Disabling swagger ui by default. Adding a flag to enable it

tnachen · Mar 23, 2016 · 1cccfc7 · 1cccfc7
1 parent 22d72bb
commit 1cccfc7
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 26 deletions.
diff --git a/cmd/kube-apiserver/app/options/options.go b/cmd/kube-apiserver/app/options/options.go
@@ -58,6 +58,7 @@ type APIServer struct {
 	EnableLogsSupport          bool
 	EnableProfiling            bool
 	EnableWatchCache           bool
+	EnableSwaggerUI            bool
 	EtcdServersOverrides       []string
 	EtcdConfig                 etcdstorage.EtcdConfig
 	EventTTL                   time.Duration
@@ -244,6 +245,7 @@ func (s *APIServer) AddFlags(fs *pflag.FlagSet) {
 	fs.BoolVar(&s.EnableProfiling, "profiling", true, "Enable profiling via web interface host:port/debug/pprof/")
 	// TODO: enable cache in integration tests.
 	fs.BoolVar(&s.EnableWatchCache, "watch-cache", true, "Enable watch caching in the apiserver")
+	fs.BoolVar(&s.EnableSwaggerUI, "enable-swagger-ui", false, "Enables swagger ui on the apiserver at /swagger-ui")
 	fs.StringVar(&s.ExternalHost, "external-hostname", "", "The hostname to use when generating externalized URLs for this master (e.g. Swagger API Docs.)")
 	fs.IntVar(&s.MaxRequestsInFlight, "max-requests-inflight", 400, "The maximum number of requests in flight at a given time.  When the server exceeds this, it rejects requests.  Zero for no limit.")
 	fs.IntVar(&s.MinRequestTimeout, "min-request-timeout", 1800, "An optional field indicating the minimum number of seconds a handler must keep a request open before timing it out. Currently only honored by the watch request handler, which picks a randomized value above this number as the connection timeout, to spread out load.")

diff --git a/cmd/kube-apiserver/app/options/options_test.go b/cmd/kube-apiserver/app/options/options_test.go
@@ -20,6 +20,8 @@ import (
 	"reflect"
 	"testing"
 
+	"github.com/spf13/pflag"
+
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/apis/autoscaling"
 	"k8s.io/kubernetes/pkg/apis/extensions"
@@ -76,3 +78,22 @@ func TestGenerateStorageVersionMap(t *testing.T) {
 		}
 	}
 }
+
+func TestAddFlagsFlag(t *testing.T) {
+	// TODO: This only tests the enable-swagger-ui flag for now.
+	// Expand the test to include other flags as well.
+	f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
+	s := NewAPIServer()
+	s.AddFlags(f)
+	if s.EnableSwaggerUI {
+		t.Errorf("Expected s.EnableSwaggerUI to be false by default")
+	}
+
+	args := []string{
+		"--enable-swagger-ui=true",
+	}
+	f.Parse(args)
+	if !s.EnableSwaggerUI {
+		t.Errorf("Expected s.EnableSwaggerUI to be true")
+	}
+}
diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go
@@ -451,6 +451,7 @@ func Run(s *options.APIServer) error {
 			EnableLogsSupport:         s.EnableLogsSupport,
 			EnableUISupport:           true,
 			EnableSwaggerSupport:      true,
+			EnableSwaggerUI:           s.EnableSwaggerUI,
 			EnableProfiling:           s.EnableProfiling,
 			EnableWatchCache:          s.EnableWatchCache,
 			EnableIndex:               true,

diff --git a/docs/admin/kube-apiserver.md b/docs/admin/kube-apiserver.md
@@ -67,6 +67,7 @@ kube-apiserver
       --cloud-provider="": The provider for cloud services.  Empty string for no provider.
       --cors-allowed-origins=[]: List of allowed origins for CORS, comma separated.  An allowed origin can be a regular expression to support subdomain matching.  If this list is empty CORS will not be enabled.
       --delete-collection-workers=1: Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.
+      --enable-swagger-ui[=false]: Enables swagger ui on the apiserver at /swagger-ui
       --etcd-cafile="": SSL Certificate Authority file used to secure etcd communication
       --etcd-certfile="": SSL certification file used to secure etcd communication
       --etcd-keyfile="": SSL key file used to secure etcd communication

diff --git a/hack/verify-flags/known-flags.txt b/hack/verify-flags/known-flags.txt
@@ -21,8 +21,8 @@ auth-path
 authorization-mode
 authorization-policy-file
 authorization-webhook-config-file
-basic-auth-file
 babysit-daemons
+basic-auth-file
 bench-pods
 bench-quiet
 bench-tasks
@@ -43,6 +43,9 @@ cleanup-iptables
 client-ca-file
 client-certificate
 client-key
+clientset-name
+clientset-only
+clientset-path
 cloud-config
 cloud-provider
 cluster-cidr
@@ -52,9 +55,9 @@ cluster-name
 cluster-tag
 concurrent-deployment-syncs
 concurrent-endpoint-syncs
+concurrent-namespace-syncs
 concurrent-replicaset-syncs
 concurrent-resource-quota-syncs
-concurrent-namespace-syncs
 config-sync-period
 configure-cbr0
 conntrack-max
@@ -97,16 +100,17 @@ enable-custom-metrics
 enable-debugging-handlers
 enable-hostpath-provisioner
 enable-server
+enable-swagger-ui
+etcd-cafile
+etcd-certfile
 etcd-config
+etcd-keyfile
 etcd-mutation-timeout
 etcd-prefix
 etcd-quorum-read
 etcd-server
 etcd-servers
 etcd-servers-overrides
-etcd-keyfile
-etcd-certfile
-etcd-cafile
 event-burst
 event-qps
 event-ttl
@@ -120,6 +124,7 @@ experimental-prefix
 external-hostname
 external-ip
 failover-timeout
+fake-clientset
 file-check-frequency
 file-suffix
 file_content_in_loop
@@ -142,6 +147,7 @@ go-header-file
 google-json-key
 grace-period
 ha-domain
+hairpin-mode
 healthz-bind-address
 healthz-port
 horizontal-pod-autoscaler-sync-period
@@ -165,20 +171,22 @@ iptables-masquerade-bit
 iptables-sync-period
 ir-data-source
 ir-dbname
+ir-hawkular
 ir-influxdb-host
 ir-namespace-only
 ir-password
 ir-user
-ir-hawkular
 jenkins-host
 jenkins-jobs
-k8s-build-output
 k8s-bin-dir
+k8s-build-output
 keep-gogoproto
 km-path
 kube-api-burst
 kube-api-qps
 kube-master
+kube-master
+kube-master-url
 kube-reserved
 kubecfg-file
 kubectl-path
@@ -201,14 +209,17 @@ kubelet-read-only-port
 kubelet-root-dir
 kubelet-sync-frequency
 kubelet-timeout
-kube-master
-kube-master-url
 kubernetes-service-node-port
 label-columns
 last-release-pr
+leader-elect
+leader-elect-lease-duration
+leader-elect-renew-deadline
+leader-elect-retry-period
 leave-stdin-open
 limit-bytes
 load-balancer-ip
+lock-file
 log-flush-frequency
 long-running-request-regexp
 low-diskspace-threshold-mb
@@ -268,8 +279,8 @@ non-masquerade-cidr
 num-nodes
 oidc-ca-file
 oidc-client-id
-oidc-issuer-url
 oidc-groups-claim
+oidc-issuer-url
 oidc-username-claim
 only-idl
 oom-score-adj
@@ -297,11 +308,11 @@ proxy-mode
 proxy-port-range
 public-address-override
 pv-recycler-increment-timeout-nfs
+pv-recycler-maximum-retry
 pv-recycler-minimum-timeout-hostpath
 pv-recycler-minimum-timeout-nfs
 pv-recycler-pod-template-filepath-hostpath
 pv-recycler-pod-template-filepath-nfs
-pv-recycler-maximum-retry
 pv-recycler-timeout-increment-hostpath
 pvclaimbinder-sync-period
 read-only-port
@@ -317,8 +328,8 @@ registry-qps
 reject-methods
 reject-paths
 repair-malformed-updates
-replication-controller-lookup-cache-size
 replicaset-lookup-cache-size
+replication-controller-lookup-cache-size
 repo-root
 report-dir
 required-contexts
@@ -332,8 +343,8 @@ rkt-stage1-image
 root-ca-file
 root-dir
 run-proxy
-runtime-config
 runtime-cgroups
+runtime-config
 save-config
 scheduler-config
 scheduler-name
@@ -399,18 +410,8 @@ volume-dir
 volume-plugin-dir
 volume-stats-agg-period
 watch-cache
+watch-cache-sizes
 watch-only
 whitelist-override-label
 windows-line-endings
 www-prefix
-clientset-name
-clientset-only
-clientset-path
-fake-clientset
-leader-elect
-leader-elect-lease-duration
-leader-elect-renew-deadline
-leader-elect-retry-period
-watch-cache-sizes
-lock-file
-hairpin-mode
diff --git a/pkg/genericapiserver/genericapiserver.go b/pkg/genericapiserver/genericapiserver.go
@@ -210,8 +210,12 @@ type Config struct {
 	// allow downstream consumers to disable the core controller loops
 	EnableLogsSupport bool
 	EnableUISupport   bool
-	// allow downstream consumers to disable swagger
+	// Allow downstream consumers to disable swagger.
+	// This includes returning the generated swagger spec at /swaggerapi and swagger ui at /swagger-ui.
 	EnableSwaggerSupport bool
+	// Allow downstream consumers to disable swagger ui.
+	// Note that this is ignored if either EnableSwaggerSupport or EnableUISupport is false.
+	EnableSwaggerUI bool
 	// Allows api group versions or specific resources to be conditionally enabled/disabled.
 	APIGroupVersionOverrides map[string]APIGroupVersionOverride
 	// allow downstream consumers to disable the index route
@@ -307,6 +311,7 @@ type GenericAPIServer struct {
 	enableLogsSupport        bool
 	enableUISupport          bool
 	enableSwaggerSupport     bool
+	enableSwaggerUI          bool
 	enableProfiling          bool
 	enableWatchCache         bool
 	APIPrefix                string
@@ -451,6 +456,7 @@ func New(c *Config) (*GenericAPIServer, error) {
 		enableLogsSupport:        c.EnableLogsSupport,
 		enableUISupport:          c.EnableUISupport,
 		enableSwaggerSupport:     c.EnableSwaggerSupport,
+		enableSwaggerUI:          c.EnableSwaggerUI,
 		enableProfiling:          c.EnableProfiling,
 		enableWatchCache:         c.EnableWatchCache,
 		APIPrefix:                c.APIPrefix,
@@ -553,7 +559,7 @@ func (s *GenericAPIServer) init(c *Config) {
 		apiserver.InstallLogsSupport(s.MuxHelper)
 	}
 	if c.EnableUISupport {
-		ui.InstallSupport(s.MuxHelper, s.enableSwaggerSupport)
+		ui.InstallSupport(s.MuxHelper, s.enableSwaggerSupport && s.enableSwaggerUI)
 	}
 
 	if c.EnableProfiling {

diff --git a/pkg/genericapiserver/genericapiserver_test.go b/pkg/genericapiserver/genericapiserver_test.go
@@ -80,6 +80,7 @@ func TestNew(t *testing.T) {
 	assert.Equal(s.enableLogsSupport, config.EnableLogsSupport)
 	assert.Equal(s.enableUISupport, config.EnableUISupport)
 	assert.Equal(s.enableSwaggerSupport, config.EnableSwaggerSupport)
+	assert.Equal(s.enableSwaggerUI, config.EnableSwaggerUI)
 	assert.Equal(s.enableProfiling, config.EnableProfiling)
 	assert.Equal(s.APIPrefix, config.APIPrefix)
 	assert.Equal(s.APIGroupPrefix, config.APIGroupPrefix)