23:08 -04:00
svmrest "k8s.io/kubernetes/pkg/registry/storagemigration/rest"
2014-06-16 02:29:07 -04:00
)
2016-06-24 11:25:46 -04:00
const (
// DefaultEndpointReconcilerInterval is the default amount of time for how often the endpoints for
// the kubernetes Service are reconciled.
DefaultEndpointReconcilerInterval = 10 * time . Second
2017-09-11 11:13:47 -04:00
// DefaultEndpointReconcilerTTL is the default TTL timeout for the storage layer
DefaultEndpointReconcilerTTL = 15 * time . Second
2020-10-26 16:17:00 -04:00
// IdentityLeaseComponentLabelKey is used to apply a component label to identity lease objects, indicating:
// 1. the lease is an identity lease (different from leader election leases)
// 2. which component owns this lease
2024-04-26 07:09:00 -04:00
// TODO(sttts): remove this indirection
IdentityLeaseComponentLabelKey = controlplaneapiserver . IdentityLeaseComponentLabelKey
2021-06-17 12:17:50 -04:00
// repairLoopInterval defines the interval used to run the Services ClusterIP and NodePort repair loops
repairLoopInterval = 3 * time . Minute
2016-06-24 11:25:46 -04:00
)
2025-07-08 04:36:53 -04:00
var (
// AdditionalStorageProvidersForTests allows tests to inject additional test-only API groups.
// Only meant for use in integration tests.
AdditionalStorageProvidersForTests func ( client * kubernetes . Clientset ) [ ] controlplaneapiserver . RESTStorageProvider
)
2024-04-26 11:37:04 -04:00
// Extra defines extra configuration for kube-apiserver
2023-06-27 06:07:05 -04:00
type Extra struct {
2016-06-24 11:25:46 -04:00
EndpointReconcilerConfig EndpointReconcilerConfig
2016-10-07 15:30:45 -04:00
KubeletClientConfig kubeletclient . KubeletClientConfig
2016-10-27 14:24:11 -04:00
2016-10-31 15:51:52 -04:00
// Values to build the IP addresses used by discovery
// The range of IPs to be assigned to services with type=ClusterIP or greater
ServiceIPRange net . IPNet
// The IP address for the GenericAPIServer service (must be inside ServiceIPRange)
APIServerServiceIP net . IP
2019-08-19 16:45:22 -04:00
// dual stack services, the range represents an alternative IP range for service IP
// must be of different family than primary (ServiceIPRange)
SecondaryServiceIPRange net . IPNet
// the secondary IP address the GenericAPIServer service (must be inside SecondaryServiceIPRange)
SecondaryAPIServerServiceIP net . IP
2016-10-31 15:51:52 -04:00
// Port for the apiserver service.
APIServerServicePort int
// TODO, we can probably group service related items into a substruct to make it easier to configure
// the API server items and `Extra*` fields likely fit nicely together.
// The range of ports to be assigned to services with type=NodePort or greater
ServiceNodePortRange utilnet . PortRange
// If non-zero, the "kubernetes" services uses this port as NodePort.
KubernetesServiceNodePort int
// Number of masters running; all masters must be started with the
// same value for this field. (Numbers > 1 currently untested.)
MasterCount int
2017-09-11 11:13:47 -04:00
// MasterEndpointReconcileTTL sets the time to live in seconds of an
// endpoint record recorded by each master. The endpoints are checked at an
// interval that is 2/3 of this value and this value defaults to 15s if
// unset. In very large clusters, this value may be increased to reduce the
// possibility that the master endpoint record expires (due to other load
// on the etcd server) and causes masters to drop in and out of the
// kubernetes service record. It is not recommended to set this value below
// 15s.
MasterEndpointReconcileTTL time . Duration
// Selects which reconciler to use
EndpointReconcilerType reconcilers . Type
2018-02-05 23:53:25 -05:00
2021-06-17 12:17:50 -04:00
// RepairServicesInterval interval used by the repair loops for
// the Services NodePort and ClusterIP resources
RepairServicesInterval time . Duration
2015-10-29 05:51:32 -04:00
}
2019-10-03 12:36:15 -04:00
// Config defines configuration for the master
2017-09-06 11:46:05 -04:00
type Config struct {
2023-06-27 06:07:05 -04:00
ControlPlane controlplaneapiserver . Config
Extra
2017-09-06 11:46:05 -04:00
}
2017-09-06 12:06:18 -04:00
type completedConfig struct {
2023-06-27 06:07:05 -04:00
ControlPlane controlplaneapiserver . CompletedConfig
* Extra
2017-09-06 12:06:18 -04:00
}
2019-10-03 12:36:15 -04:00
// CompletedConfig embeds a private pointer that cannot be instantiated outside of this package
2017-09-06 12:06:18 -04:00
type CompletedConfig struct {
* completedConfig
}
2016-06-24 11:25:46 -04:00
// EndpointReconcilerConfig holds the endpoint reconciler and endpoint reconciliation interval to be
// used by the master.
type EndpointReconcilerConfig struct {
2017-09-11 11:13:47 -04:00
Reconciler reconcilers . EndpointReconciler
2016-06-24 11:25:46 -04:00
Interval time . Duration
}
2020-09-11 17:17:08 -04:00
// Instance contains state for a Kubernetes cluster api server instance.
type Instance struct {
2024-04-26 07:09:00 -04:00
ControlPlane * controlplaneapiserver . Server
2016-08-26 11:06:27 -04:00
}
2017-09-11 11:13:47 -04:00
func ( c * Config ) createMasterCountReconciler ( ) reconcilers . EndpointReconciler {
2023-06-27 06:07:05 -04:00
endpointClient := corev1client . NewForConfigOrDie ( c . ControlPlane . Generic . LoopbackClientConfig )
endpointSliceClient := discoveryclient . NewForConfigOrDie ( c . ControlPlane . Generic . LoopbackClientConfig )
2019-08-28 20:59:21 -04:00
endpointsAdapter := reconcilers . NewEndpointsAdapter ( endpointClient , endpointSliceClient )
2023-06-27 06:07:05 -04:00
return reconcilers . NewMasterCountEndpointReconciler ( c . Extra . MasterCount , endpointsAdapter )
2017-09-11 11:13:47 -04:00
}
func ( c * Config ) createNoneReconciler ( ) reconcilers . EndpointReconciler {
return reconcilers . NewNoneEndpointReconciler ( )
}
func ( c * Config ) createLeaseReconciler ( ) reconcilers . EndpointReconciler {
2023-06-27 06:07:05 -04:00
endpointClient := corev1client . NewForConfigOrDie ( c . ControlPlane . Generic . LoopbackClientConfig )
endpointSliceClient := discoveryclient . NewForConfigOrDie ( c . ControlPlane . Generic . LoopbackClientConfig )
2019-08-28 20:59:21 -04:00
endpointsAdapter := reconcilers . NewEndpointsAdapter ( endpointClient , endpointSliceClient )
2023-06-27 06:07:05 -04:00
ttl := c . Extra . MasterEndpointReconcileTTL
2024-01-19 19:07:00 -05:00
config , err := c . ControlPlane . StorageFactory . NewConfig ( api . Resource ( "apiServerIPInfo" ) , & api . Endpoints { } )
2017-09-11 11:13:47 -04:00
if err != nil {
2022-05-02 15:02:37 -04:00
klog . Fatalf ( "Error creating storage factory config: %v" , err )
2017-09-11 11:13:47 -04:00
}
2022-05-02 15:02:37 -04:00
masterLeases , err := reconcilers . NewLeases ( config , "/masterleases/" , ttl )
2017-09-11 11:13:47 -04:00
if err != nil {
2022-05-02 15:02:37 -04:00
klog . Fatalf ( "Error creating leases: %v" , err )
2017-09-11 11:13:47 -04:00
}
2019-08-28 20:59:21 -04:00
return reconcilers . NewLeaseEndpointReconciler ( endpointsAdapter , masterLeases )
2017-09-11 11:13:47 -04:00
}
func ( c * Config ) createEndpointReconciler ( ) reconcilers . EndpointReconciler {
2023-06-27 06:07:05 -04:00
klog . Infof ( "Using reconciler: %v" , c . Extra . EndpointReconcilerType )
switch c . Extra . EndpointReconcilerType {
2017-09-11 11:13:47 -04:00
// there are numerous test dependencies that depend on a default controller
2022-02-04 10:17:15 -05:00
case reconcilers . MasterCountReconcilerType :
2017-09-11 11:13:47 -04:00
return c . createMasterCountReconciler ( )
2022-02-04 10:17:15 -05:00
case "" , reconcilers . LeaseEndpointReconcilerType :
2017-09-11 11:13:47 -04:00
return c . createLeaseReconciler ( )
case reconcilers . NoneEndpointReconcilerType :
return c . createNoneReconciler ( )
default :
2023-06-27 06:07:05 -04:00
klog . Fatalf ( "Reconciler not implemented: %v" , c . Extra . EndpointReconcilerType )
2017-09-11 11:13:47 -04:00
}
return nil
}
2016-09-27 11:52:31 -04:00
// Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
2019-10-03 12:36:15 -04:00
func ( c * Config ) Complete ( ) CompletedConfig {
2024-04-26 05:44:21 -04:00
if c . ControlPlane . PeerEndpointReconcileInterval == 0 && c . EndpointReconcilerConfig . Interval != 0 {
// default this to the endpoint reconciler value before the generic
// controlplane completion can kick in
c . ControlPlane . PeerEndpointReconcileInterval = c . EndpointReconcilerConfig . Interval
}
2019-10-03 12:36:15 -04:00
cfg := completedConfig {
2023-06-27 06:07:05 -04:00
c . ControlPlane . Complete ( ) ,
& c . Extra ,
2017-09-06 12:06:18 -04:00
}
2016-09-27 11:52:31 -04:00
2023-06-27 06:07:05 -04:00
serviceIPRange , apiServerServiceIP , err := options . ServiceIPRange ( cfg . Extra . ServiceIPRange )
2016-10-31 15:51:52 -04:00
if err != nil {
2018-11-09 13:49:10 -05:00
klog . Fatalf ( "Error determining service IP ranges: %v" , err )
2016-10-31 15:51:52 -04:00
}
2023-06-27 06:07:05 -04:00
if cfg . Extra . ServiceIPRange . IP == nil {
cfg . Extra . ServiceIPRange = serviceIPRange
2016-10-31 15:51:52 -04:00
}
2023-06-27 06:07:05 -04:00
if cfg . Extra . APIServerServiceIP == nil {
cfg . Extra . APIServerServiceIP = apiServerServiceIP
2016-10-31 15:51:52 -04:00
}
2023-06-27 06:07:05 -04:00
// override the default discovery addresses in the generic controlplane adding service IP support
discoveryAddresses := discovery . DefaultAddresses { DefaultAddress : cfg . ControlPlane . Generic . ExternalAddress }
2017-03-13 13:55:12 -04:00
discoveryAddresses . CIDRRules = append ( discoveryAddresses . CIDRRules ,
2023-06-27 06:07:05 -04:00
discovery . CIDRRule { IPRange : cfg . Extra . ServiceIPRange , Address : net . JoinHostPort ( cfg . Extra . APIServerServiceIP . String ( ) , strconv . Itoa ( cfg . Extra . APIServerServicePort ) ) } )
cfg . ControlPlane . Generic . DiscoveryAddresses = discoveryAddresses
2016-10-31 15:51:52 -04:00
2023-06-27 06:07:05 -04:00
if cfg . Extra . ServiceNodePortRange . Size == 0 {
2016-10-31 15:51:52 -04:00
// TODO: Currently no way to specify an empty range (do we need to allow this?)
// We should probably allow this for clouds that don't require NodePort to do load-balancing (GCE)
// but then that breaks the strict nestedness of ServiceType.
// Review post-v1
2023-06-27 06:07:05 -04:00
cfg . Extra . ServiceNodePortRange = kubeoptions . DefaultServiceNodePortRange
klog . Infof ( "Node port range unspecified. Defaulting to %v." , cfg . Extra . ServiceNodePortRange )
2016-10-31 15:51:52 -04:00
}
2023-06-27 06:07:05 -04:00
if cfg . Extra . EndpointReconcilerConfig . Interval == 0 {
cfg . Extra . EndpointReconcilerConfig . Interval = DefaultEndpointReconcilerInterval
2016-09-30 12:06:54 -04:00
}
2023-06-27 06:07:05 -04:00
if cfg . Extra . MasterEndpointReconcileTTL == 0 {
cfg . Extra . MasterEndpointReconcileTTL = DefaultEndpointReconcilerTTL
2017-09-11 11:13:47 -04:00
}
2023-06-27 06:07:05 -04:00
if cfg . Extra . EndpointReconcilerConfig . Reconciler == nil {
cfg . Extra . EndpointReconcilerConfig . Reconciler = c . createEndpointReconciler ( )
2016-09-30 12:06:54 -04:00
}
2023-06-27 06:07:05 -04:00
if cfg . Extra . RepairServicesInterval == 0 {
cfg . Extra . RepairServicesInterval = repairLoopInterval
2021-06-17 12:17:50 -04:00
}
2019-10-03 12:36:15 -04:00
return CompletedConfig { & cfg }
2016-09-27 11:52:31 -04:00
}
2014-10-28 16:02:19 -04:00
// New returns a new instance of Master from the given config.
2015-11-16 16:46:00 -05:00
// Certain config fields will be set to a default value if unset.
2014-10-28 16:02:19 -04:00
// Certain config fields must be specified, including:
2022-12-17 17:31:05 -05:00
// KubeletClientConfig
2023-06-27 06:07:05 -04:00
func ( c CompletedConfig ) New ( delegationTarget genericapiserver . DelegationTarget ) ( * Instance , error ) {
if reflect . DeepEqual ( c . Extra . KubeletClientConfig , kubeletclient . KubeletClientConfig { } ) {
2016-10-07 15:30:45 -04:00
return nil , fmt . Errorf ( "Master.New() called with empty config.KubeletClientConfig" )
2014-11-03 17:50:41 -05:00
}
2014-12-15 15:29:55 -05:00
2024-10-29 02:04:26 -04:00
cp , err := c . ControlPlane . New ( controlplaneapiserver . KubeAPIServer , delegationTarget )
2016-02-03 17:26:11 -05:00
if err != nil {
return nil , err
}
2015-11-16 16:46:00 -05:00
2024-04-26 07:09:00 -04:00
s := & Instance {
ControlPlane : cp ,
2016-10-10 14:52:39 -04:00
}
2016-09-19 14:52:41 -04:00
2023-06-27 06:07:05 -04:00
client , err := kubernetes . NewForConfig ( c . ControlPlane . Generic . LoopbackClientConfig )
2022-11-07 16:29:56 -05:00
if err != nil {
return nil , err
}
2024-12-30 18:56:45 -05:00
restStorageProviders , err := c . StorageProviders ( client )
2023-07-04 06:58:21 -04:00
if err != nil {
return nil , err
}
2024-04-26 07:09:00 -04:00
if err := s . ControlPlane . InstallAPIs ( restStorageProviders ... ) ; err != nil {
2019-08-12 16:55:33 -04:00
return nil , err
}
2016-09-30 12:16:32 -04:00
2023-06-27 06:07:05 -04:00
_ , publicServicePort , err := c . ControlPlane . Generic . SecureServing . HostPort ( )
2023-07-04 06:58:21 -04:00
if err != nil {
return nil , fmt . Errorf ( "failed to get listener address: %w" , err )
}
2026-04-01 14:49:04 -04:00
if err := c . Extra . EndpointReconcilerConfig . Reconciler . ValidateIP ( c . ControlPlane . Generic . PublicAddress ) ; err != nil {
return nil , fmt . Errorf ( "cannot use public IP %s with endpoint reconciler: %w" , c . ControlPlane . Generic . PublicAddress . String ( ) , err )
}
2023-07-04 06:58:21 -04:00
kubernetesServiceCtrl := kubernetesservice . New ( kubernetesservice . Config {
2023-06-27 06:07:05 -04:00
PublicIP : c . ControlPlane . Generic . PublicAddress ,
2023-07-04 06:58:21 -04:00
2023-06-27 06:07:05 -04:00
EndpointReconciler : c . Extra . EndpointReconcilerConfig . Reconciler ,
EndpointInterval : c . Extra . EndpointReconcilerConfig . Interval ,
2023-07-04 06:58:21 -04:00
2023-06-27 06:07:05 -04:00
ServiceIP : c . Extra . APIServerServiceIP ,
ServicePort : c . Extra . APIServerServicePort ,
2023-07-04 06:58:21 -04:00
PublicServicePort : publicServicePort ,
2023-06-27 06:07:05 -04:00
KubernetesServiceNodePort : c . Extra . KubernetesServiceNodePort ,
} , client , c . ControlPlane . Extra . VersionedInformers . Core ( ) . V1 ( ) . Services ( ) )
2024-04-26 07:09:00 -04:00
s . ControlPlane . GenericAPIServer . AddPostStartHookOrDie ( "bootstrap-controller" , func ( hookContext genericapiserver . PostStartHookContext ) error {
2024-06-24 05:08:03 -04:00
kubernetesServiceCtrl . Start ( hookContext . Done ( ) )
2023-07-04 06:58:21 -04:00
return nil
} )
2024-04-26 07:09:00 -04:00
s . ControlPlane . GenericAPIServer . AddPreShutdownHookOrDie ( "stop-kubernetes-service-controller" , func ( ) error {
2023-07-04 06:58:21 -04:00
kubernetesServiceCtrl . Stop ( )
return nil
} )
2023-03-13 12:25:27 -04:00
if utilfeature . DefaultFeatureGate . Enabled ( features . MultiCIDRServiceAllocator ) {
2024-04-26 07:09:00 -04:00
s . ControlPlane . GenericAPIServer . AddPostStartHookOrDie ( "start-kubernetes-service-cidr-controller" , func ( hookContext genericapiserver . PostStartHookContext ) error {
2023-03-13 12:25:27 -04:00
controller := defaultservicecidr . NewController (
2023-06-27 06:07:05 -04:00
c . Extra . ServiceIPRange ,
c . Extra . SecondaryServiceIPRange ,
client ,
2023-03-13 12:25:27 -04:00
)
// The default serviceCIDR must exist before the apiserver is healthy
// otherwise the allocators for Services will not work.
2023-12-01 03:00:59 -05:00
controller . Start ( hookContext )
2023-03-13 12:25:27 -04:00
return nil
} )
}
2024-04-26 07:09:00 -04:00
return s , nil
2024-05-01 10:10:32 -04:00
}
2024-12-30 18:56:45 -05:00
func ( c CompletedConfig ) StorageProviders ( client * kubernetes . Clientset ) ( [ ] controlplaneapiserver . RESTStorageProvider , error ) {
2024-05-01 10:10:32 -04:00
legacyRESTStorageProvider , err := corerest . New ( corerest . Config {
GenericConfig : * c . ControlPlane . NewCoreGenericConfig ( ) ,
Proxy : corerest . ProxyConfig {
Transport : c . ControlPlane . Extra . ProxyTransport ,
KubeletClientConfig : c . Extra . KubeletClientConfig ,
} ,
Services : corerest . ServicesConfig {
ClusterIPRange : c . Extra . ServiceIPRange ,
SecondaryClusterIPRange : c . Extra . SecondaryServiceIPRange ,
NodePortRange : c . Extra . ServiceNodePortRange ,
IPRepairInterval : c . Extra . RepairServicesInterval ,
} ,
2025-10-24 11:10:50 -04:00
EndpointSliceGetter : c . ControlPlane . Extra . EndpointSliceGetter ,
2025-08-27 16:06:02 -04:00
} , c . ControlPlane . Generic . Authorization . Authorizer )
2024-05-01 10:10:32 -04:00
if err != nil {
return nil , err
}
// The order here is preserved in discovery.
// If resources with identical names exist in more than one of these groups (e.g. "deployments.apps"" and "deployments.extensions"),
// the order of this list determines which group an unqualified resource name (e.g. "deployments") should prefer.
// This priority order is used for local discovery, but it ends up aggregated in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go
// with specific priorities.
// TODO: describe the priority all the way down in the RESTStorageProviders and plumb it back through the various discovery
// handlers that we have.
2025-07-08 04:36:53 -04:00
providers := [ ] controlplaneapiserver . RESTStorageProvider {
2024-05-01 10:10:32 -04:00
legacyRESTStorageProvider ,
apiserverinternalrest . StorageProvider { } ,
authenticationrest . RESTStorageProvider { Authenticator : c . ControlPlane . Generic . Authentication . Authenticator , APIAudiences : c . ControlPlane . Generic . Authentication . APIAudiences } ,
authorizationrest . RESTStorageProvider { Authorizer : c . ControlPlane . Generic . Authorization . Authorizer , RuleResolver : c . ControlPlane . Generic . RuleResolver } ,
autoscalingrest . RESTStorageProvider { } ,
batchrest . RESTStorageProvider { } ,
2024-08-30 03:47:15 -04:00
certificatesrest . RESTStorageProvider { Authorizer : c . ControlPlane . Generic . Authorization . Authorizer } ,
2024-05-01 10:10:32 -04:00
coordinationrest . RESTStorageProvider { } ,
discoveryrest . StorageProvider { } ,
networkingrest . RESTStorageProvider { } ,
noderest . RESTStorageProvider { } ,
policyrest . RESTStorageProvider { } ,
rbacrest . RESTStorageProvider { Authorizer : c . ControlPlane . Generic . Authorization . Authorizer } ,
schedulingrest . RESTStorageProvider { } ,
storagerest . RESTStorageProvider { } ,
svmrest . RESTStorageProvider { } ,
flowcontrolrest . RESTStorageProvider { InformerFactory : c . ControlPlane . Generic . SharedInformerFactory } ,
// keep apps after extensions so legacy clients resolve the extensions versions of shared resource names.
// See https://github.com/kubernetes/kubernetes/issues/42392
appsrest . StorageProvider { } ,
2024-12-30 18:56:45 -05:00
admissionregistrationrest . RESTStorageProvider { Authorizer : c . ControlPlane . Generic . Authorization . Authorizer , DiscoveryClient : client . Discovery ( ) } ,
2024-05-01 10:10:32 -04:00
eventsrest . RESTStorageProvider { TTL : c . ControlPlane . EventTTL } ,
2025-10-30 17:23:30 -04:00
resourcerest . RESTStorageProvider {
NamespaceClient : client . CoreV1 ( ) . Namespaces ( ) ,
Authorizer : c . ControlPlane . Generic . Authorization . Authorizer ,
} ,
2025-07-08 04:36:53 -04:00
}
if AdditionalStorageProvidersForTests != nil {
providers = append ( providers , AdditionalStorageProvidersForTests ( client ) ... )
}
return providers , nil
2015-11-16 16:46:00 -05:00
}
2015-10-09 01:18:16 -04:00
2022-02-07 13:32:01 -05:00
var (
2026-02-18 14:45:22 -05:00
// genericStableAPIGroupVersionsEnabledByDefault is a list of our stable versions for API groups provided by GenericStorageProviders.
genericStableAPIGroupVersionsEnabledByDefault = [ ] schema . GroupVersion {
2019-06-28 18:24:56 -04:00
admissionregistrationv1 . SchemeGroupVersion ,
2016-06-15 16:21:53 -04:00
apiv1 . SchemeGroupVersion ,
2017-01-30 16:43:05 -05:00
authenticationv1 . SchemeGroupVersion ,
2018-04-24 08:21:23 -04:00
authorizationapiv1 . SchemeGroupVersion ,
2026-02-18 14:45:22 -05:00
certificatesapiv1 . SchemeGroupVersion ,
coordinationapiv1 . SchemeGroupVersion ,
eventsv1 . SchemeGroupVersion ,
rbacv1 . SchemeGroupVersion ,
flowcontrolv1 . SchemeGroupVersion ,
}
// stableAPIGroupVersionsEnabledByDefault is a list of our stable versions for additional API groups only provided in kube-apiserver.
stableAPIGroupVersionsEnabledByDefault = [ ] schema . GroupVersion {
appsv1 . SchemeGroupVersion ,
2016-06-15 16:21:53 -04:00
autoscalingapiv1 . SchemeGroupVersion ,
2021-07-06 04:02:42 -04:00
autoscalingapiv2 . SchemeGroupVersion ,
2018-04-24 08:21:23 -04:00
batchapiv1 . SchemeGroupVersion ,
2021-03-03 01:47:10 -05:00
discoveryv1 . SchemeGroupVersion ,
2018-04-24 08:21:23 -04:00
networkingapiv1 . SchemeGroupVersion ,
2020-11-11 14:22:32 -05:00
nodev1 . SchemeGroupVersion ,
2021-02-20 15:56:31 -05:00
policyapiv1 . SchemeGroupVersion ,
2025-07-03 09:17:35 -04:00
resourcev1 . SchemeGroupVersion ,
2017-03-02 02:55:25 -05:00
storageapiv1 . SchemeGroupVersion ,
2019-02-20 14:42:42 -05:00
schedulingapiv1 . SchemeGroupVersion ,
2022-02-07 13:32:01 -05:00
}
2026-02-18 14:45:22 -05:00
// genericBetaAPIGroupVersionsDisabledByDefault is for all future beta groupVersions for API groups provided by GenericStorageProviders.
genericBetaAPIGroupVersionsDisabledByDefault = [ ] schema . GroupVersion {
2023-07-19 17:10:07 -04:00
admissionregistrationv1beta1 . SchemeGroupVersion ,
2023-03-08 18:42:33 -05:00
authenticationv1beta1 . SchemeGroupVersion ,
2024-07-31 08:58:56 -04:00
certificatesv1beta1 . SchemeGroupVersion ,
2025-02-19 16:43:35 -05:00
coordinationv1beta1 . SchemeGroupVersion ,
2020-11-04 03:33:14 -05:00
flowcontrolv1beta1 . SchemeGroupVersion ,
2022-02-07 13:32:01 -05:00
flowcontrolv1beta2 . SchemeGroupVersion ,
2022-09-07 18:38:24 -04:00
flowcontrolv1beta3 . SchemeGroupVersion ,
2026-02-18 14:45:22 -05:00
svmv1beta1 . SchemeGroupVersion ,
}
// betaAPIGroupVersionsDisabledByDefault is for all future beta groupVersions for additional API groups only provided in kube-apiserver.
betaAPIGroupVersionsDisabledByDefault = [ ] schema . GroupVersion {
storageapiv1beta1 . SchemeGroupVersion ,
2024-06-29 06:06:55 -04:00
networkingapiv1beta1 . SchemeGroupVersion ,
2024-09-26 04:34:41 -04:00
resourcev1beta1 . SchemeGroupVersion ,
2025-03-20 03:04:41 -04:00
resourcev1beta2 . SchemeGroupVersion ,
2022-02-07 13:32:01 -05:00
}
2026-02-18 14:45:22 -05:00
// genericAlphaAPIGroupVersionsDisabledByDefault holds the alpha APIs we have for API groups provided by GenericStorageProviders. They are always disabled by default.
genericAlphaAPIGroupVersionsDisabledByDefault = [ ] schema . GroupVersion {
2022-10-04 00:46:55 -04:00
admissionregistrationv1alpha1 . SchemeGroupVersion ,
2020-02-24 18:28:51 -05:00
apiserverinternalv1alpha1 . SchemeGroupVersion ,
2022-07-21 20:01:52 -04:00
authenticationv1alpha1 . SchemeGroupVersion ,
2024-07-21 16:03:55 -04:00
apiserverinternalv1alpha1 . SchemeGroupVersion ,
2024-10-04 10:43:11 -04:00
coordinationv1alpha2 . SchemeGroupVersion ,
2022-11-04 15:20:25 -04:00
certificatesv1alpha1 . SchemeGroupVersion ,
2026-02-18 14:45:22 -05:00
}
// alphaAPIGroupVersionsDisabledByDefault holds the alpha APIs we have for additional API groups only provided in kube-apiserver. They are always disabled by default.
alphaAPIGroupVersionsDisabledByDefault = [ ] schema . GroupVersion {
resourcev1alpha3 . SchemeGroupVersion ,
2026-04-24 06:08:37 -04:00
schedulingapiv1alpha3 . SchemeGroupVersion ,
2018-04-24 08:21:23 -04:00
storageapiv1alpha1 . SchemeGroupVersion ,
2022-02-07 13:32:01 -05:00
}
)
2026-02-18 14:45:22 -05:00
// DefaultGenericAPIResourceConfigSource returns default configuration for resources served by GenericStorageProviders.
func DefaultGenericAPIResourceConfigSource ( ) * serverstorage . ResourceConfig {
2022-02-07 13:32:01 -05:00
ret := serverstorage . NewResourceConfig ( )
// NOTE: GroupVersions listed here will be enabled by default. Don't put alpha or beta versions in the list.
2026-02-18 14:45:22 -05:00
ret . EnableVersions ( genericStableAPIGroupVersionsEnabledByDefault ... )
// disable alpha and beta versions explicitly so we have a full list of what's possible to serve
ret . DisableVersions ( genericBetaAPIGroupVersionsDisabledByDefault ... )
ret . DisableVersions ( genericAlphaAPIGroupVersionsDisabledByDefault ... )
return ret
}
2022-02-07 13:32:01 -05:00
2026-02-18 14:45:22 -05:00
// DefaultAPIResourceConfigSource returns default configuration for resources served by kube-apiserver.
func DefaultAPIResourceConfigSource ( ) * serverstorage . ResourceConfig {
// start with generic configuration
ret := DefaultGenericAPIResourceConfigSource ( )
// NOTE: GroupVersions listed here will be enabled by default. Don't put alpha or beta versions in the list.
ret . EnableVersions ( stableAPIGroupVersionsEnabledByDefault ... )
2022-02-07 13:32:01 -05:00
// disable alpha and beta versions explicitly so we have a full list of what's possible to serve
ret . DisableVersions ( betaAPIGroupVersionsDisabledByDefault ... )
ret . DisableVersions ( alphaAPIGroupVersionsDisabledByDefault ... )
2016-03-22 12:45:23 -04:00
return ret
}