Combine apiserver and controller-manager into a single service-catalo…

…g image (#1343) * Combine apiserver and controller-manager into a single service-catalog image. * Remove extraneous <<<< HEAD from pkg/kubernetes/README.md * Remove unused constants related to etcd storage
openshift · Oct 20, 2017 · ce28252 · ce28252
1 parent 7bbc8ee
commit ce28252
Show file tree

Hide file tree

Showing 30 changed files with 1,098 additions and 333 deletions.
diff --git a/Makefile b/Makefile
@@ -80,10 +80,8 @@ BASE_PATH      = $(ROOT:/src/github.com/kubernetes-incubator/service-catalog/=)
 export GOPATH  = $(BASE_PATH):$(ROOT)/vendor
 
 MUTABLE_TAG                      ?= canary
-APISERVER_IMAGE                   = $(REGISTRY)apiserver-$(ARCH):$(VERSION)
-APISERVER_MUTABLE_IMAGE           = $(REGISTRY)apiserver-$(ARCH):$(MUTABLE_TAG)
-CONTROLLER_MANAGER_IMAGE          = $(REGISTRY)controller-manager-$(ARCH):$(VERSION)
-CONTROLLER_MANAGER_MUTABLE_IMAGE  = $(REGISTRY)controller-manager-$(ARCH):$(MUTABLE_TAG)
+SERVICE_CATALOG_IMAGE             = $(REGISTRY)service-catalog-$(ARCH):$(VERSION)
+SERVICE_CATALOG_MUTABLE_IMAGE     = $(REGISTRY)service-catalog-$(ARCH):$(MUTABLE_TAG)
 USER_BROKER_IMAGE                 = $(REGISTRY)user-broker-$(ARCH):$(VERSION)
 USER_BROKER_MUTABLE_IMAGE         = $(REGISTRY)user-broker-$(ARCH):$(MUTABLE_TAG)
 
@@ -111,11 +109,10 @@ NON_VENDOR_DIRS = $(shell $(DOCKER_CMD) glide nv)
 
 # This section builds the output binaries.
 # Some will have dedicated targets to make it easier to type, for example
-# "apiserver" instead of "bin/apiserver".
+# "service-catalog" instead of "bin/service-catalog".
 #########################################################################
 build: .init .generate_files \
-	$(BINDIR)/apiserver \
-	$(BINDIR)/controller-manager \
+	$(BINDIR)/service-catalog \
 	$(BINDIR)/user-broker
 
 user-broker: $(BINDIR)/user-broker
@@ -124,14 +121,10 @@ $(BINDIR)/user-broker: .init contrib/cmd/user-broker \
 	  $(shell find contrib/pkg/broker -type f)
 	$(DOCKER_CMD) $(GO_BUILD) -o $@ $(SC_PKG)/contrib/cmd/user-broker
 
-# We'll rebuild apiserver if any go file has changed (ie. NEWEST_GO_FILE)
-apiserver: $(BINDIR)/apiserver
-$(BINDIR)/apiserver: .init .generate_files cmd/apiserver $(NEWEST_GO_FILE)
-	$(DOCKER_CMD) $(GO_BUILD) -o $@ $(SC_PKG)/cmd/apiserver
-
-controller-manager: $(BINDIR)/controller-manager
-$(BINDIR)/controller-manager: .init .generate_files cmd/controller-manager $(NEWEST_GO_FILE)
-	$(DOCKER_CMD) $(GO_BUILD) -o $@ $(SC_PKG)/cmd/controller-manager
+# We'll rebuild service-catalog if any go file has changed (ie. NEWEST_GO_FILE)
+service-catalog: $(BINDIR)/service-catalog
+$(BINDIR)/service-catalog: .init .generate_files cmd/service-catalog $(NEWEST_GO_FILE)
+	$(DOCKER_CMD) $(GO_BUILD) -o $@ $(SC_PKG)/cmd/service-catalog
 
 # This section contains the code generation stuff
 #################################################
@@ -331,7 +324,7 @@ clean-coverage:
 
 # Building Docker Images for our executables
 ############################################
-images: user-broker-image controller-manager-image apiserver-image
+images: user-broker-image service-catalog-image
 
 images-all: $(addprefix arch-image-,$(ALL_ARCH))
 arch-image-%:
@@ -360,24 +353,17 @@ ifeq ($(ARCH),amd64)
 	docker tag $(USER_BROKER_MUTABLE_IMAGE) $(REGISTRY)user-broker:$(MUTABLE_TAG)
 endif
 
-apiserver-image: build/apiserver/Dockerfile $(BINDIR)/apiserver
-	$(call build-and-tag,"apiserver",$(APISERVER_IMAGE),$(APISERVER_MUTABLE_IMAGE))
-ifeq ($(ARCH),amd64)
-	docker tag $(APISERVER_IMAGE) $(REGISTRY)apiserver:$(VERSION)
-	docker tag $(APISERVER_MUTABLE_IMAGE) $(REGISTRY)apiserver:$(MUTABLE_TAG)
-endif
-
-controller-manager-image: build/controller-manager/Dockerfile $(BINDIR)/controller-manager
-	$(call build-and-tag,"controller-manager",$(CONTROLLER_MANAGER_IMAGE),$(CONTROLLER_MANAGER_MUTABLE_IMAGE))
+service-catalog-image: build/service-catalog/Dockerfile $(BINDIR)/service-catalog
+	$(call build-and-tag,"service-catalog",$(SERVICE_CATALOG_IMAGE),$(SERVICE_CATALOG_MUTABLE_IMAGE))
 ifeq ($(ARCH),amd64)
-	docker tag $(CONTROLLER_MANAGER_IMAGE) $(REGISTRY)controller-manager:$(VERSION)
-	docker tag $(CONTROLLER_MANAGER_MUTABLE_IMAGE) $(REGISTRY)controller-manager:$(MUTABLE_TAG)
+	docker tag $(SERVICE_CATALOG_IMAGE) $(REGISTRY)service-catalog:$(VERSION)
+	docker tag $(SERVICE_CATALOG_MUTABLE_IMAGE) $(REGISTRY)service-catalog:$(MUTABLE_TAG)
 endif
 
 
 # Push our Docker Images to a registry
 ######################################
-push: user-broker-push controller-manager-push apiserver-push
+push: user-broker-push service-catalog-push
 
 user-broker-push: user-broker-image
 	docker push $(USER_BROKER_IMAGE)
@@ -387,20 +373,12 @@ ifeq ($(ARCH),amd64)
 	docker push $(REGISTRY)user-broker:$(MUTABLE_TAG)
 endif
 
-controller-manager-push: controller-manager-image
-	docker push $(CONTROLLER_MANAGER_IMAGE)
-	docker push $(CONTROLLER_MANAGER_MUTABLE_IMAGE)
-ifeq ($(ARCH),amd64)
-	docker push $(REGISTRY)controller-manager:$(VERSION)
-	docker push $(REGISTRY)controller-manager:$(MUTABLE_TAG)
-endif
-
-apiserver-push: apiserver-image
-	docker push $(APISERVER_IMAGE)
-	docker push $(APISERVER_MUTABLE_IMAGE)
+service-catalog-push: service-catalog-image
+	docker push $(SERVICE_CATALOG_IMAGE)
+	docker push $(SERVICE_CATALOG_MUTABLE_IMAGE)
 ifeq ($(ARCH),amd64)
-	docker push $(REGISTRY)apiserver:$(VERSION)
-	docker push $(REGISTRY)apiserver:$(MUTABLE_TAG)
+	docker push $(REGISTRY)service-catalog:$(VERSION)
+	docker push $(REGISTRY)service-catalog:$(MUTABLE_TAG)
 endif
 
 

diff --git a/build/apiserver/Dockerfile b/build/apiserver/Dockerfile
diff --git a/build/controller-manager/Dockerfile → build/service-catalog/Dockerfile b/build/controller-manager/Dockerfile → build/service-catalog/Dockerfile
@@ -19,6 +19,6 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get install ca-certificates -y && \
     rm -rf /var/lib/apt/lists/*
 
-ADD controller-manager /opt/services/
+ADD service-catalog opt/services/
 
-ENTRYPOINT ["/opt/services/controller-manager" ]
+ENTRYPOINT ["/opt/services/service-catalog"]
diff --git a/charts/catalog/README.md b/charts/catalog/README.md
@@ -40,8 +40,8 @@ chart and their default values.
 
 | Parameter | Description | Default |
 |-----------|-------------|---------|
-| `apiserver.image` | apiserver image to use | `quay.io/kubernetes-service-catalog/apiserver:v0.1.0-rc2` |
-| `apiserver.imagePullPolicy` | `imagePullPolicy` for the apiserver | `Always` |
+| `image` | apiserver image to use | `quay.io/kubernetes-service-catalog/service-catalog:v0.1.0-rc2` |
+| `imagePullPolicy` | `imagePullPolicy` for the service catalog | `Always` |
 | `apiserver.tls.cert` | Base64-encoded x509 certificate | A self-signed certificate |
 | `apiserver.tls.key` | Base64-encoded private key | The private key for the certificate above |
 | `apiserver.tls.ca` | Base64-encoded CA certificate used to sign the above certificate | |
@@ -53,8 +53,6 @@ chart and their default values.
 | `apiserver.storage.etcd.servers` | If storage type is `etcd`: etcd URL(s); override this if NOT using embedded etcd | `http://localhost:2379` |
 | `apiserver.verbosity` | Log level; valid values are in the range 0 - 10 | `10` |
 | `apiserver.auth.enabled` | Enable authentication and authorization | `false` |
-| `controllerManager.image` | controller-manager image to use | `quay.io/kubernetes-service-catalog/controller-manager:v0.1.0-rc2` |
-| `controllerManager.imagePullPolicy` | `imagePullPolicy` for the controller-manager | `Always` |
 | `controllerManager.verbosity` | Log level; valid values are in the range 0 - 10 | `10` |
 | `controllerManager.resyncInterval` | How often the controller should resync informers; duration format (`20m`, `1h`, etc) | `5m` |
 | `controllerManager.brokerRelistInterval` | How often the controller should relist the catalogs of ready brokers; duration format (`20m`, `1h`, etc) | `24h` |

diff --git a/charts/catalog/templates/apiserver-deployment.yaml b/charts/catalog/templates/apiserver-deployment.yaml
@@ -23,8 +23,8 @@ spec:
       serviceAccountName: "{{ .Values.apiserver.serviceAccount }}"
       containers:
       - name: apiserver
-        image: {{ .Values.apiserver.image }}
-        imagePullPolicy: {{ .Values.apiserver.imagePullPolicy }}
+        image: {{ .Values.image }}
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
         resources:
           requests:
             cpu: 100m
@@ -33,6 +33,7 @@ spec:
             cpu: 100m
             memory: 30Mi
         args:
+        - apiserver
         {{ if .Values.apiserver.audit.activated -}}
         - --audit-log-path
         - {{ .Values.apiserver.audit.logPath }}

diff --git a/charts/catalog/templates/controller-manager-deployment.yaml b/charts/catalog/templates/controller-manager-deployment.yaml
@@ -23,8 +23,8 @@ spec:
       serviceAccountName: "{{ .Values.controllerManager.serviceAccount }}"
       containers:
       - name: controller-manager
-        image: {{ .Values.controllerManager.image }}
-        imagePullPolicy: {{ .Values.controllerManager.imagePullPolicy }}
+        image: {{ .Values.image }}
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
         resources:
           requests:
             cpu: 100m
@@ -38,6 +38,7 @@ spec:
             fieldRef:
               fieldPath: metadata.namespace
         args:
+        - controller-manager
         - --port
         - "8080"
         {{ if .Values.controllerManager.leaderElection.activated -}}

diff --git a/charts/catalog/values.yaml b/charts/catalog/values.yaml
@@ -1,15 +1,15 @@
 # Default values for Service Catalog
+# service-catalog image to use
+image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.0-rc2
+# imagePullPolicy for the service-catalog; valid values are "IfNotPresent",
+# "Never", and "Always"
+imagePullPolicy: Always
 # determines whether the API server should be registered with the kube-aggregator
 useAggregator: false
 ## If true, create & use RBAC resources
 ##
 rbacEnable: true
 apiserver:
-  # apiserver image to use
-  image: quay.io/kubernetes-service-catalog/apiserver:v0.1.0-rc2
-  # imagePullPolicy for the apiserver; valid values are "IfNotPresent",
-  # "Never", and "Always"
-  imagePullPolicy: Always
   aggregator:
     # priority is the priority of the APIService. Please see
     # https://github.com/kubernetes/kubernetes/blob/v1.7.0/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/types.go#L56-L61
@@ -70,11 +70,6 @@ apiserver:
     logPath: "/tmp/service-catalog-apiserver-audit.log"
   serviceAccount: service-catalog-apiserver
 controllerManager:
-  # controller-manager image to use
-  image: quay.io/kubernetes-service-catalog/controller-manager:v0.1.0-rc2
-  # imagePullPolicy for the controller-manager; valid values are
-  # "IfNotPresent", "Never", and "Always"
-  imagePullPolicy: Always
   # Log level; valid values are in the range 0 - 10
   verbosity: 10
   # Resync interval; format is a duration (`20m`, `1h`, etc)

diff --git a/cmd/apiserver/apiserver.go b/cmd/apiserver/apiserver.go
diff --git a/cmd/apiserver/app/plugins.go b/cmd/apiserver/app/plugins.go
diff --git a/cmd/apiserver/app/server/options.go b/cmd/apiserver/app/server/options.go
@@ -26,6 +26,14 @@ import (
 	genericserveroptions "k8s.io/apiserver/pkg/server/options"
 )
 
+const (
+	// Store generated SSL certificates in a place that won't collide with the
+	// k8s core API server.
+	certDirectory = "/var/run/kubernetes-service-catalog"
+
+	storageTypeFlagName = "storageType"
+)
+
 // ServiceCatalogServerOptions contains the aggregation of configuration structs for
 // the service-catalog server. It contains everything needed to configure a basic API server.
 // It is public so that integration tests can access it.
@@ -47,26 +55,32 @@ type ServiceCatalogServerOptions struct {
 	EtcdOptions *EtcdOptions
 	// DisableAuth disables delegating authentication and authorization for testing scenarios
 	DisableAuth bool
-	StopCh      <-chan struct{}
 	// StandaloneMode if true asserts that we will not depend on a kube-apiserver
 	StandaloneMode bool
 }
 
 // NewServiceCatalogServerOptions creates a new instances of
 // ServiceCatalogServerOptions with all sub-options filled in.
 func NewServiceCatalogServerOptions() *ServiceCatalogServerOptions {
-	return &ServiceCatalogServerOptions{
+	opts := &ServiceCatalogServerOptions{
 		GenericServerRunOptions: genericserveroptions.NewServerRunOptions(),
 		AdmissionOptions:        genericserveroptions.NewAdmissionOptions(),
 		SecureServingOptions:    genericserveroptions.NewSecureServingOptions(),
 		AuthenticationOptions:   genericserveroptions.NewDelegatingAuthenticationOptions(),
 		AuthorizationOptions:    genericserveroptions.NewDelegatingAuthorizationOptions(),
 		AuditOptions:            genericserveroptions.NewAuditOptions(),
 		EtcdOptions:             NewEtcdOptions(),
+		StandaloneMode:          standaloneMode(),
 	}
+	// register all admission plugins
+	registerAllAdmissionPlugins(opts.AdmissionOptions.Plugins)
+	// Set generated SSL cert path correctly
+	opts.SecureServingOptions.ServerCert.CertDirectory = certDirectory
+	return opts
 }
 
-func (s *ServiceCatalogServerOptions) addFlags(flags *pflag.FlagSet) {
+// AddFlags adds to the flag set the flags to configure the API Server.
+func (s *ServiceCatalogServerOptions) AddFlags(flags *pflag.FlagSet) {
 	flags.StringVar(
 		&s.StorageTypeString,
 		"storage-type",