9. apiserver binary
generic apiserver in k8s.io/apiserver
404
authentication
authorization
impersonation
panic recovery
request-timeout
audit
max-in-flight
handlerchain
mux
data flow
calls back to
knows no API groups yetScheme
empty
/version
/apis
/openapi/v2
/swagger.json
/healthz
/metrics
10. apiserver binary
generic apiserver in k8s.io/apiserver
404
authentication
authorization
impersonation
panic recovery
request-timeout
audit
max-in-flight
handlerchain
mux
data flow
calls back to
knows no API groups yetScheme
empty
/version
/apis
/openapi/v2
/swagger.json
/healthz
/metrics
14. kube-apiserver
apiserver
resource handlerresource handler
404
resource handler
request
conversion&
defaulting
REST logic
result
conversion
validation
admission
decoding
GET
CREATE
LIST
UPDATE
DELETE
WATCH
PATCH
encoding
mutating
webhooks
validating
webhooks
authentication
authorization
impersonation
panic recovery
request-timeout
audit
max-in-flight
handlerchain
Scheme
core/v1 Podcore/v1 Podcore/v1 Pod
data flow
calls back to
mux
no storage logic yet
15. kube-apiserver
apiserver
resource handlerresource handler
404
etcd
resource handler
request
conversion&
defaulting
storage
conversion &
defaulting
REST logic
result
conversion
validation
admission
decoding
GET
CREATE
LIST
UPDATE
DELETE
WATCH
PATCH
encoding
mutating
webhooks
validating
webhooks
authentication
authorization
impersonation
panic recovery
request-timeout
audit
max-in-flight
handlerchain
API Group “core”API Group “core”API Group “core”
PodStoragePodStoragePodStorage
Generic Registry Pod Strategy
- PrepareForUpdate
- PrepareForCreate
- Validate
...
create
update
...mux
Scheme
core/v1 Podcore/v1 Podcore/v1 Pod
data flow
calls back to
16. kube-apiserver
apiserver
resource handlerresource handler
404
etcd
resource handler
request
conversion&
defaulting
storage
conversion &
defaulting
REST logic
result
conversion
validation
admission
decoding
GET
CREATE
LIST
UPDATE
DELETE
WATCH
PATCH
encoding
mutating
webhooks
validating
webhooks
authentication
authorization
impersonation
panic recovery
request-timeout
audit
max-in-flight
handlerchain
API Group “core”API Group “core”API Group “core”
PodStoragePodStoragePodStorage
Generic Registry Pod Strategy
- PrepareForUpdate
- PrepareForCreate
- Validate
...
create
update
...mux
Scheme
core/v1 Podcore/v1 Podcore/v1 Pod
data flow
calls back to
v1
v1
v1 int int
v1
int
v1
int
v2
v1
int
int
v1
hub/internal version
17. kube-apiserver
apiserver
resource handlerresource handler
404
etcd
resource handler
request
conversion&
defaulting
storage
conversion &
defaulting
REST logic
result
conversion
validation
admission
decoding
GET
CREATE
LIST
UPDATE
DELETE
WATCH
PATCH
encoding
mutating
webhooks
validating
webhooks
authentication
authorization
impersonation
panic recovery
request-timeout
audit
max-in-flight
handlerchain
API Group “core”API Group “core”API Group “core”
PodStoragePodStoragePodStorage
Generic Registry Pod Strategy
- PrepareForUpdate
- PrepareForCreate
- Validate
...
create
update
...mux
Scheme
core/v1 Podcore/v1 Podcore/v1 Pod
data flow
calls back to
conversions
defaulting
18. kube-apiserver
CRDs
aggregator
kube-
aggregator
&
CRDs
apiserver
resource handlerresource handler
404
etcdaggregated
apiservers
resource handler
request
conversion&
defaulting
storage
conversion &
defaulting
REST logic
result
conversion
validation
admission
decoding
GET
CREATE
LIST
UPDATE
DELETE
WATCH
PATCH
encoding
mutating
webhooks
validating
webhooks
authentication
authorization
impersonation
panic recovery
request-timeout
audit
max-in-flight
handlerchain
API Group “core”API Group “core”API Group “core”
PodStoragePodStoragePodStorage
Generic Registry Pod Strategy
- PrepareForUpdate
- PrepareForCreate
- Validate
...
create
update
...mux
Scheme
core/v1 Podcore/v1 Podcore/v1 Pod
data flow
calls back to
19. kube-apiserver
kube-
aggregator
apiserver
resource handlerresource handler
404
etcdaggregated
apiservers
resource handler
request
conversion&
defaulting
storage
conversion &
defaulting
REST logic
result
conversion
validation
admission
decoding
GET
CREATE
LIST
UPDATE
DELETE
WATCH
PATCH
encoding
mutating
webhooks
validating
webhooks
authentication
authorization
impersonation
panic recovery
request-timeout
audit
max-in-flight
handlerchain
API Group “core”API Group “core”API Group “core”
PodStoragePodStoragePodStorage
Generic Registry Pod Strategy
- PrepareForUpdate
- PrepareForCreate
- Validate
...
create
update
...mux
Scheme
core/v1 Podcore/v1 Podcore/v1 Pod
data flow
calls back to
pkg/registry
pkg/apis + k8s.io/api
k8s.io/apiserver/pkg/endpoints/handlers
k8s.io/apiserver/pkg/admission
k8s.io/apiserver/plugin/pkg/admission
plugins/pkg/admission
k8s.io/apiserver/pkg/endpoints/filters
k8s.io/kube-aggregator
k8s.io/apiextensions-apiserver
k8s.io/apiserver/pkg/storage/etcd3
k8s.io/apiserver/pkg/registry/generic
20. API Group “core”API Group “core”API Group “auditregistration.k8s.io”
PodStoragePodStorageAuditSinkStorage
Generic Registry AuditSink Strategy
- PrepareForUpdate
- PrepareForCreate
- Validate
...
create
update
...
staging/src/k8s.io/apiserver/pkg/registry/generic/registry
pkg/apis/auditregistration/validation
“The registry” of a resource
22. Build system plumbing
• hack/.golint_failures
ignore lint errors due to generated code
• hack/lib/init.sh
add to KUBE_AVAILABLE_GROUP_VERSIONS,
used by many hack/ scripts
• hack/update-generated-protobuf-dockerized.sh
generate Protobuf code, independent from
KUBE_AVAILABLE_GROUP_VERSIONS for some reason
23. $ make WHAT=cmd/hyperkube
$ RUNTIME_CONFIG=auditregistration.k8s.io/v1alpha1=true
hack/local-up-cluster.sh
$ kubectl get --raw /apis | grep auditregistration.k8s.io