diff --git a/cmd/cloud-controller-manager/app/controllermanager.go b/cmd/cloud-controller-manager/app/controllermanager.go index 414b2f5a50..b24b1702bd 100644 --- a/cmd/cloud-controller-manager/app/controllermanager.go +++ b/cmd/cloud-controller-manager/app/controllermanager.go @@ -117,12 +117,16 @@ func Run(c *cloudcontrollerconfig.CompletedConfig) error { // Start the controller manager HTTP server stopCh := make(chan struct{}) if c.Generic.SecureServing != nil { - if err := genericcontrollermanager.Serve(&c.Generic, c.Generic.SecureServing.Serve, stopCh); err != nil { + handler := genericcontrollermanager.NewBaseHandler(&c.Generic) + handler = genericcontrollermanager.BuildHandlerChain(handler, &c.Generic) + if err := c.Generic.SecureServing.Serve(handler, 0, stopCh); err != nil { return err } } if c.Generic.InsecureServing != nil { - if err := genericcontrollermanager.Serve(&c.Generic, c.Generic.InsecureServing.Serve, stopCh); err != nil { + handler := genericcontrollermanager.NewBaseHandler(&c.Generic) + handler = genericcontrollermanager.BuildHandlerChain(handler, &c.Generic) + if err := c.Generic.InsecureServing.Serve(handler, 0, stopCh); err != nil { return err } } diff --git a/cmd/controller-manager/app/serve.go b/cmd/controller-manager/app/serve.go index 7a9d36d114..1b24aac8ac 100644 --- a/cmd/controller-manager/app/serve.go +++ b/cmd/controller-manager/app/serve.go @@ -19,7 +19,6 @@ package app import ( "net/http" goruntime "runtime" - "time" "github.com/prometheus/client_golang/prometheus" @@ -33,11 +32,23 @@ import ( "k8s.io/kubernetes/pkg/util/configz" ) -type serveFunc func(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) error +// BuildHandlerChain builds a handler chain with a base handler and CompletedConfig. +func BuildHandlerChain(apiHandler http.Handler, c *CompletedConfig) http.Handler { + requestContextMapper := apirequest.NewRequestContextMapper() + requestInfoResolver := &apirequest.RequestInfoFactory{} + failedHandler := genericapifilters.Unauthorized(requestContextMapper, legacyscheme.Codecs, false) -// Serve creates a base handler chain for a controller manager. It runs the -// the chain with the given serveFunc. -func Serve(c *CompletedConfig, serveFunc serveFunc, stopCh <-chan struct{}) error { + handler := genericapifilters.WithAuthorization(apiHandler, requestContextMapper, c.Authorization.Authorizer, legacyscheme.Codecs) + handler = genericapifilters.WithAuthentication(handler, requestContextMapper, c.Authentication.Authenticator, failedHandler) + handler = genericapifilters.WithRequestInfo(handler, requestInfoResolver, requestContextMapper) + handler = apirequest.WithRequestContext(handler, requestContextMapper) + handler = genericfilters.WithPanicRecovery(handler) + + return handler +} + +// NewBaseHandler takes in CompletedConfig and returns a handler. +func NewBaseHandler(c *CompletedConfig) http.Handler { mux := mux.NewPathRecorderMux("controller-manager") healthz.InstallHandler(mux) if c.ComponentConfig.EnableProfiling { @@ -49,15 +60,5 @@ func Serve(c *CompletedConfig, serveFunc serveFunc, stopCh <-chan struct{}) erro configz.InstallHandler(mux) mux.Handle("/metrics", prometheus.Handler()) - requestContextMapper := apirequest.NewRequestContextMapper() - requestInfoResolver := &apirequest.RequestInfoFactory{} - failedHandler := genericapifilters.Unauthorized(requestContextMapper, legacyscheme.Codecs, false) - - handler := genericapifilters.WithAuthorization(mux, requestContextMapper, c.Authorization.Authorizer, legacyscheme.Codecs) - handler = genericapifilters.WithAuthentication(handler, requestContextMapper, c.Authentication.Authenticator, failedHandler) - handler = genericapifilters.WithRequestInfo(handler, requestInfoResolver, requestContextMapper) - handler = apirequest.WithRequestContext(handler, requestContextMapper) - handler = genericfilters.WithPanicRecovery(handler) - - return serveFunc(handler, 0, stopCh) + return mux } diff --git a/cmd/kube-controller-manager/app/controllermanager.go b/cmd/kube-controller-manager/app/controllermanager.go index 7658f29e32..4c6bd601b0 100644 --- a/cmd/kube-controller-manager/app/controllermanager.go +++ b/cmd/kube-controller-manager/app/controllermanager.go @@ -40,7 +40,7 @@ import ( "k8s.io/client-go/tools/leaderelection" "k8s.io/client-go/tools/leaderelection/resourcelock" certutil "k8s.io/client-go/util/cert" - genericcontrollerconfig "k8s.io/kubernetes/cmd/controller-manager/app" + genericcontrollermanager "k8s.io/kubernetes/cmd/controller-manager/app" "k8s.io/kubernetes/cmd/kube-controller-manager/app/config" "k8s.io/kubernetes/cmd/kube-controller-manager/app/options" "k8s.io/kubernetes/pkg/apis/componentconfig" @@ -124,12 +124,16 @@ func Run(c *config.CompletedConfig) error { // Start the controller manager HTTP server stopCh := make(chan struct{}) if c.Generic.SecureServing != nil { - if err := genericcontrollerconfig.Serve(&c.Generic, c.Generic.SecureServing.Serve, stopCh); err != nil { + handler := genericcontrollermanager.NewBaseHandler(&c.Generic) + handler = genericcontrollermanager.BuildHandlerChain(handler, &c.Generic) + if err := c.Generic.SecureServing.Serve(handler, 0, stopCh); err != nil { return err } } if c.Generic.InsecureServing != nil { - if err := genericcontrollerconfig.Serve(&c.Generic, c.Generic.InsecureServing.Serve, stopCh); err != nil { + handler := genericcontrollermanager.NewBaseHandler(&c.Generic) + handler = genericcontrollermanager.BuildHandlerChain(handler, &c.Generic) + if err := c.Generic.InsecureServing.Serve(handler, 0, stopCh); err != nil { return err } } @@ -381,7 +385,7 @@ func CreateControllerContext(s *config.CompletedConfig, rootClientBuilder, clien // If apiserver is not running we should wait for some time and fail only then. This is particularly // important when we start apiserver and controller manager at the same time. - if err := genericcontrollerconfig.WaitForAPIServer(versionedClient, 10*time.Second); err != nil { + if err := genericcontrollermanager.WaitForAPIServer(versionedClient, 10*time.Second); err != nil { return ControllerContext{}, fmt.Errorf("failed to wait for apiserver being healthy: %v", err) }