@@ -228,7 +228,7 @@ func GetClientCertCAPool(options MasterConfig) (*x509.CertPool, error) {

 // GetAPIServerCertCAPool returns the cert pool containing the roots for the API server cert

 func GetAPIServerCertCAPool(options MasterConfig) (*x509.CertPool, error) {

-	if !UseTLS(options.ServingInfo) {

+	if !UseTLS(options.ServingInfo.ServingInfo) {

 		return x509.NewCertPool(), nil

 	}

@@ -236,7 +236,7 @@ func GetAPIServerCertCAPool(options MasterConfig) (*x509.CertPool, error) {

 }

 func getOAuthClientCertCAs(options MasterConfig) ([]*x509.Certificate, error) {

-	if !UseTLS(options.ServingInfo) {

+	if !UseTLS(options.ServingInfo.ServingInfo) {

 		return nil, nil

 	}

@@ -264,7 +264,7 @@ func getOAuthClientCertCAs(options MasterConfig) ([]*x509.Certificate, error) {

 }

 func getAPIClientCertCAs(options MasterConfig) ([]*x509.Certificate, error) {

-	if !UseTLS(options.ServingInfo) {

+	if !UseTLS(options.ServingInfo.ServingInfo) {

 		return nil, nil

 	}

@@ -86,7 +86,7 @@ type MasterConfig struct {

 	api.TypeMeta

 	// ServingInfo describes how to start serving

-	ServingInfo ServingInfo

+	ServingInfo HTTPServingInfo

 	// CORSAllowedOrigins

 	CORSAllowedOrigins []string

@@ -262,6 +262,15 @@ type ServingInfo struct {

 	ClientCA string

 }

+type HTTPServingInfo struct {

+	ServingInfo

+	// MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.

+	MaxRequestsInFlight int

+	// RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if

+	// -1 there is no limit on requests.

+	RequestTimeoutSeconds int

+}

+

 type MasterClients struct {

 	// OpenShiftLoopbackKubeConfig is a .kubeconfig filename for system components to loopback to this master

 	OpenShiftLoopbackKubeConfig string

@@ -275,7 +284,7 @@ type DNSConfig struct {

 }

 type AssetConfig struct {

-	ServingInfo ServingInfo

+	ServingInfo HTTPServingInfo

 	// PublicURL is where you can find the asset server (TODO do we really need this?)

 	PublicURL string

@@ -515,6 +524,8 @@ type KubernetesMasterConfig struct {

 	MasterCount int

 	// ServicesSubnet is the subnet to use for assigning service IPs

 	ServicesSubnet string

+	// ServicesNodePortRange is the range to use for assigning service public ports on a host.

+	ServicesNodePortRange string

 	// StaticNodeNames is the list of nodes that are statically known

 	StaticNodeNames []string

 	// SchedulerConfigFile points to a file that describes how to set up the scheduler. If empty, you get the default scheduling rules.

@@ -522,6 +533,10 @@ type KubernetesMasterConfig struct {

 	// PodEvictionTimeout controls grace period for deleting pods on failed nodes.

 	// It takes valid time duration string. If empty, you get the default pod eviction timeout.

 	PodEvictionTimeout string

+	// APIServerArguments are key value pairs that will be passed directly to the Kube apiserver that match the apiservers's

+	// command line arguments.  These are not migrated, but if you reference a value that does not exist the server will not

+	// start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.

+	APIServerArguments ExtendedArguments

 }

 type CertInfo struct {

@@ -15,6 +15,9 @@ func init() {

 			if len(obj.Controllers) == 0 {

 				obj.Controllers = ControllersAll

 			}

+			if obj.ServingInfo.RequestTimeoutSeconds == 0 {

+				obj.ServingInfo.RequestTimeoutSeconds = 60 * 60

+			}

 		},

 		func(obj *KubernetesMasterConfig) {

 			if obj.MasterCount == 0 {

@@ -23,19 +26,22 @@ func init() {

 			if len(obj.APILevels) == 0 {

 				obj.APILevels = newer.DefaultKubernetesAPILevels

 			}

+			if len(obj.ServicesNodePortRange) == 0 {

+				obj.ServicesNodePortRange = "30000-32767"

+			}

 			if len(obj.PodEvictionTimeout) == 0 {

 				obj.PodEvictionTimeout = "5m"

 			}

 		},

 		func(obj *EtcdStorageConfig) {

 			if len(obj.KubernetesStorageVersion) == 0 {

-				obj.KubernetesStorageVersion = "v1beta3"

+				obj.KubernetesStorageVersion = "v1"

 			}

 			if len(obj.KubernetesStoragePrefix) == 0 {

 				obj.KubernetesStoragePrefix = "kubernetes.io"

 			}

 			if len(obj.OpenShiftStorageVersion) == 0 {

-				obj.OpenShiftStorageVersion = "v1beta3"

+				obj.OpenShiftStorageVersion = "v1"

 			}

 			if len(obj.OpenShiftStoragePrefix) == 0 {

 				obj.OpenShiftStoragePrefix = "openshift.io"

@@ -76,7 +76,7 @@ type MasterConfig struct {

 	v1.TypeMeta `json:",inline"`

 	// ServingInfo describes how to start serving

-	ServingInfo ServingInfo `json:"servingInfo"`

+	ServingInfo HTTPServingInfo `json:"servingInfo"`

 	// CORSAllowedOrigins

 	CORSAllowedOrigins []string `json:"corsAllowedOrigins"`

@@ -251,6 +251,15 @@ type ServingInfo struct {

 	ClientCA string `json:"clientCA"`

 }

+type HTTPServingInfo struct {

+	ServingInfo `json:",inline"`

+	// MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.

+	MaxRequestsInFlight int `json:"maxRequestsInFlight"`

+	// RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if

+	// -1 there is no limit on requests.

+	RequestTimeoutSeconds int `json:"requestTimeoutSeconds"`

+}

+

 type MasterClients struct {

 	// OpenShiftLoopbackKubeConfig is a .kubeconfig filename for system components to loopback to this master

 	OpenShiftLoopbackKubeConfig string `json:"openshiftLoopbackKubeConfig"`

@@ -264,7 +273,7 @@ type DNSConfig struct {

 }

 type AssetConfig struct {

-	ServingInfo ServingInfo `json:"servingInfo"`

+	ServingInfo HTTPServingInfo `json:"servingInfo"`

 	// PublicURL is where you can find the asset server (TODO do we really need this?)

 	PublicURL string `json:"publicURL"`

@@ -491,11 +500,17 @@ type KubernetesMasterConfig struct {

 	APILevels []string `json:"apiLevels"`

 	MasterIP  string   `json:"masterIP"`

 	// MasterCount is the number of expected masters that should be running. This value defaults to 1 and may be set to a positive integer.

-	MasterCount         int      `json:"masterCount"`

-	ServicesSubnet      string   `json:"servicesSubnet"`

-	StaticNodeNames     []string `json:"staticNodeNames"`

-	SchedulerConfigFile string   `json:"schedulerConfigFile"`

-	PodEvictionTimeout  string   `json:"podEvictionTimeout"`

+	MasterCount    int    `json:"masterCount"`

+	ServicesSubnet string `json:"servicesSubnet"`

+	// ServicesNodePortRange is the range to use for assigning service public ports on a host.

+	ServicesNodePortRange string   `json:"servicesNodePortRange"`

+	StaticNodeNames       []string `json:"staticNodeNames"`

+	SchedulerConfigFile   string   `json:"schedulerConfigFile"`

+	PodEvictionTimeout    string   `json:"podEvictionTimeout"`

+	// APIServerArguments are key value pairs that will be passed directly to the Kube apiserver that match the apiservers's

+	// command line arguments.  These are not migrated, but if you reference a value that does not exist the server will not

+	// start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.

+	APIServerArguments ExtendedArguments `json:"apiServerArguments"`

 }

 type CertInfo struct {

@@ -55,6 +55,8 @@ assetConfig:

     certFile: ""

     clientCA: ""

     keyFile: ""

+    maxRequestsInFlight: 0

+    requestTimeoutSeconds: 0

 corsAllowedOrigins: null

 dnsConfig:

   bindAddress: ""

@@ -93,10 +95,12 @@ kubeletClientInfo:

   port: 0

 kubernetesMasterConfig:

   apiLevels: null

+  apiServerArguments: null

   masterCount: 0

   masterIP: ""

   podEvictionTimeout: ""

   schedulerConfigFile: ""

+  servicesNodePortRange: ""

   servicesSubnet: ""

   staticNodeNames: null

 masterClients:

@@ -212,6 +216,8 @@ servingInfo:

   certFile: ""

   clientCA: ""

   keyFile: ""

+  maxRequestsInFlight: 0

+  requestTimeoutSeconds: 0

 `

 )

@@ -19,6 +19,7 @@ import (

 	"github.com/openshift/origin/pkg/util/labelselector"

 )

+// TODO: this should just be two return arrays, no need to be clever

 type ValidationResults struct {

 	Warnings fielderrors.ValidationErrorList

 	Errors   fielderrors.ValidationErrorList

@@ -52,6 +53,8 @@ func (r ValidationResults) Prefix(prefix string) ValidationResults {

 func ValidateMasterConfig(config *api.MasterConfig) ValidationResults {

 	validationResults := ValidationResults{}

+	validationResults.AddErrors(ValidateHTTPServingInfo(config.ServingInfo).Prefix("servingInfo")...)

+

 	if _, urlErrs := ValidateURL(config.MasterPublicURL, "masterPublicURL"); len(urlErrs) > 0 {

 		validationResults.AddErrors(urlErrs...)

 	}

@@ -128,7 +131,7 @@ func ValidateMasterConfig(config *api.MasterConfig) ValidationResults {

 	validationResults.Append(ValidateServiceAccountConfig(config.ServiceAccountConfig, builtInKubernetes).Prefix("serviceAccountConfig"))

-	validationResults.AddErrors(ValidateServingInfo(config.ServingInfo).Prefix("servingInfo")...)

+	validationResults.AddErrors(ValidateHTTPServingInfo(config.ServingInfo).Prefix("servingInfo")...)

 	validationResults.AddErrors(ValidateProjectConfig(config.ProjectConfig).Prefix("projectConfig")...)

@@ -227,7 +230,7 @@ func ValidateServiceAccountConfig(config api.ServiceAccountConfig, builtInKubern

 func ValidateAssetConfig(config *api.AssetConfig) fielderrors.ValidationErrorList {

 	allErrs := fielderrors.ValidationErrorList{}

-	allErrs = append(allErrs, ValidateServingInfo(config.ServingInfo).Prefix("servingInfo")...)

+	allErrs = append(allErrs, ValidateHTTPServingInfo(config.ServingInfo).Prefix("servingInfo")...)

 	if len(config.LogoutURL) > 0 {

 		_, urlErrs := ValidateURL(config.LogoutURL, "logoutURL")

@@ -294,6 +297,12 @@ func ValidateKubernetesMasterConfig(config *api.KubernetesMasterConfig) Validati

 		}

 	}

+	if len(config.ServicesNodePortRange) > 0 {

+		if _, err := util.ParsePortRange(strings.TrimSpace(config.ServicesNodePortRange)); err != nil {

+			validationResults.AddErrors(fielderrors.NewFieldInvalid("servicesNodePortRange", config.ServicesNodePortRange, "must be a valid port range (e.g. 30000-32000)"))

+		}

+	}

+

 	if len(config.SchedulerConfigFile) > 0 {

 		validationResults.AddErrors(ValidateFile(config.SchedulerConfigFile, "schedulerConfigFile")...)

 	}

@@ -65,6 +65,20 @@ func ValidateServingInfo(info api.ServingInfo) fielderrors.ValidationErrorList {

 	return allErrs

 }

+func ValidateHTTPServingInfo(info api.HTTPServingInfo) fielderrors.ValidationErrorList {

+	allErrs := ValidateServingInfo(info.ServingInfo)

+

+	if info.MaxRequestsInFlight < 0 {

+		allErrs = append(allErrs, fielderrors.NewFieldInvalid("maxRequestsInFlight", info.MaxRequestsInFlight, "must be zero (no limit) or greater"))

+	}

+

+	if info.RequestTimeoutSeconds < 0 {

+		allErrs = append(allErrs, fielderrors.NewFieldInvalid("requestTimeoutSeconds", info.RequestTimeoutSeconds, "must be zero (no limit) or greater"))

+	}

+

+	return allErrs

+}

+

 func ValidateKubeConfig(path string, field string) fielderrors.ValidationErrorList {

 	allErrs := fielderrors.ValidationErrorList{}

@@ -3,7 +3,6 @@ package kubernetes

 import (

 	"fmt"

 	"io/ioutil"

-	"net"

 	"os"

 	"time"

@@ -11,7 +10,6 @@ import (

 	"github.com/golang/glog"

 	kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api"

-	kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client"

 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client/record"

 	"github.com/GoogleCloudPlatform/kubernetes/pkg/cloudprovider/nodecontroller"

 	"github.com/GoogleCloudPlatform/kubernetes/pkg/controller"

@@ -27,7 +25,6 @@ import (

 	"github.com/GoogleCloudPlatform/kubernetes/plugin/pkg/scheduler/factory"

 	"github.com/GoogleCloudPlatform/kubernetes/pkg/namespace"

-	configapi "github.com/openshift/origin/pkg/cmd/server/api"

 )

 const (

@@ -36,58 +33,20 @@ const (

 	KubeAPIPrefixV1      = "/api/v1"

 )

-// TODO: Longer term we should read this from some config store, rather than a flag.

-func (c *MasterConfig) EnsurePortalFlags() {

-	if c.PortalNet == nil {

-		glog.Fatal("No --portal-net specified")

-	}

-}

-

 // InstallAPI starts a Kubernetes master and registers the supported REST APIs

 // into the provided mux, then returns an array of strings indicating what

 // endpoints were started (these are format strings that will expect to be sent

 // a single string value).

 func (c *MasterConfig) InstallAPI(container *restful.Container) []string {

-	kubeletClient, err := kclient.NewKubeletClient(c.KubeletClientConfig)

-	if err != nil {

-		glog.Fatalf("Unable to configure Kubelet client: %v", err)

-	}

-

-	masterConfig := &master.Config{

-		PublicAddress: net.ParseIP(c.Options.MasterIP),

-		ReadWritePort: c.MasterPort,

-		ReadOnlyPort:  c.MasterPort,

-

-		EtcdHelper: c.EtcdHelper,

-

-		EventTTL: 2 * time.Hour,

-

-		PortalNet: c.PortalNet,

-

-		RequestContextMapper: c.RequestContextMapper,

-

-		RestfulContainer: container,

-		KubeletClient:    kubeletClient,

-		APIPrefix:        KubeAPIPrefix,

-

-		EnableCoreControllers: true,

-

-		MasterCount: c.Options.MasterCount,

-

-		Authorizer:       c.Authorizer,

-		AdmissionControl: c.AdmissionControl,

-

-		DisableV1Beta3: !configapi.HasKubernetesAPILevel(c.Options, "v1beta3"),

-		EnableV1:       configapi.HasKubernetesAPILevel(c.Options, "v1"),

-	}

-	_ = master.New(masterConfig)

+	c.Master.RestfulContainer = container

+	_ = master.New(c.Master)

 	messages := []string{}

-	if !masterConfig.DisableV1Beta3 {

-		messages = append(messages, fmt.Sprintf("Started Kubernetes API at %%s%s", KubeAPIPrefixV1Beta3))

+	if !c.Master.DisableV1Beta3 {

+		messages = append(messages, fmt.Sprintf("Started Kubernetes API at %%s%s (deprecated)", KubeAPIPrefixV1Beta3))

 	}

-	if masterConfig.EnableV1 {

-		messages = append(messages, fmt.Sprintf("Started Kubernetes API at %%s%s (experimental)", KubeAPIPrefixV1))

+	if c.Master.EnableV1 {

+		messages = append(messages, fmt.Sprintf("Started Kubernetes API at %%s%s", KubeAPIPrefixV1))

 	}

 	return messages

@@ -5,37 +5,30 @@ import (

 	"fmt"

 	"net"

 	"strconv"

+	"strings"

+	"time"

+	"github.com/GoogleCloudPlatform/kubernetes/cmd/kube-apiserver/app"

 	"github.com/GoogleCloudPlatform/kubernetes/pkg/admission"

 	kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api"

 	"github.com/GoogleCloudPlatform/kubernetes/pkg/apiserver"

-	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/authorizer"

 	kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client"

 	"github.com/GoogleCloudPlatform/kubernetes/pkg/master"

-	"github.com/GoogleCloudPlatform/kubernetes/pkg/tools"

+	"github.com/GoogleCloudPlatform/kubernetes/pkg/util"

+	kerrors "github.com/GoogleCloudPlatform/kubernetes/pkg/util/errors"

 	"github.com/openshift/origin/pkg/cmd/flagtypes"

 	configapi "github.com/openshift/origin/pkg/cmd/server/api"

 	"github.com/openshift/origin/pkg/cmd/server/etcd"

+	cmdflags "github.com/openshift/origin/pkg/cmd/util/flags"

 )

 // MasterConfig defines the required values to start a Kubernetes master

 type MasterConfig struct {

 	Options configapi.KubernetesMasterConfig

-	MasterPort int

-

-	// TODO: remove, not used

-	PortalNet *net.IPNet

-

-	RequestContextMapper kapi.RequestContextMapper

-

-	EtcdHelper          tools.EtcdHelper

-	KubeClient          *kclient.Client

-	KubeletClientConfig *kclient.KubeletConfig

-

-	Authorizer       authorizer.Authorizer

-	AdmissionControl admission.Interface

+	Master     *master.Config

+	KubeClient *kclient.Client

 }

 func BuildKubernetesMasterConfig(options configapi.MasterConfig, requestContextMapper kapi.RequestContextMapper, kubeClient *kclient.Client) (*MasterConfig, error) {

@@ -54,13 +47,13 @@ func BuildKubernetesMasterConfig(options configapi.MasterConfig, requestContextM

 	}

 	kubeletClientConfig := configapi.GetKubeletClientConfig(options)

-

-	portalNet := net.IPNet(flagtypes.DefaultIPNet(options.KubernetesMasterConfig.ServicesSubnet))

+	kubeletClient, err := kclient.NewKubeletClient(kubeletClientConfig)

+	if err != nil {

+		return nil, fmt.Errorf("unable to configure Kubelet client: %v", err)

+	}

 	// in-order list of plug-ins that should intercept admission decisions

 	// TODO: Push node environment support to upstream in future

-	admissionControlPluginNames := []string{"NamespaceExists", "NamespaceLifecycle", "OriginPodNodeEnvironment", "LimitRanger", "ServiceAccount", "ResourceQuota"}

-	admissionController := admission.NewFromPlugins(kubeClient, admissionControlPluginNames, "")

 	_, portString, err := net.SplitHostPort(options.ServingInfo.BindAddress)

 	if err != nil {

@@ -71,17 +64,61 @@ func BuildKubernetesMasterConfig(options configapi.MasterConfig, requestContextM

 		return nil, err

 	}

-	kmaster := &MasterConfig{

-		Options: *options.KubernetesMasterConfig,

+	portRange, err := util.ParsePortRange(options.KubernetesMasterConfig.ServicesNodePortRange)

+	if err != nil {

+		return nil, err

+	}

+

+	server := app.NewAPIServer()

+	server.EventTTL = 2 * time.Hour

+	server.PortalNet = util.IPNet(flagtypes.DefaultIPNet(options.KubernetesMasterConfig.ServicesSubnet))

+	server.ServiceNodePorts = *portRange

+	server.AdmissionControl = strings.Join([]string{

+		"NamespaceExists", "NamespaceLifecycle", "OriginPodNodeEnvironment", "LimitRanger", "ServiceAccount", "ResourceQuota",

+	}, ",")

+

+	// resolve extended arguments

+	// TODO: this should be done in config validation (along with the above) so we can provide

+	// proper errors

+	if err := cmdflags.Resolve(options.KubernetesMasterConfig.APIServerArguments, server.AddFlags); len(err) > 0 {

+		return nil, kerrors.NewAggregate(err)

+	}

+

+	admissionController := admission.NewFromPlugins(kubeClient, strings.Split(server.AdmissionControl, ","), server.AdmissionControlConfigFile)

+

+	m := &master.Config{

+		PublicAddress: net.ParseIP(options.KubernetesMasterConfig.MasterIP),

+		ReadWritePort: port,

+		ReadOnlyPort:  port,

+

+		EtcdHelper: ketcdHelper,

+

+		EventTTL: server.EventTTL,

+		//MinRequestTimeout: server.MinRequestTimeout,

+

+		PortalNet:        (*net.IPNet)(&server.PortalNet),

+		ServiceNodePorts: server.ServiceNodePorts,

-		MasterPort:           port,

-		PortalNet:            &portalNet,

 		RequestContextMapper: requestContextMapper,

-		EtcdHelper:           ketcdHelper,

-		KubeClient:           kubeClient,

-		KubeletClientConfig:  kubeletClientConfig,

-		Authorizer:           apiserver.NewAlwaysAllowAuthorizer(),

-		AdmissionControl:     admissionController,

+

+		KubeletClient: kubeletClient,

+		APIPrefix:     KubeAPIPrefix,

+

+		EnableCoreControllers: true,

+

+		MasterCount: options.KubernetesMasterConfig.MasterCount,

+

+		Authorizer:       apiserver.NewAlwaysAllowAuthorizer(),

+		AdmissionControl: admissionController,

+

+		DisableV1Beta3: !configapi.HasKubernetesAPILevel(*options.KubernetesMasterConfig, "v1beta3"),

+		EnableV1:       configapi.HasKubernetesAPILevel(*options.KubernetesMasterConfig, "v1"),

+	}

+

+	kmaster := &MasterConfig{

+		Options:    *options.KubernetesMasterConfig,

+		Master:     m,

+		KubeClient: kubeClient,

 	}

 	return kmaster, nil

@@ -58,15 +58,20 @@ func (c *AssetConfig) Run() {

 		})

 	}

+	timeout := c.Options.ServingInfo.RequestTimeoutSeconds

+	if timeout == -1 {

+		timeout = 0

+	}

+

 	server := &http.Server{

 		Addr:           c.Options.ServingInfo.BindAddress,

 		Handler:        mux,

-		ReadTimeout:    5 * time.Minute,

-		WriteTimeout:   5 * time.Minute,

+		ReadTimeout:    time.Duration(timeout) * time.Second,

+		WriteTimeout:   time.Duration(timeout) * time.Second,

 		MaxHeaderBytes: 1 << 20,

 	}

-	isTLS := configapi.UseTLS(c.Options.ServingInfo)

+	isTLS := configapi.UseTLS(c.Options.ServingInfo.ServingInfo)

 	go util.Forever(func() {

 		if isTLS {

@@ -494,11 +494,22 @@ func (c *MasterConfig) Run(protected []APIInstaller, unprotected []APIInstaller)

 		handler = contextHandler

 	}

+	if c.Options.ServingInfo.MaxRequestsInFlight > 0 {

+		longRunningRE := regexp.MustCompile("[.*\\/watch$][^\\/proxy.*]")

+		sem := make(chan bool, c.Options.ServingInfo.MaxRequestsInFlight)

+		handler = apiserver.MaxInFlightLimit(sem, longRunningRE, handler)

+	}

+

+	timeout := c.Options.ServingInfo.RequestTimeoutSeconds

+	if timeout == -1 {

+		timeout = 0

+	}

+

 	server := &http.Server{

 		Addr:           c.Options.ServingInfo.BindAddress,

 		Handler:        handler,

-		ReadTimeout:    5 * time.Minute,

-		WriteTimeout:   5 * time.Minute,

+		ReadTimeout:    time.Duration(timeout) * time.Second,

+		WriteTimeout:   time.Duration(timeout) * time.Second,

 		MaxHeaderBytes: 1 << 20,

 	}

@@ -161,7 +161,7 @@ func BuildMasterConfig(options configapi.MasterConfig) (*MasterConfig, error) {

 		AdmissionControl: admissionController,

-		TLS: configapi.UseTLS(options.ServingInfo),

+		TLS: configapi.UseTLS(options.ServingInfo.ServingInfo),

 		ControllerPlug: plug.NewPlug(!options.PauseControllers),

@@ -226,7 +226,7 @@ func newAuthenticator(config configapi.MasterConfig, etcdHelper tools.EtcdHelper

 		authenticators = append(authenticators, paramtoken.New("access_token", tokenAuthenticator, true))

 	}

-	if configapi.UseTLS(config.ServingInfo) {

+	if configapi.UseTLS(config.ServingInfo.ServingInfo) {

 		// build cert authenticator

 		// TODO: add "system:" prefix in authenticator, limit cert to username

 		// TODO: add "system:" prefix to groups in authenticator, limit cert to group name

@@ -150,8 +150,10 @@ func (args MasterArgs) BuildSerializeableMasterConfig() (*configapi.MasterConfig

 	etcdClientInfo := admin.DefaultMasterEtcdClientCertInfo(args.ConfigDir.Value())

 	config := &configapi.MasterConfig{

-		ServingInfo: configapi.ServingInfo{

-			BindAddress: args.ListenArg.ListenAddr.URL.Host,

+		ServingInfo: configapi.HTTPServingInfo{

+			ServingInfo: configapi.ServingInfo{

+				BindAddress: args.ListenArg.ListenAddr.URL.Host,

+			},

 		},

 		CORSAllowedOrigins: corsAllowedOrigins.List(),

 		MasterPublicURL:    masterPublicAddr.String(),

@@ -164,8 +166,10 @@ func (args MasterArgs) BuildSerializeableMasterConfig() (*configapi.MasterConfig

 		PauseControllers: args.PauseControllers,

 		AssetConfig: &configapi.AssetConfig{

-			ServingInfo: configapi.ServingInfo{

-				BindAddress: args.GetAssetBindAddress(),

+			ServingInfo: configapi.HTTPServingInfo{

+				ServingInfo: configapi.ServingInfo{

+					BindAddress: args.GetAssetBindAddress(),

+				},

 			},

 			LogoutURL:       "",

@@ -357,7 +357,6 @@ func StartMaster(openshiftMasterConfig *configapi.MasterConfig) error {

 		if err != nil {

 			return err

 		}

-		kubeConfig.EnsurePortalFlags()

 		openshiftConfig.Run([]origin.APIInstaller{kubeConfig}, unprotectedInstallers)

 		go daemon.SdNotify("READY=1")