const defaultKeepAlivePeriod … // tlsConfig produces the tls.Config to serve with. func (s *SecureServingInfo) tlsConfig(stopCh <-chan struct{ … } // Serve runs the secure http server. It fails only if certificates cannot be loaded or the initial listen call fails. // The actual server loop (stoppable by closing stopCh) runs in a go routine, i.e. Serve does not block. // It returns a stoppedCh that is closed when all non-hijacked active requests have been processed. // It returns a listenerStoppedCh that is closed when the underlying http Server has stopped listening. func (s *SecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{ … } // RunServer spawns a go-routine continuously serving until the stopCh is // closed. // It returns a stoppedCh that is closed when all non-hijacked active requests // have been processed. // This function does not block // TODO: make private when insecure serving is gone from the kube-apiserver func RunServer( server *http.Server, ln net.Listener, shutDownTimeout time.Duration, stopCh <-chan struct{ … } type tcpKeepAliveListener … func (ln tcpKeepAliveListener) Accept() (net.Conn, error) { … } type tlsHandshakeErrorWriter … const tlsHandshakeErrorPrefix … func (w *tlsHandshakeErrorWriter) Write(p []byte) (int, error) { … }