[POC] Webconsole 01 command

cmd/origin-web-console/console.go

@@ -0,0 +1,37 @@
+package main
+
+import (
+	"flag"
+	"math/rand"
+	"os"
+	"runtime"
+	"time"
+
+	"github.com/golang/glog"
+
+	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/kubernetes/pkg/util/logs"
+
+	webconsolecmd "github.com/openshift/origin/pkg/assets/apiserver/cmd"
+	"github.com/openshift/origin/pkg/cmd/util/serviceability"
+)
+
+func main() {
+	rand.Seed(time.Now().UTC().UnixNano())
+
+	logs.InitLogs()
+	defer logs.FlushLogs()
+
+	if len(os.Getenv("GOMAXPROCS")) == 0 {
+		runtime.GOMAXPROCS(runtime.NumCPU())
+	}
+
+	defer serviceability.BehaviorOnPanic(os.Getenv("OPENSHIFT_ON_PANIC"))()
+	defer serviceability.Profile(os.Getenv("OPENSHIFT_PROFILE")).Stop()
+
+	cmd := webconsolecmd.NewCommandStartWebConsoleServer(os.Stdout, os.Stderr, wait.NeverStop)
+	cmd.Flags().AddGoFlagSet(flag.CommandLine)
+	if err := cmd.Execute(); err != nil {
+		glog.Fatal(err)
+	}
+}

hack/lib/build/constants.sh

@@ -40,6 +40,7 @@ readonly OS_CROSS_COMPILE_TARGETS=(
   cmd/oc
   cmd/kubefed
   cmd/template-service-broker
+  cmd/origin-web-console
 )
 readonly OS_CROSS_COMPILE_BINARIES=("${OS_CROSS_COMPILE_TARGETS[@]##*/}")
 

install/origin-web-console/apiserver-config.yaml

@@ -0,0 +1,21 @@
+kind: AssetConfig
+apiVersion: v1
+extensionDevelopment: false
+extensionProperties: null
+extensionScripts: null
+extensionStylesheets: null
+extensions: null
+loggingPublicURL: ""
+logoutURL: ""
+masterPublicURL: https://127.0.0.1:8443
+metricsPublicURL: ""
+publicURL: https://127.0.0.1:8443/console/
+servingInfo:
+  bindAddress: 0.0.0.0:8443
+  bindNetwork: tcp4
+  certFile: /var/serving-cert/tls.crt
+  clientCA: ""
+  keyFile: /var/serving-cert/tls.key
+  maxRequestsInFlight: 0
+  namedCertificates: null
+  requestTimeoutSeconds: 0

install/origin-web-console/apiserver-template.yaml

@@ -0,0 +1,94 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  name: template-service-broker-webconsole
+parameters:
+- name: IMAGE
+  value: openshift/origin-web-console:latest
+- name: NAMESPACE
+  value: openshift-web-console
+- name: LOGLEVEL
+  value: "0"
+- name: API_SERVER_CONFIG
+- name: NODE_SELECTOR
+  value: "{}"
+objects:
+
+# to create the web console server
+- apiVersion: extensions/v1beta1
+  kind: DaemonSet
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+    labels:
+      webconsole: "true"
+  spec:
+    template:
+      metadata:
+        name: webconsole
+        labels:
+          webconsole: "true"
+      spec:
+        serviceAccountName: webconsole
+        containers:
+        - name: c
+          image: ${IMAGE}
+          imagePullPolicy: IfNotPresent
+          command:
+          - "/usr/bin/origin-web-console"
+          - "--audit-log-path=-"
+          - "--config=/var/webconsole-config/webconsole-config.yaml"
+          ports:
+          - containerPort: 8443
+          volumeMounts:
+          - mountPath: /var/serving-cert
+            name: serving-cert
+          - mountPath: /var/webconsole-config
+            name: webconsole-config
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8443
+              scheme: HTTPS
+        nodeSelector: "${{NODE_SELECTOR}}"
+        volumes:
+        - name: serving-cert
+          secret:
+            defaultMode: 420
+            secretName: webconsole-serving-cert
+        - name: webconsole-config
+          configMap:
+            defaultMode: 420
+            name: webconsole-config
+
+# to create the config for the web console
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole-config
+  data:
+    webconsole-config.yaml: ${API_SERVER_CONFIG}
+
+# to be able to assign powers to the process
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+
+# to be able to expose web console inside the cluster
+- apiVersion: v1
+  kind: Service
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+    annotations:
+      service.alpha.openshift.io/serving-cert-secret-name: webconsole-serving-cert
+  spec:
+    selector:
+      webconsole: "true"
+    ports:
+    - name: https
+      port: 443
+      targetPort: 8443

pkg/assets/apiserver/asset_apiserver.go

@@ -72,7 +72,7 @@ func NewAssetServerConfig(assetConfig oapi.AssetConfig) (*AssetServerConfig, err
 	if err != nil {
 		return nil, err
 	}
-	secureServingOptions := genericapiserveroptions.SecureServingOptions{}
+	secureServingOptions := genericapiserveroptions.NewSecureServingOptions()
 	secureServingOptions.BindPort = port
 	secureServingOptions.ServerCert.CertKey.CertFile = assetConfig.ServingInfo.ServerCert.CertFile
 	secureServingOptions.ServerCert.CertKey.KeyFile = assetConfig.ServingInfo.ServerCert.KeyFile

pkg/assets/apiserver/cmd/start.go

@@ -0,0 +1,153 @@
+package cmd
+
+import (
+	"fmt"
+	"io"
+	"io/ioutil"
+
+	"github.com/golang/glog"
+	"github.com/spf13/cobra"
+
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
+	genericapiserver "k8s.io/apiserver/pkg/server"
+	genericoptions "k8s.io/apiserver/pkg/server/options"
+	"k8s.io/kubernetes/pkg/kubectl/cmd/util"
+
+	webconsoleserver "github.com/openshift/origin/pkg/assets/apiserver"
+	configapi "github.com/openshift/origin/pkg/cmd/server/api"
+	configapiinstall "github.com/openshift/origin/pkg/cmd/server/api/install"
+	configapivalidation "github.com/openshift/origin/pkg/cmd/server/api/validation"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+)
+
+type WebConsoleServerOptions struct {
+	// we don't have any storage, so we shouldn't use the recommended options
+	Audit    *genericoptions.AuditOptions
+	Features *genericoptions.FeatureOptions
+
+	StdOut io.Writer
+	StdErr io.Writer
+
+	WebConsoleConfig *configapi.AssetConfig
+}
+
+func NewWebConsoleServerOptions(out, errOut io.Writer) *WebConsoleServerOptions {
+	o := &WebConsoleServerOptions{
+		Audit:    genericoptions.NewAuditOptions(),
+		Features: genericoptions.NewFeatureOptions(),
+
+		StdOut: out,
+		StdErr: errOut,
+	}
+
+	return o
+}
+
+func NewCommandStartWebConsoleServer(out, errOut io.Writer, stopCh <-chan struct{}) *cobra.Command {
+	o := NewWebConsoleServerOptions(out, errOut)
+
+	cmd := &cobra.Command{
+		Use:   "origin-web-console",
+		Short: "Launch a web console server",
+		Long:  "Launch a web console server",
+		RunE: func(c *cobra.Command, args []string) error {
+			if err := o.Complete(c); err != nil {
+				return err
+			}
+			if err := o.Validate(args); err != nil {
+				return err
+			}
+			if err := o.RunWebConsoleServer(stopCh); err != nil {
+				return err
+			}
+			return nil
+		},
+	}
+
+	flags := cmd.Flags()
+	o.Audit.AddFlags(flags)
+	o.Features.AddFlags(flags)
+	flags.String("config", "", "filename containing the WebConsoleConfig")
+
+	return cmd
+}
+
+func (o WebConsoleServerOptions) Validate(args []string) error {
+	if o.WebConsoleConfig == nil {
+		return fmt.Errorf("missing config: specify --config")
+	}
+
+	validationResults := configapivalidation.ValidateAssetConfig(o.WebConsoleConfig, field.NewPath("config"))
+	if len(validationResults.Warnings) != 0 {
+		for _, warning := range validationResults.Warnings {
+			glog.Warningf("Warning: %v, web console start will continue.", warning)
+		}
+	}
+	if len(validationResults.Errors) != 0 {
+		return apierrors.NewInvalid(configapi.Kind("AssetConfig"), "", validationResults.Errors)
+	}
+
+	return nil
+}
+
+func (o *WebConsoleServerOptions) Complete(cmd *cobra.Command) error {
+	configFile := util.GetFlagString(cmd, "config")
+	if len(configFile) > 0 {
+		content, err := ioutil.ReadFile(configFile)
+		if err != nil {
+			return err
+		}
+		configObj, err := runtime.Decode(configCodecs.UniversalDecoder(), content)
+		if err != nil {
+			return err
+		}
+		config, ok := configObj.(*configapi.AssetConfig)
+		if !ok {
+			return fmt.Errorf("unexpected type: %T", configObj)
+		}
+		o.WebConsoleConfig = config
+	}
+
+	return nil
+}
+
+func (o WebConsoleServerOptions) Config() (*webconsoleserver.AssetServerConfig, error) {
+	serverConfig, err := webconsoleserver.NewAssetServerConfig(*o.WebConsoleConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := o.Audit.ApplyTo(serverConfig.GenericConfig); err != nil {
+		return nil, err
+	}
+	if err := o.Features.ApplyTo(serverConfig.GenericConfig); err != nil {
+		return nil, err
+	}
+
+	return serverConfig, nil
+}
+
+func (o WebConsoleServerOptions) RunWebConsoleServer(stopCh <-chan struct{}) error {
+	config, err := o.Config()
+	if err != nil {
+		return err
+	}
+
+	server, err := config.Complete().New(genericapiserver.EmptyDelegate)
+	if err != nil {
+		return err
+	}
+	return server.GenericAPIServer.PrepareRun().Run(stopCh)
+}
+
+// these are used to set up for reading the config
+var (
+	configScheme = runtime.NewScheme()
+	configCodecs = serializer.NewCodecFactory(configScheme)
+)
+
+func init() {
+	configapiinstall.AddToScheme(configScheme)
+}

pkg/cmd/server/api/install/install.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 
 	"k8s.io/apimachinery/pkg/api/meta"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apiserver/pkg/apis/apiserver"
 	apiserverv1alpha1 "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1"
@@ -29,14 +30,18 @@ var accessor = meta.NewAccessor()
 var availableVersions = []schema.GroupVersion{configapiv1.SchemeGroupVersion}
 
 func init() {
-	configapi.AddToScheme(configapi.Scheme)
-	configapiv1.AddToScheme(configapi.Scheme)
+	AddToScheme(configapi.Scheme)
+}
+
+func AddToScheme(scheme *runtime.Scheme) {
+	configapi.AddToScheme(scheme)
+	configapiv1.AddToScheme(scheme)
 	// we additionally need to enable audit versions, since we embed the audit
 	// policy file inside master-config.yaml
-	audit.AddToScheme(configapi.Scheme)
-	auditv1alpha1.AddToScheme(configapi.Scheme)
-	apiserver.AddToScheme(configapi.Scheme)
-	apiserverv1alpha1.AddToScheme(configapi.Scheme)
+	audit.AddToScheme(scheme)
+	auditv1alpha1.AddToScheme(scheme)
+	apiserver.AddToScheme(scheme)
+	apiserverv1alpha1.AddToScheme(scheme)
 }
 
 func interfacesFor(version schema.GroupVersion) (*meta.VersionInterfaces, error) {

pkg/cmd/server/api/register.go

@@ -39,6 +39,7 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&MasterConfig{},
 		&NodeConfig{},
+		&AssetConfig{},
 		&SessionSecrets{},
 
 		&BasicAuthPasswordIdentityProvider{},

pkg/cmd/server/api/types.go

@@ -824,6 +824,8 @@ type DNSConfig struct {
 }
 
 type AssetConfig struct {
+	metav1.TypeMeta
+
 	ServingInfo HTTPServingInfo
 
 	// PublicURL is where you can find the asset server (TODO do we really need this?)

pkg/cmd/server/api/v1/register.go

@@ -20,6 +20,7 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&MasterConfig{},
 		&NodeConfig{},
+		&AssetConfig{},
 		&SessionSecrets{},
 
 		&BasicAuthPasswordIdentityProvider{},

pkg/cmd/server/api/v1/types.go

@@ -713,8 +713,12 @@ type DNSConfig struct {
 	AllowRecursiveQueries bool `json:"allowRecursiveQueries"`
 }
 
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
 // AssetConfig holds the necessary configuration options for serving assets
 type AssetConfig struct {
+	metav1.TypeMeta `json:",inline"`
+
 	// ServingInfo is the HTTP serving information for these assets
 	ServingInfo HTTPServingInfo `json:"servingInfo"`