The Kubernetes API Server operator manages and updates the Kubernetes API server deployed on top of OpenShift. The operator is based on OpenShift library-go framework and it is installed via Cluster Version Operator (CVO).
It contains the following components:
- Operator
- Bootstrap manifest renderer
- Installer based on static pods
- Configuration observer
By default, the operator exposes Prometheus metrics via metrics
service.
The metrics are collected from following components:
- Kubernetes API Server Operator
The configuration observer component is responsible for reacting on external configuration changes. For example, this allows external components (registry, etcd, etc..) to interact with the Kubernetes API server configuration (KubeAPIServerConfig custom resource).
Currently changes in following external components are being observed:
host-etcd
endpoints in kube-system namespace- The observed endpoint addresses are used to configure the
storageConfig.urls
in Kubernetes API server configuration.
- The observed endpoint addresses are used to configure the
cluster
image.config.openshift.io custom resource- The observed CR resource is used to configure the
imagePolicyConfig.internalRegistryHostname
in Kubernetes API server configuration
- The observed CR resource is used to configure the
cluster-config-v1
configmap in kube-system namespace- The observed configmap
install-config
is decoded and thenetworking.podCIDR
andnetworking.serviceCIDR
is extracted and used as input foradmissionPluginConfig.openshift.io/RestrictedEndpointsAdmission.configuration.restrictedCIDRs
andservicesSubnet
- The observed configmap
The configuration for the Kubernetes API server is the result of merging:
- a default config
- observed config (compare observed values above)
spec.spec.unsupportedConfigOverrides
from thekubeapiserveroperatorconfig
.
All of these are sparse configurations, i.e. unvalidated json snippets which are merged in order to form a valid configuration at the end.
Operator also expose events that can help debugging issues. To get operator events, run following command:
$ oc get events -n openshift-cluster-kube-apiserver-operator
This operator is configured via KubeAPIServer
custom resource:
$ oc describe kubeapiserver
apiVersion: operator.openshift.io/v1
kind: KubeAPIServer
metadata:
name: cluster
spec:
managementState: Managed
The current operator status is reported using the ClusterOperator
resource. To get the current status you can run follow command:
$ oc get clusteroperator/kube-apiserver
The operator image version used by the https://github.com/openshift/installer/blob/master/pkg/asset/ignition/bootstrap/bootstrap.go#L178 bootstrap phase can be overridden by creating a custom origin-release image pointing to the developer's operator :latest
image:
$ IMAGE_ORG=sttts make images
$ docker push sttts/origin-cluster-kube-apiserver-operator
$ cd ../cluster-kube-apiserver-operator
$ oc adm release new --from-release=registry.svc.ci.openshift.org/openshift/origin-release:v4.0 cluster-kube-apiserver-operator=docker.io/sttts/origin-cluster-kube-apiserver-operator:latest --to-image=sttts/origin-release:latest
$ cd ../installer
$ OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE=docker.io/sttts/origin-release:latest bin/openshift-install cluster ...