Support service port other than 443 for kube-aggregator

hack/.golint_failures

@@ -607,6 +607,8 @@ staging/src/k8s.io/code-generator/cmd/lister-gen/generators
 staging/src/k8s.io/component-base/cli/flag
 staging/src/k8s.io/component-base/config/v1alpha1
 staging/src/k8s.io/cri-api/pkg/apis/testing
+staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1
+staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1
 staging/src/k8s.io/kube-aggregator/pkg/controllers/autoregister
 staging/src/k8s.io/kube-proxy/config/v1alpha1
 staging/src/k8s.io/kubelet/config/v1beta1

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/types.go

@@ -34,6 +34,11 @@ type ServiceReference struct {
 	Namespace string
 	// Name is the name of the service
 	Name string
+	// If specified, the port on the service that hosting the service.
+	// Default to 443 for backward compatibility.
+	// `Port` should be a valid port number (1-65535, inclusive).
+	// +optional
+	Port int32
 }
 
 // APIServiceSpec contains information for locating and communicating with a server.

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/defaults.go

@@ -0,0 +1,33 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+	utilpointer "k8s.io/utils/pointer"
+)
+
+func addDefaultingFuncs(scheme *runtime.Scheme) error {
+	return RegisterDefaults(scheme)
+}
+
+// SetDefaults_ServiceReference sets defaults for AuditSync Webhook's ServiceReference
+func SetDefaults_ServiceReference(obj *ServiceReference) {
+	if obj.Port == nil {
+		obj.Port = utilpointer.Int32Ptr(443)
+	}
+}

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/doc.go

@@ -19,6 +19,7 @@ limitations under the License.
 // +k8s:conversion-gen=k8s.io/kube-aggregator/pkg/apis/apiregistration
 // +k8s:openapi-gen=true
 // +groupName=apiregistration.k8s.io
+// +k8s:defaulter-gen=TypeMeta
 
 // Package v1 contains the API Registration API, which is responsible for
 // registering an API `Group`/`Version` with another kubernetes like API server.

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/register.go

@@ -47,7 +47,7 @@ func init() {
 	// We only register manually written functions here. The registration of the
 	// generated functions takes place in the generated files. The separation
 	// makes the code compile even when the generated files are missing.
-	localSchemeBuilder.Register(addKnownTypes)
+	localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs)
 }
 
 // Adds the list of known types to the given scheme.

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/types.go

@@ -34,6 +34,11 @@ type ServiceReference struct {
 	Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"`
 	// Name is the name of the service
 	Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"`
+	// If specified, the port on the service that hosting webhook.
+	// Default to 443 for backward compatibility.
+	// `Port` should be a valid port number (1-65535, inclusive).
+	// +optional
+	Port *int32 `json:"port,omitempty" protobuf:"varint,3,opt,name=port"`
 }
 
 // APIServiceSpec contains information for locating and communicating with a server.

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/defaults.go

@@ -0,0 +1,33 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+	utilpointer "k8s.io/utils/pointer"
+)
+
+func addDefaultingFuncs(scheme *runtime.Scheme) error {
+	return RegisterDefaults(scheme)
+}
+
+// SetDefaults_ServiceReference sets defaults for AuditSync Webhook's ServiceReference
+func SetDefaults_ServiceReference(obj *ServiceReference) {
+	if obj.Port == nil {
+		obj.Port = utilpointer.Int32Ptr(443)
+	}
+}

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/doc.go

@@ -19,6 +19,7 @@ limitations under the License.
 // +k8s:conversion-gen=k8s.io/kube-aggregator/pkg/apis/apiregistration
 // +k8s:openapi-gen=true
 // +groupName=apiregistration.k8s.io
+// +k8s:defaulter-gen=TypeMeta
 
 // Package v1beta1 contains the API Registration API, which is responsible for
 // registering an API `Group`/`Version` with another kubernetes like API server.

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/register.go

@@ -47,7 +47,7 @@ func init() {
 	// We only register manually written functions here. The registration of the
 	// generated functions takes place in the generated files. The separation
 	// makes the code compile even when the generated files are missing.
-	localSchemeBuilder.Register(addKnownTypes)
+	localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs)
 }
 
 // Adds the list of known types to the given scheme.

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/types.go

@@ -34,6 +34,11 @@ type ServiceReference struct {
 	Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"`
 	// Name is the name of the service
 	Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"`
+	// If specified, the port on the service that hosting webhook.
+	// Default to 443 for backward compatibility.
+	// `Port` should be a valid port number (1-65535, inclusive).
+	// +optional
+	Port *int32 `json:"port,omitempty" protobuf:"varint,3,opt,name=port"`
 }
 
 // APIServiceSpec contains information for locating and communicating with a server.

staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/validation/validation.go

@@ -18,6 +18,7 @@ package validation
 
 import (
 	"fmt"
+	"strings"
 
 	"k8s.io/apimachinery/pkg/api/validation"
 	"k8s.io/apimachinery/pkg/api/validation/path"
@@ -82,6 +83,9 @@ func ValidateAPIService(apiService *apiregistration.APIService) field.ErrorList
 	if len(apiService.Spec.Service.Name) == 0 {
 		allErrs = append(allErrs, field.Required(field.NewPath("spec", "service", "name"), ""))
 	}
+	if errs := utilvalidation.IsValidPortNum(int(apiService.Spec.Service.Port)); errs != nil {
+		allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "service", "port"), apiService.Spec.Service.Port, "port is not valid: "+strings.Join(errs, ", ")))
+	}
 	if apiService.Spec.InsecureSkipTLSVerify && len(apiService.Spec.CABundle) > 0 {
 		allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "insecureSkipTLSVerify"), apiService.Spec.InsecureSkipTLSVerify, "may not be true if caBundle is present"))
 	}

staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go

@@ -78,6 +78,8 @@ type proxyHandlingInfo struct {
 	serviceNamespace string
 	// serviceAvailable indicates this APIService is available or not
 	serviceAvailable bool
+	// servicePort is the port of the service this handler proxies to
+	servicePort int32
 }
 
 func proxyError(w http.ResponseWriter, req *http.Request, error string, code int) {
@@ -128,7 +130,7 @@ func (r *proxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	// write a new location based on the existing request pointed at the target service
 	location := &url.URL{}
 	location.Scheme = "https"
-	rloc, err := r.serviceResolver.ResolveEndpoint(handlingInfo.serviceNamespace, handlingInfo.serviceName, 443)
+	rloc, err := r.serviceResolver.ResolveEndpoint(handlingInfo.serviceNamespace, handlingInfo.serviceName, handlingInfo.servicePort)
 	if err != nil {
 		klog.Errorf("error resolving %s/%s: %v", handlingInfo.serviceNamespace, handlingInfo.serviceName, err)
 		proxyError(w, req, "service unavailable", http.StatusServiceUnavailable)
@@ -226,6 +228,7 @@ func (r *proxyHandler) updateAPIService(apiService *apiregistrationapi.APIServic
 		},
 		serviceName:      apiService.Spec.Service.Name,
 		serviceNamespace: apiService.Spec.Service.Namespace,
+		servicePort:      apiService.Spec.Service.Port,
 		serviceAvailable: apiregistrationapi.IsAPIServiceConditionTrue(apiService, apiregistrationapi.Available),
 	}
 	if r.proxyTransport != nil && r.proxyTransport.DialContext != nil {

staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy_test.go

@@ -172,7 +172,7 @@ func TestProxyHandler(t *testing.T) {
 			apiService: &apiregistration.APIService{
 				ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"},
 				Spec: apiregistration.APIServiceSpec{
-					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"},
+					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443},
 					Group:    "foo",
 					Version:  "v1",
 					CABundle: testCACrt,
@@ -204,7 +204,7 @@ func TestProxyHandler(t *testing.T) {
 			apiService: &apiregistration.APIService{
 				ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"},
 				Spec: apiregistration.APIServiceSpec{
-					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"},
+					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443},
 					Group:    "foo",
 					Version:  "v1",
 					CABundle: testCACrt,
@@ -227,7 +227,7 @@ func TestProxyHandler(t *testing.T) {
 			apiService: &apiregistration.APIService{
 				ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"},
 				Spec: apiregistration.APIServiceSpec{
-					Service:  &apiregistration.ServiceReference{Name: "bad-service", Namespace: "test-ns"},
+					Service:  &apiregistration.ServiceReference{Name: "bad-service", Namespace: "test-ns", Port: 443},
 					Group:    "foo",
 					Version:  "v1",
 					CABundle: testCACrt,
@@ -336,7 +336,7 @@ func TestProxyUpgrade(t *testing.T) {
 					CABundle: testCACrt,
 					Group:    "mygroup",
 					Version:  "v1",
-					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"},
+					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443},
 				},
 				Status: apiregistration.APIServiceStatus{
 					Conditions: []apiregistration.APIServiceCondition{
@@ -353,7 +353,7 @@ func TestProxyUpgrade(t *testing.T) {
 					InsecureSkipTLSVerify: true,
 					Group:                 "mygroup",
 					Version:               "v1",
-					Service:               &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns"},
+					Service:               &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns", Port: 443},
 				},
 				Status: apiregistration.APIServiceStatus{
 					Conditions: []apiregistration.APIServiceCondition{
@@ -370,7 +370,7 @@ func TestProxyUpgrade(t *testing.T) {
 					CABundle: testCACrt,
 					Group:    "mygroup",
 					Version:  "v1",
-					Service:  &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns"},
+					Service:  &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns", Port: 443},
 				},
 				Status: apiregistration.APIServiceStatus{
 					Conditions: []apiregistration.APIServiceCondition{