Unverified Commit b9544382 authored by Kubernetes Submit Queue's avatar Kubernetes Submit Queue Committed by GitHub

Merge pull request #67060 from sttts/sttts-unify-insecure-serving

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kube-{apiserver,ctrl-mgr}: unify into DeprecatedInsecureServingOptions **What this PR does / why we need it**: **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: **Release note**: ```release-note ```
parents de1656ab c2724793
......@@ -6,7 +6,6 @@ go_library(
importpath = "k8s.io/kubernetes/cmd/cloud-controller-manager/app/config",
visibility = ["//visibility:public"],
deps = [
"//cmd/controller-manager/app:go_default_library",
"//pkg/apis/componentconfig:go_default_library",
"//pkg/controller:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server:go_default_library",
......
......@@ -22,7 +22,6 @@ import (
clientset "k8s.io/client-go/kubernetes"
restclient "k8s.io/client-go/rest"
"k8s.io/client-go/tools/record"
genericcontrollermanager "k8s.io/kubernetes/cmd/controller-manager/app"
"k8s.io/kubernetes/pkg/apis/componentconfig"
"k8s.io/kubernetes/pkg/controller"
)
......@@ -33,7 +32,7 @@ type Config struct {
SecureServing *apiserver.SecureServingInfo
// TODO: remove deprecated insecure serving
InsecureServing *genericcontrollermanager.InsecureServingInfo
InsecureServing *apiserver.DeprecatedInsecureServingInfo
Authentication apiserver.AuthenticationInfo
Authorization apiserver.AuthorizationInfo
......
......@@ -63,7 +63,7 @@ type CloudControllerManagerOptions struct {
SecureServing *apiserveroptions.SecureServingOptions
// TODO: remove insecure serving mode
InsecureServing *cmoptions.InsecureServingOptions
InsecureServing *apiserveroptions.DeprecatedInsecureServingOptions
Authentication *apiserveroptions.DelegatingAuthenticationOptions
Authorization *apiserveroptions.DelegatingAuthorizationOptions
......@@ -90,7 +90,7 @@ func NewCloudControllerManagerOptions() (*CloudControllerManagerOptions, error)
ConcurrentServiceSyncs: componentConfig.ServiceController.ConcurrentServiceSyncs,
},
SecureServing: apiserveroptions.NewSecureServingOptions(),
InsecureServing: &cmoptions.InsecureServingOptions{
InsecureServing: &apiserveroptions.DeprecatedInsecureServingOptions{
BindAddress: net.ParseIP(componentConfig.KubeCloudShared.Address),
BindPort: int(componentConfig.KubeCloudShared.Port),
BindNetwork: "tcp",
......@@ -140,7 +140,7 @@ func (o *CloudControllerManagerOptions) AddFlags(fs *pflag.FlagSet) {
o.ServiceController.AddFlags(fs)
o.SecureServing.AddFlags(fs)
o.InsecureServing.AddFlags(fs)
o.InsecureServing.AddUnqualifiedFlags(fs)
o.Authentication.AddFlags(fs)
o.Authorization.AddFlags(fs)
......
......@@ -57,8 +57,8 @@ func TestDefaultFlags(t *testing.T) {
},
},
KubeCloudShared: &cmoptions.KubeCloudSharedOptions{
Port: 10253, // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
Address: "0.0.0.0", // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
Port: 10253, // Note: DeprecatedInsecureServingOptions.ApplyTo will write the flag value back into the component config
Address: "0.0.0.0", // Note: DeprecatedInsecureServingOptions.ApplyTo will write the flag value back into the component config
RouteReconciliationPeriod: metav1.Duration{Duration: 10 * time.Second},
NodeMonitorPeriod: metav1.Duration{Duration: 5 * time.Second},
ClusterName: "kubernetes",
......@@ -79,7 +79,7 @@ func TestDefaultFlags(t *testing.T) {
},
HTTP2MaxStreamsPerConnection: 0,
},
InsecureServing: &cmoptions.InsecureServingOptions{
InsecureServing: &apiserveroptions.DeprecatedInsecureServingOptions{
BindAddress: net.ParseIP("0.0.0.0"),
BindPort: int(10253),
BindNetwork: "tcp",
......@@ -154,8 +154,8 @@ func TestAddFlags(t *testing.T) {
},
},
KubeCloudShared: &cmoptions.KubeCloudSharedOptions{
Port: 10253, // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
Address: "0.0.0.0", // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
Port: 10253, // Note: DeprecatedInsecureServingOptions.ApplyTo will write the flag value back into the component config
Address: "0.0.0.0", // Note: DeprecatedInsecureServingOptions.ApplyTo will write the flag value back into the component config
RouteReconciliationPeriod: metav1.Duration{Duration: 30 * time.Second},
NodeMonitorPeriod: metav1.Duration{Duration: 5 * time.Second},
ClusterName: "k8s",
......@@ -176,7 +176,7 @@ func TestAddFlags(t *testing.T) {
},
HTTP2MaxStreamsPerConnection: 47,
},
InsecureServing: &cmoptions.InsecureServingOptions{
InsecureServing: &apiserveroptions.DeprecatedInsecureServingOptions{
BindAddress: net.ParseIP("192.168.4.10"),
BindPort: int(10000),
BindNetwork: "tcp",
......
......@@ -4,7 +4,6 @@ go_library(
name = "go_default_library",
srcs = [
"helper.go",
"insecure_serving.go",
"serve.go",
],
importpath = "k8s.io/kubernetes/cmd/controller-manager/app",
......
......@@ -6,19 +6,16 @@ go_library(
"cloudprovider.go",
"debugging.go",
"generic.go",
"insecure_serving.go",
"kubecloudshared.go",
"servicecontroller.go",
],
importpath = "k8s.io/kubernetes/cmd/controller-manager/app/options",
visibility = ["//visibility:public"],
deps = [
"//cmd/controller-manager/app:go_default_library",
"//pkg/apis/componentconfig:go_default_library",
"//pkg/client/leaderelectionconfig:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/apis/config:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/options:go_default_library",
"//vendor/github.com/spf13/pflag:go_default_library",
],
)
......
......@@ -41,7 +41,7 @@ type ServerRunOptions struct {
GenericServerRunOptions *genericoptions.ServerRunOptions
Etcd *genericoptions.EtcdOptions
SecureServing *genericoptions.SecureServingOptionsWithLoopback
InsecureServing *kubeoptions.InsecureServingOptions
InsecureServing *genericoptions.DeprecatedInsecureServingOptionsWithLoopback
Audit *genericoptions.AuditOptions
Features *genericoptions.FeatureOptions
Admission *kubeoptions.AdmissionOptions
......@@ -128,7 +128,7 @@ func (s *ServerRunOptions) Flags() (fss apiserverflag.NamedFlagSets) {
s.Etcd.AddFlags(fss.FlagSet("etcd"))
s.SecureServing.AddFlags(fss.FlagSet("secure serving"))
s.InsecureServing.AddFlags(fss.FlagSet("insecure serving"))
s.InsecureServing.AddDeprecatedFlags(fss.FlagSet("insecure serving"))
s.InsecureServing.AddUnqualifiedFlags(fss.FlagSet("insecure serving")) // TODO: remove it until kops stops using `--address`
s.Audit.AddFlags(fss.FlagSet("auditing"))
s.Features.AddFlags(fss.FlagSet("features"))
s.Authentication.AddFlags(fss.FlagSet("authentication"))
......
......@@ -159,7 +159,7 @@ func TestAddFlags(t *testing.T) {
EnableWatchCache: true,
DefaultWatchCacheSize: 100,
},
SecureServing: apiserveroptions.WithLoopback(&apiserveroptions.SecureServingOptions{
SecureServing: (&apiserveroptions.SecureServingOptions{
BindAddress: net.ParseIP("192.168.10.20"),
BindPort: 6443,
ServerCert: apiserveroptions.GeneratableKeyCert{
......@@ -168,11 +168,11 @@ func TestAddFlags(t *testing.T) {
},
HTTP2MaxStreamsPerConnection: 42,
Required: true,
}),
InsecureServing: &kubeoptions.InsecureServingOptions{
}).WithLoopback(),
InsecureServing: (&apiserveroptions.DeprecatedInsecureServingOptions{
BindAddress: net.ParseIP("127.0.0.1"),
BindPort: 8080,
},
}).WithLoopback(),
EventTTL: 1 * time.Hour,
KubeletConfig: kubeletclient.KubeletClientConfig{
Port: 10250,
......
......@@ -166,7 +166,7 @@ func CreateServerChain(completedOptions completedServerRunOptions, stopCh <-chan
return nil, err
}
kubeAPIServerConfig, insecureServingOptions, serviceResolver, pluginInitializer, admissionPostStartHook, err := CreateKubeAPIServerConfig(completedOptions, nodeTunneler, proxyTransport)
kubeAPIServerConfig, insecureServingInfo, serviceResolver, pluginInitializer, admissionPostStartHook, err := CreateKubeAPIServerConfig(completedOptions, nodeTunneler, proxyTransport)
if err != nil {
return nil, err
}
......@@ -204,9 +204,9 @@ func CreateServerChain(completedOptions completedServerRunOptions, stopCh <-chan
return nil, err
}
if insecureServingOptions != nil {
if insecureServingInfo != nil {
insecureHandlerChain := kubeserver.BuildInsecureHandlerChain(aggregatorServer.GenericAPIServer.UnprotectedHandler(), kubeAPIServerConfig.GenericConfig)
if err := kubeserver.NonBlockingRun(insecureServingOptions, insecureHandlerChain, kubeAPIServerConfig.GenericConfig.RequestTimeout, stopCh); err != nil {
if err := insecureServingInfo.Serve(insecureHandlerChain, kubeAPIServerConfig.GenericConfig.RequestTimeout, stopCh); err != nil {
return nil, err
}
}
......@@ -278,7 +278,7 @@ func CreateKubeAPIServerConfig(
proxyTransport *http.Transport,
) (
config *master.Config,
insecureServingInfo *kubeserver.InsecureServingInfo,
insecureServingInfo *genericapiserver.DeprecatedInsecureServingInfo,
serviceResolver aggregatorapiserver.ServiceResolver,
pluginInitializers []admission.PluginInitializer,
admissionPostStartHook genericapiserver.PostStartHookFunc,
......@@ -421,7 +421,7 @@ func buildGenericConfig(
genericConfig *genericapiserver.Config,
sharedInformers informers.SharedInformerFactory,
versionedInformers clientgoinformers.SharedInformerFactory,
insecureServingInfo *kubeserver.InsecureServingInfo,
insecureServingInfo *genericapiserver.DeprecatedInsecureServingInfo,
serviceResolver aggregatorapiserver.ServiceResolver,
pluginInitializers []admission.PluginInitializer,
admissionPostStartHook genericapiserver.PostStartHookFunc,
......@@ -435,7 +435,7 @@ func buildGenericConfig(
return
}
if insecureServingInfo, lastErr = s.InsecureServing.ApplyTo(genericConfig); lastErr != nil {
if lastErr = s.InsecureServing.ApplyTo(&insecureServingInfo, &genericConfig.LoopbackClientConfig); lastErr != nil {
return
}
if lastErr = s.SecureServing.ApplyTo(&genericConfig.SecureServing, &genericConfig.LoopbackClientConfig); lastErr != nil {
......@@ -652,7 +652,7 @@ func Complete(s *options.ServerRunOptions) (completedServerRunOptions, error) {
if err := s.GenericServerRunOptions.DefaultAdvertiseAddress(s.SecureServing.SecureServingOptions); err != nil {
return options, err
}
if err := kubeoptions.DefaultAdvertiseAddress(s.GenericServerRunOptions, s.InsecureServing); err != nil {
if err := kubeoptions.DefaultAdvertiseAddress(s.GenericServerRunOptions, s.InsecureServing.DeprecatedInsecureServingOptions); err != nil {
return options, err
}
serviceIPRange, apiServerServiceIP, err := master.DefaultServiceIPRange(s.ServiceClusterIPRange)
......
......@@ -6,7 +6,6 @@ go_library(
importpath = "k8s.io/kubernetes/cmd/kube-controller-manager/app/config",
visibility = ["//visibility:public"],
deps = [
"//cmd/controller-manager/app:go_default_library",
"//pkg/apis/componentconfig:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
......
......@@ -21,7 +21,6 @@ import (
clientset "k8s.io/client-go/kubernetes"
restclient "k8s.io/client-go/rest"
"k8s.io/client-go/tools/record"
genericcontrollermanager "k8s.io/kubernetes/cmd/controller-manager/app"
"k8s.io/kubernetes/pkg/apis/componentconfig"
)
......@@ -31,7 +30,7 @@ type Config struct {
SecureServing *apiserver.SecureServingInfo
// TODO: remove deprecated insecure serving
InsecureServing *genericcontrollermanager.InsecureServingInfo
InsecureServing *apiserver.DeprecatedInsecureServingInfo
Authentication apiserver.AuthenticationInfo
Authorization apiserver.AuthorizationInfo
......
......@@ -85,7 +85,7 @@ type KubeControllerManagerOptions struct {
SecureServing *apiserveroptions.SecureServingOptions
// TODO: remove insecure serving mode
InsecureServing *cmoptions.InsecureServingOptions
InsecureServing *apiserveroptions.DeprecatedInsecureServingOptions
Authentication *apiserveroptions.DelegatingAuthenticationOptions
Authorization *apiserveroptions.DelegatingAuthorizationOptions
......@@ -178,7 +178,7 @@ func NewKubeControllerManagerOptions() (*KubeControllerManagerOptions, error) {
},
Controllers: componentConfig.Controllers,
SecureServing: apiserveroptions.NewSecureServingOptions(),
InsecureServing: &cmoptions.InsecureServingOptions{
InsecureServing: &apiserveroptions.DeprecatedInsecureServingOptions{
BindAddress: net.ParseIP(componentConfig.KubeCloudShared.Address),
BindPort: int(componentConfig.KubeCloudShared.Port),
BindNetwork: "tcp",
......@@ -234,7 +234,7 @@ func (s *KubeControllerManagerOptions) AddFlags(fs *pflag.FlagSet, allController
s.ServiceController.AddFlags(fs)
s.SecureServing.AddFlags(fs)
s.InsecureServing.AddFlags(fs)
s.InsecureServing.AddUnqualifiedFlags(fs)
s.Authentication.AddFlags(fs)
s.Authorization.AddFlags(fs)
......@@ -341,10 +341,10 @@ func (s *KubeControllerManagerOptions) ApplyTo(c *kubecontrollerconfig.Config) e
if err := s.ServiceController.ApplyTo(&c.ComponentConfig.ServiceController); err != nil {
return err
}
if err := s.SecureServing.ApplyTo(&c.SecureServing); err != nil {
if err := s.InsecureServing.ApplyTo(&c.InsecureServing); err != nil {
return err
}
if err := s.InsecureServing.ApplyTo(&c.InsecureServing); err != nil {
if err := s.SecureServing.ApplyTo(&c.SecureServing); err != nil {
return err
}
if err := s.Authentication.ApplyTo(&c.Authentication, c.SecureServing, nil); err != nil {
......
......@@ -140,8 +140,8 @@ func TestAddFlags(t *testing.T) {
},
},
KubeCloudShared: &cmoptions.KubeCloudSharedOptions{
Port: 10252, // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
Address: "0.0.0.0", // Note: InsecureServingOptions.ApplyTo will write the flag value back into the component config
Port: 10252, // Note: DeprecatedInsecureServingOptions.ApplyTo will write the flag value back into the component config
Address: "0.0.0.0", // Note: DeprecatedInsecureServingOptions.ApplyTo will write the flag value back into the component config
UseServiceAccountCredentials: true,
RouteReconciliationPeriod: metav1.Duration{Duration: 30 * time.Second},
NodeMonitorPeriod: metav1.Duration{Duration: 10 * time.Second},
......@@ -253,7 +253,7 @@ func TestAddFlags(t *testing.T) {
},
HTTP2MaxStreamsPerConnection: 47,
},
InsecureServing: &cmoptions.InsecureServingOptions{
InsecureServing: &apiserveroptions.DeprecatedInsecureServingOptions{
BindAddress: net.ParseIP("192.168.4.10"),
BindPort: int(10000),
BindNetwork: "tcp",
......
......@@ -6,7 +6,6 @@ go_library(
importpath = "k8s.io/kubernetes/cmd/kube-scheduler/app/config",
visibility = ["//visibility:public"],
deps = [
"//cmd/controller-manager/app:go_default_library",
"//pkg/apis/componentconfig:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server:go_default_library",
"//staging/src/k8s.io/client-go/informers:go_default_library",
......
......@@ -24,7 +24,6 @@ import (
v1core "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/tools/leaderelection"
"k8s.io/client-go/tools/record"
"k8s.io/kubernetes/cmd/controller-manager/app"
"k8s.io/kubernetes/pkg/apis/componentconfig"
)
......@@ -33,8 +32,8 @@ type Config struct {
// config is the scheduler server's configuration object.
ComponentConfig componentconfig.KubeSchedulerConfiguration
InsecureServing *app.InsecureServingInfo // nil will disable serving on an insecure port
InsecureMetricsServing *app.InsecureServingInfo // non-nil if metrics should be served independently
InsecureServing *apiserver.DeprecatedInsecureServingInfo // nil will disable serving on an insecure port
InsecureMetricsServing *apiserver.DeprecatedInsecureServingInfo // non-nil if metrics should be served independently
Authentication apiserver.AuthenticationInfo
Authorization apiserver.AuthorizationInfo
SecureServing *apiserver.SecureServingInfo
......
......@@ -11,7 +11,6 @@ go_library(
importpath = "k8s.io/kubernetes/cmd/kube-scheduler/app/options",
visibility = ["//visibility:public"],
deps = [
"//cmd/controller-manager/app/options:go_default_library",
"//cmd/kube-scheduler/app/config:go_default_library",
"//pkg/api/legacyscheme:go_default_library",
"//pkg/apis/componentconfig:go_default_library",
......@@ -64,7 +63,6 @@ go_test(
],
embed = [":go_default_library"],
deps = [
"//cmd/controller-manager/app/options:go_default_library",
"//cmd/kube-scheduler/app/config:go_default_library",
"//pkg/apis/componentconfig:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/config:go_default_library",
......@@ -72,5 +70,6 @@ go_test(
"//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/rand:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/apis/config:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/options:go_default_library",
],
)
......@@ -23,16 +23,16 @@ import (
"github.com/spf13/pflag"
controlleroptions "k8s.io/kubernetes/cmd/controller-manager/app/options"
apiserveroptions "k8s.io/apiserver/pkg/server/options"
schedulerappconfig "k8s.io/kubernetes/cmd/kube-scheduler/app/config"
"k8s.io/kubernetes/pkg/apis/componentconfig"
)
// CombinedInsecureServingOptions sets up up to two insecure listeners for healthz and metrics. The flags
// override the ComponentConfig and InsecureServingOptions values for both.
// override the ComponentConfig and DeprecatedInsecureServingOptions values for both.
type CombinedInsecureServingOptions struct {
Healthz *controlleroptions.InsecureServingOptions
Metrics *controlleroptions.InsecureServingOptions
Healthz *apiserveroptions.DeprecatedInsecureServingOptions
Metrics *apiserveroptions.DeprecatedInsecureServingOptions
BindPort int // overrides the structs above on ApplyTo, ignored on ApplyToFromLoadedConfig
BindAddress string // overrides the structs above on ApplyTo, ignored on ApplyToFromLoadedConfig
......@@ -53,10 +53,10 @@ func (o *CombinedInsecureServingOptions) AddFlags(fs *pflag.FlagSet) {
}
func (o *CombinedInsecureServingOptions) applyTo(c *schedulerappconfig.Config, componentConfig *componentconfig.KubeSchedulerConfiguration) error {
if err := updateAddressFromInsecureServingOptions(&componentConfig.HealthzBindAddress, o.Healthz); err != nil {
if err := updateAddressFromDeprecatedInsecureServingOptions(&componentConfig.HealthzBindAddress, o.Healthz); err != nil {
return err
}
if err := updateAddressFromInsecureServingOptions(&componentConfig.MetricsBindAddress, o.Metrics); err != nil {
if err := updateAddressFromDeprecatedInsecureServingOptions(&componentConfig.MetricsBindAddress, o.Metrics); err != nil {
return err
}
......@@ -98,17 +98,17 @@ func (o *CombinedInsecureServingOptions) ApplyToFromLoadedConfig(c *schedulerapp
return nil
}
if err := updateInsecureServingOptionsFromAddress(o.Healthz, componentConfig.HealthzBindAddress); err != nil {
if err := updateDeprecatedInsecureServingOptionsFromAddress(o.Healthz, componentConfig.HealthzBindAddress); err != nil {
return fmt.Errorf("invalid healthz address: %v", err)
}
if err := updateInsecureServingOptionsFromAddress(o.Metrics, componentConfig.MetricsBindAddress); err != nil {
if err := updateDeprecatedInsecureServingOptionsFromAddress(o.Metrics, componentConfig.MetricsBindAddress); err != nil {
return fmt.Errorf("invalid metrics address: %v", err)
}
return o.applyTo(c, componentConfig)
}
func updateAddressFromInsecureServingOptions(addr *string, is *controlleroptions.InsecureServingOptions) error {
func updateAddressFromDeprecatedInsecureServingOptions(addr *string, is *apiserveroptions.DeprecatedInsecureServingOptions) error {
if is == nil {
*addr = ""
} else {
......@@ -124,7 +124,7 @@ func updateAddressFromInsecureServingOptions(addr *string, is *controlleroptions
return nil
}
func updateInsecureServingOptionsFromAddress(is *controlleroptions.InsecureServingOptions, addr string) error {
func updateDeprecatedInsecureServingOptionsFromAddress(is *apiserveroptions.DeprecatedInsecureServingOptions, addr string) error {
if is == nil {
return nil
}
......
......@@ -23,7 +23,7 @@ import (
"testing"
"k8s.io/apimachinery/pkg/util/rand"
"k8s.io/kubernetes/cmd/controller-manager/app/options"
apiserveroptions "k8s.io/apiserver/pkg/server/options"
schedulerappconfig "k8s.io/kubernetes/cmd/kube-scheduler/app/config"
"k8s.io/kubernetes/pkg/apis/componentconfig"
)
......@@ -46,8 +46,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &options.InsecureServingOptions{},
Metrics: &options.InsecureServingOptions{},
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
BindPort: 0,
},
},
......@@ -61,7 +61,7 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &options.InsecureServingOptions{},
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
BindPort: 0,
},
},
......@@ -79,7 +79,7 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Metrics: &options.InsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
BindPort: 0,
},
},
......@@ -97,8 +97,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &options.InsecureServingOptions{},
Metrics: &options.InsecureServingOptions{},
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
BindPort: 0,
},
},
......@@ -118,8 +118,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1235",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &options.InsecureServingOptions{},
Metrics: &options.InsecureServingOptions{},
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
BindPort: 0,
},
},
......@@ -141,8 +141,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &options.InsecureServingOptions{},
Metrics: &options.InsecureServingOptions{},
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
BindPort: 1236,
BindAddress: "1.2.3.4",
},
......@@ -163,8 +163,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &options.InsecureServingOptions{},
Metrics: &options.InsecureServingOptions{},
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
BindAddress: "2.3.4.5",
BindPort: 1234,
},
......@@ -185,8 +185,8 @@ func TestOptions_ApplyTo(t *testing.T) {
MetricsBindAddress: "1.2.3.4:1234",
},
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &options.InsecureServingOptions{},
Metrics: &options.InsecureServingOptions{},
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{},
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{},
BindAddress: "2.3.4.5",
BindPort: 0,
},
......
......@@ -41,7 +41,6 @@ import (
"k8s.io/client-go/tools/leaderelection"
"k8s.io/client-go/tools/leaderelection/resourcelock"
"k8s.io/client-go/tools/record"
controlleroptions "k8s.io/kubernetes/cmd/controller-manager/app/options"
schedulerappconfig "k8s.io/kubernetes/cmd/kube-scheduler/app/config"
"k8s.io/kubernetes/pkg/api/legacyscheme"
"k8s.io/kubernetes/pkg/apis/componentconfig"
......@@ -86,10 +85,10 @@ func NewOptions() (*Options, error) {
ComponentConfig: *cfg,
SecureServing: nil, // TODO: enable with apiserveroptions.NewSecureServingOptions()
CombinedInsecureServing: &CombinedInsecureServingOptions{
Healthz: &controlleroptions.InsecureServingOptions{
Healthz: &apiserveroptions.DeprecatedInsecureServingOptions{
BindNetwork: "tcp",
},
Metrics: &controlleroptions.InsecureServingOptions{
Metrics: &apiserveroptions.DeprecatedInsecureServingOptions{
BindNetwork: "tcp",
},
BindPort: hport,
......
......@@ -27,7 +27,6 @@ go_library(
"//pkg/kubeapiserver/authenticator:go_default_library",
"//pkg/kubeapiserver/authorizer:go_default_library",
"//pkg/kubeapiserver/authorizer/modes:go_default_library",
"//pkg/kubeapiserver/server:go_default_library",
"//plugin/pkg/admission/admit:go_default_library",
"//plugin/pkg/admission/alwayspullimages:go_default_library",
"//plugin/pkg/admission/antiaffinity:go_default_library",
......
......@@ -20,20 +20,15 @@ package options
import (
"fmt"
"net"
"strconv"
"github.com/spf13/pflag"
utilnet "k8s.io/apimachinery/pkg/util/net"
"k8s.io/apiserver/pkg/server"
genericoptions "k8s.io/apiserver/pkg/server/options"
kubeserver "k8s.io/kubernetes/pkg/kubeapiserver/server"
)
// NewSecureServingOptions gives default values for the kube-apiserver which are not the options wanted by
// "normal" API servers running on the platform
func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback {
return genericoptions.WithLoopback(&genericoptions.SecureServingOptions{
o := genericoptions.SecureServingOptions{
BindAddress: net.ParseIP("0.0.0.0"),
BindPort: 6443,
Required: true,
......@@ -41,20 +36,31 @@ func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback
PairName: "apiserver",
CertDirectory: "/var/run/kubernetes",
},
})
}
return o.WithLoopback()
}
// NewInsecureServingOptions gives default values for the kube-apiserver.
// TODO: switch insecure serving off by default
func NewInsecureServingOptions() *genericoptions.DeprecatedInsecureServingOptionsWithLoopback {
o := genericoptions.DeprecatedInsecureServingOptions{
BindAddress: net.ParseIP("127.0.0.1"),
BindPort: 8080,
}
return o.WithLoopback()
}
// DefaultAdvertiseAddress sets the field AdvertiseAddress if
// unset. The field will be set based on the SecureServingOptions. If
// the SecureServingOptions is not present, DefaultExternalAddress
// will fall back to the insecure ServingOptions.
func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, insecure *InsecureServingOptions) error {
func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, insecure *genericoptions.DeprecatedInsecureServingOptions) error {
if insecure == nil {
return nil
}
if s.AdvertiseAddress == nil || s.AdvertiseAddress.IsUnspecified() {
hostIP, err := insecure.DefaultExternalAddress()
hostIP, err := utilnet.ChooseBindAddress(insecure.BindAddress)
if err != nil {
return fmt.Errorf("unable to find suitable network address.error='%v'. "+
"Try to set the AdvertiseAddress directly or provide a valid BindAddress to fix this", err)
......@@ -64,75 +70,3 @@ func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, insecure *Insec
return nil
}
// InsecureServingOptions are for creating an unauthenticated, unauthorized, insecure port.
// No one should be using these anymore.
type InsecureServingOptions struct {
BindAddress net.IP
BindPort int
}
// NewInsecureServingOptions is for creating an unauthenticated, unauthorized, insecure port.
// No one should be using these anymore.
func NewInsecureServingOptions() *InsecureServingOptions {
return &InsecureServingOptions{
BindAddress: net.ParseIP("127.0.0.1"),
BindPort: 8080,
}
}
func (s InsecureServingOptions) Validate() []error {
errors := []error{}
if s.BindPort < 0 || s.BindPort > 65535 {
errors = append(errors, fmt.Errorf("--insecure-port %v must be between 0 and 65535, inclusive. 0 for turning off insecure (HTTP) port", s.BindPort))
}
return errors
}
func (s *InsecureServingOptions) DefaultExternalAddress() (net.IP, error) {
return utilnet.ChooseBindAddress(s.BindAddress)
}
func (s *InsecureServingOptions) AddFlags(fs *pflag.FlagSet) {
fs.IPVar(&s.BindAddress, "insecure-bind-address", s.BindAddress, ""+
"The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces).")
fs.MarkDeprecated("insecure-bind-address", "This flag will be removed in a future version.")
fs.Lookup("insecure-bind-address").Hidden = false
fs.IntVar(&s.BindPort, "insecure-port", s.BindPort, ""+
"The port on which to serve unsecured, unauthenticated access. It is assumed "+
"that firewall rules are set up such that this port is not reachable from outside of "+
"the cluster and that port 443 on the cluster's public address is proxied to this "+
"port. This is performed by nginx in the default setup. Set to zero to disable.")
fs.MarkDeprecated("insecure-port", "This flag will be removed in a future version.")
fs.Lookup("insecure-port").Hidden = false
}
// TODO: remove it until kops stop using `--address`
func (s *InsecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet) {
fs.IPVar(&s.BindAddress, "address", s.BindAddress,
"DEPRECATED: see --insecure-bind-address instead.")
fs.MarkDeprecated("address", "see --insecure-bind-address instead.")
fs.IntVar(&s.BindPort, "port", s.BindPort, "DEPRECATED: see --insecure-port instead.")
fs.MarkDeprecated("port", "see --insecure-port instead.")
}
func (s *InsecureServingOptions) ApplyTo(c *server.Config) (*kubeserver.InsecureServingInfo, error) {
if s.BindPort <= 0 {
return nil, nil
}
ret := &kubeserver.InsecureServingInfo{
BindAddress: net.JoinHostPort(s.BindAddress.String(), strconv.Itoa(s.BindPort)),
}
var err error
if c.LoopbackClientConfig, err = ret.NewLoopbackClientConfig(); err != nil {
return nil, err
}
return ret, nil
}
......@@ -15,10 +15,7 @@ go_library(
"//staging/src/k8s.io/apiserver/pkg/features:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/filters:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/server/options:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/client-go/rest:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
],
)
......
......@@ -17,25 +17,19 @@ limitations under the License.
package server
import (
"net"
"net/http"
"time"
"github.com/golang/glog"
"k8s.io/apiserver/pkg/authentication/user"
genericapifilters "k8s.io/apiserver/pkg/endpoints/filters"
"k8s.io/apiserver/pkg/features"
"k8s.io/apiserver/pkg/server"
genericfilters "k8s.io/apiserver/pkg/server/filters"
"k8s.io/apiserver/pkg/server/options"
utilfeature "k8s.io/apiserver/pkg/util/feature"
"k8s.io/client-go/rest"
)
// InsecureServingInfo is required to serve http. HTTP does NOT include authentication or authorization.
// DeprecatedInsecureServingInfo is required to serve http. HTTP does NOT include authentication or authorization.
// You shouldn't be using this. It makes sig-auth sad.
// InsecureServingInfo *ServingInfo
// DeprecatedInsecureServingInfo *ServingInfo
func BuildInsecureHandlerChain(apiHandler http.Handler, c *server.Config) http.Handler {
handler := apiHandler
......@@ -55,76 +49,6 @@ func BuildInsecureHandlerChain(apiHandler http.Handler, c *server.Config) http.H
return handler
}
type InsecureServingInfo struct {
// BindAddress is the ip:port to serve on
BindAddress string
// BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp",
// "tcp4", and "tcp6".
BindNetwork string
}
func (s *InsecureServingInfo) NewLoopbackClientConfig() (*rest.Config, error) {
if s == nil {
return nil, nil
}
host, port, err := server.LoopbackHostPort(s.BindAddress)
if err != nil {
return nil, err
}
return &rest.Config{
Host: "http://" + net.JoinHostPort(host, port),
// Increase QPS limits. The client is currently passed to all admission plugins,
// and those can be throttled in case of higher load on apiserver - see #22340 and #22422
// for more details. Once #22422 is fixed, we may want to remove it.
QPS: 50,
Burst: 100,
}, nil
}
// NonBlockingRun spawns the insecure http server. An error is
// returned if the ports cannot be listened on.
func NonBlockingRun(insecureServingInfo *InsecureServingInfo, insecureHandler http.Handler, shutDownTimeout time.Duration, stopCh <-chan struct{}) error {
// Use an internal stop channel to allow cleanup of the listeners on error.
internalStopCh := make(chan struct{})
if insecureServingInfo != nil && insecureHandler != nil {
if err := serveInsecurely(insecureServingInfo, insecureHandler, shutDownTimeout, internalStopCh); err != nil {
close(internalStopCh)
return err
}
}
// Now that the listener has bound successfully, it is the
// responsibility of the caller to close the provided channel to
// ensure cleanup.
go func() {
<-stopCh
close(internalStopCh)
}()
return nil
}
// serveInsecurely run the insecure http server. It fails only if the initial listen
// call fails. The actual server loop (stoppable by closing stopCh) runs in a go
// routine, i.e. serveInsecurely does not block.
func serveInsecurely(insecureServingInfo *InsecureServingInfo, insecureHandler http.Handler, shutDownTimeout time.Duration, stopCh <-chan struct{}) error {
insecureServer := &http.Server{
Addr: insecureServingInfo.BindAddress,
Handler: insecureHandler,
MaxHeaderBytes: 1 << 20,
}
glog.Infof("Serving insecurely on %s", insecureServingInfo.BindAddress)
ln, _, err := options.CreateListener(insecureServingInfo.BindNetwork, insecureServingInfo.BindAddress)
if err != nil {
return err
}
err = server.RunServer(insecureServer, ln, shutDownTimeout, stopCh)
return err
}
// insecureSuperuser implements authenticator.Request to always return a superuser.
// This is functionally equivalent to skipping authentication and authorization,
// but allows apiserver code to stop special-casing a nil user to skip authorization checks.
......
......@@ -45,13 +45,14 @@ go_library(
srcs = [
"config.go",
"config_selfclient.go",
"deprecated_insecure_serving.go",
"doc.go",
"genericapiserver.go",
"handler.go",
"healthz.go",
"hooks.go",
"plugins.go",
"serve.go",
"secure_serving.go",
"signal.go",
"signal_posix.go",
"signal_windows.go",
......
......@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
package app
package server
import (
"net"
......@@ -23,11 +23,11 @@ import (
"github.com/golang/glog"
"k8s.io/apiserver/pkg/server"
"k8s.io/client-go/rest"
)
// InsecureServingInfo is the main context object for the insecure http server.
type InsecureServingInfo struct {
// DeprecatedInsecureServingInfo is the main context object for the insecure http server.
type DeprecatedInsecureServingInfo struct {
// Listener is the secure server network listener.
Listener net.Listener
// optional server name for log messages
......@@ -36,7 +36,7 @@ type InsecureServingInfo struct {
// Serve starts an insecure http server with the given handler. It fails only if
// the initial listen call fails. It does not block.
func (s *InsecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) error {
func (s *DeprecatedInsecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) error {
insecureServer := &http.Server{
Addr: s.Listener.Addr().String(),
Handler: handler,
......@@ -48,5 +48,25 @@ func (s *InsecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.D
} else {
glog.Infof("Serving insecurely on %s", s.Listener.Addr())
}
return server.RunServer(insecureServer, s.Listener, shutdownTimeout, stopCh)
return RunServer(insecureServer, s.Listener, shutdownTimeout, stopCh)
}
func (s *DeprecatedInsecureServingInfo) NewLoopbackClientConfig() (*rest.Config, error) {
if s == nil {
return nil, nil
}
host, port, err := LoopbackHostPort(s.Listener.Addr().String())
if err != nil {
return nil, err
}
return &rest.Config{
Host: "http://" + net.JoinHostPort(host, port),
// Increase QPS limits. The client is currently passed to all admission plugins,
// and those can be throttled in case of higher load on apiserver - see #22340 and #22422
// for more details. Once #22422 is fixed, we may want to remove it.
QPS: 50,
Burst: 100,
}, nil
}
......@@ -9,6 +9,7 @@ go_library(
"authentication.go",
"authorization.go",
"coreapi.go",
"deprecated_insecure_serving.go",
"doc.go",
"etcd.go",
"feature.go",
......
......@@ -22,13 +22,14 @@ import (
"github.com/spf13/pflag"
"k8s.io/apiserver/pkg/server/options"
genericcontrollermanager "k8s.io/kubernetes/cmd/controller-manager/app"
"k8s.io/apiserver/pkg/server"
"k8s.io/client-go/rest"
)
// InsecureServingOptions are for creating an unauthenticated, unauthorized, insecure port.
// DeprecatedInsecureServingOptions are for creating an unauthenticated, unauthorized, insecure port.
// No one should be using these anymore.
type InsecureServingOptions struct {
// DEPRECATED: all insecure serving options are removed in a future version
type DeprecatedInsecureServingOptions struct {
BindAddress net.IP
BindPort int
// BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp",
......@@ -46,7 +47,7 @@ type InsecureServingOptions struct {
}
// Validate ensures that the insecure port values within the range of the port.
func (s *InsecureServingOptions) Validate() []error {
func (s *DeprecatedInsecureServingOptions) Validate() []error {
if s == nil {
return nil
}
......@@ -54,29 +55,46 @@ func (s *InsecureServingOptions) Validate() []error {
errors := []error{}
if s.BindPort < 0 || s.BindPort > 65335 {
errors = append(errors, fmt.Errorf("--insecure-port %v must be between 0 and 65535, inclusive. 0 for turning off insecure (HTTP) port", s.BindPort))
errors = append(errors, fmt.Errorf("insecure port %v must be between 0 and 65335, inclusive. 0 for turning off insecure (HTTP) port", s.BindPort))
}
return errors
}
// AddFlags adds flags related to insecure serving for controller manager to the specified FlagSet.
func (s *InsecureServingOptions) AddFlags(fs *pflag.FlagSet) {
// AddFlags adds flags related to insecure serving to the specified FlagSet.
func (s *DeprecatedInsecureServingOptions) AddFlags(fs *pflag.FlagSet) {
if s == nil {
return
}
fs.IPVar(&s.BindAddress, "address", s.BindAddress, "DEPRECATED: the IP address on which to listen for the --port port (set to 0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces). See --bind-address instead.")
// MarkDeprecated hides the flag from the help. We don't want that:
// fs.MarkDeprecated("address", "see --bind-address instead.")
fs.IntVar(&s.BindPort, "port", s.BindPort, "DEPRECATED: the port on which to serve HTTP insecurely without authentication and authorization. If 0, don't serve HTTPS at all. See --secure-port instead.")
// MarkDeprecated hides the flag from the help. We don't want that:
// fs.MarkDeprecated("port", "see --secure-port instead.")
fs.IPVar(&s.BindAddress, "insecure-bind-address", s.BindAddress, ""+
"The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all IPv4 interfaces and :: for all IPv6 interfaces).")
fs.MarkDeprecated("insecure-bind-address", "This flag will be removed in a future version.")
fs.Lookup("insecure-bind-address").Hidden = false
fs.IntVar(&s.BindPort, "insecure-port", s.BindPort, ""+
"The port on which to serve unsecured, unauthenticated access.")
fs.MarkDeprecated("insecure-port", "This flag will be removed in a future version.")
fs.Lookup("insecure-port").Hidden = false
}
// AddUnqualifiedFlags adds flags related to insecure serving without the --insecure prefix to the specified FlagSet.
func (s *DeprecatedInsecureServingOptions) AddUnqualifiedFlags(fs *pflag.FlagSet) {
if s == nil {
return
}
fs.IPVar(&s.BindAddress, "address", s.BindAddress,
"DEPRECATED: see --bind-address instead.")
fs.MarkDeprecated("address", "see --bind-address instead.")
fs.IntVar(&s.BindPort, "port", s.BindPort, "DEPRECATED: see --secure-port instead.")
fs.MarkDeprecated("port", "see --secure-port instead.")
}
// ApplyTo adds InsecureServingOptions to the insecureserverinfo amd kube-controller manager configuration.
// Note: the double pointer allows to set the *InsecureServingInfo to nil without referencing the struct hosting this pointer.
func (s *InsecureServingOptions) ApplyTo(c **genericcontrollermanager.InsecureServingInfo) error {
// ApplyTo adds DeprecatedInsecureServingOptions to the insecureserverinfo amd kube-controller manager configuration.
// Note: the double pointer allows to set the *DeprecatedInsecureServingInfo to nil without referencing the struct hosting this pointer.
func (s *DeprecatedInsecureServingOptions) ApplyTo(c **server.DeprecatedInsecureServingInfo) error {
if s == nil {
return nil
}
......@@ -86,7 +104,7 @@ func (s *InsecureServingOptions) ApplyTo(c **genericcontrollermanager.InsecureSe
if s.Listener == nil {
var err error
listen := options.CreateListener
listen := CreateListener
if s.ListenFunc != nil {
listen = s.ListenFunc
}
......@@ -97,9 +115,50 @@ func (s *InsecureServingOptions) ApplyTo(c **genericcontrollermanager.InsecureSe
}
}
*c = &genericcontrollermanager.InsecureServingInfo{
*c = &server.DeprecatedInsecureServingInfo{
Listener: s.Listener,
}
return nil
}
// WithLoopback adds loopback functionality to the serving options.
func (o *DeprecatedInsecureServingOptions) WithLoopback() *DeprecatedInsecureServingOptionsWithLoopback {
return &DeprecatedInsecureServingOptionsWithLoopback{o}
}
// DeprecatedInsecureServingOptionsWithLoopback adds loopback functionality to the DeprecatedInsecureServingOptions.
// DEPRECATED: all insecure serving options are removed in a future version
type DeprecatedInsecureServingOptionsWithLoopback struct {
*DeprecatedInsecureServingOptions
}
// ApplyTo fills up serving information in the server configuration.
func (s *DeprecatedInsecureServingOptionsWithLoopback) ApplyTo(insecureServingInfo **server.DeprecatedInsecureServingInfo, loopbackClientConfig **rest.Config) error {
if s == nil || s.DeprecatedInsecureServingOptions == nil || insecureServingInfo == nil {
return nil
}
if err := s.DeprecatedInsecureServingOptions.ApplyTo(insecureServingInfo); err != nil {
return err
}
if *insecureServingInfo == nil || loopbackClientConfig == nil {
return nil
}
secureLoopbackClientConfig, err := (*insecureServingInfo).NewLoopbackClientConfig()
switch {
// if we failed and there's no fallback loopback client config, we need to fail
case err != nil && secureLoopbackClientConfig == nil:
return err
// if we failed, but we already have a fallback loopback client config (usually insecure), allow it
case err != nil && secureLoopbackClientConfig != nil:
default:
*loopbackClientConfig = secureLoopbackClientConfig
}
return nil
}
......@@ -54,7 +54,7 @@ func NewRecommendedOptions(prefix string, codec runtime.Codec) *RecommendedOptio
return &RecommendedOptions{
Etcd: NewEtcdOptions(storagebackend.NewDefaultConfig(prefix, codec)),
SecureServing: WithLoopback(sso),
SecureServing: sso.WithLoopback(),
Authentication: NewDelegatingAuthenticationOptions(),
Authorization: NewDelegatingAuthorizationOptions(),
Audit: NewAuditOptions(),
......
......@@ -464,7 +464,7 @@ func TestServerRunWithSNI(t *testing.T) {
config.Version = &v
config.EnableIndex = true
secureOptions := WithLoopback(&SecureServingOptions{
secureOptions := (&SecureServingOptions{
BindAddress: net.ParseIP("127.0.0.1"),
BindPort: 6443,
ServerCert: GeneratableKeyCert{
......@@ -474,7 +474,7 @@ func TestServerRunWithSNI(t *testing.T) {
},
},
SNICertKeys: namedCertKeys,
})
}).WithLoopback()
// use a random free port
ln, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
......
......@@ -31,7 +31,7 @@ type SecureServingOptionsWithLoopback struct {
*SecureServingOptions
}
func WithLoopback(o *SecureServingOptions) *SecureServingOptionsWithLoopback {
func (o *SecureServingOptions) WithLoopback() *SecureServingOptionsWithLoopback {
return &SecureServingOptionsWithLoopback{o}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment