// startControllers launches the controllers
func startControllers(oc *origin.MasterConfig, kc *kubernetes.MasterConfig) error {
if oc.Options.Controllers == configapi.ControllersDisabled {
return nil
}
go func() {
oc.ControllerPlugStart()
// when a manual shutdown (DELETE /controllers) or lease lost occurs, the process should exit
// this ensures no code is still running as a controller, and allows a process manager to reset
// the controller to come back into a candidate state and compete for the lease
if err := oc.ControllerPlug.WaitForStop(); err != nil {
glog.Fatalf("Controller shutdown due to lease being lost: %v", err)
}
glog.Fatalf("Controller graceful shutdown requested")
}()
oc.ControllerPlug.WaitForStart()
glog.Infof("Controllers starting (%s)", oc.Options.Controllers)
// Get configured options (or defaults) for k8s controllers
controllerManagerOptions := cmapp.NewCMServer()
if kc != nil && kc.ControllerManager != nil {
controllerManagerOptions = kc.ControllerManager
}
// Start these first, because they provide credentials for other controllers' clients
oc.RunServiceAccountsController()
oc.RunServiceAccountTokensController(controllerManagerOptions)
// used by admission controllers
oc.RunServiceAccountPullSecretsControllers()
oc.RunSecurityAllocationController()
if kc != nil {
_, _, rcClient, err := oc.GetServiceAccountClients(bootstrappolicy.InfraReplicationControllerServiceAccountName)
if err != nil {
glog.Fatalf("Could not get client for replication controller: %v", err)
}
_, _, jobClient, err := oc.GetServiceAccountClients(bootstrappolicy.InfraJobControllerServiceAccountName)
if err != nil {
glog.Fatalf("Could not get client for job controller: %v", err)
}
_, hpaOClient, hpaKClient, err := oc.GetServiceAccountClients(bootstrappolicy.InfraHPAControllerServiceAccountName)
if err != nil {
glog.Fatalf("Could not get client for HPA controller: %v", err)
}
_, _, recyclerClient, err := oc.GetServiceAccountClients(bootstrappolicy.InfraPersistentVolumeRecyclerControllerServiceAccountName)
if err != nil {
glog.Fatalf("Could not get client for persistent volume recycler controller: %v", err)
}
_, _, binderClient, err := oc.GetServiceAccountClients(bootstrappolicy.InfraPersistentVolumeBinderControllerServiceAccountName)
if err != nil {
glog.Fatalf("Could not get client for persistent volume binder controller: %v", err)
}
_, _, provisionerClient, err := oc.GetServiceAccountClients(bootstrappolicy.InfraPersistentVolumeProvisionerControllerServiceAccountName)
if err != nil {
glog.Fatalf("Could not get client for persistent volume provisioner controller: %v", err)
}
_, _, daemonSetClient, err := oc.GetServiceAccountClients(bootstrappolicy.InfraDaemonSetControllerServiceAccountName)
if err != nil {
glog.Fatalf("Could not get client for daemonset controller: %v", err)
}
_, _, gcClient, err := oc.GetServiceAccountClients(bootstrappolicy.InfraGCControllerServiceAccountName)
if err != nil {
glog.Fatalf("Could not get client for pod gc controller: %v", err)
}
_, _, serviceLoadBalancerClient, err := oc.GetServiceAccountClients(bootstrappolicy.InfraServiceLoadBalancerControllerServiceAccountName)
if err != nil {
glog.Fatalf("Could not get client for pod gc controller: %v", err)
}
namespaceControllerClientConfig, _, namespaceControllerKubeClient, err := oc.GetServiceAccountClients(bootstrappolicy.InfraNamespaceControllerServiceAccountName)
if err != nil {
glog.Fatalf("Could not get client for namespace controller: %v", err)
}
namespaceControllerClientSet := clientadapter.FromUnversionedClient(namespaceControllerKubeClient)
namespaceControllerClientPool := dynamic.NewClientPool(namespaceControllerClientConfig, dynamic.LegacyAPIPathResolverFunc)
// called by admission control
kc.RunResourceQuotaManager()
oc.RunResourceQuotaManager(controllerManagerOptions)
// no special order
kc.RunNodeController()
kc.RunScheduler()
kc.RunReplicationController(rcClient)
extensionsEnabled := len(configapi.GetEnabledAPIVersionsForGroup(kc.Options, extensions.GroupName)) > 0
// TODO: enable this check once the job controller can use the batch API if the extensions API is disabled
// batchEnabled := len(configapi.GetEnabledAPIVersionsForGroup(kc.Options, batch.GroupName)) > 0
if extensionsEnabled /*|| batchEnabled*/ {
kc.RunJobController(jobClient)
}
// TODO: enable this check once the HPA controller can use the autoscaling API if the extensions API is disabled
// autoscalingEnabled := len(configapi.GetEnabledAPIVersionsForGroup(kc.Options, autoscaling.GroupName)) > 0
if extensionsEnabled /*|| autoscalingEnabled*/ {
kc.RunHPAController(hpaOClient, hpaKClient, oc.Options.PolicyConfig.OpenShiftInfrastructureNamespace)
}
if extensionsEnabled {
kc.RunDaemonSetsController(daemonSetClient)
}
kc.RunEndpointController()
kc.RunNamespaceController(namespaceControllerClientSet, namespaceControllerClientPool)
kc.RunPersistentVolumeClaimBinder(binderClient)
if oc.Options.VolumeConfig.DynamicProvisioningEnabled {
kc.RunPersistentVolumeProvisioner(provisionerClient)
}
kc.RunPersistentVolumeClaimRecycler(oc.ImageFor("recycler"), recyclerClient, oc.Options.PolicyConfig.OpenShiftInfrastructureNamespace)
kc.RunGCController(gcClient)
kc.RunServiceLoadBalancerController(serviceLoadBalancerClient)
glog.Infof("Started Kubernetes Controllers")
} else {
oc.RunResourceQuotaManager(nil)
}
// no special order
if configapi.IsBuildEnabled(&oc.Options) {
oc.RunBuildController()
oc.RunBuildPodController()
oc.RunBuildConfigChangeController()
oc.RunBuildImageChangeTriggerController()
}
oc.RunDeploymentController()
oc.RunDeployerPodController()
oc.RunDeploymentConfigController()
oc.RunDeploymentTriggerController()
oc.RunDeploymentImageChangeTriggerController()
oc.RunImageImportController()
oc.RunOriginNamespaceController()
oc.RunSDNController()
_, _, serviceServingCertClient, err := oc.GetServiceAccountClients(bootstrappolicy.ServiceServingCertServiceAccountName)
if err != nil {
glog.Fatalf("Could not get client: %v", err)
}
oc.RunServiceServingCertController(serviceServingCertClient)
glog.Infof("Started Origin Controllers")
return nil
}
func StartMaster(openshiftMasterConfig *configapi.MasterConfig) error {
glog.Infof("Starting an OpenShift master, reachable at %s (etcd: %v)", openshiftMasterConfig.ServingInfo.BindAddress, openshiftMasterConfig.EtcdClientInfo.URLs)
glog.Infof("OpenShift master public address is %s", openshiftMasterConfig.AssetConfig.MasterPublicURL)
if openshiftMasterConfig.EtcdConfig != nil {
etcd.RunEtcd(openshiftMasterConfig.EtcdConfig)
}
// Allow privileged containers
// TODO: make this configurable and not the default https://github.com/openshift/origin/issues/662
capabilities.Initialize(capabilities.Capabilities{
AllowPrivileged: true,
HostNetworkSources: []string{kubelet.ApiserverSource, kubelet.FileSource},
})
openshiftConfig, err := origin.BuildMasterConfig(*openshiftMasterConfig)
if err != nil {
return err
}
go func() {
openshiftConfig.ControllerPlug.WaitForStop()
glog.Fatalf("Master shutdown requested")
}()
// Must start policy caching immediately
openshiftConfig.RunPolicyCache()
openshiftConfig.RunProjectCache()
unprotectedInstallers := []origin.APIInstaller{}
if openshiftMasterConfig.OAuthConfig != nil {
authConfig, err := origin.BuildAuthConfig(*openshiftMasterConfig)
if err != nil {
return err
}
unprotectedInstallers = append(unprotectedInstallers, authConfig)
}
var standaloneAssetConfig *origin.AssetConfig
if openshiftMasterConfig.AssetConfig != nil {
config, err := origin.BuildAssetConfig(*openshiftMasterConfig.AssetConfig)
if err != nil {
return err
}
if openshiftMasterConfig.AssetConfig.ServingInfo.BindAddress == openshiftMasterConfig.ServingInfo.BindAddress {
unprotectedInstallers = append(unprotectedInstallers, config)
} else {
standaloneAssetConfig = config
}
}
var kubeConfig *kubernetes.MasterConfig
if openshiftMasterConfig.KubernetesMasterConfig != nil {
kubeConfig, err = kubernetes.BuildKubernetesMasterConfig(*openshiftMasterConfig, openshiftConfig.RequestContextMapper, openshiftConfig.KubeClient())
if err != nil {
return err
}
openshiftConfig.Run([]origin.APIInstaller{kubeConfig}, unprotectedInstallers)
} else {
_, kubeConfig, err := configapi.GetKubeClient(openshiftMasterConfig.MasterClients.ExternalKubernetesKubeConfig)
if err != nil {
return err
}
proxy := &kubernetes.ProxyConfig{
ClientConfig: kubeConfig,
}
openshiftConfig.Run([]origin.APIInstaller{proxy}, unprotectedInstallers)
}
glog.Infof("Using images from %q", openshiftConfig.ImageFor("<component>"))
if standaloneAssetConfig != nil {
standaloneAssetConfig.Run()
}
if openshiftMasterConfig.DNSConfig != nil {
openshiftConfig.RunDNSServer()
}
openshiftConfig.RunProjectAuthorizationCache()
if openshiftMasterConfig.Controllers != configapi.ControllersDisabled {
go func() {
openshiftConfig.ControllerPlug.WaitForStart()
glog.Infof("Master controllers starting (%s)", openshiftMasterConfig.Controllers)
// Start these first, because they provide credentials for other controllers' clients
openshiftConfig.RunServiceAccountsController()
openshiftConfig.RunServiceAccountTokensController()
// used by admission controllers
openshiftConfig.RunServiceAccountPullSecretsControllers()
openshiftConfig.RunSecurityAllocationController()
if kubeConfig != nil {
_, rcClient, err := openshiftConfig.GetServiceAccountClients(openshiftConfig.ReplicationControllerServiceAccount)
if err != nil {
glog.Fatalf("Could not get client for replication controller: %v", err)
}
// called by admission control
kubeConfig.RunResourceQuotaManager()
// no special order
kubeConfig.RunNodeController()
kubeConfig.RunScheduler()
kubeConfig.RunReplicationController(rcClient)
kubeConfig.RunEndpointController()
kubeConfig.RunNamespaceController()
kubeConfig.RunPersistentVolumeClaimBinder()
kubeConfig.RunPersistentVolumeClaimRecycler(openshiftConfig.ImageFor("deployer"))
}
// no special order
openshiftConfig.RunBuildController()
openshiftConfig.RunBuildPodController()
openshiftConfig.RunBuildImageChangeTriggerController()
openshiftConfig.RunDeploymentController()
openshiftConfig.RunDeployerPodController()
openshiftConfig.RunDeploymentConfigController()
openshiftConfig.RunDeploymentConfigChangeController()
openshiftConfig.RunDeploymentImageChangeTriggerController()
openshiftConfig.RunImageImportController()
openshiftConfig.RunOriginNamespaceController()
openshiftConfig.RunSDNController()
}()
}
return nil
}
// startControllers launches the controllers
func startControllers(oc *origin.MasterConfig, kc *kubernetes.MasterConfig) error {
if oc.Options.Controllers == configapi.ControllersDisabled {
return nil
}
go func() {
oc.ControllerPlugStart()
// when a manual shutdown (DELETE /controllers) or lease lost occurs, the process should exit
// this ensures no code is still running as a controller, and allows a process manager to reset
// the controller to come back into a candidate state and compete for the lease
oc.ControllerPlug.WaitForStop()
glog.Fatalf("Controller shutdown requested")
}()
oc.ControllerPlug.WaitForStart()
glog.Infof("Controllers starting (%s)", oc.Options.Controllers)
// Start these first, because they provide credentials for other controllers' clients
oc.RunServiceAccountsController()
oc.RunServiceAccountTokensController()
// used by admission controllers
oc.RunServiceAccountPullSecretsControllers()
oc.RunSecurityAllocationController()
if kc != nil {
_, rcClient, err := oc.GetServiceAccountClients(oc.ReplicationControllerServiceAccount)
if err != nil {
glog.Fatalf("Could not get client for replication controller: %v", err)
}
_, jobClient, err := oc.GetServiceAccountClients(oc.JobControllerServiceAccount)
if err != nil {
glog.Fatalf("Could not get client for job controller: %v", err)
}
hpaOClient, hpaKClient, err := oc.GetServiceAccountClients(oc.HPAControllerServiceAccount)
if err != nil {
glog.Fatalf("Could not get client for HPA controller: %v", err)
}
_, pvKClient, err := oc.GetServiceAccountClients(oc.PersistentVolumeControllerServiceAccount)
if err != nil {
glog.Fatalf("Could not get client for persistent volume controller: %v", err)
}
// called by admission control
kc.RunResourceQuotaManager()
// no special order
kc.RunNodeController()
kc.RunScheduler()
kc.RunReplicationController(rcClient)
if kc.Master.EnableExp {
kc.RunJobController(jobClient)
kc.RunHPAController(hpaOClient, hpaKClient, oc.Options.PolicyConfig.OpenShiftInfrastructureNamespace)
}
kc.RunEndpointController()
kc.RunNamespaceController()
kc.RunPersistentVolumeClaimBinder()
kc.RunPersistentVolumeClaimRecycler(oc.ImageFor("recycler"), pvKClient)
glog.Infof("Started Kubernetes Controllers")
}
// no special order
if configapi.IsBuildEnabled(&oc.Options) {
oc.RunBuildController()
oc.RunBuildPodController()
oc.RunBuildConfigChangeController()
oc.RunBuildImageChangeTriggerController()
}
oc.RunDeploymentController()
oc.RunDeployerPodController()
oc.RunDeploymentConfigController()
oc.RunDeploymentConfigChangeController()
oc.RunDeploymentImageChangeTriggerController()
oc.RunImageImportController()
oc.RunOriginNamespaceController()
oc.RunSDNController()
glog.Infof("Started Origin Controllers")
return nil
}
// StartControllers launches the controllers
func StartControllers(openshiftConfig *origin.MasterConfig, kubeMasterConfig *kubernetes.MasterConfig) error {
if openshiftConfig.Options.Controllers == configapi.ControllersDisabled {
return nil
}
go func() {
openshiftConfig.ControllerPlug.WaitForStop()
glog.Fatalf("Master shutdown requested")
}()
openshiftConfig.ControllerPlug.WaitForStart()
glog.Infof("Master controllers starting (%s)", openshiftConfig.Options.Controllers)
// Start these first, because they provide credentials for other controllers' clients
openshiftConfig.RunServiceAccountsController()
openshiftConfig.RunServiceAccountTokensController()
// used by admission controllers
openshiftConfig.RunServiceAccountPullSecretsControllers()
openshiftConfig.RunSecurityAllocationController()
if kubeMasterConfig != nil {
_, rcClient, err := openshiftConfig.GetServiceAccountClients(openshiftConfig.ReplicationControllerServiceAccount)
if err != nil {
glog.Fatalf("Could not get client for replication controller: %v", err)
}
// called by admission control
kubeMasterConfig.RunResourceQuotaManager()
// no special order
kubeMasterConfig.RunNodeController()
kubeMasterConfig.RunScheduler()
kubeMasterConfig.RunReplicationController(rcClient)
kubeMasterConfig.RunEndpointController()
kubeMasterConfig.RunNamespaceController()
kubeMasterConfig.RunPersistentVolumeClaimBinder()
kubeMasterConfig.RunPersistentVolumeClaimRecycler(openshiftConfig.ImageFor("deployer"))
}
// no special order\
if configapi.IsBuildEnabled(&openshiftConfig.Options) {
openshiftConfig.RunBuildController()
openshiftConfig.RunBuildPodController()
openshiftConfig.RunBuildConfigChangeController()
openshiftConfig.RunBuildImageChangeTriggerController()
}
openshiftConfig.RunDeploymentController()
openshiftConfig.RunDeployerPodController()
openshiftConfig.RunDeploymentConfigController()
openshiftConfig.RunDeploymentConfigChangeController()
openshiftConfig.RunDeploymentImageChangeTriggerController()
openshiftConfig.RunImageImportController()
openshiftConfig.RunOriginNamespaceController()
openshiftConfig.RunSDNController()
return nil
}