externalize pv informer in node authorizer

2018-08-09 21:27:23 +08:00 · 2018-08-09 21:27:23 +08:00 · e7d0983707
parent b497570e50
commit e7d0983707
5 changed files with 16 additions and 16 deletions
--- a/pkg/kubeapiserver/authorizer/config.go
+++ b/pkg/kubeapiserver/authorizer/config.go
@ -76,7 +76,7 @@ func (config AuthorizationConfig) New() (authorizer.Authorizer, authorizer.RuleR
 				graph,
 				config.InformerFactory.Core().InternalVersion().Nodes(),
 				config.VersionedInformerFactory.Core().V1().Pods(),
-				config.InformerFactory.Core().InternalVersion().PersistentVolumes(),
+				config.VersionedInformerFactory.Core().V1().PersistentVolumes(),
 				config.VersionedInformerFactory.Storage().V1beta1().VolumeAttachments(),
 			)
 			nodeAuthorizer := node.NewAuthorizer(graph, nodeidentifier.NewDefaultNodeIdentifier(), bootstrappolicy.NodeRules())
--- a/plugin/pkg/auth/authorizer/node/BUILD
+++ b/plugin/pkg/auth/authorizer/node/BUILD
@ -40,7 +40,7 @@ go_library(
    ],
    importpath = "k8s.io/kubernetes/plugin/pkg/auth/authorizer/node",
    deps = [
-        "//pkg/api/persistentvolume:go_default_library",
+        "//pkg/api/v1/persistentvolume:go_default_library",
        "//pkg/api/v1/pod:go_default_library",
        "//pkg/apis/core:go_default_library",
        "//pkg/apis/storage:go_default_library",
--- a/plugin/pkg/auth/authorizer/node/graph.go
+++ b/plugin/pkg/auth/authorizer/node/graph.go
@ -20,7 +20,7 @@ import (
 	"sync"

 	corev1 "k8s.io/api/core/v1"
-	pvutil "k8s.io/kubernetes/pkg/api/persistentvolume"
+	pvutil "k8s.io/kubernetes/pkg/api/v1/persistentvolume"
 	podutil "k8s.io/kubernetes/pkg/api/v1/pod"
 	api "k8s.io/kubernetes/pkg/apis/core"
 	"k8s.io/kubernetes/third_party/forked/gonum/graph"
@ -365,7 +365,7 @@ func (g *Graph) DeletePod(name, namespace string) {
 //   secret -> pv
 //
 //   pv -> pvc
-func (g *Graph) AddPV(pv *api.PersistentVolume) {
+func (g *Graph) AddPV(pv *corev1.PersistentVolume) {
 	g.lock.Lock()
 	defer g.lock.Unlock()

--- a/plugin/pkg/auth/authorizer/node/graph_populator.go
+++ b/plugin/pkg/auth/authorizer/node/graph_populator.go
@ -39,7 +39,7 @@ func AddGraphEventHandlers(
 	graph *Graph,
 	nodes coreinformers.NodeInformer,
 	pods corev1informers.PodInformer,
-	pvs coreinformers.PersistentVolumeInformer,
+	pvs corev1informers.PersistentVolumeInformer,
 	attachments storageinformers.VolumeAttachmentInformer,
 ) {
 	g := &graphPopulator{
@ -175,7 +175,7 @@ func (g *graphPopulator) addPV(obj interface{}) {
 }

 func (g *graphPopulator) updatePV(oldObj, obj interface{}) {
-	pv := obj.(*api.PersistentVolume)
+	pv := obj.(*corev1.PersistentVolume)
 	// TODO: skip add if uid, pvc, and secrets are all identical between old and new
 	g.graph.AddPV(pv)
 }
@ -184,7 +184,7 @@ func (g *graphPopulator) deletePV(obj interface{}) {
 	if tombstone, ok := obj.(cache.DeletedFinalStateUnknown); ok {
 		obj = tombstone.Obj
 	}
-	pv, ok := obj.(*api.PersistentVolume)
+	pv, ok := obj.(*corev1.PersistentVolume)
 	if !ok {
 		glog.Infof("unexpected type %T", obj)
 		return
--- a/plugin/pkg/auth/authorizer/node/node_authorizer_test.go
+++ b/plugin/pkg/auth/authorizer/node/node_authorizer_test.go
@ -684,7 +684,7 @@ func BenchmarkAuthorization(b *testing.B) {
 	}
 }

-func populate(graph *Graph, nodes []*api.Node, pods []*corev1.Pod, pvs []*api.PersistentVolume, attachments []*storagev1beta1.VolumeAttachment) {
+func populate(graph *Graph, nodes []*api.Node, pods []*corev1.Pod, pvs []*corev1.PersistentVolume, attachments []*storagev1beta1.VolumeAttachment) {
 	p := &graphPopulator{}
 	p.graph = graph
 	for _, node := range nodes {
@ -705,10 +705,10 @@ func populate(graph *Graph, nodes []*api.Node, pods []*corev1.Pod, pvs []*api.Pe
 // the secret/configmap/pvc/node references in the pod and pv objects are named to indicate the connections between the objects.
 // for example, secret0-pod0-node0 is a secret referenced by pod0 which is bound to node0.
 // when populated into the graph, the node authorizer should allow node0 to access that secret, but not node1.
-func generate(opts sampleDataOpts) ([]*api.Node, []*corev1.Pod, []*api.PersistentVolume, []*storagev1beta1.VolumeAttachment) {
+func generate(opts sampleDataOpts) ([]*api.Node, []*corev1.Pod, []*corev1.PersistentVolume, []*storagev1beta1.VolumeAttachment) {
 	nodes := make([]*api.Node, 0, opts.nodes)
 	pods := make([]*corev1.Pod, 0, opts.nodes*opts.podsPerNode)
-	pvs := make([]*api.PersistentVolume, 0, (opts.nodes*opts.podsPerNode*opts.uniquePVCsPerPod)+(opts.sharedPVCsPerPod*opts.namespaces))
+	pvs := make([]*corev1.PersistentVolume, 0, (opts.nodes*opts.podsPerNode*opts.uniquePVCsPerPod)+(opts.sharedPVCsPerPod*opts.namespaces))
 	attachments := make([]*storagev1beta1.VolumeAttachment, 0, opts.nodes*opts.attachmentsPerNode)

 	for n := 0; n < opts.nodes; n++ {
@ -743,10 +743,10 @@ func generate(opts sampleDataOpts) ([]*api.Node, []*corev1.Pod, []*api.Persisten
 			}

 			for i := 0; i < opts.uniquePVCsPerPod; i++ {
-				pv := &api.PersistentVolume{}
+				pv := &corev1.PersistentVolume{}
 				pv.Name = fmt.Sprintf("pv%d-%s-%s", i, pod.Name, pod.Namespace)
-				pv.Spec.FlexVolume = &api.FlexPersistentVolumeSource{SecretRef: &api.SecretReference{Name: fmt.Sprintf("secret-%s", pv.Name)}}
-				pv.Spec.ClaimRef = &api.ObjectReference{Name: fmt.Sprintf("pvc%d-%s", i, pod.Name), Namespace: pod.Namespace}
+				pv.Spec.FlexVolume = &corev1.FlexPersistentVolumeSource{SecretRef: &corev1.SecretReference{Name: fmt.Sprintf("secret-%s", pv.Name)}}
+				pv.Spec.ClaimRef = &corev1.ObjectReference{Name: fmt.Sprintf("pvc%d-%s", i, pod.Name), Namespace: pod.Namespace}
 				pvs = append(pvs, pv)

 				pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{VolumeSource: corev1.VolumeSource{
@ -754,10 +754,10 @@ func generate(opts sampleDataOpts) ([]*api.Node, []*corev1.Pod, []*api.Persisten
 				}})
 			}
 			for i := 0; i < opts.sharedPVCsPerPod; i++ {
-				pv := &api.PersistentVolume{}
+				pv := &corev1.PersistentVolume{}
 				pv.Name = fmt.Sprintf("pv%d-shared-%s", i, pod.Namespace)
-				pv.Spec.FlexVolume = &api.FlexPersistentVolumeSource{SecretRef: &api.SecretReference{Name: fmt.Sprintf("secret-%s", pv.Name)}}
-				pv.Spec.ClaimRef = &api.ObjectReference{Name: fmt.Sprintf("pvc%d-shared", i), Namespace: pod.Namespace}
+				pv.Spec.FlexVolume = &corev1.FlexPersistentVolumeSource{SecretRef: &corev1.SecretReference{Name: fmt.Sprintf("secret-%s", pv.Name)}}
+				pv.Spec.ClaimRef = &corev1.ObjectReference{Name: fmt.Sprintf("pvc%d-shared", i), Namespace: pod.Namespace}
 				pvs = append(pvs, pv)

 				pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{VolumeSource: corev1.VolumeSource{