Documentation ¶
Index ¶
- Constants
- Variables
- func Convert_componentconfig_KubeProxyConfiguration_To_v1alpha1_KubeProxyConfiguration(in *componentconfig.KubeProxyConfiguration, out *KubeProxyConfiguration, ...) error
- func Convert_componentconfig_KubeSchedulerConfiguration_To_v1alpha1_KubeSchedulerConfiguration(in *componentconfig.KubeSchedulerConfiguration, ...) error
- func Convert_componentconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication(in *componentconfig.KubeletAnonymousAuthentication, ...) error
- func Convert_componentconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication(in *componentconfig.KubeletAuthentication, out *KubeletAuthentication, ...) error
- func Convert_componentconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization(in *componentconfig.KubeletAuthorization, out *KubeletAuthorization, ...) error
- func Convert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration(in *componentconfig.KubeletConfiguration, out *KubeletConfiguration, ...) error
- func Convert_componentconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication(in *componentconfig.KubeletWebhookAuthentication, ...) error
- func Convert_componentconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization(in *componentconfig.KubeletWebhookAuthorization, ...) error
- func Convert_componentconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication(in *componentconfig.KubeletX509Authentication, out *KubeletX509Authentication, ...) error
- func Convert_componentconfig_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfiguration(in *componentconfig.LeaderElectionConfiguration, ...) error
- func Convert_v1alpha1_KubeProxyConfiguration_To_componentconfig_KubeProxyConfiguration(in *KubeProxyConfiguration, out *componentconfig.KubeProxyConfiguration, ...) error
- func Convert_v1alpha1_KubeSchedulerConfiguration_To_componentconfig_KubeSchedulerConfiguration(in *KubeSchedulerConfiguration, ...) error
- func Convert_v1alpha1_KubeletAnonymousAuthentication_To_componentconfig_KubeletAnonymousAuthentication(in *KubeletAnonymousAuthentication, ...) error
- func Convert_v1alpha1_KubeletAuthentication_To_componentconfig_KubeletAuthentication(in *KubeletAuthentication, out *componentconfig.KubeletAuthentication, ...) error
- func Convert_v1alpha1_KubeletAuthorization_To_componentconfig_KubeletAuthorization(in *KubeletAuthorization, out *componentconfig.KubeletAuthorization, ...) error
- func Convert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfiguration(in *KubeletConfiguration, out *componentconfig.KubeletConfiguration, ...) error
- func Convert_v1alpha1_KubeletWebhookAuthentication_To_componentconfig_KubeletWebhookAuthentication(in *KubeletWebhookAuthentication, ...) error
- func Convert_v1alpha1_KubeletWebhookAuthorization_To_componentconfig_KubeletWebhookAuthorization(in *KubeletWebhookAuthorization, ...) error
- func Convert_v1alpha1_KubeletX509Authentication_To_componentconfig_KubeletX509Authentication(in *KubeletX509Authentication, out *componentconfig.KubeletX509Authentication, ...) error
- func Convert_v1alpha1_LeaderElectionConfiguration_To_componentconfig_LeaderElectionConfiguration(in *LeaderElectionConfiguration, ...) error
- func DeepCopy_v1alpha1_KubeProxyConfiguration(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_KubeSchedulerConfiguration(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_KubeletAnonymousAuthentication(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_KubeletAuthentication(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_KubeletAuthorization(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_KubeletConfiguration(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_KubeletWebhookAuthentication(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_KubeletWebhookAuthorization(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_KubeletX509Authentication(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_LeaderElectionConfiguration(in interface{}, out interface{}, c *conversion.Cloner) error
- func RegisterConversions(scheme *runtime.Scheme) error
- func RegisterDeepCopies(scheme *runtime.Scheme) error
- func RegisterDefaults(scheme *runtime.Scheme) error
- func SetDefaults_KubeProxyConfiguration(obj *KubeProxyConfiguration)
- func SetDefaults_KubeSchedulerConfiguration(obj *KubeSchedulerConfiguration)
- func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration)
- func SetDefaults_LeaderElectionConfiguration(obj *LeaderElectionConfiguration)
- func SetObjectDefaults_KubeProxyConfiguration(in *KubeProxyConfiguration)
- func SetObjectDefaults_KubeSchedulerConfiguration(in *KubeSchedulerConfiguration)
- func SetObjectDefaults_KubeletConfiguration(in *KubeletConfiguration)
- type HairpinMode
- type KubeProxyConfiguration
- type KubeSchedulerConfiguration
- type KubeletAnonymousAuthentication
- type KubeletAuthentication
- type KubeletAuthorization
- type KubeletAuthorizationMode
- type KubeletConfiguration
- type KubeletWebhookAuthentication
- type KubeletWebhookAuthorization
- type KubeletX509Authentication
- type LeaderElectionConfiguration
- type ProxyMode
Constants ¶
const ( // Set the hairpin flag on the veth of containers in the respective // container runtime. HairpinVeth = "hairpin-veth" // Make the container bridge promiscuous. This will force it to accept // hairpin packets, even if the flag isn't set on ports of the bridge. PromiscuousBridge = "promiscuous-bridge" // Neither of the above. If the kubelet is started in this hairpin mode // and kube-proxy is running in iptables mode, hairpin packets will be // dropped by the container bridge. HairpinNone = "none" )
Enum settings for different ways to handle hairpin packets.
const (
AutoDetectCloudProvider = "auto-detect"
)
const GroupName = "componentconfig"
GroupName is the group name use in this package
Variables ¶
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes, addDefaultingFuncs) AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: "v1alpha1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Convert_componentconfig_KubeProxyConfiguration_To_v1alpha1_KubeProxyConfiguration ¶
func Convert_componentconfig_KubeProxyConfiguration_To_v1alpha1_KubeProxyConfiguration(in *componentconfig.KubeProxyConfiguration, out *KubeProxyConfiguration, s conversion.Scope) error
func Convert_componentconfig_KubeSchedulerConfiguration_To_v1alpha1_KubeSchedulerConfiguration ¶
func Convert_componentconfig_KubeSchedulerConfiguration_To_v1alpha1_KubeSchedulerConfiguration(in *componentconfig.KubeSchedulerConfiguration, out *KubeSchedulerConfiguration, s conversion.Scope) error
func Convert_componentconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication ¶
func Convert_componentconfig_KubeletAnonymousAuthentication_To_v1alpha1_KubeletAnonymousAuthentication(in *componentconfig.KubeletAnonymousAuthentication, out *KubeletAnonymousAuthentication, s conversion.Scope) error
func Convert_componentconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication ¶
func Convert_componentconfig_KubeletAuthentication_To_v1alpha1_KubeletAuthentication(in *componentconfig.KubeletAuthentication, out *KubeletAuthentication, s conversion.Scope) error
func Convert_componentconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization ¶
func Convert_componentconfig_KubeletAuthorization_To_v1alpha1_KubeletAuthorization(in *componentconfig.KubeletAuthorization, out *KubeletAuthorization, s conversion.Scope) error
func Convert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration ¶ added in v1.4.0
func Convert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfiguration(in *componentconfig.KubeletConfiguration, out *KubeletConfiguration, s conversion.Scope) error
func Convert_componentconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication ¶
func Convert_componentconfig_KubeletWebhookAuthentication_To_v1alpha1_KubeletWebhookAuthentication(in *componentconfig.KubeletWebhookAuthentication, out *KubeletWebhookAuthentication, s conversion.Scope) error
func Convert_componentconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization ¶
func Convert_componentconfig_KubeletWebhookAuthorization_To_v1alpha1_KubeletWebhookAuthorization(in *componentconfig.KubeletWebhookAuthorization, out *KubeletWebhookAuthorization, s conversion.Scope) error
func Convert_componentconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication ¶
func Convert_componentconfig_KubeletX509Authentication_To_v1alpha1_KubeletX509Authentication(in *componentconfig.KubeletX509Authentication, out *KubeletX509Authentication, s conversion.Scope) error
func Convert_componentconfig_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfiguration ¶
func Convert_componentconfig_LeaderElectionConfiguration_To_v1alpha1_LeaderElectionConfiguration(in *componentconfig.LeaderElectionConfiguration, out *LeaderElectionConfiguration, s conversion.Scope) error
func Convert_v1alpha1_KubeProxyConfiguration_To_componentconfig_KubeProxyConfiguration ¶
func Convert_v1alpha1_KubeProxyConfiguration_To_componentconfig_KubeProxyConfiguration(in *KubeProxyConfiguration, out *componentconfig.KubeProxyConfiguration, s conversion.Scope) error
func Convert_v1alpha1_KubeSchedulerConfiguration_To_componentconfig_KubeSchedulerConfiguration ¶
func Convert_v1alpha1_KubeSchedulerConfiguration_To_componentconfig_KubeSchedulerConfiguration(in *KubeSchedulerConfiguration, out *componentconfig.KubeSchedulerConfiguration, s conversion.Scope) error
func Convert_v1alpha1_KubeletAnonymousAuthentication_To_componentconfig_KubeletAnonymousAuthentication ¶
func Convert_v1alpha1_KubeletAnonymousAuthentication_To_componentconfig_KubeletAnonymousAuthentication(in *KubeletAnonymousAuthentication, out *componentconfig.KubeletAnonymousAuthentication, s conversion.Scope) error
func Convert_v1alpha1_KubeletAuthentication_To_componentconfig_KubeletAuthentication ¶
func Convert_v1alpha1_KubeletAuthentication_To_componentconfig_KubeletAuthentication(in *KubeletAuthentication, out *componentconfig.KubeletAuthentication, s conversion.Scope) error
func Convert_v1alpha1_KubeletAuthorization_To_componentconfig_KubeletAuthorization ¶
func Convert_v1alpha1_KubeletAuthorization_To_componentconfig_KubeletAuthorization(in *KubeletAuthorization, out *componentconfig.KubeletAuthorization, s conversion.Scope) error
func Convert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfiguration ¶ added in v1.4.0
func Convert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfiguration(in *KubeletConfiguration, out *componentconfig.KubeletConfiguration, s conversion.Scope) error
func Convert_v1alpha1_KubeletWebhookAuthentication_To_componentconfig_KubeletWebhookAuthentication ¶
func Convert_v1alpha1_KubeletWebhookAuthentication_To_componentconfig_KubeletWebhookAuthentication(in *KubeletWebhookAuthentication, out *componentconfig.KubeletWebhookAuthentication, s conversion.Scope) error
func Convert_v1alpha1_KubeletWebhookAuthorization_To_componentconfig_KubeletWebhookAuthorization ¶
func Convert_v1alpha1_KubeletWebhookAuthorization_To_componentconfig_KubeletWebhookAuthorization(in *KubeletWebhookAuthorization, out *componentconfig.KubeletWebhookAuthorization, s conversion.Scope) error
func Convert_v1alpha1_KubeletX509Authentication_To_componentconfig_KubeletX509Authentication ¶
func Convert_v1alpha1_KubeletX509Authentication_To_componentconfig_KubeletX509Authentication(in *KubeletX509Authentication, out *componentconfig.KubeletX509Authentication, s conversion.Scope) error
func Convert_v1alpha1_LeaderElectionConfiguration_To_componentconfig_LeaderElectionConfiguration ¶
func Convert_v1alpha1_LeaderElectionConfiguration_To_componentconfig_LeaderElectionConfiguration(in *LeaderElectionConfiguration, out *componentconfig.LeaderElectionConfiguration, s conversion.Scope) error
func DeepCopy_v1alpha1_KubeProxyConfiguration ¶ added in v1.3.0
func DeepCopy_v1alpha1_KubeProxyConfiguration(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1alpha1_KubeSchedulerConfiguration ¶ added in v1.3.0
func DeepCopy_v1alpha1_KubeSchedulerConfiguration(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1alpha1_KubeletAnonymousAuthentication ¶
func DeepCopy_v1alpha1_KubeletAnonymousAuthentication(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1alpha1_KubeletAuthentication ¶
func DeepCopy_v1alpha1_KubeletAuthentication(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1alpha1_KubeletAuthorization ¶
func DeepCopy_v1alpha1_KubeletAuthorization(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1alpha1_KubeletConfiguration ¶ added in v1.4.0
func DeepCopy_v1alpha1_KubeletConfiguration(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1alpha1_KubeletWebhookAuthentication ¶
func DeepCopy_v1alpha1_KubeletWebhookAuthentication(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1alpha1_KubeletWebhookAuthorization ¶
func DeepCopy_v1alpha1_KubeletWebhookAuthorization(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1alpha1_KubeletX509Authentication ¶
func DeepCopy_v1alpha1_KubeletX509Authentication(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1alpha1_LeaderElectionConfiguration ¶ added in v1.3.0
func DeepCopy_v1alpha1_LeaderElectionConfiguration(in interface{}, out interface{}, c *conversion.Cloner) error
func RegisterConversions ¶ added in v1.4.0
RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.
func RegisterDeepCopies ¶ added in v1.4.0
RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.
func RegisterDefaults ¶
RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.
func SetDefaults_KubeProxyConfiguration ¶ added in v1.3.0
func SetDefaults_KubeProxyConfiguration(obj *KubeProxyConfiguration)
func SetDefaults_KubeSchedulerConfiguration ¶ added in v1.3.0
func SetDefaults_KubeSchedulerConfiguration(obj *KubeSchedulerConfiguration)
func SetDefaults_KubeletConfiguration ¶ added in v1.4.0
func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration)
func SetDefaults_LeaderElectionConfiguration ¶ added in v1.3.0
func SetDefaults_LeaderElectionConfiguration(obj *LeaderElectionConfiguration)
func SetObjectDefaults_KubeProxyConfiguration ¶
func SetObjectDefaults_KubeProxyConfiguration(in *KubeProxyConfiguration)
func SetObjectDefaults_KubeSchedulerConfiguration ¶
func SetObjectDefaults_KubeSchedulerConfiguration(in *KubeSchedulerConfiguration)
func SetObjectDefaults_KubeletConfiguration ¶
func SetObjectDefaults_KubeletConfiguration(in *KubeletConfiguration)
Types ¶
type HairpinMode ¶ added in v1.4.0
type HairpinMode string
HairpinMode denotes how the kubelet should configure networking to handle hairpin packets.
type KubeProxyConfiguration ¶
type KubeProxyConfiguration struct { unversioned.TypeMeta // bindAddress is the IP address for the proxy server to serve on (set to 0.0.0.0 // for all interfaces) BindAddress string `json:"bindAddress"` // clusterCIDR is the CIDR range of the pods in the cluster. It is used to // bridge traffic coming from outside of the cluster. If not provided, // no off-cluster bridging will be performed. ClusterCIDR string `json:"clusterCIDR"` // healthzBindAddress is the IP address for the health check server to serve on, // defaulting to 127.0.0.1 (set to 0.0.0.0 for all interfaces) HealthzBindAddress string `json:"healthzBindAddress"` // healthzPort is the port to bind the health check server. Use 0 to disable. HealthzPort int32 `json:"healthzPort"` // hostnameOverride, if non-empty, will be used as the identity instead of the actual hostname. HostnameOverride string `json:"hostnameOverride"` // iptablesMasqueradeBit is the bit of the iptables fwmark space to use for SNAT if using // the pure iptables proxy mode. Values must be within the range [0, 31]. IPTablesMasqueradeBit *int32 `json:"iptablesMasqueradeBit"` // iptablesSyncPeriod is the period that iptables rules are refreshed (e.g. '5s', '1m', // '2h22m'). Must be greater than 0. IPTablesSyncPeriod unversioned.Duration `json:"iptablesSyncPeriodSeconds"` // kubeconfigPath is the path to the kubeconfig file with authorization information (the // master location is set by the master flag). KubeconfigPath string `json:"kubeconfigPath"` // masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode. MasqueradeAll bool `json:"masqueradeAll"` // master is the address of the Kubernetes API server (overrides any value in kubeconfig) Master string `json:"master"` // oomScoreAdj is the oom-score-adj value for kube-proxy process. Values must be within // the range [-1000, 1000] OOMScoreAdj *int32 `json:"oomScoreAdj"` // mode specifies which proxy mode to use. Mode ProxyMode `json:"mode"` // portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed // in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen. PortRange string `json:"portRange"` // resourceContainer is the bsolute name of the resource-only container to create and run // the Kube-proxy in (Default: /kube-proxy). ResourceContainer string `json:"resourceContainer"` // udpIdleTimeout is how long an idle UDP connection will be kept open (e.g. '250ms', '2s'). // Must be greater than 0. Only applicable for proxyMode=userspace. UDPIdleTimeout unversioned.Duration `json:"udpTimeoutMilliseconds"` // conntrackMax is the maximum number of NAT connections to track (0 to // leave as-is). This takes precedence over conntrackMaxPerCore and conntrackMin. ConntrackMax int32 `json:"conntrackMax"` // conntrackMaxPerCore is the maximum number of NAT connections to track // per CPU core (0 to leave the limit as-is and ignore conntrackMin). ConntrackMaxPerCore int32 `json:"conntrackMaxPerCore"` // conntrackMin is the minimum value of connect-tracking records to allocate, // regardless of conntrackMaxPerCore (set conntrackMaxPerCore=0 to leave the limit as-is). ConntrackMin int32 `json:"conntrackMin"` // conntrackTCPEstablishedTimeout is how long an idle TCP connection will be kept open // (e.g. '250ms', '2s'). Must be greater than 0. ConntrackTCPEstablishedTimeout unversioned.Duration `json:"conntrackTCPEstablishedTimeout"` }
func (*KubeProxyConfiguration) GetObjectKind ¶
func (obj *KubeProxyConfiguration) GetObjectKind() unversioned.ObjectKind
type KubeSchedulerConfiguration ¶
type KubeSchedulerConfiguration struct { unversioned.TypeMeta // port is the port that the scheduler's http service runs on. Port int `json:"port"` // address is the IP address to serve on. Address string `json:"address"` // algorithmProvider is the scheduling algorithm provider to use. AlgorithmProvider string `json:"algorithmProvider"` // policyConfigFile is the filepath to the scheduler policy configuration. PolicyConfigFile string `json:"policyConfigFile"` // enableProfiling enables profiling via web interface. EnableProfiling *bool `json:"enableProfiling"` // contentType is contentType of requests sent to apiserver. ContentType string `json:"contentType"` // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver. KubeAPIQPS float32 `json:"kubeAPIQPS"` // kubeAPIBurst is the QPS burst to use while talking with kubernetes apiserver. KubeAPIBurst int `json:"kubeAPIBurst"` // schedulerName is name of the scheduler, used to select which pods // will be processed by this scheduler, based on pod's annotation with // key 'scheduler.alpha.kubernetes.io/name'. SchedulerName string `json:"schedulerName"` // RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule // corresponding to every RequiredDuringScheduling affinity rule. // HardPodAffinitySymmetricWeight represents the weight of implicit PreferredDuringScheduling affinity rule, in the range 0-100. HardPodAffinitySymmetricWeight int `json:"hardPodAffinitySymmetricWeight"` // Indicate the "all topologies" set for empty topologyKey when it's used for PreferredDuringScheduling pod anti-affinity. FailureDomains string `json:"failureDomains"` // leaderElection defines the configuration of leader election client. LeaderElection LeaderElectionConfiguration `json:"leaderElection"` }
func (*KubeSchedulerConfiguration) GetObjectKind ¶
func (obj *KubeSchedulerConfiguration) GetObjectKind() unversioned.ObjectKind
type KubeletAnonymousAuthentication ¶
type KubeletAnonymousAuthentication struct { // enabled allows anonymous requests to the kubelet server. // Requests that are not rejected by another authentication method are treated as anonymous requests. // Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated. Enabled *bool `json:"enabled"` }
type KubeletAuthentication ¶
type KubeletAuthentication struct { // x509 contains settings related to x509 client certificate authentication X509 KubeletX509Authentication `json:"x509"` // webhook contains settings related to webhook bearer token authentication Webhook KubeletWebhookAuthentication `json:"webhook"` // anonymous contains settings related to anonymous authentication Anonymous KubeletAnonymousAuthentication `json:"anonymous"` }
type KubeletAuthorization ¶
type KubeletAuthorization struct { // mode is the authorization mode to apply to requests to the kubelet server. // Valid values are AlwaysAllow and Webhook. // Webhook mode uses the SubjectAccessReview API to determine authorization. Mode KubeletAuthorizationMode `json:"mode"` // webhook contains settings related to Webhook authorization. Webhook KubeletWebhookAuthorization `json:"webhook"` }
type KubeletAuthorizationMode ¶
type KubeletAuthorizationMode string
const ( // KubeletAuthorizationModeAlwaysAllow authorizes all authenticated requests KubeletAuthorizationModeAlwaysAllow KubeletAuthorizationMode = "AlwaysAllow" // KubeletAuthorizationModeWebhook uses the SubjectAccessReview API to determine authorization KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" )
type KubeletConfiguration ¶ added in v1.4.0
type KubeletConfiguration struct { unversioned.TypeMeta // podManifestPath is the path to the directory containing pod manifests to // run, or the path to a single manifest file PodManifestPath string `json:"podManifestPath"` // syncFrequency is the max period between synchronizing running // containers and config SyncFrequency unversioned.Duration `json:"syncFrequency"` // fileCheckFrequency is the duration between checking config files for // new data FileCheckFrequency unversioned.Duration `json:"fileCheckFrequency"` // httpCheckFrequency is the duration between checking http for new data HTTPCheckFrequency unversioned.Duration `json:"httpCheckFrequency"` // manifestURL is the URL for accessing the container manifest ManifestURL string `json:"manifestURL"` // manifestURLHeader is the HTTP header to use when accessing the manifest // URL, with the key separated from the value with a ':', as in 'key:value' ManifestURLHeader string `json:"manifestURLHeader"` // enableServer enables the Kubelet's server EnableServer *bool `json:"enableServer"` // address is the IP address for the Kubelet to serve on (set to 0.0.0.0 // for all interfaces) Address string `json:"address"` // port is the port for the Kubelet to serve on. Port int32 `json:"port"` // readOnlyPort is the read-only port for the Kubelet to serve on with // no authentication/authorization (set to 0 to disable) ReadOnlyPort int32 `json:"readOnlyPort"` // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, // if any, concatenated after server cert). If tlsCertFile and // tlsPrivateKeyFile are not provided, a self-signed certificate // and key are generated for the public address and saved to the directory // passed to certDir. TLSCertFile string `json:"tlsCertFile"` // tlsPrivateKeyFile is the ile containing x509 private key matching // tlsCertFile. TLSPrivateKeyFile string `json:"tlsPrivateKeyFile"` // certDirectory is the directory where the TLS certs are located (by // default /var/run/kubernetes). If tlsCertFile and tlsPrivateKeyFile // are provided, this flag will be ignored. CertDirectory string `json:"certDirectory"` // authentication specifies how requests to the Kubelet's server are authenticated Authentication KubeletAuthentication `json:"authentication"` // authorization specifies how requests to the Kubelet's server are authorized Authorization KubeletAuthorization `json:"authorization"` // hostnameOverride is the hostname used to identify the kubelet instead // of the actual hostname. HostnameOverride string `json:"hostnameOverride"` // podInfraContainerImage is the image whose network/ipc namespaces // containers in each pod will use. PodInfraContainerImage string `json:"podInfraContainerImage"` // dockerEndpoint is the path to the docker endpoint to communicate with. DockerEndpoint string `json:"dockerEndpoint"` // rootDirectory is the directory path to place kubelet files (volume // mounts,etc). RootDirectory string `json:"rootDirectory"` // seccompProfileRoot is the directory path for seccomp profiles. SeccompProfileRoot string `json:"seccompProfileRoot"` // allowPrivileged enables containers to request privileged mode. // Defaults to false. AllowPrivileged *bool `json:"allowPrivileged"` // hostNetworkSources is a comma-separated list of sources from which the // Kubelet allows pods to use of host network. Defaults to "*". Valid // options are "file", "http", "api", and "*" (all sources). HostNetworkSources []string `json:"hostNetworkSources"` // hostPIDSources is a comma-separated list of sources from which the // Kubelet allows pods to use the host pid namespace. Defaults to "*". HostPIDSources []string `json:"hostPIDSources"` // hostIPCSources is a comma-separated list of sources from which the // Kubelet allows pods to use the host ipc namespace. Defaults to "*". HostIPCSources []string `json:"hostIPCSources"` // registryPullQPS is the limit of registry pulls per second. If 0, // unlimited. Set to 0 for no limit. Defaults to 5.0. RegistryPullQPS *int32 `json:"registryPullQPS"` // registryBurst is the maximum size of a bursty pulls, temporarily allows // pulls to burst to this number, while still not exceeding registryQps. // Only used if registryQPS > 0. RegistryBurst int32 `json:"registryBurst"` // eventRecordQPS is the maximum event creations per second. If 0, there // is no limit enforced. EventRecordQPS *int32 `json:"eventRecordQPS"` // eventBurst is the maximum size of a bursty event records, temporarily // allows event records to burst to this number, while still not exceeding // event-qps. Only used if eventQps > 0 EventBurst int32 `json:"eventBurst"` // enableDebuggingHandlers enables server endpoints for log collection // and local running of containers and commands EnableDebuggingHandlers *bool `json:"enableDebuggingHandlers"` // minimumGCAge is the minimum age for a finished container before it is // garbage collected. MinimumGCAge unversioned.Duration `json:"minimumGCAge"` // maxPerPodContainerCount is the maximum number of old instances to // retain per container. Each container takes up some disk space. MaxPerPodContainerCount int32 `json:"maxPerPodContainerCount"` // maxContainerCount is the maximum number of old instances of containers // to retain globally. Each container takes up some disk space. MaxContainerCount *int32 `json:"maxContainerCount"` // cAdvisorPort is the port of the localhost cAdvisor endpoint CAdvisorPort int32 `json:"cAdvisorPort"` // healthzPort is the port of the localhost healthz endpoint HealthzPort int32 `json:"healthzPort"` // healthzBindAddress is the IP address for the healthz server to serve // on. HealthzBindAddress string `json:"healthzBindAddress"` // oomScoreAdj is The oom-score-adj value for kubelet process. Values // must be within the range [-1000, 1000]. OOMScoreAdj *int32 `json:"oomScoreAdj"` // registerNode enables automatic registration with the apiserver. RegisterNode *bool `json:"registerNode"` // clusterDomain is the DNS domain for this cluster. If set, kubelet will // configure all containers to search this domain in addition to the // host's search domains. ClusterDomain string `json:"clusterDomain"` // masterServiceNamespace is The namespace from which the kubernetes // master services should be injected into pods. MasterServiceNamespace string `json:"masterServiceNamespace"` // clusterDNS is the IP address for a cluster DNS server. If set, kubelet // will configure all containers to use this for DNS resolution in // addition to the host's DNS servers ClusterDNS string `json:"clusterDNS"` // streamingConnectionIdleTimeout is the maximum time a streaming connection // can be idle before the connection is automatically closed. StreamingConnectionIdleTimeout unversioned.Duration `json:"streamingConnectionIdleTimeout"` // nodeStatusUpdateFrequency is the frequency that kubelet posts node // status to master. Note: be cautious when changing the constant, it // must work with nodeMonitorGracePeriod in nodecontroller. NodeStatusUpdateFrequency unversioned.Duration `json:"nodeStatusUpdateFrequency"` // imageMinimumGCAge is the minimum age for an unused image before it is // garbage collected. ImageMinimumGCAge unversioned.Duration `json:"imageMinimumGCAge"` // imageGCHighThresholdPercent is the percent of disk usage after which // image garbage collection is always run. The percent is calculated as // this field value out of 100. ImageGCHighThresholdPercent *int32 `json:"imageGCHighThresholdPercent"` // imageGCLowThresholdPercent is the percent of disk usage before which // image garbage collection is never run. Lowest disk usage to garbage // collect to. The percent is calculated as this field value out of 100. ImageGCLowThresholdPercent *int32 `json:"imageGCLowThresholdPercent"` // lowDiskSpaceThresholdMB is the absolute free disk space, in MB, to // maintain. When disk space falls below this threshold, new pods would // be rejected. LowDiskSpaceThresholdMB int32 `json:"lowDiskSpaceThresholdMB"` // How frequently to calculate and cache volume disk usage for all pods VolumeStatsAggPeriod unversioned.Duration `json:"volumeStatsAggPeriod"` // networkPluginName is the name of the network plugin to be invoked for // various events in kubelet/pod lifecycle NetworkPluginName string `json:"networkPluginName"` // networkPluginDir is the full path of the directory in which to search // for network plugins (and, for backwards-compat, CNI config files) NetworkPluginDir string `json:"networkPluginDir"` // CNIConfDir is the full path of the directory in which to search for // CNI config files CNIConfDir string `json:"cniConfDir"` // CNIBinDir is the full path of the directory in which to search for // CNI plugin binaries CNIBinDir string `json:"cniBinDir"` // networkPluginMTU is the MTU to be passed to the network plugin, // and overrides the default MTU for cases where it cannot be automatically // computed (such as IPSEC). NetworkPluginMTU int32 `json:"networkPluginMTU"` // volumePluginDir is the full path of the directory in which to search // for additional third party volume plugins VolumePluginDir string `json:"volumePluginDir"` // cloudProvider is the provider for cloud services. CloudProvider string `json:"cloudProvider"` // cloudConfigFile is the path to the cloud provider configuration file. CloudConfigFile string `json:"cloudConfigFile"` // kubeletCgroups is the absolute name of cgroups to isolate the kubelet in. KubeletCgroups string `json:"kubeletCgroups"` // runtimeCgroups are cgroups that container runtime is expected to be isolated in. RuntimeCgroups string `json:"runtimeCgroups"` // systemCgroups is absolute name of cgroups in which to place // all non-kernel processes that are not already in a container. Empty // for no container. Rolling back the flag requires a reboot. SystemCgroups string `json:"systemCgroups"` // cgroupRoot is the root cgroup to use for pods. This is handled by the // container runtime on a best effort basis. CgroupRoot string `json:"cgroupRoot"` // Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes // And all Burstable and BestEffort pods are brought up under their // specific top level QoS cgroup. // +optional CgroupsPerQOS *bool `json:"cgroupsPerQOS,omitempty"` // driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd) // +optional CgroupDriver string `json:"cgroupDriver,omitempty"` // containerRuntime is the container runtime to use. ContainerRuntime string `json:"containerRuntime"` // remoteRuntimeEndpoint is the endpoint of remote runtime service RemoteRuntimeEndpoint string `json:"remoteRuntimeEndpoint"` // remoteImageEndpoint is the endpoint of remote image service RemoteImageEndpoint string `json:"remoteImageEndpoint"` // runtimeRequestTimeout is the timeout for all runtime requests except long running // requests - pull, logs, exec and attach. RuntimeRequestTimeout unversioned.Duration `json:"runtimeRequestTimeout"` // rktPath is the path of rkt binary. Leave empty to use the first rkt in // $PATH. RktPath string `json:"rktPath"` // experimentalMounterPath is the path to mounter binary. If not set, kubelet will attempt to use mount // binary that is available via $PATH, ExperimentalMounterPath string `json:"experimentalMounterPath,omitempty"` // rktApiEndpoint is the endpoint of the rkt API service to communicate with. RktAPIEndpoint string `json:"rktAPIEndpoint"` // rktStage1Image is the image to use as stage1. Local paths and // http/https URLs are supported. RktStage1Image string `json:"rktStage1Image"` // lockFilePath is the path that kubelet will use to as a lock file. // It uses this file as a lock to synchronize with other kubelet processes // that may be running. LockFilePath *string `json:"lockFilePath"` // ExitOnLockContention is a flag that signifies to the kubelet that it is running // in "bootstrap" mode. This requires that 'LockFilePath' has been set. // This will cause the kubelet to listen to inotify events on the lock file, // releasing it and exiting when another process tries to open that file. ExitOnLockContention bool `json:"exitOnLockContention"` // How should the kubelet configure the container bridge for hairpin packets. // Setting this flag allows endpoints in a Service to loadbalance back to // themselves if they should try to access their own Service. Values: // "promiscuous-bridge": make the container bridge promiscuous. // "hairpin-veth": set the hairpin flag on container veth interfaces. // "none": do nothing. // Generally, one must set --hairpin-mode=veth-flag to achieve hairpin NAT, // because promiscous-bridge assumes the existence of a container bridge named cbr0. HairpinMode string `json:"hairpinMode"` // The node has babysitter process monitoring docker and kubelet. BabysitDaemons bool `json:"babysitDaemons"` // maxPods is the number of pods that can run on this Kubelet. MaxPods int32 `json:"maxPods"` // nvidiaGPUs is the number of NVIDIA GPU devices on this node. NvidiaGPUs int32 `json:"nvidiaGPUs"` // dockerExecHandlerName is the handler to use when executing a command // in a container. Valid values are 'native' and 'nsenter'. Defaults to // 'native'. DockerExecHandlerName string `json:"dockerExecHandlerName"` // The CIDR to use for pod IP addresses, only used in standalone mode. // In cluster mode, this is obtained from the master. PodCIDR string `json:"podCIDR"` // ResolverConfig is the resolver configuration file used as the basis // for the container DNS resolution configuration."), [] ResolverConfig string `json:"resolvConf"` // cpuCFSQuota is Enable CPU CFS quota enforcement for containers that // specify CPU limits CPUCFSQuota *bool `json:"cpuCFSQuota"` // containerized should be set to true if kubelet is running in a container. Containerized *bool `json:"containerized"` // maxOpenFiles is Number of files that can be opened by Kubelet process. MaxOpenFiles int64 `json:"maxOpenFiles"` // reconcileCIDR is Reconcile node CIDR with the CIDR specified by the // API server. Won't have any effect if register-node is false. ReconcileCIDR *bool `json:"reconcileCIDR"` // registerSchedulable tells the kubelet to register the node as // schedulable. Won't have any effect if register-node is false. RegisterSchedulable *bool `json:"registerSchedulable"` // contentType is contentType of requests sent to apiserver. ContentType string `json:"contentType"` // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver KubeAPIQPS *int32 `json:"kubeAPIQPS"` // kubeAPIBurst is the burst to allow while talking with kubernetes // apiserver KubeAPIBurst int32 `json:"kubeAPIBurst"` // serializeImagePulls when enabled, tells the Kubelet to pull images one // at a time. We recommend *not* changing the default value on nodes that // run docker daemon with version < 1.9 or an Aufs storage backend. // Issue #10959 has more details. SerializeImagePulls *bool `json:"serializeImagePulls"` // outOfDiskTransitionFrequency is duration for which the kubelet has to // wait before transitioning out of out-of-disk node condition status. OutOfDiskTransitionFrequency unversioned.Duration `json:"outOfDiskTransitionFrequency"` // nodeIP is IP address of the node. If set, kubelet will use this IP // address for the node. NodeIP string `json:"nodeIP"` // nodeLabels to add when registering the node in the cluster. NodeLabels map[string]string `json:"nodeLabels"` // nonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade. NonMasqueradeCIDR string `json:"nonMasqueradeCIDR"` // enable gathering custom metrics. EnableCustomMetrics bool `json:"enableCustomMetrics"` // Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'. EvictionHard *string `json:"evictionHard"` // Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'. EvictionSoft string `json:"evictionSoft"` // Comma-delimeted list of grace periods for each soft eviction signal. For example, 'memory.available=30s'. EvictionSoftGracePeriod string `json:"evictionSoftGracePeriod"` // Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. EvictionPressureTransitionPeriod unversioned.Duration `json:"evictionPressureTransitionPeriod"` // Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. EvictionMaxPodGracePeriod int32 `json:"evictionMaxPodGracePeriod"` // Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. EvictionMinimumReclaim string `json:"evictionMinimumReclaim"` // Maximum number of pods per core. Cannot exceed MaxPods PodsPerCore int32 `json:"podsPerCore"` // enableControllerAttachDetach enables the Attach/Detach controller to // manage attachment/detachment of volumes scheduled to this node, and // disables kubelet from executing any attach/detach operations EnableControllerAttachDetach *bool `json:"enableControllerAttachDetach"` // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs // that describe resources reserved for non-kubernetes components. // Currently only cpu and memory are supported. [default=none] // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. SystemReserved map[string]string `json:"systemReserved"` // A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs // that describe resources reserved for kubernetes system components. // Currently only cpu and memory are supported. [default=none] // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. KubeReserved map[string]string `json:"kubeReserved"` // Default behaviour for kernel tuning ProtectKernelDefaults bool `json:"protectKernelDefaults"` // If true, Kubelet ensures a set of iptables rules are present on host. // These rules will serve as utility rules for various components, e.g. KubeProxy. // The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit. MakeIPTablesUtilChains *bool `json:"makeIPTablesUtilChains"` // iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT // Values must be within the range [0, 31]. Must be different from other mark bits. // Warning: Please match the value of corresponding parameter in kube-proxy // TODO: clean up IPTablesMasqueradeBit in kube-proxy IPTablesMasqueradeBit *int32 `json:"iptablesMasqueradeBit"` // iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets. // Values must be within the range [0, 31]. Must be different from other mark bits. IPTablesDropBit *int32 `json:"iptablesDropBit"` // Whitelist of unsafe sysctls or sysctl patterns (ending in *). Use these at your own risk. // Resource isolation might be lacking and pod might influence each other on the same node. // +optional AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty"` // How to integrate with runtime. If set to CRI, kubelet will switch to // using the new Container Runtine Interface. // +optional ExperimentalRuntimeIntegrationType string `json:"experimentalRuntimeIntegrationType,omitempty"` }
func (*KubeletConfiguration) GetObjectKind ¶ added in v1.4.0
func (obj *KubeletConfiguration) GetObjectKind() unversioned.ObjectKind
type KubeletWebhookAuthentication ¶
type KubeletWebhookAuthentication struct { // enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API Enabled *bool `json:"enabled"` // cacheTTL enables caching of authentication results CacheTTL unversioned.Duration `json:"cacheTTL"` }
type KubeletWebhookAuthorization ¶
type KubeletWebhookAuthorization struct { // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. CacheAuthorizedTTL unversioned.Duration `json:"cacheAuthorizedTTL"` CacheUnauthorizedTTL unversioned.Duration `json:"cacheUnauthorizedTTL"` }
type KubeletX509Authentication ¶
type KubeletX509Authentication struct { // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, // and groups corresponding to the Organization in the client certificate. ClientCAFile string `json:"clientCAFile"` }
type LeaderElectionConfiguration ¶
type LeaderElectionConfiguration struct { // leaderElect enables a leader election client to gain leadership // before executing the main loop. Enable this when running replicated // components for high availability. LeaderElect *bool `json:"leaderElect"` // leaseDuration is the duration that non-leader candidates will wait // after observing a leadership renewal until attempting to acquire // leadership of a led but unrenewed leader slot. This is effectively the // maximum duration that a leader can be stopped before it is replaced // by another candidate. This is only applicable if leader election is // enabled. LeaseDuration unversioned.Duration `json:"leaseDuration"` // renewDeadline is the interval between attempts by the acting master to // renew a leadership slot before it stops leading. This must be less // than or equal to the lease duration. This is only applicable if leader // election is enabled. RenewDeadline unversioned.Duration `json:"renewDeadline"` // retryPeriod is the duration the clients should wait between attempting // acquisition and renewal of a leadership. This is only applicable if // leader election is enabled. RetryPeriod unversioned.Duration `json:"retryPeriod"` }
LeaderElectionConfiguration defines the configuration of leader election clients for components that can run with leader election enabled.
type ProxyMode ¶
type ProxyMode string
Currently two modes of proxying are available: 'userspace' (older, stable) or 'iptables' (experimental). If blank, look at the Node object on the Kubernetes API and respect the 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the best-available proxy (currently userspace, but may change in future versions). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy.