Documentation ¶
Overview ¶
package options is the public flags and options used by a generic api server. It takes a minimal set of dependencies and does not reference implementations, in order to ensure it may be reused by multiple components (such as CLI commands that wish to generate or validate config).
Index ¶
- func CreateListener(network, addr string) (net.Listener, int, error)
- func ParseWatchCacheSizes(cacheSizes []string) (map[schema.GroupResource]int, error)
- func WriteWatchCacheSizes(watchCacheSizes map[schema.GroupResource]int) ([]string, error)
- type AdmissionOptions
- type AuditLogOptions
- type AuditOptions
- type AuditWebhookOptions
- type CertKey
- type ClientCertAuthenticationOptions
- type CoreAPIOptions
- type DelegatingAuthenticationOptions
- func (s *DelegatingAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
- func (s *DelegatingAuthenticationOptions) ApplyTo(c *server.Config) error
- func (s *DelegatingAuthenticationOptions) ToAuthenticationConfig() (authenticatorfactory.DelegatingAuthenticatorConfig, error)
- func (s *DelegatingAuthenticationOptions) Validate() []error
- type DelegatingAuthorizationOptions
- func (s *DelegatingAuthorizationOptions) AddFlags(fs *pflag.FlagSet)
- func (s *DelegatingAuthorizationOptions) ApplyTo(c *server.Config) error
- func (s *DelegatingAuthorizationOptions) ToAuthorizationConfig() (authorizerfactory.DelegatingAuthorizerConfig, error)
- func (s *DelegatingAuthorizationOptions) Validate() []error
- type EtcdOptions
- type FeatureOptions
- type GeneratableKeyCert
- type RecommendedOptions
- type RequestHeaderAuthenticationOptions
- type SecureServingOptions
- func (s *SecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet)
- func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet)
- func (s *SecureServingOptions) ApplyTo(c *server.Config) error
- func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error)
- func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress string, alternateDNS []string, alternateIPs []net.IP) error
- func (s *SecureServingOptions) Validate() []error
- type ServerRunOptions
- type SimpleRestOptionsFactory
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateListener ¶ added in v1.9.0
func ParseWatchCacheSizes ¶ added in v1.8.0
func ParseWatchCacheSizes(cacheSizes []string) (map[schema.GroupResource]int, error)
ParseWatchCacheSizes turns a list of cache size values into a map of group resources to requested sizes.
func WriteWatchCacheSizes ¶ added in v1.8.0
func WriteWatchCacheSizes(watchCacheSizes map[schema.GroupResource]int) ([]string, error)
WriteWatchCacheSizes turns a map of cache size values into a list of string specifications.
Types ¶
type AdmissionOptions ¶ added in v1.7.0
type AdmissionOptions struct { // RecommendedPluginOrder holds an ordered list of plugin names we recommend to use by default RecommendedPluginOrder []string // DefaultOffPlugins a list of plugin names that should be disabled by default DefaultOffPlugins []string PluginNames []string ConfigFile string Plugins *admission.Plugins }
AdmissionOptions holds the admission options
func NewAdmissionOptions ¶ added in v1.7.0
func NewAdmissionOptions() *AdmissionOptions
NewAdmissionOptions creates a new instance of AdmissionOptions Note:
In addition it calls RegisterAllAdmissionPlugins to register all generic admission plugins. Provides the list of RecommendedPluginOrder that holds sane values that can be used by servers that don't care about admission chain. Servers that do care can overwrite/append that field after creation.
func (*AdmissionOptions) AddFlags ¶ added in v1.7.0
func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet)
AddFlags adds flags related to admission for a specific APIServer to the specified FlagSet
func (*AdmissionOptions) ApplyTo ¶ added in v1.7.0
func (a *AdmissionOptions) ApplyTo( c *server.Config, informers informers.SharedInformerFactory, kubeAPIServerClientConfig *rest.Config, scheme *runtime.Scheme, pluginInitializers ...admission.PluginInitializer, ) error
ApplyTo adds the admission chain to the server configuration. In case admission plugin names were not provided by a custer-admin they will be prepared from the recommended/default values. In addition the method lazily initializes a generic plugin that is appended to the list of pluginInitializers note this method uses:
genericconfig.Authorizer
func (*AdmissionOptions) Validate ¶ added in v1.8.0
func (a *AdmissionOptions) Validate() []error
type AuditLogOptions ¶
AuditLogOptions determines the output of the structured audit log by default. If the AdvancedAuditing feature is set to false, AuditLogOptions holds the legacy audit log writer.
func (*AuditLogOptions) AddFlags ¶
func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet)
type AuditOptions ¶ added in v1.7.0
type AuditOptions struct { // Policy configuration file for filtering audit events that are captured. // If unspecified, a default is provided. PolicyFile string LogOptions AuditLogOptions WebhookOptions AuditWebhookOptions }
func NewAuditOptions ¶ added in v1.7.0
func NewAuditOptions() *AuditOptions
func (*AuditOptions) AddFlags ¶ added in v1.7.0
func (o *AuditOptions) AddFlags(fs *pflag.FlagSet)
func (*AuditOptions) ApplyTo ¶ added in v1.7.0
func (o *AuditOptions) ApplyTo(c *server.Config) error
func (*AuditOptions) Validate ¶ added in v1.8.0
func (o *AuditOptions) Validate() []error
Validate checks invalid config combination
type AuditWebhookOptions ¶ added in v1.7.0
type AuditWebhookOptions struct { ConfigFile string // Should the webhook asynchronous batch events to the webhook backend or // should the webhook block responses? // // Defaults to asynchronous batch events. Mode string // Configuration for batching webhook. Only used in batch mode. BatchConfig pluginwebhook.BatchBackendConfig }
AuditWebhookOptions control the webhook configuration for audit events.
func (*AuditWebhookOptions) AddFlags ¶ added in v1.7.0
func (o *AuditWebhookOptions) AddFlags(fs *pflag.FlagSet)
type ClientCertAuthenticationOptions ¶
type ClientCertAuthenticationOptions struct { // ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates ClientCA string }
func (*ClientCertAuthenticationOptions) AddFlags ¶
func (s *ClientCertAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
type CoreAPIOptions ¶ added in v1.8.0
type CoreAPIOptions struct { // CoreAPIKubeconfigPath is a filename for a kubeconfig file to contact the core API server with. // If it is not set, the in cluster config is used. CoreAPIKubeconfigPath string }
CoreAPIOptions contains options to configure the connection to a core API Kubernetes apiserver.
func NewCoreAPIOptions ¶ added in v1.8.0
func NewCoreAPIOptions() *CoreAPIOptions
func (*CoreAPIOptions) AddFlags ¶ added in v1.8.0
func (o *CoreAPIOptions) AddFlags(fs *pflag.FlagSet)
func (*CoreAPIOptions) ApplyTo ¶ added in v1.8.0
func (o *CoreAPIOptions) ApplyTo(config *server.RecommendedConfig) error
func (*CoreAPIOptions) Validate ¶ added in v1.8.0
func (o *CoreAPIOptions) Validate() []error
type DelegatingAuthenticationOptions ¶
type DelegatingAuthenticationOptions struct { // RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the // TokenAccessReview.authentication.k8s.io endpoint for checking tokens. RemoteKubeConfigFile string // CacheTTL is the length of time that a token authentication answer will be cached. CacheTTL time.Duration ClientCert ClientCertAuthenticationOptions RequestHeader RequestHeaderAuthenticationOptions SkipInClusterLookup bool }
DelegatingAuthenticationOptions provides an easy way for composing API servers to delegate their authentication to the root kube API server. The API federator will act as a front proxy and direction connections will be able to delegate to the core kube API server
func NewDelegatingAuthenticationOptions ¶
func NewDelegatingAuthenticationOptions() *DelegatingAuthenticationOptions
func (*DelegatingAuthenticationOptions) AddFlags ¶
func (s *DelegatingAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
func (*DelegatingAuthenticationOptions) ApplyTo ¶
func (s *DelegatingAuthenticationOptions) ApplyTo(c *server.Config) error
func (*DelegatingAuthenticationOptions) ToAuthenticationConfig ¶
func (s *DelegatingAuthenticationOptions) ToAuthenticationConfig() (authenticatorfactory.DelegatingAuthenticatorConfig, error)
func (*DelegatingAuthenticationOptions) Validate ¶
func (s *DelegatingAuthenticationOptions) Validate() []error
type DelegatingAuthorizationOptions ¶
type DelegatingAuthorizationOptions struct { // RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the // SubjectAccessReview.authorization.k8s.io endpoint for checking tokens. RemoteKubeConfigFile string // AllowCacheTTL is the length of time that a successful authorization response will be cached AllowCacheTTL time.Duration // DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached. // You generally want more responsive, "deny, try again" flows. DenyCacheTTL time.Duration }
DelegatingAuthorizationOptions provides an easy way for composing API servers to delegate their authorization to the root kube API server
func NewDelegatingAuthorizationOptions ¶
func NewDelegatingAuthorizationOptions() *DelegatingAuthorizationOptions
func (*DelegatingAuthorizationOptions) AddFlags ¶
func (s *DelegatingAuthorizationOptions) AddFlags(fs *pflag.FlagSet)
func (*DelegatingAuthorizationOptions) ApplyTo ¶
func (s *DelegatingAuthorizationOptions) ApplyTo(c *server.Config) error
func (*DelegatingAuthorizationOptions) ToAuthorizationConfig ¶
func (s *DelegatingAuthorizationOptions) ToAuthorizationConfig() (authorizerfactory.DelegatingAuthorizerConfig, error)
func (*DelegatingAuthorizationOptions) Validate ¶
func (s *DelegatingAuthorizationOptions) Validate() []error
type EtcdOptions ¶
type EtcdOptions struct { // The value of Paging on StorageConfig will be overriden by the // calculated feature gate value. StorageConfig storagebackend.Config EncryptionProviderConfigFilepath string EtcdServersOverrides []string // To enable protobuf as storage format, it is enough // to set it to "application/vnd.kubernetes.protobuf". DefaultStorageMediaType string DeleteCollectionWorkers int EnableGarbageCollection bool // Set EnableWatchCache to false to disable all watch caches EnableWatchCache bool // Set DefaultWatchCacheSize to zero to disable watch caches for those resources that have no explicit cache size set DefaultWatchCacheSize int // WatchCacheSizes represents override to a given resource WatchCacheSizes []string }
func NewEtcdOptions ¶
func NewEtcdOptions(backendConfig *storagebackend.Config) *EtcdOptions
func (*EtcdOptions) AddFlags ¶
func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet)
AddEtcdFlags adds flags related to etcd storage for a specific APIServer to the specified FlagSet
func (*EtcdOptions) ApplyWithStorageFactoryTo ¶
func (s *EtcdOptions) ApplyWithStorageFactoryTo(factory serverstorage.StorageFactory, c *server.Config) error
func (*EtcdOptions) Validate ¶
func (s *EtcdOptions) Validate() []error
type FeatureOptions ¶
type FeatureOptions struct { EnableProfiling bool EnableContentionProfiling bool EnableSwaggerUI bool }
func NewFeatureOptions ¶
func NewFeatureOptions() *FeatureOptions
func (*FeatureOptions) AddFlags ¶
func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet)
func (*FeatureOptions) Validate ¶ added in v1.8.0
func (o *FeatureOptions) Validate() []error
type GeneratableKeyCert ¶
type GeneratableKeyCert struct { CertKey CertKey // CACertFile is an optional file containing the certificate chain for CertKey.CertFile CACertFile string // CertDirectory is a directory that will contain the certificates. If the cert and key aren't specifically set // this will be used to derive a match with the "pair-name" CertDirectory string // PairName is the name which will be used with CertDirectory to make a cert and key names // It becomes CertDirector/PairName.crt and CertDirector/PairName.key PairName string }
type RecommendedOptions ¶
type RecommendedOptions struct { Etcd *EtcdOptions SecureServing *SecureServingOptions Authentication *DelegatingAuthenticationOptions Authorization *DelegatingAuthorizationOptions Audit *AuditOptions Features *FeatureOptions CoreAPI *CoreAPIOptions }
RecommendedOptions contains the recommended options for running an API server. If you add something to this list, it should be in a logical grouping. Each of them can be nil to leave the feature unconfigured on ApplyTo.
func NewRecommendedOptions ¶
func NewRecommendedOptions(prefix string, codec runtime.Codec) *RecommendedOptions
func (*RecommendedOptions) AddFlags ¶
func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet)
func (*RecommendedOptions) ApplyTo ¶
func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig) error
func (*RecommendedOptions) Validate ¶ added in v1.8.0
func (o *RecommendedOptions) Validate() []error
type RequestHeaderAuthenticationOptions ¶
type RequestHeaderAuthenticationOptions struct { UsernameHeaders []string GroupHeaders []string ExtraHeaderPrefixes []string ClientCAFile string AllowedNames []string }
func (*RequestHeaderAuthenticationOptions) AddFlags ¶
func (s *RequestHeaderAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
func (*RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig ¶
func (s *RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig() *authenticatorfactory.RequestHeaderConfig
ToAuthenticationRequestHeaderConfig returns a RequestHeaderConfig config object for these options if necessary, nil otherwise.
type SecureServingOptions ¶
type SecureServingOptions struct { BindAddress net.IP BindPort int // BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp", // "tcp4", and "tcp6". BindNetwork string // Listener is the secure server network listener. // either Listener or BindAddress/BindPort/BindNetwork is set, // if Listener is set, use it and omit BindAddress/BindPort/BindNetwork. Listener net.Listener // ServerCert is the TLS cert info for serving secure traffic ServerCert GeneratableKeyCert // SNICertKeys are named CertKeys for serving secure traffic with SNI support. SNICertKeys []utilflag.NamedCertKey // HTTP2MaxStreamsPerConnection is the limit that the api server imposes on each client. // A value of zero means to use the default provided by golang's HTTP/2 support. HTTP2MaxStreamsPerConnection int }
func NewSecureServingOptions ¶
func NewSecureServingOptions() *SecureServingOptions
func (*SecureServingOptions) AddDeprecatedFlags ¶
func (s *SecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet)
func (*SecureServingOptions) AddFlags ¶
func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet)
func (*SecureServingOptions) ApplyTo ¶
func (s *SecureServingOptions) ApplyTo(c *server.Config) error
ApplyTo fills up serving information in the server configuration.
func (*SecureServingOptions) DefaultExternalAddress ¶ added in v1.7.0
func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error)
func (*SecureServingOptions) MaybeDefaultWithSelfSignedCerts ¶
func (*SecureServingOptions) Validate ¶
func (s *SecureServingOptions) Validate() []error
type ServerRunOptions ¶
type ServerRunOptions struct { AdvertiseAddress net.IP CorsAllowedOriginList []string ExternalHost string MaxRequestsInFlight int MaxMutatingRequestsInFlight int RequestTimeout time.Duration MinRequestTimeout int TargetRAMMB int }
ServerRunOptions contains the options while running a generic api server.
func NewServerRunOptions ¶
func NewServerRunOptions() *ServerRunOptions
func (*ServerRunOptions) AddUniversalFlags ¶
func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet)
AddFlags adds flags for a specific APIServer to the specified FlagSet
func (*ServerRunOptions) ApplyTo ¶
func (s *ServerRunOptions) ApplyTo(c *server.Config) error
ApplyOptions applies the run options to the method receiver and returns self
func (*ServerRunOptions) DefaultAdvertiseAddress ¶
func (s *ServerRunOptions) DefaultAdvertiseAddress(secure *SecureServingOptions) error
DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions.
func (*ServerRunOptions) Validate ¶ added in v1.8.0
func (s *ServerRunOptions) Validate() []error
Validate checks validation of ServerRunOptions
type SimpleRestOptionsFactory ¶ added in v1.7.0
type SimpleRestOptionsFactory struct {
Options EtcdOptions
}
func (*SimpleRestOptionsFactory) GetRESTOptions ¶ added in v1.7.0
func (f *SimpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error)