diff options
Diffstat (limited to 'vendor/k8s.io/apiserver/pkg')
3 files changed, 157 insertions, 35 deletions
diff --git a/vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go b/vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go index ac3c252b7..1b7bbc139 100644 --- a/vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go +++ b/vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go @@ -59,8 +59,8 @@ func SplitUsername(username string) (string, string, error) { return namespace, name, nil } -// MakeGroupNames generates service account group names for the given namespace and ServiceAccount name -func MakeGroupNames(namespace, name string) []string { +// MakeGroupNames generates service account group names for the given namespace +func MakeGroupNames(namespace string) []string { return []string{ AllServiceAccountsGroup, MakeNamespaceGroupName(namespace), diff --git a/vendor/k8s.io/apiserver/pkg/features/kube_features.go b/vendor/k8s.io/apiserver/pkg/features/kube_features.go index 1b896e1e5..57bab8b00 100644 --- a/vendor/k8s.io/apiserver/pkg/features/kube_features.go +++ b/vendor/k8s.io/apiserver/pkg/features/kube_features.go @@ -27,20 +27,42 @@ const ( // // alpha: v1.4 // MyFeature() bool - // owner: timstclair + // owner: @tallclair // alpha: v1.5 // // StreamingProxyRedirects controls whether the apiserver should intercept (and follow) // redirects from the backend (Kubelet) for streaming requests (exec/attach/port-forward). StreamingProxyRedirects utilfeature.Feature = "StreamingProxyRedirects" - // owner: timstclair + // owner: @tallclair // alpha: v1.7 + // beta: v1.8 // // AdvancedAuditing enables a much more general API auditing pipeline, which includes support for // pluggable output backends and an audit policy specifying how different requests should be // audited. AdvancedAuditing utilfeature.Feature = "AdvancedAuditing" + + // owner: @ilackams + // alpha: v1.7 + // + // Enables compression of REST responses (GET and LIST only) + APIResponseCompression utilfeature.Feature = "APIResponseCompression" + + // owner: @smarterclayton + // alpha: v1.7 + // + // Allow asynchronous coordination of object creation. + // Auto-enabled by the Initializers admission plugin. + Initializers utilfeature.Feature = "Initializers" + + // owner: @smarterclayton + // alpha: v1.8 + // beta: v1.9 + // + // Allow API clients to retrieve resource lists in chunks rather than + // all at once. + APIListChunking utilfeature.Feature = "APIListChunking" ) func init() { @@ -52,5 +74,8 @@ func init() { // available throughout Kubernetes binaries. var defaultKubernetesFeatureGates = map[utilfeature.Feature]utilfeature.FeatureSpec{ StreamingProxyRedirects: {Default: true, PreRelease: utilfeature.Beta}, - AdvancedAuditing: {Default: false, PreRelease: utilfeature.Alpha}, + AdvancedAuditing: {Default: true, PreRelease: utilfeature.Beta}, + APIResponseCompression: {Default: false, PreRelease: utilfeature.Alpha}, + Initializers: {Default: false, PreRelease: utilfeature.Alpha}, + APIListChunking: {Default: true, PreRelease: utilfeature.Beta}, } diff --git a/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go b/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go index e7226688c..306877124 100644 --- a/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go +++ b/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go @@ -21,6 +21,8 @@ import ( "sort" "strconv" "strings" + "sync" + "sync/atomic" "github.com/golang/glog" "github.com/spf13/pflag" @@ -45,7 +47,7 @@ var ( } // Special handling for a few gates. - specialFeatures = map[Feature]func(f *featureGate, val bool){ + specialFeatures = map[Feature]func(known map[Feature]FeatureSpec, enabled map[Feature]bool, val bool){ allAlphaGate: setUnsetAlphaGates, } @@ -65,33 +67,48 @@ const ( Alpha = prerelease("ALPHA") Beta = prerelease("BETA") GA = prerelease("") + + // Deprecated + Deprecated = prerelease("DEPRECATED") ) // FeatureGate parses and stores flag gates for known features from // a string like feature1=true,feature2=false,... type FeatureGate interface { + // AddFlag adds a flag for setting global feature gates to the specified FlagSet. AddFlag(fs *pflag.FlagSet) + // Set parses and stores flag gates for known features + // from a string like feature1=true,feature2=false,... Set(value string) error + // SetFromMap stores flag gates for known features from a map[string]bool or returns an error + SetFromMap(m map[string]bool) error + // Enabled returns true if the key is enabled. Enabled(key Feature) bool + // Add adds features to the featureGate. Add(features map[Feature]FeatureSpec) error + // KnownFeatures returns a slice of strings describing the FeatureGate's known features. KnownFeatures() []string } // featureGate implements FeatureGate as well as pflag.Value for flag parsing. type featureGate struct { - known map[Feature]FeatureSpec - special map[Feature]func(*featureGate, bool) - enabled map[Feature]bool - - // is set to true when AddFlag is called. Note: initialization is not go-routine safe, lookup is + special map[Feature]func(map[Feature]FeatureSpec, map[Feature]bool, bool) + + // lock guards writes to known, enabled, and reads/writes of closed + lock sync.Mutex + // known holds a map[Feature]FeatureSpec + known *atomic.Value + // enabled holds a map[Feature]bool + enabled *atomic.Value + // closed is set to true when AddFlag is called, and prevents subsequent calls to Add closed bool } -func setUnsetAlphaGates(f *featureGate, val bool) { - for k, v := range f.known { +func setUnsetAlphaGates(known map[Feature]FeatureSpec, enabled map[Feature]bool, val bool) { + for k, v := range known { if v.PreRelease == Alpha { - if _, found := f.enabled[k]; !found { - f.enabled[k] = val + if _, found := enabled[k]; !found { + enabled[k] = val } } } @@ -101,27 +118,49 @@ func setUnsetAlphaGates(f *featureGate, val bool) { var _ pflag.Value = &featureGate{} func NewFeatureGate() *featureGate { + known := map[Feature]FeatureSpec{} + for k, v := range defaultFeatures { + known[k] = v + } + + knownValue := &atomic.Value{} + knownValue.Store(known) + + enabled := map[Feature]bool{} + enabledValue := &atomic.Value{} + enabledValue.Store(enabled) + f := &featureGate{ - known: map[Feature]FeatureSpec{}, + known: knownValue, special: specialFeatures, - enabled: map[Feature]bool{}, - } - for k, v := range defaultFeatures { - f.known[k] = v + enabled: enabledValue, } return f } -// Set Parses a string of the form // "key1=value1,key2=value2,..." into a +// Set parses a string of the form "key1=value1,key2=value2,..." into a // map[string]bool of known keys or returns an error. func (f *featureGate) Set(value string) error { + f.lock.Lock() + defer f.lock.Unlock() + + // Copy existing state + known := map[Feature]FeatureSpec{} + for k, v := range f.known.Load().(map[Feature]FeatureSpec) { + known[k] = v + } + enabled := map[Feature]bool{} + for k, v := range f.enabled.Load().(map[Feature]bool) { + enabled[k] = v + } + for _, s := range strings.Split(value, ",") { if len(s) == 0 { continue } arr := strings.SplitN(s, "=", 2) k := Feature(strings.TrimSpace(arr[0])) - _, ok := f.known[Feature(k)] + featureSpec, ok := known[k] if !ok { return fmt.Errorf("unrecognized key: %s", k) } @@ -133,21 +172,65 @@ func (f *featureGate) Set(value string) error { if err != nil { return fmt.Errorf("invalid value of %s: %s, err: %v", k, v, err) } - f.enabled[k] = boolValue + enabled[k] = boolValue + if boolValue && featureSpec.PreRelease == Deprecated { + glog.Warningf("enabling deprecated feature gate %s", k) + } // Handle "special" features like "all alpha gates" if fn, found := f.special[k]; found { - fn(f, boolValue) + fn(known, enabled, boolValue) } } + // Persist changes + f.known.Store(known) + f.enabled.Store(enabled) + + glog.Infof("feature gates: %v", enabled) + return nil +} + +// SetFromMap stores flag gates for known features from a map[string]bool or returns an error +func (f *featureGate) SetFromMap(m map[string]bool) error { + f.lock.Lock() + defer f.lock.Unlock() + + // Copy existing state + known := map[Feature]FeatureSpec{} + for k, v := range f.known.Load().(map[Feature]FeatureSpec) { + known[k] = v + } + enabled := map[Feature]bool{} + for k, v := range f.enabled.Load().(map[Feature]bool) { + enabled[k] = v + } + + for k, v := range m { + k := Feature(k) + _, ok := known[k] + if !ok { + return fmt.Errorf("unrecognized key: %s", k) + } + enabled[k] = v + // Handle "special" features like "all alpha gates" + if fn, found := f.special[k]; found { + fn(known, enabled, v) + } + } + + // Persist changes + f.known.Store(known) + f.enabled.Store(enabled) + glog.Infof("feature gates: %v", f.enabled) return nil } +// String returns a string containing all enabled feature gates, formatted as "key1=value1,key2=value2,...". func (f *featureGate) String() string { pairs := []string{} - for k, v := range f.enabled { + for k, v := range f.enabled.Load().(map[Feature]bool) { pairs = append(pairs, fmt.Sprintf("%s=%t", k, v)) } sort.Strings(pairs) @@ -158,37 +241,51 @@ func (f *featureGate) Type() string { return "mapStringBool" } +// Add adds features to the featureGate. func (f *featureGate) Add(features map[Feature]FeatureSpec) error { + f.lock.Lock() + defer f.lock.Unlock() + if f.closed { return fmt.Errorf("cannot add a feature gate after adding it to the flag set") } + // Copy existing state + known := map[Feature]FeatureSpec{} + for k, v := range f.known.Load().(map[Feature]FeatureSpec) { + known[k] = v + } + for name, spec := range features { - if existingSpec, found := f.known[name]; found { + if existingSpec, found := known[name]; found { if existingSpec == spec { continue } return fmt.Errorf("feature gate %q with different spec already exists: %v", name, existingSpec) } - f.known[name] = spec + known[name] = spec } + + // Persist updated state + f.known.Store(known) + return nil } +// Enabled returns true if the key is enabled. func (f *featureGate) Enabled(key Feature) bool { - defaultValue := f.known[key].Default - if f.enabled != nil { - if v, ok := f.enabled[key]; ok { - return v - } + if v, ok := f.enabled.Load().(map[Feature]bool)[key]; ok { + return v } - return defaultValue + return f.known.Load().(map[Feature]FeatureSpec)[key].Default } // AddFlag adds a flag for setting global feature gates to the specified FlagSet. func (f *featureGate) AddFlag(fs *pflag.FlagSet) { + f.lock.Lock() f.closed = true + f.lock.Unlock() known := f.KnownFeatures() fs.Var(f, flagName, ""+ @@ -196,10 +293,10 @@ func (f *featureGate) AddFlag(fs *pflag.FlagSet) { "Options are:\n"+strings.Join(known, "\n")) } -// Returns a string describing the FeatureGate's known features. +// KnownFeatures returns a slice of strings describing the FeatureGate's known features. func (f *featureGate) KnownFeatures() []string { var known []string - for k, v := range f.known { + for k, v := range f.known.Load().(map[Feature]FeatureSpec) { pre := "" if v.PreRelease != GA { pre = fmt.Sprintf("%s - ", v.PreRelease) |