k8s的apiserver_kube_apiserver

k8s的apiserver_kube_apiserverAPIserverfunc main() { … #核心 command := app.NewAPIServerCommand() #日志 logs.InitLogs() defer logs.FlushLogs() …}#NewAPIServerCommand#核心是调用run函数 运行AIPserver 永远不会退出return Run(completedOptions, genericapiserver.SetupSignalHandler())#Run#创建

大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全系列IDE使用 1年只要46元 售后保障 童叟无欺

APIserver

func main() { 
   
	...
	#核心
	command := app.NewAPIServerCommand()
	#日志
	logs.InitLogs()
	defer logs.FlushLogs()
	...
}
#NewAPIServerCommand
#核心是调用run函数  运行AIPserver 永远不会退出
return Run(completedOptions, genericapiserver.SetupSignalHandler())
#Run
#创建server链路
server, err := CreateServerChain(completeOptions, stopCh)
func CreateServerChain(completedOptions completedServerRunOptions, stopCh <-chan struct{ 
   }) (*aggregatorapiserver.APIAggregator, error) { 
   
	#创建APIserver的配置
	kubeAPIServerConfig, serviceResolver, pluginInitializer, err := CreateKubeAPIServerConfig(completedOptions)
	#API拓展服务 主要针对CRD
	apiExtensionsServer, err := createAPIExtensionsServer(apiExtensionsConfig, genericapiserver.NewEmptyDelegate())
	#API核心服务
	kubeAPIServer, err := CreateKubeAPIServer(kubeAPIServerConfig, apiExtensionsServer.GenericAPIServer)
	#API聚合服务 聚合前面的server
	aggregatorServer, err := createAggregatorServer(aggregatorConfig, kubeAPIServer.GenericAPIServer, apiExtensionsServer.Informers)
}

#CreateKubeAPIServerConfig
func CreateKubeAPIServerConfig(s completedServerRunOptions) (
	*controlplane.Config,
	aggregatorapiserver.ServiceResolver,
	[]admission.PluginInitializer,
	error,
) { 
   
	#建立通用配置
	genericConfig, versionedInformers, serviceResolver, pluginInitializers, admissionPostStartHook, storageFactory, err := buildGenericConfig(s.ServerRunOptions, proxyTransport)
	if err != nil { 
   
	}
#buildGenericConfig
func buildGenericConfig(
	...
	#默认生成api文档
	genericConfig.OpenAPIConfig = genericapiserver.DefaultOpenAPIConfig(generatedopenapi.GetOpenAPIDefinitions, openapinamer.NewDefinitionNamer(legacyscheme.Scheme, extensionsapiserver.Scheme, aggregatorscheme.Scheme))
	...
	#采用etcd作为存储方案
	completedStorageFactoryConfig, err := storageFactoryConfig.Complete(s.Etcd)
	#认证机制
	if lastErr = s.Authentication.ApplyTo
	#授权机制
	genericConfig.Authorization.Authorizer, genericConfig.RuleResolver, err = BuildAuthorizer(s, genericConfig.EgressSelector, versionedInformers)
	#准入机制
	err = s.Admission.ApplyTo()
}
#认证机制
#s.Authentication.ApplyTo
func (o *BuiltInAuthenticationOptions) ApplyTo(authInfo *genericapiserver.AuthenticationInfo, secureServing *genericapiserver.SecureServingInfo, egressSelector *egressselector.EgressSelector, openAPIConfig *openapicommon.Config, extclient kubernetes.Interface, versionedInformer informers.SharedInformerFactory){ 
   
	...
	#实例化Config
	authInfo.Authenticator, openAPIConfig.SecurityDefinitions, err = authenticatorConfig.New()
	...
}
#authenticatorConfig.New
func (config Config) New() (authenticator.Request, *spec.SecurityDefinitions, error) { 
   
	#重点关注authenticators 和 tokenAuthenticators两个变量
	var authenticators []authenticator.Request
	var tokenAuthenticators []authenticator.Token
	#添加requestHeader认证方式
	if config.RequestHeaderConfig != nil { 
   
		requestHeaderAuthenticator := headerrequest.NewDynamicVerifyOptionsSecure(
			...
		)
		#追加认证方式
		authenticators = append(authenticators, authenticator.WrapAudienceAgnosticRequest(config.APIAudiences, requestHeaderAuthenticator))
	}
	#添加CLientCA认证方式
	if config.ClientCAContentProvider != nil { 
   
		...
	}
	#添加Token认证方式
	if len(config.TokenAuthFile) > 0 { 
   
		tokenAuth, err := newAuthenticatorFromTokenFile(config.TokenAuthFile)
		
	}
	#...其他各种认证方式
	#如果没有认证方式 则启动anonymous
	if len(authenticators) == 0 { 
   
		if config.Anonymous { 
   
			return anonymous.NewAuthenticator(), &securityDefinitions, nil
		}
		return nil, &securityDefinitions, nil
	}
	#整合两种认证方式authenticators 和 tokenAuthenticators
	authenticator := union.New(authenticators...)
	}

	return authenticator, &securityDefinitions, nil
}
#授权机制
#BuildAuthorizer
#调用此函数
return authorizationConfig.New()
#New
func (config Config) New() (authorizer.Authorizer, authorizer.RuleResolver, error) { 
   
	...
	case modes.ModeNode:
	...
	const (
	...
	#对生产来说最有用出的模式RBAC 角色-用户模式
	ModeRBAC string = "RBAC"
	...
)
#CreateKubeAPIServer
func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget) (*Instance, error) { 
   
	#GenericServer实例化
	s, err := c.GenericConfig.New("kube-apiserver", delegationTarget)
	...
	#masterserver实例化
	m := &Instance{ 
   
		GenericAPIServer:          s,
		ClusterAuthenticationInfo: c.ExtraConfig.ClusterAuthenticationInfo,
	}
	#注册LegacyAPI
	if c.ExtraConfig.APIResourceConfigSource.VersionEnabled(apiv1.SchemeGroupVersion) { 
   
	...
		}
		if err := m.InstallLegacyAPI(&c, c.GenericConfig.RESTOptionsGetter, legacyRESTStorageProvider); err != nil { 
   
			return nil, err
		}
	}
	#REST接口的存储定义 可以看到很多k8s上的常见定义 比如node节点/storage存储/event事件等等
	restStorageProviders := []RESTStorageProvider{ 
   
		...
	}
	#安装 API 
	if err := m.InstallAPIs(c.ExtraConfig.APIResourceConfigSource, c.GenericConfig.RESTOptionsGetter, restStorageProviders...); err != nil { 
   
		return nil, err
	}
	#添加钩子
	m.GenericAPIServer.AddPostStartHookOrDie
	...
	return m, nil
}
#GenericConfig.New
func (c completedConfig) New(name string, delegationTarget DelegationTarget) { 
   
	#实例化一个APIserver
	s := &GenericAPIServer
	#启动之后的钩子函数
	for k, v := range delegationTarget.PostStartHooks() { 
   
		s.postStartHooks[k] = v
	}
	#关闭之前的钩子函数
	for k, v := range delegationTarget.PreShutdownHooks() { 
   
		s.preShutdownHooks[k] = v
	}
	...
	#安装相应的APIserver
	installAPI(s, c.Config)
}
# installAPI
func installAPI(s *GenericAPIServer, c *Config) { 
   
	#添加/index.html路由规则
	if c.EnableIndex { 
   
	}
	#添加pprof的路由规则
	if c.EnableProfiling { 
   
	}
	#添加监控相关的/metrics的指标路由规则
	if c.EnableMetrics { 
   
	}
	#添加版本相关的路由规则
	routes.Version{ 
   Version: c.Version}.Install(s.Handler.GoRestfulContainer)
	#看起服务发现
	if c.EnableDiscovery { 
   
	}
	...
}
func (m *Master) InstallLegacyAPI(c *completedConfig, restOptionsGetter generic.RESTOptionsGetter, legacyRESTStorageProvider corerest.LegacyRESTStorageProvider) error { 
   
  # RESTStorage的初始化
	legacyRESTStorage, apiGroupInfo, err := legacyRESTStorageProvider.NewLegacyRESTStorage(restOptionsGetter)
	 # 前缀为 /api,注册上对应的Version和Resource
  # Pod作为核心资源,没有Group的概念
	if err := m.GenericAPIServer.InstallLegacyAPIGroup(genericapiserver.DefaultLegacyAPIPrefix, &apiGroupInfo); err != nil { 
   
		return fmt.Errorf("error in registering group versions: %v", err)
	}
	return nil
}
#NewLegacyRESTStorage
#RESTStorage的初始化
func (c LegacyRESTStorageProvider) NewLegacyRESTStorage(restOptionsGetter generic.RESTOptionsGetter) (LegacyRESTStorage, genericapiserver.APIGroupInfo, error) { 
   
	# pod 模板
	podTemplateStorage, err := podtemplatestore.NewREST(restOptionsGetter)
	# event事件
	eventStorage, err := eventstore.NewREST(restOptionsGetter, uint64(c.EventTTL.Seconds()))
	# limitRange资源限制
	limitRangeStorage, err := limitrangestore.NewREST(restOptionsGetter)
	# resourceQuota资源配额
	resourceQuotaStorage, resourceQuotaStatusStorage, err := resourcequotastore.NewREST(restOptionsGetter)
	# secret加密
	secretStorage, err := secretstore.NewREST(restOptionsGetter)
	# PV 存储
	persistentVolumeStorage, persistentVolumeStatusStorage, err := pvstore.NewREST(restOptionsGetter)
	# PVC 存储
	persistentVolumeClaimStorage, persistentVolumeClaimStatusStorage, err := pvcstore.NewREST(restOptionsGetter)
	# ConfigMap 配置
	configMapStorage, err := configmapstore.NewREST(restOptionsGetter)
	...
  
  # pod模板
  podStorage, err := podstore.NewStorage()
 
  # 保存storage的对应关系
  restStorageMap := map[string]rest.Storage{ 
   
		"pods":             podStorage.Pod,
    ...
  }
}
#podstore.NewStorage
#Pod初始化
func NewStorage(optsGetter generic.RESTOptionsGetter, k client.ConnectionInfoGetter, proxyTransport http.RoundTripper, podDisruptionBudgetClient policyclient.PodDisruptionBudgetsGetter) (PodStorage, error) { 
   

	store := &genericregistry.Store{ 
   
		// 增改删的策略
	 	CreateStrategy:      registrypod.Strategy,
		UpdateStrategy:      registrypod.Strategy,
		DeleteStrategy:      registrypod.Strategy,
		...
	}
}

在这里插入图片描述

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/168519.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)
blank

相关推荐

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号