split genericapiserver configuration apart so that you can run without flag options

2025-11-03 19:58:17 +00:00 · 2016-10-11 14:09:34 -04:00
parent f15c12c32c
commit fbd5032da2
9 changed files with 140 additions and 141 deletions
--- a/cmd/kube-apiserver/app/server.go
+++ b/cmd/kube-apiserver/app/server.go
@@ -92,6 +92,13 @@ cluster's shared state through which all other components interact.`,
 func Run(s *options.APIServer) error {
 	genericvalidation.VerifyEtcdServersList(s.ServerRunOptions)
 	genericapiserver.DefaultAndValidateRunOptions(s.ServerRunOptions)
+	genericConfig := genericapiserver.NewConfig(). // create the new config
+							ApplyOptions(s.ServerRunOptions). // apply the options selected
+							Complete()                        // set default values based on the known values
+
+	if err := genericConfig.MaybeGenerateServingCerts(); err != nil {
+		glog.Fatalf("Failed to generate service certificate: %v", err)
+	}

 	capabilities.Initialize(capabilities.Capabilities{
 		AllowPrivileged: s.AllowPrivileged,
@@ -322,8 +329,6 @@ func Run(s *options.APIServer) error {
 		glog.Fatalf("Failed to initialize plugins: %v", err)
 	}

-	genericConfig := genericapiserver.NewConfig(s.ServerRunOptions)
-	// TODO: Move the following to generic api server as well.
 	genericConfig.LoopbackClientConfig = selfClientConfig
 	genericConfig.Authenticator = apiAuthenticator
 	genericConfig.SupportsBasicAuth = len(s.BasicAuthFile) > 0
@@ -341,7 +346,7 @@ func Run(s *options.APIServer) error {
 	genericConfig.EnableOpenAPISupport = true

 	config := &master.Config{
-		GenericConfig: genericConfig,
+		GenericConfig: genericConfig.Config,

 		StorageFactory:          storageFactory,
 		EnableWatchCache:        s.EnableWatchCache,
--- a/examples/apiserver/apiserver.go
+++ b/examples/apiserver/apiserver.go
@@ -67,10 +67,15 @@ func Run(serverOptions *genericoptions.ServerRunOptions) error {
 	serverOptions.StorageConfig.ServerList = []string{"http://127.0.0.1:2379"}
 	genericvalidation.ValidateRunOptions(serverOptions)
 	genericvalidation.VerifyEtcdServersList(serverOptions)
-	config := genericapiserver.NewConfig(serverOptions)
+	config := genericapiserver.NewConfig().ApplyOptions(serverOptions).Complete()
+	if err := config.MaybeGenerateServingCerts(); err != nil {
+		// this wasn't treated as fatal for this process before
+		fmt.Printf("Error creating cert: %v", err)
+	}
+
 	config.Authorizer = authorizer.NewAlwaysAllowAuthorizer()
 	config.Serializer = api.Codecs
-	s, err := config.Complete().New()
+	s, err := config.New()
 	if err != nil {
 		return fmt.Errorf("Error in bringing up the server: %v", err)
 	}
--- a/federation/cmd/federation-apiserver/app/server.go
+++ b/federation/cmd/federation-apiserver/app/server.go
@@ -79,6 +79,13 @@ cluster's shared state through which all other components interact.`,
 func Run(s *options.ServerRunOptions) error {
 	genericvalidation.VerifyEtcdServersList(s.ServerRunOptions)
 	genericapiserver.DefaultAndValidateRunOptions(s.ServerRunOptions)
+	genericConfig := genericapiserver.NewConfig(). // create the new config
+							ApplyOptions(s.ServerRunOptions). // apply the options selected
+							Complete()                        // set default values based on the known values
+
+	if err := genericConfig.MaybeGenerateServingCerts(); err != nil {
+		glog.Fatalf("Failed to generate service certificate: %v", err)
+	}

 	// TODO: register cluster federation resources here.
 	resourceConfig := genericapiserver.NewResourceConfig()
@@ -211,8 +218,6 @@ func Run(s *options.ServerRunOptions) error {
 	if err != nil {
 		glog.Fatalf("Failed to initialize plugins: %v", err)
 	}
-	genericConfig := genericapiserver.NewConfig(s.ServerRunOptions)
-	// TODO: Move the following to generic api server as well.
 	genericConfig.LoopbackClientConfig = selfClientConfig
 	genericConfig.Authenticator = apiAuthenticator
 	genericConfig.SupportsBasicAuth = len(s.BasicAuthFile) > 0
@@ -234,7 +239,7 @@ func Run(s *options.ServerRunOptions) error {
 		cachesize.SetWatchCacheSizes(s.WatchCacheSizes)
 	}

-	m, err := genericConfig.Complete().New()
+	m, err := genericConfig.New()
 	if err != nil {
 		return err
 	}
--- a/pkg/genericapiserver/config.go
+++ b/pkg/genericapiserver/config.go
@@ -52,6 +52,7 @@ import (
 	genericvalidation "k8s.io/kubernetes/pkg/genericapiserver/validation"
 	ipallocator "k8s.io/kubernetes/pkg/registry/core/service/ipallocator"
 	"k8s.io/kubernetes/pkg/runtime"
+	certutil "k8s.io/kubernetes/pkg/util/cert"
 	utilnet "k8s.io/kubernetes/pkg/util/net"
 	"k8s.io/kubernetes/pkg/util/sets"
 )
@@ -196,63 +197,22 @@ type CertInfo struct {
 	Generate bool
 }

-func NewConfig(options *options.ServerRunOptions) *Config {
-	longRunningRE := regexp.MustCompile(options.LongRunningRequestRE)
+// NewConfig returns a Config struct with the default values
+func NewConfig() *Config {
+	longRunningRE := regexp.MustCompile(options.DefaultLongRunningRequestRE)

-	var auditWriter io.Writer
-	if len(options.AuditLogPath) != 0 {
-		auditWriter = &lumberjack.Logger{
-			Filename:   options.AuditLogPath,
-			MaxAge:     options.AuditLogMaxAge,
-			MaxBackups: options.AuditLogMaxBackups,
-			MaxSize:    options.AuditLogMaxSize,
-		}
-	}
+	config := &Config{
+		MasterCount:            1,
+		ReadWritePort:          6443,
+		ServiceReadWritePort:   443,
+		CacheTimeout:           5 * time.Second,
+		RequestContextMapper:   api.NewRequestContextMapper(),
+		BuildHandlerChainsFunc: DefaultBuildHandlerChain,
+		LegacyAPIGroupPrefixes: sets.NewString(LegacyAPIPrefix),

-	var secureServingInfo *ServingInfo
-	if options.SecurePort > 0 {
-		secureServingInfo = &ServingInfo{
-			BindAddress: net.JoinHostPort(options.BindAddress.String(), strconv.Itoa(options.SecurePort)),
-			ServerCert: CertInfo{
-				CertFile: options.TLSCertFile,
-				KeyFile:  options.TLSPrivateKeyFile,
-			},
-			ClientCA: options.ClientCAFile,
-		}
-		if options.TLSCertFile == "" && options.TLSPrivateKeyFile == "" {
-			secureServingInfo.ServerCert.Generate = true
-			secureServingInfo.ServerCert.CertFile = path.Join(options.CertDirectory, "apiserver.crt")
-			secureServingInfo.ServerCert.KeyFile = path.Join(options.CertDirectory, "apiserver.key")
-		}
-	}
-
-	var insecureServingInfo *ServingInfo
-	if options.InsecurePort > 0 {
-		insecureServingInfo = &ServingInfo{
-			BindAddress: net.JoinHostPort(options.InsecureBindAddress.String(), strconv.Itoa(options.InsecurePort)),
-		}
-	}
-
-	return &Config{
-		APIGroupPrefix:            options.APIGroupPrefix,
-		CorsAllowedOriginList:     options.CorsAllowedOriginList,
-		AuditWriter:               auditWriter,
-		EnableGarbageCollection:   options.EnableGarbageCollection,
 		EnableIndex:          true,
-		EnableProfiling:           options.EnableProfiling,
 		EnableSwaggerSupport: true,
-		EnableSwaggerUI:           options.EnableSwaggerUI,
 		EnableVersion:        true,
-		ExternalHost:              options.ExternalHost,
-		KubernetesServiceNodePort: options.KubernetesServiceNodePort,
-		MasterCount:               options.MasterCount,
-		MinRequestTimeout:         options.MinRequestTimeout,
-		SecureServingInfo:         secureServingInfo,
-		InsecureServingInfo:       insecureServingInfo,
-		PublicAddress:             options.AdvertiseAddress,
-		ReadWritePort:             options.SecurePort,
-		ServiceClusterIPRange:     &options.ServiceClusterIPRange,
-		ServiceNodePortRange:      options.ServiceNodePortRange,
 		OpenAPIConfig: &common.Config{
 			ProtocolList:   []string{"https"},
 			IgnorePrefixes: []string{"/swaggerapi"},
@@ -268,19 +228,81 @@ func NewConfig(options *options.ServerRunOptions) *Config {
 				},
 			},
 		},
-		MaxRequestsInFlight:    options.MaxRequestsInFlight,
 		LongRunningFunc: genericfilters.BasicLongRunningRequestCheck(longRunningRE, map[string]string{"watch": "true"}),
-		LegacyAPIGroupPrefixes: sets.NewString(LegacyAPIPrefix),
 	}
+
+	// this keeps the defaults in sync
+	defaultOptions := options.NewServerRunOptions()
+	// unset fields that can be overridden to avoid setting values so that we won't end up with lingering values.
+	// TODO we probably want to run the defaults the other way.  A default here drives it in the CLI flags
+	defaultOptions.SecurePort = 0
+	defaultOptions.InsecurePort = 0
+	defaultOptions.AuditLogPath = ""
+	return config.ApplyOptions(defaultOptions)
+}
+
+// ApplyOptions applies the run options to the method receiver and returns self
+func (c *Config) ApplyOptions(options *options.ServerRunOptions) *Config {
+	if len(options.AuditLogPath) != 0 {
+		c.AuditWriter = &lumberjack.Logger{
+			Filename:   options.AuditLogPath,
+			MaxAge:     options.AuditLogMaxAge,
+			MaxBackups: options.AuditLogMaxBackups,
+			MaxSize:    options.AuditLogMaxSize,
+		}
+	}
+
+	if options.SecurePort > 0 {
+		secureServingInfo := &ServingInfo{
+			BindAddress: net.JoinHostPort(options.BindAddress.String(), strconv.Itoa(options.SecurePort)),
+			ServerCert: CertInfo{
+				CertFile: options.TLSCertFile,
+				KeyFile:  options.TLSPrivateKeyFile,
+			},
+			ClientCA: options.ClientCAFile,
+		}
+		if options.TLSCertFile == "" && options.TLSPrivateKeyFile == "" {
+			secureServingInfo.ServerCert.Generate = true
+			secureServingInfo.ServerCert.CertFile = path.Join(options.CertDirectory, "apiserver.crt")
+			secureServingInfo.ServerCert.KeyFile = path.Join(options.CertDirectory, "apiserver.key")
+		}
+
+		c.SecureServingInfo = secureServingInfo
+		c.ReadWritePort = options.SecurePort
+	}
+
+	if options.InsecurePort > 0 {
+		insecureServingInfo := &ServingInfo{
+			BindAddress: net.JoinHostPort(options.InsecureBindAddress.String(), strconv.Itoa(options.InsecurePort)),
+		}
+		c.InsecureServingInfo = insecureServingInfo
+	}
+
+	c.APIGroupPrefix = options.APIGroupPrefix
+	c.CorsAllowedOriginList = options.CorsAllowedOriginList
+	c.EnableGarbageCollection = options.EnableGarbageCollection
+	c.EnableProfiling = options.EnableProfiling
+	c.EnableSwaggerUI = options.EnableSwaggerUI
+	c.ExternalHost = options.ExternalHost
+	c.KubernetesServiceNodePort = options.KubernetesServiceNodePort
+	c.MasterCount = options.MasterCount
+	c.MinRequestTimeout = options.MinRequestTimeout
+	c.PublicAddress = options.AdvertiseAddress
+	c.ServiceClusterIPRange = &options.ServiceClusterIPRange
+	c.ServiceNodePortRange = options.ServiceNodePortRange
+	c.MaxRequestsInFlight = options.MaxRequestsInFlight
+
+	return c
 }

 type completedConfig struct {
 	*Config
 }

-// Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
+// Complete fills in any fields not set that are required to have valid data and can be derived
+// from other fields.  If you're going to `ApplyOptions`, do that first.  It's mutating the receiver.
 func (c *Config) Complete() completedConfig {
-	if c.ServiceClusterIPRange == nil {
+	if c.ServiceClusterIPRange == nil || c.ServiceClusterIPRange.IP == nil {
 		defaultNet := "10.0.0.0/24"
 		glog.Warningf("Network range for service cluster IPs is unspecified. Defaulting to %v.", defaultNet)
 		_, serviceClusterIPRange, err := net.ParseCIDR(defaultNet)
@@ -301,9 +323,6 @@ func (c *Config) Complete() completedConfig {
 		glog.V(4).Infof("Setting GenericAPIServer service IP to %q (read-write).", serviceReadWriteIP)
 		c.ServiceReadWriteIP = serviceReadWriteIP
 	}
-	if c.ServiceReadWritePort == 0 {
-		c.ServiceReadWritePort = 443
-	}
 	if c.ServiceNodePortRange.Size == 0 {
 		// TODO: Currently no way to specify an empty range (do we need to allow this?)
 		// We should probably allow this for clouds that don't require NodePort to do load-balancing (GCE)
@@ -312,19 +331,6 @@ func (c *Config) Complete() completedConfig {
 		c.ServiceNodePortRange = options.DefaultServiceNodePortRange
 		glog.Infof("Node port range unspecified. Defaulting to %v.", c.ServiceNodePortRange)
 	}
-	if c.MasterCount == 0 {
-		// Clearly, there will be at least one GenericAPIServer.
-		c.MasterCount = 1
-	}
-	if c.ReadWritePort == 0 {
-		c.ReadWritePort = 6443
-	}
-	if c.CacheTimeout == 0 {
-		c.CacheTimeout = 5 * time.Second
-	}
-	if c.RequestContextMapper == nil {
-		c.RequestContextMapper = api.NewRequestContextMapper()
-	}
 	if len(c.ExternalHost) == 0 && c.PublicAddress != nil {
 		hostAndPort := c.PublicAddress.String()
 		if c.ReadWritePort != 0 {
@@ -332,9 +338,6 @@ func (c *Config) Complete() completedConfig {
 		}
 		c.ExternalHost = hostAndPort
 	}
-	if c.BuildHandlerChainsFunc == nil {
-		c.BuildHandlerChainsFunc = DefaultBuildHandlerChain
-	}
 	return completedConfig{c}
 }

@@ -386,7 +389,6 @@ func (c completedConfig) New() (*GenericAPIServer, error) {
 		SecureServingInfo:    c.SecureServingInfo,
 		InsecureServingInfo:  c.InsecureServingInfo,
 		ExternalAddress:      c.ExternalHost,
-		ClusterIP:            c.PublicAddress,
 		ServiceReadWriteIP:   c.ServiceReadWriteIP,
 		ServiceReadWritePort: c.ServiceReadWritePort,

@@ -413,6 +415,25 @@ func (c completedConfig) New() (*GenericAPIServer, error) {
 	return s, nil
 }

+// MaybeGenerateServingCerts generates serving certificates if requested and needed.
+func (c completedConfig) MaybeGenerateServingCerts() error {
+	// It would be nice to set a fqdn subject alt name, but only the kubelets know, the apiserver is clueless
+	// alternateDNS = append(alternateDNS, "kubernetes.default.svc.CLUSTER.DNS.NAME")
+	if c.SecureServingInfo != nil && c.SecureServingInfo.ServerCert.Generate && !certutil.CanReadCertOrKey(c.SecureServingInfo.ServerCert.CertFile, c.SecureServingInfo.ServerCert.KeyFile) {
+		// TODO (cjcullen): Is ClusterIP the right address to sign a cert with?
+		alternateIPs := []net.IP{c.ServiceReadWriteIP}
+		alternateDNS := []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes", "localhost"}
+
+		if err := certutil.GenerateSelfSignedCert(c.PublicAddress.String(), c.SecureServingInfo.ServerCert.CertFile, c.SecureServingInfo.ServerCert.KeyFile, alternateIPs, alternateDNS); err != nil {
+			return fmt.Errorf("Unable to generate self signed cert: %v", err)
+		} else {
+			glog.Infof("Generated self-signed cert (%s, %s)", c.SecureServingInfo.ServerCert.CertFile, c.SecureServingInfo.ServerCert.KeyFile)
+		}
+	}
+
+	return nil
+}
+
 func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) (secure, insecure http.Handler) {
 	attributeGetter := apiserverfilters.NewRequestAttributeGetter(c.RequestContextMapper)

--- a/pkg/genericapiserver/genericapiserver.go
+++ b/pkg/genericapiserver/genericapiserver.go
@@ -124,9 +124,6 @@ type GenericAPIServer struct {
 	// external (public internet) URLs for this GenericAPIServer.
 	ExternalAddress string

-	// ClusterIP is the IP address of the GenericAPIServer within the cluster.
-	ClusterIP net.IP
-
 	// storage contains the RESTful endpoints exposed by this GenericAPIServer
 	storage map[string]rest.Storage

@@ -225,20 +222,6 @@ func (s *GenericAPIServer) Run() {

 		}

-		// It would be nice to set a fqdn subject alt name, but only the kubelets know, the apiserver is clueless
-		// alternateDNS = append(alternateDNS, "kubernetes.default.svc.CLUSTER.DNS.NAME")
-		if s.SecureServingInfo.ServerCert.Generate && !certutil.CanReadCertOrKey(s.SecureServingInfo.ServerCert.CertFile, s.SecureServingInfo.ServerCert.KeyFile) {
-			// TODO (cjcullen): Is ClusterIP the right address to sign a cert with?
-			alternateIPs := []net.IP{s.ServiceReadWriteIP}
-			alternateDNS := []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes", "localhost"}
-
-			if err := certutil.GenerateSelfSignedCert(s.ClusterIP.String(), s.SecureServingInfo.ServerCert.CertFile, s.SecureServingInfo.ServerCert.KeyFile, alternateIPs, alternateDNS); err != nil {
-				glog.Errorf("Unable to generate self signed cert: %v", err)
-			} else {
-				glog.Infof("Using self-signed cert (%s, %s)", s.SecureServingInfo.ServerCert.CertFile, s.SecureServingInfo.ServerCert.KeyFile)
-			}
-		}
-
 		glog.Infof("Serving securely on %s", s.SecureServingInfo.BindAddress)
 		go func() {
 			defer utilruntime.HandleCrash()
--- a/pkg/genericapiserver/genericapiserver_test.go
+++ b/pkg/genericapiserver/genericapiserver_test.go
@@ -50,7 +50,7 @@ import (
 func setUp(t *testing.T) (*etcdtesting.EtcdTestServer, Config, *assert.Assertions) {
 	etcdServer, _ := etcdtesting.NewUnsecuredEtcd3TestClientServer(t)

-	config := Config{}
+	config := NewConfig()
 	config.PublicAddress = net.ParseIP("192.168.10.4")
 	config.RequestContextMapper = api.NewRequestContextMapper()
 	config.ProxyDialer = func(network, addr string) (net.Conn, error) { return nil, nil }
@@ -59,7 +59,7 @@ func setUp(t *testing.T) (*etcdtesting.EtcdTestServer, Config, *assert.Assertion
 	config.LegacyAPIGroupPrefixes = sets.NewString("/api")
 	config.APIGroupPrefix = "/apis"

-	return etcdServer, config, assert.New(t)
+	return etcdServer, *config, assert.New(t)
 }

 func newMaster(t *testing.T) (*GenericAPIServer, *etcdtesting.EtcdTestServer, Config, *assert.Assertions) {
@@ -84,7 +84,6 @@ func TestNew(t *testing.T) {
 	assert.Equal(s.apiPrefix, config.APIGroupPrefix)
 	assert.Equal(s.admissionControl, config.AdmissionControl)
 	assert.Equal(s.RequestContextMapper(), config.RequestContextMapper)
-	assert.Equal(s.ClusterIP, config.PublicAddress)

 	// these values get defaulted
 	_, serviceClusterIPRange, _ := net.ParseCIDR("10.0.0.0/24")
@@ -109,7 +108,7 @@ func TestInstallAPIGroups(t *testing.T) {
 	config.LegacyAPIGroupPrefixes = sets.NewString("/apiPrefix")
 	config.APIGroupPrefix = "/apiGroupPrefix"

-	s, err := config.Complete().New()
+	s, err := config.SkipComplete().New()
 	if err != nil {
 		t.Fatalf("Error in bringing up the server: %v", err)
 	}
@@ -179,7 +178,7 @@ func TestCustomHandlerChain(t *testing.T) {
 		called = true
 	})

-	s, err := config.Complete().New()
+	s, err := config.SkipComplete().New()
 	if err != nil {
 		t.Fatalf("Error in bringing up the server: %v", err)
 	}
@@ -235,7 +234,7 @@ func TestNotRestRoutesHaveAuth(t *testing.T) {
 	config.EnableSwaggerSupport = true
 	config.EnableVersion = true

-	s, err := config.Complete().New()
+	s, err := config.SkipComplete().New()
 	if err != nil {
 		t.Fatalf("Error in bringing up the server: %v", err)
 	}
@@ -311,7 +310,6 @@ func TestInstallSwaggerAPI(t *testing.T) {
 	mux = http.NewServeMux()
 	server.HandlerContainer = genericmux.NewAPIContainer(mux, nil)
 	server.ExternalAddress = ""
-	server.ClusterIP = net.IPv4(10, 10, 10, 10)
 	server.InstallSwaggerAPI()
 	if assert.NotEqual(0, len(ws), "SwaggerAPI not installed.") {
 		assert.Equal("/swaggerapi/", ws[0].RootPath(), "SwaggerAPI did not install to the proper path. %s != /swaggerapi", ws[0].RootPath())
--- a/pkg/genericapiserver/options/server_run_options.go
+++ b/pkg/genericapiserver/options/server_run_options.go
@@ -38,7 +38,7 @@ import (

 const (
 	// TODO: This can be tightened up. It still matches objects named watch or proxy.
-	defaultLongRunningRequestRE = "(/|^)((watch|proxy)(/|$)|(logs?|portforward|exec|attach)/?$)"
+	DefaultLongRunningRequestRE = "(/|^)((watch|proxy)(/|$)|(logs?|portforward|exec|attach)/?$)"
 )

 var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768}
@@ -139,7 +139,7 @@ func NewServerRunOptions() *ServerRunOptions {
 		EnableWatchCache:                         true,
 		InsecureBindAddress:                      net.ParseIP("127.0.0.1"),
 		InsecurePort:                             8080,
-		LongRunningRequestRE:                     defaultLongRunningRequestRE,
+		LongRunningRequestRE:                     DefaultLongRunningRequestRE,
 		MasterCount:                              1,
 		MasterServiceNamespace:                   api.NamespaceDefault,
 		MaxRequestsInFlight:                      400,
--- a/pkg/master/master_test.go
+++ b/pkg/master/master_test.go
@@ -49,7 +49,6 @@ import (
 	"k8s.io/kubernetes/pkg/client/restclient"
 	openapigen "k8s.io/kubernetes/pkg/generated/openapi"
 	"k8s.io/kubernetes/pkg/genericapiserver"
-	"k8s.io/kubernetes/pkg/genericapiserver/openapi/common"
 	"k8s.io/kubernetes/pkg/kubelet/client"
 	ipallocator "k8s.io/kubernetes/pkg/registry/core/service/ipallocator"
 	"k8s.io/kubernetes/pkg/registry/registrytest"
@@ -71,9 +70,7 @@ func setUp(t *testing.T) (*Master, *etcdtesting.EtcdTestServer, Config, *assert.
 	server, storageConfig := etcdtesting.NewUnsecuredEtcd3TestClientServer(t)

 	config := &Config{
-		GenericConfig: &genericapiserver.Config{
-			OpenAPIConfig: &common.Config{},
-		},
+		GenericConfig: genericapiserver.NewConfig(),
 	}

 	resourceEncoding := genericapiserver.NewDefaultResourceEncodingConfig()
@@ -164,10 +161,6 @@ func TestNew(t *testing.T) {
 	master, etcdserver, config, assert := newMaster(t)
 	defer etcdserver.Terminate(t)

-	// Verify many of the variables match their config counterparts
-	assert.Equal(master.GenericAPIServer.RequestContextMapper(), config.GenericConfig.RequestContextMapper)
-	assert.Equal(master.GenericAPIServer.ClusterIP, config.GenericConfig.PublicAddress)
-
 	// these values get defaulted
 	_, serviceClusterIPRange, _ := net.ParseCIDR("10.0.0.0/24")
 	serviceReadWriteIP, _ := ipallocator.GetIndexedIP(serviceClusterIPRange, 1)
--- a/test/integration/framework/master_utils.go
+++ b/test/integration/framework/master_utils.go
@@ -60,8 +60,6 @@ import (
 	"k8s.io/kubernetes/pkg/master"
 	"k8s.io/kubernetes/pkg/runtime"
 	"k8s.io/kubernetes/pkg/storage/storagebackend"
-	utilnet "k8s.io/kubernetes/pkg/util/net"
-	"k8s.io/kubernetes/pkg/util/sets"
 	"k8s.io/kubernetes/pkg/util/wait"
 	"k8s.io/kubernetes/pkg/watch"
 	"k8s.io/kubernetes/plugin/pkg/admission/admit"
@@ -69,7 +67,6 @@ import (

 	"github.com/go-openapi/spec"
 	"github.com/pborman/uuid"
-	"k8s.io/kubernetes/pkg/genericapiserver/openapi/common"
 )

 const (
@@ -346,21 +343,15 @@ func NewMasterConfig() *master.Config {
 		"",
 		NewSingleContentTypeSerializer(api.Scheme, testapi.Storage.Codec(), runtime.ContentTypeJSON))

+	genericConfig := genericapiserver.NewConfig()
+	genericConfig.APIResourceConfigSource = master.DefaultAPIResourceConfigSource()
+	genericConfig.Authorizer = authorizer.NewAlwaysAllowAuthorizer()
+	genericConfig.AdmissionControl = admit.NewAlwaysAdmit()
+	genericConfig.Serializer = api.Codecs
+	genericConfig.EnableOpenAPISupport = true
+
 	return &master.Config{
-		GenericConfig: &genericapiserver.Config{
-			APIResourceConfigSource: master.DefaultAPIResourceConfigSource(),
-			LegacyAPIGroupPrefixes:  sets.NewString("/api"),
-			APIGroupPrefix:          "/apis",
-			Authorizer:              authorizer.NewAlwaysAllowAuthorizer(),
-			AdmissionControl:        admit.NewAlwaysAdmit(),
-			Serializer:              api.Codecs,
-			// Set those values to avoid annoying warnings in logs.
-			ServiceClusterIPRange: parseCIDROrDie("10.0.0.0/24"),
-			ServiceNodePortRange:  utilnet.PortRange{Base: 30000, Size: 2768},
-			EnableVersion:         true,
-			EnableOpenAPISupport:  true,
-			OpenAPIConfig:         &common.Config{},
-		},
+		GenericConfig:         genericConfig,
 		StorageFactory:        storageFactory,
 		EnableCoreControllers: true,
 		EnableWatchCache:      true,
@@ -372,8 +363,6 @@ func NewMasterConfig() *master.Config {
 func NewIntegrationTestMasterConfig() *master.Config {
 	masterConfig := NewMasterConfig()
 	masterConfig.EnableCoreControllers = true
-	masterConfig.GenericConfig.EnableIndex = true
-	masterConfig.GenericConfig.EnableVersion = true
 	masterConfig.GenericConfig.PublicAddress = net.ParseIP("192.168.10.4")
 	masterConfig.GenericConfig.APIResourceConfigSource = master.DefaultAPIResourceConfigSource()
 	return masterConfig