@@ -5,7 +5,6 @@ import (

 	"strings"

 	"k8s.io/kubernetes/pkg/api"

-	klatest "k8s.io/kubernetes/pkg/api/latest"

 	kmeta "k8s.io/kubernetes/pkg/api/meta"

 	"k8s.io/kubernetes/pkg/runtime"

 	"k8s.io/kubernetes/pkg/util/sets"

@@ -96,11 +95,7 @@ func OriginKind(kind, apiVersion string) bool {

 func init() {

 	// this keeps us consistent with old code.  We can decide if we want to expand our RESTMapper to cover

 	// api.RESTMapper, which is different than what you'd get from latest.

-	kubeAPIGroup, err := klatest.Group("")

-	if err != nil {

-		panic(err)

-	}

-	kubeMapper := kubeAPIGroup.RESTMapper

+	kubeMapper := api.RESTMapper

 	// list of versions we support on the server, in preferred order

 	versions := []string{"v1", "v1beta3"}

@@ -498,7 +498,20 @@ func HasOpenShiftAPILevel(config MasterConfig, apiLevel string) bool {

 	return apiLevelSet.Has(apiLevel)

 }

-func HasKubernetesAPILevel(config KubernetesMasterConfig, apiLevel string) bool {

-	apiLevelSet := sets.NewString(config.APILevels...)

-	return apiLevelSet.Has(apiLevel)

+func GetEnabledAPIVersionsForGroup(config KubernetesMasterConfig, apiGroup string) []string {

+	allowedVersions := KubeAPIGroupsToAllowedVersions[apiGroup]

+	blacklist := sets.NewString(config.DisabledAPIGroupVersions[apiGroup]...)

+

+	if blacklist.Has(AllVersions) {

+		return []string{}

+	}

+

+	enabledVersions := []string{}

+	for _, currVersion := range allowedVersions {

+		if !blacklist.Has(currVersion) {

+			enabledVersions = append(enabledVersions, currVersion)

+		}

+	}

+

+	return enabledVersions

 }

@@ -1,6 +1,8 @@

 package api

 import (

+	"reflect"

+

 	"k8s.io/kubernetes/pkg/api/unversioned"

 	"k8s.io/kubernetes/pkg/runtime"

 	"k8s.io/kubernetes/pkg/util/sets"

@@ -13,6 +15,8 @@ const (

 	FeatureBuilder    = `Builder`

 	FeatureS2I        = `S2IBuilder`

 	FeatureWebConsole = `WebConsole`

+

+	AllVersions = "*"

 )

 var (

@@ -38,6 +42,14 @@ var (

 	// exposed externally.

 	DeadOpenShiftStorageVersionLevels = []string{"v1beta1", "v1beta3"}

+	APIGroupKube                   = ""

+	APIGroupExtensions             = "extensions"

+	KubeAPIGroupsToAllowedVersions = map[string][]string{

+		APIGroupKube:       {"v1"},

+		APIGroupExtensions: {"v1beta1"},

+	}

+	KnownKubeAPIGroups = sets.KeySet(reflect.ValueOf(KubeAPIGroupsToAllowedVersions))

+

 	// FeatureAliases maps deprecated names of feature flag to their canonical

 	// names. Aliases must be lower-cased for O(1) lookup.

 	FeatureAliases = map[string]string{

@@ -732,8 +744,9 @@ type EtcdConfig struct {

 }

 type KubernetesMasterConfig struct {

-	// APILevels is a list of API levels that should be enabled on startup: v1beta3 and v1 as examples

-	APILevels []string

+	// DisabledAPIGroupVersions is a map of groups to the versions (or *) that should be disabled.

+	DisabledAPIGroupVersions map[string][]string

+

 	// MasterIP is the public IP address of kubernetes stuff.  If empty, the first result from net.InterfaceAddrs will be used.

 	MasterIP string

 	// MasterCount is the number of expected masters that should be running. This value defaults to 1 and may be set to a positive integer,

@@ -2,16 +2,17 @@ package v1

 import (

 	"k8s.io/kubernetes/pkg/conversion"

+	"k8s.io/kubernetes/pkg/util/sets"

-	newer "github.com/openshift/origin/pkg/cmd/server/api"

+	internal "github.com/openshift/origin/pkg/cmd/server/api"

 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"

 )

 func init() {

-	err := newer.Scheme.AddDefaultingFuncs(

+	err := internal.Scheme.AddDefaultingFuncs(

 		func(obj *MasterConfig) {

 			if len(obj.APILevels) == 0 {

-				obj.APILevels = newer.DefaultOpenShiftAPILevels

+				obj.APILevels = internal.DefaultOpenShiftAPILevels

 			}

 			if len(obj.Controllers) == 0 {

 				obj.Controllers = ControllersAll

@@ -53,7 +54,7 @@ func init() {

 				obj.MasterCount = 1

 			}

 			if len(obj.APILevels) == 0 {

-				obj.APILevels = newer.DefaultKubernetesAPILevels

+				obj.APILevels = internal.DefaultKubernetesAPILevels

 			}

 			if len(obj.ServicesNodePortRange) == 0 {

 				obj.ServicesNodePortRange = "30000-32767"

@@ -96,7 +97,7 @@ func init() {

 				obj.KubernetesStoragePrefix = "kubernetes.io"

 			}

 			if len(obj.OpenShiftStorageVersion) == 0 {

-				obj.OpenShiftStorageVersion = newer.DefaultOpenShiftStorageVersionLevel

+				obj.OpenShiftStorageVersion = internal.DefaultOpenShiftStorageVersionLevel

 			}

 			if len(obj.OpenShiftStoragePrefix) == 0 {

 				obj.OpenShiftStoragePrefix = "openshift.io"

@@ -141,14 +142,49 @@ func init() {

 		// If one of the conversion functions is malformed, detect it immediately.

 		panic(err)

 	}

-	err = newer.Scheme.AddConversionFuncs(

-		func(in *NodeConfig, out *newer.NodeConfig, s conversion.Scope) error {

+	err = internal.Scheme.AddConversionFuncs(

+		func(in *NodeConfig, out *internal.NodeConfig, s conversion.Scope) error {

 			return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)

 		},

-		func(in *newer.NodeConfig, out *NodeConfig, s conversion.Scope) error {

+		func(in *internal.NodeConfig, out *NodeConfig, s conversion.Scope) error {

 			return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)

 		},

-		func(in *ServingInfo, out *newer.ServingInfo, s conversion.Scope) error {

+		func(in *KubernetesMasterConfig, out *internal.KubernetesMasterConfig, s conversion.Scope) error {

+			if err := s.DefaultConvert(in, out, conversion.IgnoreMissingFields); err != nil {

+				return err

+			}

+

+			if out.DisabledAPIGroupVersions == nil {

+				out.DisabledAPIGroupVersions = map[string][]string{}

+			}

+

+			// the APILevels (whitelist) needs to be converted into an internal blacklist

+			if len(in.APILevels) == 0 {

+				out.DisabledAPIGroupVersions[internal.APIGroupKube] = []string{"*"}

+

+			} else {

+				availableLevels := internal.KubeAPIGroupsToAllowedVersions[internal.APIGroupKube]

+				whitelistedLevels := sets.NewString(in.APILevels...)

+				blacklistedLevels := []string{}

+

+				for _, curr := range availableLevels {

+					if !whitelistedLevels.Has(curr) {

+						blacklistedLevels = append(blacklistedLevels, curr)

+					}

+				}

+

+				if len(blacklistedLevels) > 0 {

+					out.DisabledAPIGroupVersions[internal.APIGroupKube] = blacklistedLevels

+				}

+			}

+

+			return nil

+		},

+		func(in *internal.KubernetesMasterConfig, out *KubernetesMasterConfig, s conversion.Scope) error {

+			// internal doesn't have all fields: APILevels

+			return s.DefaultConvert(in, out, conversion.IgnoreMissingFields)

+		},

+		func(in *ServingInfo, out *internal.ServingInfo, s conversion.Scope) error {

 			if err := s.DefaultConvert(in, out, conversion.IgnoreMissingFields); err != nil {

 				return err

 			}

@@ -156,7 +192,7 @@ func init() {

 			out.ServerCert.KeyFile = in.KeyFile

 			return nil

 		},

-		func(in *newer.ServingInfo, out *ServingInfo, s conversion.Scope) error {

+		func(in *internal.ServingInfo, out *ServingInfo, s conversion.Scope) error {

 			if err := s.DefaultConvert(in, out, conversion.IgnoreMissingFields); err != nil {

 				return err

 			}

@@ -164,42 +200,42 @@ func init() {

 			out.KeyFile = in.ServerCert.KeyFile

 			return nil

 		},

-		func(in *RemoteConnectionInfo, out *newer.RemoteConnectionInfo, s conversion.Scope) error {

+		func(in *RemoteConnectionInfo, out *internal.RemoteConnectionInfo, s conversion.Scope) error {

 			out.URL = in.URL

 			out.CA = in.CA

 			out.ClientCert.CertFile = in.CertFile

 			out.ClientCert.KeyFile = in.KeyFile

 			return nil

 		},

-		func(in *newer.RemoteConnectionInfo, out *RemoteConnectionInfo, s conversion.Scope) error {

+		func(in *internal.RemoteConnectionInfo, out *RemoteConnectionInfo, s conversion.Scope) error {

 			out.URL = in.URL

 			out.CA = in.CA

 			out.CertFile = in.ClientCert.CertFile

 			out.KeyFile = in.ClientCert.KeyFile

 			return nil

 		},

-		func(in *EtcdConnectionInfo, out *newer.EtcdConnectionInfo, s conversion.Scope) error {

+		func(in *EtcdConnectionInfo, out *internal.EtcdConnectionInfo, s conversion.Scope) error {

 			out.URLs = in.URLs

 			out.CA = in.CA

 			out.ClientCert.CertFile = in.CertFile

 			out.ClientCert.KeyFile = in.KeyFile

 			return nil

 		},

-		func(in *newer.EtcdConnectionInfo, out *EtcdConnectionInfo, s conversion.Scope) error {

+		func(in *internal.EtcdConnectionInfo, out *EtcdConnectionInfo, s conversion.Scope) error {

 			out.URLs = in.URLs

 			out.CA = in.CA

 			out.CertFile = in.ClientCert.CertFile

 			out.KeyFile = in.ClientCert.KeyFile

 			return nil

 		},

-		func(in *KubeletConnectionInfo, out *newer.KubeletConnectionInfo, s conversion.Scope) error {

+		func(in *KubeletConnectionInfo, out *internal.KubeletConnectionInfo, s conversion.Scope) error {

 			out.Port = in.Port

 			out.CA = in.CA

 			out.ClientCert.CertFile = in.CertFile

 			out.ClientCert.KeyFile = in.KeyFile

 			return nil

 		},

-		func(in *newer.KubeletConnectionInfo, out *KubeletConnectionInfo, s conversion.Scope) error {

+		func(in *internal.KubeletConnectionInfo, out *KubeletConnectionInfo, s conversion.Scope) error {

 			out.Port = in.Port

 			out.CA = in.CA

 			out.CertFile = in.ClientCert.CertFile

@@ -693,6 +693,9 @@ type EtcdConfig struct {

 type KubernetesMasterConfig struct {

 	// APILevels is a list of API levels that should be enabled on startup: v1beta3 and v1 as examples

 	APILevels []string `json:"apiLevels"`

+	// DisabledAPIGroupVersions is a map of groups to the versions (or *) that should be disabled.

+	DisabledAPIGroupVersions map[string][]string `json:"disabledAPIGroupVersions"`

+

 	// MasterIP is the public IP address of kubernetes stuff.  If empty, the first result from net.InterfaceAddrs will be used.

 	MasterIP string `json:"masterIP"`

 	// MasterCount is the number of expected masters that should be running. This value defaults to 1 and may be set to a positive integer,

@@ -127,6 +127,7 @@ kubernetesMasterConfig:

   apiLevels: null

   apiServerArguments: null

   controllerArguments: null

+  disabledAPIGroupVersions: null

   masterCount: 0

   masterIP: ""

   podEvictionTimeout: ""

@@ -432,7 +432,24 @@ func ValidateKubernetesMasterConfig(config *api.KubernetesMasterConfig) Validati

 		}

 	}

-	validationResults.Append(ValidateAPILevels(config.APILevels, api.KnownKubernetesAPILevels, api.DeadKubernetesAPILevels, "apiLevels"))

+	for group, versions := range config.DisabledAPIGroupVersions {

+		name := "disabledAPIGroupVersions[" + group + "]"

+		if !api.KnownKubeAPIGroups.Has(group) {

+			validationResults.AddWarnings(fielderrors.NewFieldValueNotSupported(name, group, api.KnownKubeAPIGroups.List()))

+			continue

+		}

+

+		allowedVersions := sets.NewString(api.KubeAPIGroupsToAllowedVersions[group]...)

+		for i, version := range versions {

+			if version == "*" {

+				continue

+			}

+

+			if !allowedVersions.Has(version) {

+				validationResults.AddWarnings(fielderrors.NewFieldValueNotSupported(fmt.Sprintf("%s[%d]", name, i), version, allowedVersions.List()))

+			}

+		}

+	}

 	validationResults.AddErrors(ValidateAPIServerExtendedArguments(config.APIServerArguments).Prefix("apiServerArguments")...)

 	validationResults.AddErrors(ValidateControllerExtendedArguments(config.ControllerArguments).Prefix("controllerArguments")...)

@@ -31,8 +31,10 @@ import (

 )

 const (

-	KubeAPIPrefix   = "/api"

-	KubeAPIPrefixV1 = "/api/v1"

+	KubeAPIPrefix                  = "/api"

+	KubeAPIPrefixV1                = KubeAPIPrefix + "/v1"

+	KubeAPIGroupPrefix             = "/apis"

+	KubeAPIExtensionsPrefixV1beta1 = KubeAPIGroupPrefix + "/extensions/v1beta1"

 )

 // InstallAPI starts a Kubernetes master and registers the supported REST APIs

@@ -48,6 +50,10 @@ func (c *MasterConfig) InstallAPI(container *restful.Container) []string {

 		messages = append(messages, fmt.Sprintf("Started Kubernetes API at %%s%s", KubeAPIPrefixV1))

 	}

+	if c.Master.EnableExp {

+		messages = append(messages, fmt.Sprintf("Started Kubernetes API Extensions at %%s%s", KubeAPIExtensionsPrefixV1beta1))

+	}

+

 	return messages

 }

@@ -10,6 +10,7 @@ import (

 	"time"

 	"github.com/golang/glog"

+

 	"k8s.io/kubernetes/cmd/kube-apiserver/app"

 	cmapp "k8s.io/kubernetes/cmd/kube-controller-manager/app"

 	"k8s.io/kubernetes/pkg/admission"

@@ -21,6 +22,7 @@ import (

 	"k8s.io/kubernetes/pkg/master"

 	"k8s.io/kubernetes/pkg/util"

 	kerrors "k8s.io/kubernetes/pkg/util/errors"

+	"k8s.io/kubernetes/pkg/util/sets"

 	saadmit "k8s.io/kubernetes/plugin/pkg/admission/serviceaccount"

 	"github.com/openshift/origin/pkg/cmd/flagtypes"

@@ -147,14 +149,32 @@ func BuildKubernetesMasterConfig(options configapi.MasterConfig, requestContextM

 		proxyClientCerts = append(proxyClientCerts, clientCert)

 	}

+	// TODO you have to know every APIGroup you're enabling or upstream will panic.  It's alternative to panicing is Fataling

+	// It needs a refactor to return errors

 	storageDestinations := master.NewStorageDestinations()

-	storageDestinations.AddAPIGroup("", databaseStorage)

+	// storageVersions is a map from API group to allowed versions that must be a version exposed by the REST API or it breaks.

+	// We need to fix the upstream to stop using the storage version as a preferred api version.

+	storageVersions := map[string]string{}

+

+	enabledKubeVersions := configapi.GetEnabledAPIVersionsForGroup(*options.KubernetesMasterConfig, configapi.APIGroupKube)

+	enabledKubeVersionSet := sets.NewString(enabledKubeVersions...)

+	if len(enabledKubeVersions) > 0 {

+		storageDestinations.AddAPIGroup(configapi.APIGroupKube, databaseStorage)

+		storageVersions[configapi.APIGroupKube] = options.EtcdStorageConfig.KubernetesStorageVersion

+	}

+

+	enabledExtensionsVersions := configapi.GetEnabledAPIVersionsForGroup(*options.KubernetesMasterConfig, configapi.APIGroupExtensions)

+	if len(enabledExtensionsVersions) > 0 {

+		storageDestinations.AddAPIGroup(configapi.APIGroupExtensions, databaseStorage)

+		storageVersions[configapi.APIGroupExtensions] = enabledExtensionsVersions[0]

+	}

 	m := &master.Config{

 		PublicAddress: net.ParseIP(options.KubernetesMasterConfig.MasterIP),

 		ReadWritePort: port,

 		StorageDestinations: storageDestinations,

+		StorageVersions:     storageVersions,

 		EventTTL: server.EventTTL,

 		//MinRequestTimeout: server.MinRequestTimeout,

@@ -164,8 +184,9 @@ func BuildKubernetesMasterConfig(options configapi.MasterConfig, requestContextM

 		RequestContextMapper: requestContextMapper,

-		KubeletClient: kubeletClient,

-		APIPrefix:     KubeAPIPrefix,

+		KubeletClient:  kubeletClient,

+		APIPrefix:      KubeAPIPrefix,

+		APIGroupPrefix: KubeAPIGroupPrefix,

 		EnableCoreControllers: true,

@@ -174,7 +195,8 @@ func BuildKubernetesMasterConfig(options configapi.MasterConfig, requestContextM

 		Authorizer:       apiserver.NewAlwaysAllowAuthorizer(),

 		AdmissionControl: admissionController,

-		DisableV1: !configapi.HasKubernetesAPILevel(*options.KubernetesMasterConfig, "v1"),

+		EnableExp: len(enabledExtensionsVersions) > 0,

+		DisableV1: !enabledKubeVersionSet.Has("v1"),

 		// Set the TLS options for proxying to pods and services

 		// Proxying to nodes uses the kubeletClient TLS config (so can provide a different cert, and verify the node hostname)