{"id":18637083,"url":"https://github.com/openshift/cluster-kube-apiserver-operator","last_synced_at":"2025-05-16T07:04:30.256Z","repository":{"id":37945322,"uuid":"145459709","full_name":"openshift/cluster-kube-apiserver-operator","owner":"openshift","description":"The kube-apiserver operator installs and maintains the kube-apiserver on a cluster","archived":false,"fork":false,"pushed_at":"2025-05-12T16:07:16.000Z","size":95498,"stargazers_count":80,"open_issues_count":24,"forks_count":171,"subscribers_count":18,"default_branch":"main","last_synced_at":"2025-05-12T17:26:47.143Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openshift.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-08-20T19:09:11.000Z","updated_at":"2025-05-12T16:07:20.000Z","dependencies_parsed_at":"2024-01-04T06:22:20.328Z","dependency_job_id":"4340f223-997b-49ee-8a42-c4dc13b4cd3a","html_url":"https://github.com/openshift/cluster-kube-apiserver-operator","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fcluster-kube-apiserver-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fcluster-kube-apiserver-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fcluster-kube-apiserver-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fcluster-kube-apiserver-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openshift","download_url":"https://codeload.github.com/openshift/cluster-kube-apiserver-operator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254485054,"owners_count":22078767,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T05:33:10.149Z","updated_at":"2025-05-16T07:04:25.241Z","avatar_url":"https://github.com/openshift.png","language":"Go","readme":"# Kubernetes API Server Operator\n\nThe Kubernetes API Server operator manages and updates the [Kubernetes API server](https://github.com/kubernetes/kubernetes) deployed on top of\n[OpenShift](https://openshift.io). The operator is based on OpenShift [library-go](https://github.com/openshift/library-go) framework and it\n is installed via [Cluster Version Operator](https://github.com/openshift/cluster-version-operator) (CVO).\n\nIt contains the following components:\n\n* Operator\n* Bootstrap manifest renderer\n* Installer based on static pods\n* Configuration observer\n\nBy default, the operator exposes [Prometheus](https://prometheus.io) metrics via `metrics` service.\nThe metrics are collected from following components:\n\n* Kubernetes API Server Operator\n\n\n## Configuration\n\nThe configuration observer component is responsible for reacting on external configuration changes.\nFor example, this allows external components ([registry](https://github.com/openshift/cluster-image-registry-operator), etcd, etc..)\nto interact with the Kubernetes API server configuration ([KubeAPIServerConfig](https://github.com/openshift/api/blob/master/kubecontrolplane/v1/types.go#L14) custom resource).\n\nCurrently changes in following external components are being observed:\n\n* `host-etcd` *endpoints* in *kube-system* namespace\n - The observed endpoint addresses are used to configure the `storageConfig.urls` in Kubernetes API server configuration.\n* `cluster` *image.config.openshift.io* custom resource\n - The observed CR resource is used to configure the `imagePolicyConfig.internalRegistryHostname` in Kubernetes API server configuration\n* `cluster-config-v1` *configmap* in *kube-system* namespace\n - The observed configmap `install-config` is decoded and the `networking.podCIDR` and `networking.serviceCIDR` is extracted and used as input for `admissionPluginConfig.openshift.io/RestrictedEndpointsAdmission.configuration.restrictedCIDRs` and `servicesSubnet`\n\n\nThe configuration for the Kubernetes API server is the result of merging:\n\n* a [default config](https://github.com/openshift/cluster-kube-apiserver-operator/blob/master/bindata/assets/config/defaultconfig.yaml)\n* observed config (compare observed values above) `spec.spec.unsupportedConfigOverrides` from the `kubeapiserveroperatorconfig`.\n\nAll of these are sparse configurations, i.e. unvalidated json snippets which are merged in order to form a valid configuration at the end.\n\n\n## Debugging\n\nOperator also expose events that can help debugging issues. To get operator events, run following command:\n\n```\n$ oc get events -n openshift-cluster-kube-apiserver-operator\n```\n\nThis operator is configured via [`KubeAPIServer`](https://github.com/openshift/api/blob/master/operator/v1/types_kubeapiserver.go#L12) custom resource:\n\n```\n$ oc describe kubeapiserver\n```\n```yaml\napiVersion: operator.openshift.io/v1\nkind: KubeAPIServer\nmetadata:\n name: cluster\nspec:\n managementState: Managed\n```\n\nThe log level of individual kube-apiserver instances can be increased by setting `.spec.logLevel` field:\n```\n$ oc explain KubeAPIServer.spec.logLevel\nGROUP: operator.openshift.io\nKIND: KubeAPIServer\nVERSION: v1\n\nFIELD: logLevel \u003cstring\u003e\n\nDESCRIPTION:\n logLevel is an intent based logging for an overall component. It does not\n give fine grained control, but it is a simple way to manage coarse grained\n logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to\n \"Normal\".\n```\nFor example:\n```yaml\napiVersion: operator.openshift.io/v1\nkind: KubeAPIServer\nmetadata:\n name: cluster\nspec:\n logLevel: Debug\n ...\n```\n\nCurrently the log levels correspond to:\n\n| logLevel | log level |\n| -------- | --------- |\n| Normal | 2 |\n| Debug | 4 |\n| Trace | 6 |\n| TraceAll | 10 |\n\n\nThe log level of cluster-kube-apiserver-operator can be increased by setting `.spec.operatorLogLevel` field:\nFor example:\n```yaml\napiVersion: operator.openshift.io/v1\nkind: KubeAPIServer\nmetadata:\n name: cluster\nspec:\n operatorLogLevel: Debug\n ...\n```\n\nCurrently the operator log levels correspond to:\n\n| operatorLogLevel | log level |\n| ---------------- | --------- |\n| Normal | 2 |\n| Debug | 4 |\n| Trace | 6 |\n| TraceAll | 8 |\n\n\nThe current operator status is reported using the `ClusterOperator` resource. To get the current status you can run follow command:\n\n```\n$ oc get clusteroperator/kube-apiserver\n```\n\n## Developing and debugging the operator\n\nIn the running cluster [cluster-version-operator](https://github.com/openshift/cluster-version-operator/) is responsible\nfor maintaining functioning and non-altered elements. In that case to be able to use custom operator image one has to\nperform one of these operations:\n\n1. Set your operator in umanaged state, see [here](https://github.com/openshift/enhancements/blob/master/dev-guide/cluster-version-operator/dev/clusterversion.md) for details, in short:\n\n```\noc patch clusterversion/version --type='merge' -p \"$(cat \u003c\u003c- EOF\nspec:\n overrides:\n - group: apps\n kind: Deployment\n name: kube-apiserver-operator\n namespace: openshift-kube-apiserver-operator\n unmanaged: true\nEOF\n)\"\n```\n\n2. Scale down cluster-version-operator:\n\n```\noc scale --replicas=0 deploy/cluster-version-operator -n openshift-cluster-version\n```\n\nIMPORTANT: This approach disables cluster-version-operator completely, whereas the previous patch only tells it to not manage a kube-apiserver-operator!\n\nAfter doing this you can now change the image of the operator to the desired one:\n\n```\noc patch pod/kube-apiserver-operator-\u003crand_digits\u003e -n openshift-kube-apiserver-operator -p '{\"spec\":{\"containers\":[{\"name\":\"kube-apiserver-operator\",\"image\":\"\u003cuser\u003e/cluster-kube-apiserver-operator\"}]}}'\n```\n\n\n## Developing and debugging the bootkube bootstrap phase\n\nThe operator image version used by the [https://github.com/openshift/installer/blob/master/pkg/asset/ignition/bootstrap/bootstrap.go#L178](installer) bootstrap phase can be overridden by creating a custom origin-release image pointing to the developer's operator `:latest` image:\n\n```\n$ IMAGE_ORG=sttts make images\n$ docker push sttts/origin-cluster-kube-apiserver-operator\n\n$ cd ../cluster-kube-apiserver-operator\n$ oc adm release new --from-release=registry.svc.ci.openshift.org/openshift/origin-release:v4.0 cluster-kube-apiserver-operator=docker.io/sttts/origin-cluster-kube-apiserver-operator:latest --to-image=sttts/origin-release:latest\n\n$ cd ../installer\n$ OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE=docker.io/sttts/origin-release:latest bin/openshift-install cluster ...\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift%2Fcluster-kube-apiserver-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenshift%2Fcluster-kube-apiserver-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift%2Fcluster-kube-apiserver-operator/lists"}