diff --git a/.gitignore b/.gitignore index fab5198..0cebe64 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,4 @@ .vscode vendor hack/tools/* -bin/* +bin/gcp diff --git a/.prow.yaml b/.prow.yaml index 2000962..691ad29 100644 --- a/.prow.yaml +++ b/.prow.yaml @@ -1,8 +1,8 @@ presubmits: - - name: pull-kcp-verify + - name: pull-gcp-verify always_run: true decorate: true - clone_uri: "https://github.com/kcp-dev/kcp" + clone_uri: "https://github.com/kcp-dev/generic-controlplane" labels: preset-goproxy: "true" spec: @@ -11,8 +11,6 @@ presubmits: command: - make - verify-boilerplate - - verify-modules - - verify-k8s-deps - verify-imports resources: requests: @@ -22,7 +20,7 @@ presubmits: - name: pull-gco-lint always_run: true decorate: true - clone_uri: "https://github.com/kcp-dev/kcp" + clone_uri: "https://github.com/kcp-dev/generic-controlplane" labels: preset-goproxy: "true" spec: @@ -49,7 +47,7 @@ presubmits: - hack/build-image.sh env: - name: DRY_RUN - value: '1' + value: "1" # docker-in-docker needs privileged mode securityContext: privileged: true @@ -72,9 +70,8 @@ presubmits: - test env: - name: USE_GOTESTSUM - value: '1' + value: "1" resources: requests: memory: 4Gi cpu: 2 - diff --git a/bin/.gitkeep b/bin/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/server/admission/plugins.go b/server/admission/plugins.go index 5f7ce64..d95a51e 100644 --- a/server/admission/plugins.go +++ b/server/admission/plugins.go @@ -45,7 +45,7 @@ var AllOrderedPlugins = []string{ autoprovision.PluginName, // NamespaceAutoProvision lifecycle.PluginName, // NamespaceLifecycle exists.PluginName, // NamespaceExists - //limitranger.PluginName, // LimitRanger + // limitranger.PluginName, // LimitRanger serviceaccount.PluginName, // ServiceAccount eventratelimit.PluginName, // EventRateLimit gc.PluginName, // OwnerReferencesPermissionEnforcement @@ -70,7 +70,7 @@ func RegisterAllAdmissionPlugins(plugins *admission.Plugins) { autoprovision.Register(plugins) lifecycle.Register(plugins) exists.Register(plugins) - //limitranger.Register(plugins) + // limitranger.Register(plugins) serviceaccount.Register(plugins) eventratelimit.Register(plugins) gc.Register(plugins) @@ -89,7 +89,7 @@ func RegisterAllAdmissionPlugins(plugins *admission.Plugins) { func DefaultOffAdmissionPlugins() sets.Set[string] { defaultOnPlugins := sets.New( lifecycle.PluginName, // NamespaceLifecycle - //limitranger.PluginName, // LimitRanger + // limitranger.PluginName, // LimitRanger serviceaccount.PluginName, // ServiceAccount defaulttolerationseconds.PluginName, // DefaultTolerationSeconds mutatingwebhook.PluginName, // MutatingAdmissionWebhook diff --git a/server/cmd/options/authentication.go b/server/cmd/options/authentication.go index e475015..8207ce8 100644 --- a/server/cmd/options/authentication.go +++ b/server/cmd/options/authentication.go @@ -41,6 +41,7 @@ const ( gcpUserUserName = "user" ) +// AdminAuthentication holds the configuration for the admin authentication in standalone mode. type AdminAuthentication struct { KubeConfigPath string @@ -48,6 +49,8 @@ type AdminAuthentication struct { ShardAdminTokenHashFilePath string } +// NewAdminAuthentication returns a new AdminAuthentication for the given root directory +// where the kubeconfig and the token hash file should be written. func NewAdminAuthentication(rootDir string) *AdminAuthentication { return &AdminAuthentication{ KubeConfigPath: filepath.Join(rootDir, "admin.kubeconfig"), @@ -55,6 +58,7 @@ func NewAdminAuthentication(rootDir string) *AdminAuthentication { } } +// Validate validates the admin authentication configuration. func (s *AdminAuthentication) Validate() []error { if s == nil { return nil @@ -69,6 +73,7 @@ func (s *AdminAuthentication) Validate() []error { return errs } +// AddFlags adds the flags for the admin authentication to the given FlagSet. func (s *AdminAuthentication) AddFlags(fs *pflag.FlagSet) { if s == nil { return @@ -118,6 +123,7 @@ func (s *AdminAuthentication) ApplyTo(config *genericapiserver.Config) (volatile return volatileGcpAdminToken, volatileUserToken, nil } +// WriteKubeConfig writes the kubeconfig to the configured path. func (s *AdminAuthentication) WriteKubeConfig(config genericapiserver.CompletedConfig, gcpAdminToken, userToken string) error { externalCACert, _ := config.SecureServing.Cert.CurrentCertKeyContent() externalKubeConfigHost := fmt.Sprintf("https://%s", config.ExternalAddress) diff --git a/server/cmd/options/config.go b/server/cmd/options/config.go index 25bbb1f..0302d83 100644 --- a/server/cmd/options/config.go +++ b/server/cmd/options/config.go @@ -30,6 +30,7 @@ import ( generatedopenapi "k8s.io/kubernetes/pkg/generated/openapi" ) +// Config holds the configuration for the generic controlplane server. type Config struct { Options CompletedOptions @@ -41,6 +42,7 @@ type Config struct { ExtraConfig } +// ExtraConfig holds the extra configuration for the generic controlplane server. type ExtraConfig struct { // authentication GcpAdminToken, UserToken string @@ -58,11 +60,13 @@ type completedConfig struct { ExtraConfig } +// CompletedConfig holds the completed configuration for the generic controlplane server. type CompletedConfig struct { // Embed a private pointer that cannot be instantiated outside of this package. *completedConfig } +// Complete fills in any fields not set that are required to have valid data. func (c *Config) Complete() (CompletedConfig, error) { return CompletedConfig{&completedConfig{ Options: c.Options, diff --git a/server/cmd/options/options.go b/server/cmd/options/options.go index d89749a..e8ec79d 100644 --- a/server/cmd/options/options.go +++ b/server/cmd/options/options.go @@ -36,6 +36,7 @@ import ( gcpadmission "github.com/kcp-dev/generic-controlplane/server/admission" ) +// Options holds the configuration for the generic controlplane server. type Options struct { GenericControlPlane controlplaneapiserveroptions.Options EmbeddedEtcd etcdoptions.Options @@ -45,6 +46,7 @@ type Options struct { Extra ExtraOptions } +// ExtraOptions holds the extra configuration for the generic controlplane server. type ExtraOptions struct { RootDir string } @@ -58,6 +60,7 @@ type completedOptions struct { Extra ExtraOptions } +// CompletedOptions holds the completed configuration for the generic controlplane server. type CompletedOptions struct { *completedOptions } @@ -99,6 +102,7 @@ func NewOptions(rootDir string) *Options { return o } +// AddFlags adds flags for a specific APIServer to the specified FlagSet. func (o *Options) AddFlags(fss *cliflag.NamedFlagSets) { o.GenericControlPlane.AddFlags(fss) @@ -112,6 +116,7 @@ func (o *Options) AddFlags(fss *cliflag.NamedFlagSets) { // Placeholders for future flags. } +// Complete fills in any fields not set that are required to have valid data. func (o *Options) Complete() (*CompletedOptions, error) { if servers := o.GenericControlPlane.Etcd.StorageConfig.Transport.ServerList; len(servers) == 1 && servers[0] == "embedded" { klog.Background().Info("enabling embedded etcd server") @@ -149,7 +154,6 @@ func (o *Options) Complete() (*CompletedOptions, error) { } // override set of admission plugins - //spew.Dump(o.GenericControlPlane.Admission.GenericAdmission.Plugins) gcpadmission.RegisterAllAdmissionPlugins(o.GenericControlPlane.Admission.GenericAdmission.Plugins) o.GenericControlPlane.Admission.GenericAdmission.DisablePlugins = sets.List[string](gcpadmission.DefaultOffAdmissionPlugins()) o.GenericControlPlane.Admission.GenericAdmission.RecommendedPluginOrder = gcpadmission.AllOrderedPlugins @@ -197,6 +201,7 @@ func (o *Options) Complete() (*CompletedOptions, error) { }, nil } +// Validate validates the generic controlplane server options. func (o *CompletedOptions) Validate() []error { var errs []error diff --git a/server/cmd/server.go b/server/cmd/server.go index 9d45eb5..3ca6da2 100644 --- a/server/cmd/server.go +++ b/server/cmd/server.go @@ -28,9 +28,9 @@ import ( "github.com/spf13/cobra" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - utilerrors "k8s.io/apimachinery/pkg/util/errors" + kerrors "k8s.io/apimachinery/pkg/util/errors" utilruntime "k8s.io/apimachinery/pkg/util/runtime" - _ "k8s.io/apiserver/pkg/admission" + _ "k8s.io/apiserver/pkg/admission" // for admission plugins genericapifilters "k8s.io/apiserver/pkg/endpoints/filters" genericapiserver "k8s.io/apiserver/pkg/server" utilfeature "k8s.io/apiserver/pkg/util/feature" @@ -41,14 +41,14 @@ import ( "k8s.io/component-base/cli/globalflag" "k8s.io/component-base/logs" logsapi "k8s.io/component-base/logs/api/v1" - _ "k8s.io/component-base/metrics/prometheus/workqueue" + _ "k8s.io/component-base/metrics/prometheus/workqueue" // for workqueue metrics "k8s.io/component-base/term" "k8s.io/component-base/version" "k8s.io/component-base/version/verflag" "k8s.io/klog/v2" aggregatorapiserver "k8s.io/kube-aggregator/pkg/apiserver" controlplaneapiserver "k8s.io/kubernetes/pkg/controlplane/apiserver" - _ "k8s.io/kubernetes/pkg/features" + _ "k8s.io/kubernetes/pkg/features" // add the kubernetes feature gates options "github.com/kcp-dev/generic-controlplane/server/cmd/options" // add the kubernetes feature gates @@ -108,7 +108,7 @@ APIs.`, } if errs := completedOptions.Validate(); len(errs) != 0 { - return utilerrors.NewAggregate(errs) + return kerrors.NewAggregate(errs) } // add feature enablement metrics