git subrepo clone (merge) https://github.com/kubernetes-incubator/metrics-server.git metrics-server
subrepo:
subdir: "metrics-server"
merged: "92d8412"
upstream:
origin: "https://github.com/kubernetes-incubator/metrics-server.git"
branch: "master"
commit: "92d8412"
git-subrepo:
version: "0.4.0"
origin: "???"
commit: "???"
diff --git a/metrics-server/vendor/k8s.io/apiserver/pkg/server/config_selfclient.go b/metrics-server/vendor/k8s.io/apiserver/pkg/server/config_selfclient.go
new file mode 100644
index 0000000..bf09161
--- /dev/null
+++ b/metrics-server/vendor/k8s.io/apiserver/pkg/server/config_selfclient.go
@@ -0,0 +1,83 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package server
+
+import (
+ "fmt"
+ "net"
+
+ restclient "k8s.io/client-go/rest"
+)
+
+// LoopbackClientServerNameOverride is passed to the apiserver from the loopback client in order to
+// select the loopback certificate via SNI if TLS is used.
+const LoopbackClientServerNameOverride = "apiserver-loopback-client"
+
+func (s *SecureServingInfo) NewLoopbackClientConfig(token string, loopbackCert []byte) (*restclient.Config, error) {
+ if s == nil || (s.Cert == nil && len(s.SNICerts) == 0) {
+ return nil, nil
+ }
+
+ host, port, err := LoopbackHostPort(s.Listener.Addr().String())
+ if err != nil {
+ return nil, err
+ }
+
+ return &restclient.Config{
+ // Increase QPS limits. The client is currently passed to all admission plugins,
+ // and those can be throttled in case of higher load on apiserver - see #22340 and #22422
+ // for more details. Once #22422 is fixed, we may want to remove it.
+ QPS: 50,
+ Burst: 100,
+ Host: "https://" + net.JoinHostPort(host, port),
+ BearerToken: token,
+ // override the ServerName to select our loopback certificate via SNI. This name is also
+ // used by the client to compare the returns server certificate against.
+ TLSClientConfig: restclient.TLSClientConfig{
+ ServerName: LoopbackClientServerNameOverride,
+ CAData: loopbackCert,
+ },
+ }, nil
+}
+
+// LoopbackHostPort returns the host and port loopback REST clients should use
+// to contact the server.
+func LoopbackHostPort(bindAddress string) (string, string, error) {
+ host, port, err := net.SplitHostPort(bindAddress)
+ if err != nil {
+ // should never happen
+ return "", "", fmt.Errorf("invalid server bind address: %q", bindAddress)
+ }
+
+ // Value is expected to be an IP or DNS name, not "0.0.0.0".
+ if host == "0.0.0.0" || host == "::" {
+ host = "localhost"
+ // Get ip of local interface, but fall back to "localhost".
+ // Note that "localhost" is resolved with the external nameserver first with Go's stdlib.
+ // So if localhost.<yoursearchdomain> resolves, we don't get a 127.0.0.1 as expected.
+ addrs, err := net.InterfaceAddrs()
+ if err == nil {
+ for _, address := range addrs {
+ if ipnet, ok := address.(*net.IPNet); ok && ipnet.IP.IsLoopback() {
+ host = ipnet.IP.String()
+ break
+ }
+ }
+ }
+ }
+ return host, port, nil
+}