Merge pull request #65546 from ravigadde/ext-api

Add missing json tags to extender config
2019-01-04 01:08:29 -08:00 · 2019-01-04 01:08:29 -08:00 · 2a1560061e
parent 4a6ba9dae2 4fcc712cc9
commit 2a1560061e
8 changed files with 135 additions and 18 deletions
--- a/pkg/scheduler/api/BUILD
+++ b/pkg/scheduler/api/BUILD
@ -22,7 +22,6 @@ go_library(
        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
-        "//staging/src/k8s.io/client-go/rest:go_default_library",
    ],
 )

--- a/pkg/scheduler/api/compatibility/compatibility_test.go
+++ b/pkg/scheduler/api/compatibility/compatibility_test.go
@ -398,7 +398,7 @@ func TestCompatibility_v1_Scheduler(t *testing.T) {
 					Weight:           1,
 					BindVerb:         "bind", // 1.7 was missing json tags on the BindVerb field and required "BindVerb"
 					EnableHTTPS:      true,
-					TLSConfig:        &restclient.TLSClientConfig{Insecure: true},
+					TLSConfig:        &schedulerapi.ExtenderTLSConfig{Insecure: true},
 					HTTPTimeout:      1,
 					NodeCacheCapable: true,
 				}},
@ -490,7 +490,7 @@ func TestCompatibility_v1_Scheduler(t *testing.T) {
 					Weight:           1,
 					BindVerb:         "bind", // 1.8 became case-insensitive and tolerated "bindVerb"
 					EnableHTTPS:      true,
-					TLSConfig:        &restclient.TLSClientConfig{Insecure: true},
+					TLSConfig:        &schedulerapi.ExtenderTLSConfig{Insecure: true},
 					HTTPTimeout:      1,
 					NodeCacheCapable: true,
 				}},
@ -584,7 +584,7 @@ func TestCompatibility_v1_Scheduler(t *testing.T) {
 					Weight:           1,
 					BindVerb:         "bind", // 1.9 was case-insensitive and tolerated "bindVerb"
 					EnableHTTPS:      true,
-					TLSConfig:        &restclient.TLSClientConfig{Insecure: true},
+					TLSConfig:        &schedulerapi.ExtenderTLSConfig{Insecure: true},
 					HTTPTimeout:      1,
 					NodeCacheCapable: true,
 				}},
@ -683,7 +683,7 @@ func TestCompatibility_v1_Scheduler(t *testing.T) {
 					Weight:           1,
 					BindVerb:         "bind", // 1.10 was case-insensitive and tolerated "bindVerb"
 					EnableHTTPS:      true,
-					TLSConfig:        &restclient.TLSClientConfig{Insecure: true},
+					TLSConfig:        &schedulerapi.ExtenderTLSConfig{Insecure: true},
 					HTTPTimeout:      1,
 					NodeCacheCapable: true,
 					ManagedResources: []schedulerapi.ExtenderManagedResource{{Name: v1.ResourceName("example.com/foo"), IgnoredByScheduler: true}},
@ -805,7 +805,7 @@ func TestCompatibility_v1_Scheduler(t *testing.T) {
 					Weight:           1,
 					BindVerb:         "bind", // 1.11 restored case-sensitivity, but allowed either "BindVerb" or "bindVerb"
 					EnableHTTPS:      true,
-					TLSConfig:        &restclient.TLSClientConfig{Insecure: true},
+					TLSConfig:        &schedulerapi.ExtenderTLSConfig{Insecure: true},
 					HTTPTimeout:      1,
 					NodeCacheCapable: true,
 					ManagedResources: []schedulerapi.ExtenderManagedResource{{Name: v1.ResourceName("example.com/foo"), IgnoredByScheduler: true}},
@ -929,7 +929,7 @@ func TestCompatibility_v1_Scheduler(t *testing.T) {
 					Weight:           1,
 					BindVerb:         "bind", // 1.11 restored case-sensitivity, but allowed either "BindVerb" or "bindVerb"
 					EnableHTTPS:      true,
-					TLSConfig:        &restclient.TLSClientConfig{Insecure: true},
+					TLSConfig:        &schedulerapi.ExtenderTLSConfig{Insecure: true},
 					HTTPTimeout:      1,
 					NodeCacheCapable: true,
 					ManagedResources: []schedulerapi.ExtenderManagedResource{{Name: v1.ResourceName("example.com/foo"), IgnoredByScheduler: true}},
--- a/pkg/scheduler/api/types.go
+++ b/pkg/scheduler/api/types.go
@ -22,7 +22,6 @@ import (
 	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
-	restclient "k8s.io/client-go/rest"
 )

 const (
@ -172,6 +171,33 @@ type ExtenderManagedResource struct {
 	IgnoredByScheduler bool
 }

+// ExtenderTLSConfig contains settings to enable TLS with extender
+type ExtenderTLSConfig struct {
+	// Server should be accessed without verifying the TLS certificate. For testing only.
+	Insecure bool
+	// ServerName is passed to the server for SNI and is used in the client to check server
+	// ceritificates against. If ServerName is empty, the hostname used to contact the
+	// server is used.
+	ServerName string
+
+	// Server requires TLS client certificate authentication
+	CertFile string
+	// Server requires TLS client certificate authentication
+	KeyFile string
+	// Trusted root certificates for server
+	CAFile string
+
+	// CertData holds PEM-encoded bytes (typically read from a client certificate file).
+	// CertData takes precedence over CertFile
+	CertData []byte
+	// KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
+	// KeyData takes precedence over KeyFile
+	KeyData []byte
+	// CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
+	// CAData takes precedence over CAFile
+	CAData []byte
+}
+
 // ExtenderConfig holds the parameters used to communicate with the extender. If a verb is unspecified/empty,
 // it is assumed that the extender chose not to provide that extension.
 type ExtenderConfig struct {
@ -193,7 +219,7 @@ type ExtenderConfig struct {
 	// EnableHTTPS specifies whether https should be used to communicate with the extender
 	EnableHTTPS bool
 	// TLSConfig specifies the transport layer security config
-	TLSConfig *restclient.TLSClientConfig
+	TLSConfig *ExtenderTLSConfig
 	// HTTPTimeout specifies the timeout duration for a call to the extender. Filter timeout fails the scheduling of the pod. Prioritize
 	// timeout is ignored, k8s/other extenders priorities are used to select the node.
 	HTTPTimeout time.Duration
--- a/pkg/scheduler/api/v1/BUILD
+++ b/pkg/scheduler/api/v1/BUILD
@ -21,7 +21,6 @@ go_library(
        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
-        "//staging/src/k8s.io/client-go/rest:go_default_library",
    ],
 )

--- a/pkg/scheduler/api/v1/types.go
+++ b/pkg/scheduler/api/v1/types.go
@ -23,7 +23,6 @@ import (
 	apiv1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
-	restclient "k8s.io/client-go/rest"
 )

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@ -152,6 +151,33 @@ type ExtenderManagedResource struct {
 	IgnoredByScheduler bool `json:"ignoredByScheduler,omitempty"`
 }

+// ExtenderTLSConfig contains settings to enable TLS with extender
+type ExtenderTLSConfig struct {
+	// Server should be accessed without verifying the TLS certificate. For testing only.
+	Insecure bool `json:"insecure,omitempty"`
+	// ServerName is passed to the server for SNI and is used in the client to check server
+	// ceritificates against. If ServerName is empty, the hostname used to contact the
+	// server is used.
+	ServerName string `json:"serverName,omitempty"`
+
+	// Server requires TLS client certificate authentication
+	CertFile string `json:"certFile,omitempty"`
+	// Server requires TLS client certificate authentication
+	KeyFile string `json:"keyFile,omitempty"`
+	// Trusted root certificates for server
+	CAFile string `json:"caFile,omitempty"`
+
+	// CertData holds PEM-encoded bytes (typically read from a client certificate file).
+	// CertData takes precedence over CertFile
+	CertData []byte `json:"certData,omitempty"`
+	// KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
+	// KeyData takes precedence over KeyFile
+	KeyData []byte `json:"keyData,omitempty"`
+	// CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
+	// CAData takes precedence over CAFile
+	CAData []byte `json:"caData,omitempty"`
+}
+
 // ExtenderConfig holds the parameters used to communicate with the extender. If a verb is unspecified/empty,
 // it is assumed that the extender chose not to provide that extension.
 type ExtenderConfig struct {
@ -169,11 +195,11 @@ type ExtenderConfig struct {
 	// Verb for the bind call, empty if not supported. This verb is appended to the URLPrefix when issuing the bind call to extender.
 	// If this method is implemented by the extender, it is the extender's responsibility to bind the pod to apiserver. Only one extender
 	// can implement this function.
-	BindVerb string
+	BindVerb string `json:"bindVerb,omitempty"`
 	// EnableHTTPS specifies whether https should be used to communicate with the extender
 	EnableHTTPS bool `json:"enableHttps,omitempty"`
 	// TLSConfig specifies the transport layer security config
-	TLSConfig *restclient.TLSClientConfig `json:"tlsConfig,omitempty"`
+	TLSConfig *ExtenderTLSConfig `json:"tlsConfig,omitempty"`
 	// HTTPTimeout specifies the timeout duration for a call to the extender. Filter timeout fails the scheduling of the pod. Prioritize
 	// timeout is ignored, k8s/other extenders priorities are used to select the node.
 	HTTPTimeout time.Duration `json:"httpTimeout,omitempty"`
--- a/pkg/scheduler/api/v1/zz_generated.deepcopy.go
+++ b/pkg/scheduler/api/v1/zz_generated.deepcopy.go
@ -23,7 +23,6 @@ package v1
 import (
 	corev1 "k8s.io/api/core/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
-	rest "k8s.io/client-go/rest"
 )

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@ -98,7 +97,7 @@ func (in *ExtenderConfig) DeepCopyInto(out *ExtenderConfig) {
 	*out = *in
 	if in.TLSConfig != nil {
 		in, out := &in.TLSConfig, &out.TLSConfig
-		*out = new(rest.TLSClientConfig)
+		*out = new(ExtenderTLSConfig)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.ManagedResources != nil {
@ -254,6 +253,37 @@ func (in *ExtenderPreemptionResult) DeepCopy() *ExtenderPreemptionResult {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExtenderTLSConfig) DeepCopyInto(out *ExtenderTLSConfig) {
+	*out = *in
+	if in.CertData != nil {
+		in, out := &in.CertData, &out.CertData
+		*out = make([]byte, len(*in))
+		copy(*out, *in)
+	}
+	if in.KeyData != nil {
+		in, out := &in.KeyData, &out.KeyData
+		*out = make([]byte, len(*in))
+		copy(*out, *in)
+	}
+	if in.CAData != nil {
+		in, out := &in.CAData, &out.CAData
+		*out = make([]byte, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtenderTLSConfig.
+func (in *ExtenderTLSConfig) DeepCopy() *ExtenderTLSConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(ExtenderTLSConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in FailedNodesMap) DeepCopyInto(out *FailedNodesMap) {
 	{
--- a/pkg/scheduler/api/zz_generated.deepcopy.go
+++ b/pkg/scheduler/api/zz_generated.deepcopy.go
@ -23,7 +23,6 @@ package api
 import (
 	v1 "k8s.io/api/core/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
-	rest "k8s.io/client-go/rest"
 )

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@ -98,7 +97,7 @@ func (in *ExtenderConfig) DeepCopyInto(out *ExtenderConfig) {
 	*out = *in
 	if in.TLSConfig != nil {
 		in, out := &in.TLSConfig, &out.TLSConfig
-		*out = new(rest.TLSClientConfig)
+		*out = new(ExtenderTLSConfig)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.ManagedResources != nil {
@ -254,6 +253,37 @@ func (in *ExtenderPreemptionResult) DeepCopy() *ExtenderPreemptionResult {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExtenderTLSConfig) DeepCopyInto(out *ExtenderTLSConfig) {
+	*out = *in
+	if in.CertData != nil {
+		in, out := &in.CertData, &out.CertData
+		*out = make([]byte, len(*in))
+		copy(*out, *in)
+	}
+	if in.KeyData != nil {
+		in, out := &in.KeyData, &out.KeyData
+		*out = make([]byte, len(*in))
+		copy(*out, *in)
+	}
+	if in.CAData != nil {
+		in, out := &in.CAData, &out.CAData
+		*out = make([]byte, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtenderTLSConfig.
+func (in *ExtenderTLSConfig) DeepCopy() *ExtenderTLSConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(ExtenderTLSConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in FailedNodesMap) DeepCopyInto(out *FailedNodesMap) {
 	{
--- a/pkg/scheduler/core/extender.go
+++ b/pkg/scheduler/core/extender.go
@ -55,7 +55,14 @@ type HTTPExtender struct {
 func makeTransport(config *schedulerapi.ExtenderConfig) (http.RoundTripper, error) {
 	var cfg restclient.Config
 	if config.TLSConfig != nil {
-		cfg.TLSClientConfig = *config.TLSConfig
+		cfg.TLSClientConfig.Insecure = config.TLSConfig.Insecure
+		cfg.TLSClientConfig.ServerName = config.TLSConfig.ServerName
+		cfg.TLSClientConfig.CertFile = config.TLSConfig.CertFile
+		cfg.TLSClientConfig.KeyFile = config.TLSConfig.KeyFile
+		cfg.TLSClientConfig.CAFile = config.TLSConfig.CAFile
+		cfg.TLSClientConfig.CertData = config.TLSConfig.CertData
+		cfg.TLSClientConfig.KeyData = config.TLSConfig.KeyData
+		cfg.TLSClientConfig.CAData = config.TLSConfig.CAData
 	}
 	if config.EnableHTTPS {
 		hasCA := len(cfg.CAFile) > 0 || len(cfg.CAData) > 0