KEMBAR78
Kubernetes API code-base tour | PDF
SS
Uploaded byStefan Schimanski
PDF, PPTX409 views

Kubernetes API code-base tour

This document provides an overview of how APIs are defined and served in the Kubernetes API server (kube-apiserver). It describes: - How API types are defined using Golang types and registered with the API server's scheme - How the generic API server handles requests and calls back to installed API groups - How custom resource definitions (CRDs) are supported via the CRD and aggregator APIs - Key components like conversion, defaulting, storage, and filters that process each request - Live debugging techniques for the API server using tools like mux routers and request tracing In 3 sentences or less, it outlines the architecture of the Kubernetes API server for defining, registering, and serving custom

Download as PDF, PPTX
API Codebase Tour Stefan Schimanski / @the_sttts / Red Hat Hacking the kube-apiserver
Defining API types
v1alpha1 types: staging/src/k8s.io/api/auditregistration/v1alpha1 • types.go – actual Golang types (with JSON and Proto tags) • register.go – registration code: AddToScheme internal types: pkg/apis/auditregistration • types.go – internal (hub) Golang types (without JSON/Proto) • register.go – registration code: AddToScheme Installer: pkg/apis/auditregistration/install: func Install(scheme *runtime.Scheme) Golang types
Scheme: register Golang types & Golang funcs w/ GroupVersionKind k8s.io/apimachinery/pkg/runtime.Scheme GroupVersionKinds conversions defaulters reflect.Type Scheme Codec
v1alpha1 types: staging/src/k8s.io/api/auditregistration/v1alpha1 • types.go – actual Golang types (with JSON and Proto tags) • register.go – registration code: AddToScheme internal types: pkg/apis/auditregistration • types.go – internal (hub) Golang types (without JSON/Proto) • register.go – registration code: AddToScheme Installer: pkg/apis/auditregistration/install: func Install(scheme *runtime.Scheme) Golang types
Conversions: pkg/apis/auditregistration/v1alpha1 • conversion.go – custom conversions • zz_generated.conversion.go – generated conversions Defaults: zz_generated_defaults.go DeepCopy: zz_generated_deepcopy.go Generated Code not in k8s.io/api!
Serving the API
apiserver binary generic apiserver in k8s.io/apiserver 404 authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain mux data flow calls back to knows no API groups yetScheme empty /version /apis /openapi/v2 /swagger.json /healthz /metrics
apiserver binary generic apiserver in k8s.io/apiserver 404 authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain mux data flow calls back to knows no API groups yetScheme empty /version /apis /openapi/v2 /swagger.json /healthz /metrics
func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler { handler := genericapifilters.WithAuthorization(apiHandler, ...) handler = genericfilters.WithMaxInFlightLimit(handler, ...) handler = genericapifilters.WithImpersonation(handler, ...) handler = genericapifilters.WithAudit(handler, ...) failedHandler := genericapifilters.Unauthorized(...) failedHandler = genericapifilters.WithFailedAuthenticationAudit(failedHandler, ...) handler = genericapifilters.WithAuthentication(handler, ..., failedHandler, ...) handler = genericfilters.WithCORS(handler, ...) handler = genericfilters.WithTimeoutForNonLongRunningRequests(handler, ...) handler = genericfilters.WithWaitGroup(handler, ...) handler = genericapifilters.WithRequestInfo(handler, ...) handler = genericfilters.WithPanicRecovery(handler) return handler } k8s.io/apiserver/pkg/server/config.go
kube-apiserver generic apiserver 404 authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain mux data flow calls back to knows no API groups yetScheme /version /apis /openapi/v2 /swagger.json /healthz /metrics core/v1 Podcore/v1 Podcore/v1 Pod
kube-apiserver apiserver 404 resource handler request conversion& defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain mux data flow calls back to Scheme core/v1 Podcore/v1 Podcore/v1 Pod via InstallAPIGroup(info)
kube-apiserver apiserver resource handlerresource handler 404 resource handler request conversion& defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to mux no storage logic yet
kube-apiserver apiserver resource handlerresource handler 404 etcd resource handler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to
kube-apiserver apiserver resource handlerresource handler 404 etcd resource handler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to v1 v1 v1 int int v1 int v1 int v2 v1 int int v1 hub/internal version
kube-apiserver apiserver resource handlerresource handler 404 etcd resource handler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to conversions defaulting
kube-apiserver CRDs aggregator kube- aggregator & CRDs apiserver resource handlerresource handler 404 etcdaggregated apiservers resource handler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to
kube-apiserver kube- aggregator apiserver resource handlerresource handler 404 etcdaggregated apiservers resource handler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to pkg/registry pkg/apis + k8s.io/api k8s.io/apiserver/pkg/endpoints/handlers k8s.io/apiserver/pkg/admission k8s.io/apiserver/plugin/pkg/admission plugins/pkg/admission k8s.io/apiserver/pkg/endpoints/filters k8s.io/kube-aggregator k8s.io/apiextensions-apiserver k8s.io/apiserver/pkg/storage/etcd3 k8s.io/apiserver/pkg/registry/generic
API Group “core”API Group “core”API Group “auditregistration.k8s.io” PodStoragePodStorageAuditSinkStorage Generic Registry AuditSink Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ... staging/src/k8s.io/apiserver/pkg/registry/generic/registry pkg/apis/auditregistration/validation “The registry” of a resource
Plumbing into kube-apiserver pkg/master/import_known_versions.go import ( _ "k8s.io/kubernetes/pkg/apis/auditregistration/install" ) pkg/master/master.go import ( auditregistrationrest "k8s.io/kubernetes/pkg/registry/auditregistration/rest" ) restStorageProviders := []RESTStorageProvider{ auditregistrationrest.RESTStorageProvider{}, autoscalingrest.RESTStorageProvider{}, … } apiserver.InstallAPIs(…, restStorageProviders…) legacyscheme.Scheme installs handlers into the mux func init()
Build system plumbing • hack/.golint_failures ignore lint errors due to generated code • hack/lib/init.sh add to KUBE_AVAILABLE_GROUP_VERSIONS, used by many hack/ scripts • hack/update-generated-protobuf-dockerized.sh generate Protobuf code, independent from KUBE_AVAILABLE_GROUP_VERSIONS for some reason
$ make WHAT=cmd/hyperkube $ RUNTIME_CONFIG=auditregistration.k8s.io/v1alpha1=true hack/local-up-cluster.sh $ kubectl get --raw /apis | grep auditregistration.k8s.io
Live Debugging
kube-apiserver CRDs aggregator kube- aggregator & CRDs apiserver resource handlerresource handler 404 etcdaggregated apiservers resource handler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to
Live Debugging * perfectly written down in xmudrii’s https://xmudrii.com/posts/debugging-kubernetes/ *
kube-apiserver CRDs aggregator kube- aggregator & CRDs apiserver resource handlerresource handler 404 etcdaggregated apiservers resource handler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to
@lavalamp’s “Live API Code Review” after the break

More Related Content

PDF
Introduction to Apache Calcite
byJordan Halterman
 
PDF
Kubernetes API - deep dive into the kube-apiserver
byStefan Schimanski
 
PPTX
[AWSKRUG 컨테이너 소모임] Rancher 기본 입문
byHyunmin Kim
 
PDF
515_Patroni-training_postgres_high_availability.pdf
byRobertoGiordano16
 
PDF
BPF: Tracing and more
byBrendan Gregg
 
PDF
Pythonでパケット解析
byeuphoricwavism
 
PDF
DevJam 2019 - Introduction to Kubernetes
byRonny Trommer
 
PDF
eBPF - Observability In Deep
byMydbops
 
Introduction to Apache Calcite
byJordan Halterman
 
Kubernetes API - deep dive into the kube-apiserver
byStefan Schimanski
 
[AWSKRUG 컨테이너 소모임] Rancher 기본 입문
byHyunmin Kim
 
515_Patroni-training_postgres_high_availability.pdf
byRobertoGiordano16
 
BPF: Tracing and more
byBrendan Gregg
 
Pythonでパケット解析
byeuphoricwavism
 
DevJam 2019 - Introduction to Kubernetes
byRonny Trommer
 
eBPF - Observability In Deep
byMydbops
 

What's hot

PDF
Laravelでfacadeを使わない開発
byKenjiro Kubota
 
PDF
Introduction to eBPF and XDP
bylcplcp1
 
PDF
[232] 성능어디까지쥐어짜봤니 송태웅
byNAVER D2
 
PDF
Kotlin Coroutines. Flow is coming
byKirill Rozov
 
PDF
IP Virtual Server(IPVS) 101
byHungWei Chiu
 
PDF
Kotlin Coroutines in Practice @ KotlinConf 2018
byRoman Elizarov
 
PDF
Kubernetes Deployment Strategies
byAbdennour TM
 
PDF
C++ Unit Test with Google Testing Framework
byHumberto Marchezi
 
PDF
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
byRaphaël PINSON
 
PPTX
eBPF Basics
byMichael Kehoe
 
PPTX
Angular
bysridhiya
 
PDF
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
byThomas Graf
 
PDF
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
byThomas Graf
 
PDF
100%Kotlin ORM Ktormを試してみた
byKeita Tsukamoto
 
PPTX
HTTP2 and gRPC
byGuo Jing
 
PPTX
Asynchronous programming in C#
byBohdan Pashkovskyi
 
PPTX
Comprehensive Terraform Training
byYevgeniy Brikman
 
PPTX
RedisConf17 - Distributed Java Map Structures and Services with Redisson
byRedis Labs
 
PDF
Integrating PostgreSql with RabbitMQ
byGavin Roy
 
PDF
Fun with Network Interfaces
byKernel TLV
 
Laravelでfacadeを使わない開発
byKenjiro Kubota
 
Introduction to eBPF and XDP
bylcplcp1
 
[232] 성능어디까지쥐어짜봤니 송태웅
byNAVER D2
 
Kotlin Coroutines. Flow is coming
byKirill Rozov
 
IP Virtual Server(IPVS) 101
byHungWei Chiu
 
Kotlin Coroutines in Practice @ KotlinConf 2018
byRoman Elizarov
 
Kubernetes Deployment Strategies
byAbdennour TM
 
C++ Unit Test with Google Testing Framework
byHumberto Marchezi
 
KCD Zurich 2023 — Bridge Dev & Ops with eBPF.pdf
byRaphaël PINSON
 
eBPF Basics
byMichael Kehoe
 
Angular
bysridhiya
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
byThomas Graf
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
byThomas Graf
 
100%Kotlin ORM Ktormを試してみた
byKeita Tsukamoto
 
HTTP2 and gRPC
byGuo Jing
 
Asynchronous programming in C#
byBohdan Pashkovskyi
 
Comprehensive Terraform Training
byYevgeniy Brikman
 
RedisConf17 - Distributed Java Map Structures and Services with Redisson
byRedis Labs
 
Integrating PostgreSql with RabbitMQ
byGavin Roy
 
Fun with Network Interfaces
byKernel TLV
 

Similar to Kubernetes API code-base tour

PDF
KubeCon EU 2018 – Sig API Machinery Deep Dive
byStefan Schimanski
 
PDF
Extending the Kube API
byStefan Schimanski
 
PDF
Meetup - Principles of the kube api and how to extend it
byStefan Schimanski
 
PDF
Extend and build on Kubernetes
byStefan Schimanski
 
PDF
Kubernetes Architecture - beyond a black box - Part 1
byHao H. Zhang
 
PDF
How Does Kubernetes Build OpenAPI Specifications?
byreallavalamp
 
PDF
Extending kubernetes
byGigi Sayfan
 
PDF
WWCode Dallas - Kubernetes: Learning from Zero to Production
byRosemary Wang
 
PPTX
kubernetes_python_api_testing.pptx
byDivyasampatirao
 
PDF
Getting started with kubernetes
byBob Killen
 
PDF
Kubernetes extensibility
byDocker, Inc.
 
PDF
The App Developer's Kubernetes Toolbox
byNebulaworks
 
PDF
LISA2017 Kubernetes: Hit the Ground Running
byChris McEniry
 
PDF
Evolving for Kubernetes
byChris McEniry
 
PDF
Kubernetes extensibility: crd & operators
byGiacomo Tirabassi
 
PDF
Kubernetes extensibility: CRDs & Operators
bySIGHUP
 
PPTX
Kubernetes #1 intro
byTerry Cho
 
PDF
An intro to Kubernetes operators
byJ On The Beach
 
PPTX
Introduction to kubernetes
byRishabh Indoria
 
PPTX
api_testing_k8s.pptx
byDivyasampatirao
 
KubeCon EU 2018 – Sig API Machinery Deep Dive
byStefan Schimanski
 
Extending the Kube API
byStefan Schimanski
 
Meetup - Principles of the kube api and how to extend it
byStefan Schimanski
 
Extend and build on Kubernetes
byStefan Schimanski
 
Kubernetes Architecture - beyond a black box - Part 1
byHao H. Zhang
 
How Does Kubernetes Build OpenAPI Specifications?
byreallavalamp
 
Extending kubernetes
byGigi Sayfan
 
WWCode Dallas - Kubernetes: Learning from Zero to Production
byRosemary Wang
 
kubernetes_python_api_testing.pptx
byDivyasampatirao
 
Getting started with kubernetes
byBob Killen
 
Kubernetes extensibility
byDocker, Inc.
 
The App Developer's Kubernetes Toolbox
byNebulaworks
 
LISA2017 Kubernetes: Hit the Ground Running
byChris McEniry
 
Evolving for Kubernetes
byChris McEniry
 
Kubernetes extensibility: crd & operators
byGiacomo Tirabassi
 
Kubernetes extensibility: CRDs & Operators
bySIGHUP
 
Kubernetes #1 intro
byTerry Cho
 
An intro to Kubernetes operators
byJ On The Beach
 
Introduction to kubernetes
byRishabh Indoria
 
api_testing_k8s.pptx
byDivyasampatirao
 

More from Stefan Schimanski

PDF
Cutting the Kubernetes Monorepo in pieces
byStefan Schimanski
 
PDF
Extending kubernetes with CustomResourceDefinitions
byStefan Schimanski
 
PDF
Extending Kubernetes – Admission webhooks
byStefan Schimanski
 
PDF
Cutting the Kubernetes Monorepo in pieces – never learnt more about git
byStefan Schimanski
 
PDF
Git deep dive – chopping Kubernetes
byStefan Schimanski
 
PDF
Elastic etcd
byStefan Schimanski
 
PDF
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
byStefan Schimanski
 
PDF
Kubernetes Architecture and Introduction
byStefan Schimanski
 
PDF
Kubernetes on Top of Mesos on Top of DCOS
byStefan Schimanski
 
PDF
An Introduction to the Kubernetes API
byStefan Schimanski
 
PDF
Cluster Networking with Docker
byStefan Schimanski
 
PDF
Beyond static configuration
byStefan Schimanski
 
Cutting the Kubernetes Monorepo in pieces
byStefan Schimanski
 
Extending kubernetes with CustomResourceDefinitions
byStefan Schimanski
 
Extending Kubernetes – Admission webhooks
byStefan Schimanski
 
Cutting the Kubernetes Monorepo in pieces – never learnt more about git
byStefan Schimanski
 
Git deep dive – chopping Kubernetes
byStefan Schimanski
 
Elastic etcd
byStefan Schimanski
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
byStefan Schimanski
 
Kubernetes Architecture and Introduction
byStefan Schimanski
 
Kubernetes on Top of Mesos on Top of DCOS
byStefan Schimanski
 
An Introduction to the Kubernetes API
byStefan Schimanski
 
Cluster Networking with Docker
byStefan Schimanski
 
Beyond static configuration
byStefan Schimanski
 

Recently uploaded

PDF
Dreamforce 2025: Welcome to the Agentic Enterprise
byDele Amefo
 
PPT
preliminaries, concepts of programming languages
bymjmansoori54
 
PDF
SAP & CTRM Testing Like Never Before
byZoe Gilbert
 
PPSX
Domain Centered Architecture for complex business domains
byRob Vens
 
PPTX
Cyber-Security-Essentials (21AK1A0217).pptx
byGaganGagan44
 
PPT
SAP ERP Training For Senior Managers.ppt
byBalanathanVirupasan
 
PDF
Scraping Amazon Prime Watchlist Data for Viewing Patterns.pdf
byyashpatric
 
PPT
Evolution of the Major Programming Languages
bymjmansoori54
 
PPTX
Moving Plone Blob Storage to S3 Object Storage - Plone Conference 2025
byAlin Voinea
 
PPTX
Safe Confined Space Entry Monitoring_ Singapore Experts.pptx
byprasadexiga0
 
PDF
898975372-Leaving-Legacy-Software-Behind-a-Modern-Migration-Roadmap.pdf
byKsoft Technologies
 
PDF
VADY GenAI – Enterprise AI Solutions with Complete Data Control and Smart Dec...
byNewFangledVision
 
PPTX
Java Modern Puzzlers, a guide to new programming features
bySimon Ritter
 
PPTX
Declarative Process Mining with MINERful, Reloaded
byCecilia Iacometta
 
PPTX
AI-Powered Intelligent Agents for Fraud Detection
byleolucus1995
 
PDF
The new Volto Form Block, Plone Conference 2025
byRob Gietema
 
PDF
Autowiring all the things! - DrupalCon Vienna 2025 - Luca Lusso, SparkFabrik
bysparkfabrik
 
PDF
The 50+ First-Timer: It’s never too late for Open Source!
byImma Valls Bernaus
 
DOCX
What Is the Best BI Software Other Than Tableau.docx
byVarsha Nayak
 
PDF
Shift Left for Inclusion: Scalable Accessibility Testing with Cypress - Cypre...
byLudovico Besana
 
Dreamforce 2025: Welcome to the Agentic Enterprise
byDele Amefo
 
preliminaries, concepts of programming languages
bymjmansoori54
 
SAP & CTRM Testing Like Never Before
byZoe Gilbert
 
Domain Centered Architecture for complex business domains
byRob Vens
 
Cyber-Security-Essentials (21AK1A0217).pptx
byGaganGagan44
 
SAP ERP Training For Senior Managers.ppt
byBalanathanVirupasan
 
Scraping Amazon Prime Watchlist Data for Viewing Patterns.pdf
byyashpatric
 
Evolution of the Major Programming Languages
bymjmansoori54
 
Moving Plone Blob Storage to S3 Object Storage - Plone Conference 2025
byAlin Voinea
 
Safe Confined Space Entry Monitoring_ Singapore Experts.pptx
byprasadexiga0
 
898975372-Leaving-Legacy-Software-Behind-a-Modern-Migration-Roadmap.pdf
byKsoft Technologies
 
VADY GenAI – Enterprise AI Solutions with Complete Data Control and Smart Dec...
byNewFangledVision
 
Java Modern Puzzlers, a guide to new programming features
bySimon Ritter
 
Declarative Process Mining with MINERful, Reloaded
byCecilia Iacometta
 
AI-Powered Intelligent Agents for Fraud Detection
byleolucus1995
 
The new Volto Form Block, Plone Conference 2025
byRob Gietema
 
Autowiring all the things! - DrupalCon Vienna 2025 - Luca Lusso, SparkFabrik
bysparkfabrik
 
The 50+ First-Timer: It’s never too late for Open Source!
byImma Valls Bernaus
 
What Is the Best BI Software Other Than Tableau.docx
byVarsha Nayak
 
Shift Left for Inclusion: Scalable Accessibility Testing with Cypress - Cypre...
byLudovico Besana
 
In this document
Powered by AI

Introduction to the kube-apiserver by Stefan Schimanski, highlighting its key components.

Discussion on defining API types and registration in GoLang, including files for types and installation.

Discussion on defining API types and registration in GoLang, including files for types and installation.

Overview of the Scheme in GoLang for registering types and functions with GroupVersionKind.

Discussion on defining API types and registration in GoLang, including files for types and installation.

Details on custom conversions and generated code for v1alpha1 types in Kubernetes API.

Technical details on the apiserver, including handling requests, authentication, and data flow.

Explanation of HTTP request handling, resource management, and validations in kube-apiserver. Integration of storage handling and RESTful logic in kube-apiserver with audit and validations.Discussion on managing API groups, registries, and the plumbing into kube-apiserver.Overview of build system plumbing, live debugging resources, and a wrap-up session announcement.

Kubernetes API code-base tour

  • 1.
    API Codebase Tour StefanSchimanski / @the_sttts / Red Hat Hacking the kube-apiserver
  • 2.
  • 4.
    v1alpha1 types: staging/src/k8s.io/api/auditregistration/v1alpha1 •types.go – actual Golang types (with JSON and Proto tags) • register.go – registration code: AddToScheme internal types: pkg/apis/auditregistration • types.go – internal (hub) Golang types (without JSON/Proto) • register.go – registration code: AddToScheme Installer: pkg/apis/auditregistration/install: func Install(scheme *runtime.Scheme) Golang types
  • 5.
    Scheme: register Golangtypes & Golang funcs w/ GroupVersionKind k8s.io/apimachinery/pkg/runtime.Scheme GroupVersionKinds conversions defaulters reflect.Type Scheme Codec
  • 6.
    v1alpha1 types: staging/src/k8s.io/api/auditregistration/v1alpha1 •types.go – actual Golang types (with JSON and Proto tags) • register.go – registration code: AddToScheme internal types: pkg/apis/auditregistration • types.go – internal (hub) Golang types (without JSON/Proto) • register.go – registration code: AddToScheme Installer: pkg/apis/auditregistration/install: func Install(scheme *runtime.Scheme) Golang types
  • 7.
    Conversions: pkg/apis/auditregistration/v1alpha1 • conversion.go– custom conversions • zz_generated.conversion.go – generated conversions Defaults: zz_generated_defaults.go DeepCopy: zz_generated_deepcopy.go Generated Code not in k8s.io/api!
  • 8.
  • 9.
    apiserver binary generic apiserverin k8s.io/apiserver 404 authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain mux data flow calls back to knows no API groups yetScheme empty /version /apis /openapi/v2 /swagger.json /healthz /metrics
  • 10.
    apiserver binary generic apiserverin k8s.io/apiserver 404 authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain mux data flow calls back to knows no API groups yetScheme empty /version /apis /openapi/v2 /swagger.json /healthz /metrics
  • 11.
    func DefaultBuildHandlerChain(apiHandler http.Handler,c *Config) http.Handler { handler := genericapifilters.WithAuthorization(apiHandler, ...) handler = genericfilters.WithMaxInFlightLimit(handler, ...) handler = genericapifilters.WithImpersonation(handler, ...) handler = genericapifilters.WithAudit(handler, ...) failedHandler := genericapifilters.Unauthorized(...) failedHandler = genericapifilters.WithFailedAuthenticationAudit(failedHandler, ...) handler = genericapifilters.WithAuthentication(handler, ..., failedHandler, ...) handler = genericfilters.WithCORS(handler, ...) handler = genericfilters.WithTimeoutForNonLongRunningRequests(handler, ...) handler = genericfilters.WithWaitGroup(handler, ...) handler = genericapifilters.WithRequestInfo(handler, ...) handler = genericfilters.WithPanicRecovery(handler) return handler } k8s.io/apiserver/pkg/server/config.go
  • 12.
    kube-apiserver generic apiserver 404 authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain mux dataflow calls back to knows no API groups yetScheme /version /apis /openapi/v2 /swagger.json /healthz /metrics core/v1 Podcore/v1 Podcore/v1 Pod
  • 13.
  • 14.
    kube-apiserver apiserver resource handlerresource handler 404 resourcehandler request conversion& defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to mux no storage logic yet
  • 15.
    kube-apiserver apiserver resource handlerresource handler 404 etcd resourcehandler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to
  • 16.
    kube-apiserver apiserver resource handlerresource handler 404 etcd resourcehandler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to v1 v1 v1 int int v1 int v1 int v2 v1 int int v1 hub/internal version
  • 17.
    kube-apiserver apiserver resource handlerresource handler 404 etcd resourcehandler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to conversions defaulting
  • 18.
    kube-apiserver CRDs aggregator kube- aggregator & CRDs apiserver resource handlerresource handler 404 etcdaggregated apiservers resourcehandler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to
  • 19.
    kube-apiserver kube- aggregator apiserver resource handlerresource handler 404 etcdaggregated apiservers resourcehandler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to pkg/registry pkg/apis + k8s.io/api k8s.io/apiserver/pkg/endpoints/handlers k8s.io/apiserver/pkg/admission k8s.io/apiserver/plugin/pkg/admission plugins/pkg/admission k8s.io/apiserver/pkg/endpoints/filters k8s.io/kube-aggregator k8s.io/apiextensions-apiserver k8s.io/apiserver/pkg/storage/etcd3 k8s.io/apiserver/pkg/registry/generic
  • 20.
    API Group “core”APIGroup “core”API Group “auditregistration.k8s.io” PodStoragePodStorageAuditSinkStorage Generic Registry AuditSink Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ... staging/src/k8s.io/apiserver/pkg/registry/generic/registry pkg/apis/auditregistration/validation “The registry” of a resource
  • 21.
    Plumbing into kube-apiserver pkg/master/import_known_versions.go import( _ "k8s.io/kubernetes/pkg/apis/auditregistration/install" ) pkg/master/master.go import ( auditregistrationrest "k8s.io/kubernetes/pkg/registry/auditregistration/rest" ) restStorageProviders := []RESTStorageProvider{ auditregistrationrest.RESTStorageProvider{}, autoscalingrest.RESTStorageProvider{}, … } apiserver.InstallAPIs(…, restStorageProviders…) legacyscheme.Scheme installs handlers into the mux func init()
  • 22.
    Build system plumbing •hack/.golint_failures ignore lint errors due to generated code • hack/lib/init.sh add to KUBE_AVAILABLE_GROUP_VERSIONS, used by many hack/ scripts • hack/update-generated-protobuf-dockerized.sh generate Protobuf code, independent from KUBE_AVAILABLE_GROUP_VERSIONS for some reason
  • 23.
    $ make WHAT=cmd/hyperkube $RUNTIME_CONFIG=auditregistration.k8s.io/v1alpha1=true hack/local-up-cluster.sh $ kubectl get --raw /apis | grep auditregistration.k8s.io
  • 24.
  • 25.
    kube-apiserver CRDs aggregator kube- aggregator & CRDs apiserver resource handlerresource handler 404 etcdaggregated apiservers resourcehandler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to
  • 26.
    Live Debugging * perfectlywritten down in xmudrii’s https://xmudrii.com/posts/debugging-kubernetes/ *
  • 27.
    kube-apiserver CRDs aggregator kube- aggregator & CRDs apiserver resource handlerresource handler 404 etcdaggregated apiservers resourcehandler request conversion& defaulting storage conversion & defaulting REST logic result conversion validation admission decoding GET CREATE LIST UPDATE DELETE WATCH PATCH encoding mutating webhooks validating webhooks authentication authorization impersonation panic recovery request-timeout audit max-in-flight handlerchain API Group “core”API Group “core”API Group “core” PodStoragePodStoragePodStorage Generic Registry Pod Strategy - PrepareForUpdate - PrepareForCreate - Validate ... create update ...mux Scheme core/v1 Podcore/v1 Podcore/v1 Pod data flow calls back to
  • 28.
    @lavalamp’s “Live APICode Review” after the break