Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes API Codebase Tour

Kubernetes API Codebase Tour

Dr. Stefan Schimanski

December 04, 2018
Tweet

More Decks by Dr. Stefan Schimanski

Other Decks in Technology

Transcript

  1. v1alpha1 types: staging/src/k8s.io/api/auditregistration/v1alpha1 • types.go – actual Golang types (with

    JSON and Proto tags) • register.go – registration code: AddToScheme internal types: pkg/apis/auditregistration • types.go – internal (hub) Golang types (without JSON/Proto) • register.go – registration code: AddToScheme Installer: pkg/apis/auditregistration/install: func Install(scheme *runtime.Scheme) Golang types
  2. Scheme: register Golang types & Golang funcs w/ GroupVersionKind k8s.io/apimachinery/pkg/runtime.Scheme

    GroupVersionKinds conversions defaulters reflect.Type Scheme Codec
  3. v1alpha1 types: staging/src/k8s.io/api/auditregistration/v1alpha1 • types.go – actual Golang types (with

    JSON and Proto tags) • register.go – registration code: AddToScheme internal types: pkg/apis/auditregistration • types.go – internal (hub) Golang types (without JSON/Proto) • register.go – registration code: AddToScheme Installer: pkg/apis/auditregistration/install: func Install(scheme *runtime.Scheme) Golang types
  4. Conversions: pkg/apis/auditregistration/v1alpha1 • conversion.go – custom conversions • zz_generated.conversion.go –

    generated conversions Defaults: zz_generated_defaults.go DeepCopy: zz_generated_deepcopy.go Generated Code not in k8s.io/api!
  5. apiserver binary generic apiserver in k8s.io/apiserver 404 authentication authorization impersonation

    panic recovery request-timeout audit max-in-flight handler chain mux data flow calls back to knows no API groups yet Scheme empty /version /apis /openapi/v2 /swagger.json /healthz /metrics
  6. apiserver binary generic apiserver in k8s.io/apiserver 404 authentication authorization impersonation

    panic recovery request-timeout audit max-in-flight handler chain mux data flow calls back to knows no API groups yet Scheme empty /version /apis /openapi/v2 /swagger.json /healthz /metrics
  7. func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler { handler := genericapifilters.WithAuthorization(apiHandler,

    ...) handler = genericfilters.WithMaxInFlightLimit(handler, ...) handler = genericapifilters.WithImpersonation(handler, ...) handler = genericapifilters.WithAudit(handler, ...) failedHandler := genericapifilters.Unauthorized(...) failedHandler = genericapifilters.WithFailedAuthenticationAudit(failedHandler, ...) handler = genericapifilters.WithAuthentication(handler, ..., failedHandler, ...) handler = genericfilters.WithCORS(handler, ...) handler = genericfilters.WithTimeoutForNonLongRunningRequests(handler, ...) handler = genericfilters.WithWaitGroup(handler, ...) handler = genericapifilters.WithRequestInfo(handler, ...) handler = genericfilters.WithPanicRecovery(handler) return handler } k8s.io/apiserver/pkg/server/config.go
  8. kube-apiserver generic apiserver 404 authentication authorization impersonation panic recovery request-timeout

    audit max-in-flight handler chain mux data flow calls back to knows no API groups yet Scheme /version /apis /openapi/v2 /swagger.json /healthz /metrics core/v1 Pod core/v1 Pod core/v1 Pod
  9. kube-apiserver apiserver 404 resource handler request conversion & defaulting REST

    logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handler chain mux data flow calls back to Scheme core/v1 Pod core/v1 Pod core/v1 Pod via InstallAPIGroup(info)
  10. kube-apiserver apiserver resource handler resource handler 404 resource handler request

    conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handler chain Scheme core/v1 Pod core/v1 Pod core/v1 Pod data flow calls back to mux no storage logic yet
  11. kube-apiserver apiserver resource handler resource handler 404 etcd resource handler

    request conversion & defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handler chain API Group “core” API Group “core” API Group “core” PodStorage PodStorage PodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ... mux Scheme core/v1 Pod core/v1 Pod core/v1 Pod data flow calls back to
  12. kube-apiserver apiserver resource handler resource handler 404 etcd resource handler

    request conversion & defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handler chain API Group “core” API Group “core” API Group “core” PodStorage PodStorage PodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ... mux Scheme core/v1 Pod core/v1 Pod core/v1 Pod data flow calls back to v1 v1 v1 int int v1 int v1 int v2 v1 int int v1 hub/internal version
  13. kube-apiserver apiserver resource handler resource handler 404 etcd resource handler

    request conversion & defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handler chain API Group “core” API Group “core” API Group “core” PodStorage PodStorage PodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ... mux Scheme core/v1 Pod core/v1 Pod core/v1 Pod data flow calls back to conversions defaulting
  14. kube-apiserver CRDs aggregator kube- aggregator & CRDs apiserver resource handler

    resource handler 404 etcd aggregated apiservers resource handler request conversion & defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handler chain API Group “core” API Group “core” API Group “core” PodStorage PodStorage PodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ... mux Scheme core/v1 Pod core/v1 Pod core/v1 Pod data flow calls back to
  15. kube-apiserver kube- aggregator apiserver resource handler resource handler 404 etcd

    aggregated apiservers resource handler request conversion & defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handler chain API Group “core” API Group “core” API Group “core” PodStorage PodStorage PodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ... mux Scheme core/v1 Pod core/v1 Pod core/v1 Pod data flow calls back to pkg/registry pkg/apis + k8s.io/api k8s.io/apiserver/pkg/endpoints/handlers k8s.io/apiserver/pkg/admission k8s.io/apiserver/plugin/pkg/admission plugins/pkg/admission k8s.io/apiserver/pkg/endpoints/filters k8s.io/kube-aggregator k8s.io/apiextensions-apiserver k8s.io/apiserver/pkg/storage/etcd3 k8s.io/apiserver/pkg/registry/generic
  16. API Group “core” API Group “core” API Group “auditregistration.k8s.io” PodStorage

    PodStorage AuditSinkStorage Generic Registry AuditSink Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ... staging/src/k8s.io/apiserver/pkg/registry/generic/registry pkg/apis/auditregistration/validation “The registry” of a resource
  17. Plumbing into kube-apiserver pkg/master/import_known_versions.go import ( _ "k8s.io/kubernetes/pkg/apis/auditregistration/install" ) pkg/master/master.go

    import ( auditregistrationrest "k8s.io/kubernetes/pkg/registry/auditregistration/rest" ) restStorageProviders := []RESTStorageProvider{ auditregistrationrest.RESTStorageProvider{}, autoscalingrest.RESTStorageProvider{}, … } apiserver.InstallAPIs(…, restStorageProviders…) legacyscheme.Scheme installs handlers into the mux func init()
  18. Build system plumbing • hack/.golint_failures ignore lint errors due to

    generated code • hack/lib/init.sh add to KUBE_AVAILABLE_GROUP_VERSIONS, used by many hack/ scripts • hack/update-generated-protobuf-dockerized.sh generate Protobuf code, independent from KUBE_AVAILABLE_GROUP_VERSIONS for some reason
  19. kube-apiserver CRDs aggregator kube- aggregator & CRDs apiserver resource handler

    resource handler 404 etcd aggregated apiservers resource handler request conversion & defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handler chain API Group “core” API Group “core” API Group “core” PodStorage PodStorage PodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ... mux Scheme core/v1 Pod core/v1 Pod core/v1 Pod data flow calls back to
  20. kube-apiserver CRDs aggregator kube- aggregator & CRDs apiserver resource handler

    resource handler 404 etcd aggregated apiservers resource handler request conversion & defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handler chain API Group “core” API Group “core” API Group “core” PodStorage PodStorage PodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ... mux Scheme core/v1 Pod core/v1 Pod core/v1 Pod data flow calls back to