Documentation ¶
Index ¶
Constants ¶
View Source
const UnreserveTip = "ignore"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ApiserverLitekubeOptions ¶
type ApiserverLitekubeOptions struct { AllowPrivileged bool `yaml:"allow-privileged"` AuthorizationMode string `yaml:"authorization-mode"` AnonymousAuth bool `yaml:"anonymous-auth"` //EnableSwaggerUI bool `yaml:"enable-swagger-ui"` EnableAdmissionPlugins string `yaml:"enable-admission-plugins"` EncryptionProviderConfig string `yaml:"encryption-provider-config"` Profiling bool `yaml:"profiling"` ServiceClusterIpRange string `yaml:"service-cluster-ip-range"` ServiceNodePortRange string `yaml:"service-node-port-range"` SecurePort uint16 `yaml:"secure-port"` }
options for Litekube to start kube-apiserver
var DefaultALO ApiserverLitekubeOptions = ApiserverLitekubeOptions{ AllowPrivileged: true, AuthorizationMode: strings.Join([]string{modes.ModeNode, modes.ModeRBAC}, ","), AnonymousAuth: false, EnableAdmissionPlugins: "NodeRestriction", Profiling: false, ServiceClusterIpRange: "10.0.0.0/16", ServiceNodePortRange: "30000-32767", SecurePort: 6443, }
func NewApiserverLitekubeOptions ¶
func NewApiserverLitekubeOptions() *ApiserverLitekubeOptions
func (*ApiserverLitekubeOptions) AddTips ¶
func (opt *ApiserverLitekubeOptions) AddTips(section *help.Section)
type ApiserverOptions ¶
type ApiserverOptions struct { ReservedOptions map[string]string `yaml:"reserve"` ProfessionalOptions *ApiserverProfessionalOptions `yaml:"professional"` Options *ApiserverLitekubeOptions `yaml:"options"` IgnoreOptions map[string]string `yaml:"-"` }
struct to store args from input
func NewApiserverOptions ¶
func NewApiserverOptions() *ApiserverOptions
func (*ApiserverOptions) CheckReservedOptions ¶
func (opt *ApiserverOptions) CheckReservedOptions() error
delete keys already be disable or define in other block
func (*ApiserverOptions) HelpSection ¶
func (opt *ApiserverOptions) HelpSection() *help.Section
func (*ApiserverOptions) PrintFlags ¶
func (opt *ApiserverOptions) PrintFlags(prefix string, printFunc func(format string, a ...interface{}) error) error
print all flags
type ApiserverProfessionalOptions ¶
type ApiserverProfessionalOptions struct { ECTDOptions `yaml:",inline"` ServerCertOptions `yaml:",inline"` KubeletClientCertOptions `yaml:",inline"` BindAddress string `yaml:"bind-address"` AdvertiseAddress string `yaml:"advertise-address"` //InsecurePort uint16 `yaml:"insecure-port"` FeatureGates string `yaml:"feature-gates"` }
Empirically assigned parameters are not recommended
var DefaultAPO ApiserverProfessionalOptions = ApiserverProfessionalOptions{ ECTDOptions: *NewECTDOptions(), ServerCertOptions: *NewServerCertOptions(), KubeletClientCertOptions: *NewKubeletClientCertOptions(), BindAddress: "0.0.0.0", FeatureGates: "JobTrackingWithFinalizers=true", }
func NewApiserverProfessionalOptions ¶
func NewApiserverProfessionalOptions() *ApiserverProfessionalOptions
func (*ApiserverProfessionalOptions) AddTips ¶
func (opt *ApiserverProfessionalOptions) AddTips(section *help.Section)
type ECTDOptions ¶
type ECTDOptions struct { StorageBackend string `yaml:"storage-backend"` EtcdServers string `yaml:"etcd-servers"` EtcdCafile string `yaml:"etcd-cafile"` EtcdCertfile string `yaml:"etcd-certfile"` EtcdKeyfile string `yaml:"etcd-keyfile"` }
etcd options
var DefaultEO ECTDOptions = ECTDOptions{
StorageBackend: "etcd3",
EtcdServers: "https://127.0.0.1:2379",
}
func NewECTDOptions ¶
func NewECTDOptions() *ECTDOptions
func (*ECTDOptions) AddTips ¶
func (opt *ECTDOptions) AddTips(section *help.Section)
type KubeletClientCertOptions ¶
type KubeletClientCertOptions struct { KubeletCertificateAuthority string `yaml:"kubelet-certificate-authority"` KubeletClientCertificate string `yaml:"kubelet-client-certificate"` KubeletClientKey string `yaml:"kubelet-client-key"` }
security information for apiserver-kubelet-client-config
var DefaultKCCO KubeletClientCertOptions = KubeletClientCertOptions{
KubeletCertificateAuthority: "-",
}
func NewKubeletClientCertOptions ¶
func NewKubeletClientCertOptions() *KubeletClientCertOptions
func (*KubeletClientCertOptions) AddTips ¶
func (opt *KubeletClientCertOptions) AddTips(section *help.Section)
type ServerCertOptions ¶
type ServerCertOptions struct { CertDir string `yaml:"cert-dir"` TlsCertFile string `yaml:"tls-cert-file"` TlsPrivateKeyFile string `yaml:"tls-private-key-file"` ApiAudiences string `yaml:"api-audiences"` TokenAuthFile string `yaml:"token-auth-file"` EnableBootstrapTokenAuth bool `yaml:"enable-bootstrap-token-auth"` ServiceAccountSigningKeyFile string `yaml:"service-account-signing-key-file"` ServiceAccountKeyFile string `yaml:"service-account-key-file"` ServiceAccountIssuer string `yaml:"service-account-issuer"` ClientCAFile string `yaml:"client-ca-file"` // for access-proxy to kube-apiserver RequestheaderExtraHeadersPrefix string `yaml:"requestheader-extra-headers-prefix"` RequestheaderGroupHeaders string `yaml:"requestheader-group-headers"` RequestheaderUsernameHeaders string `yaml:"requestheader-username-headers"` RequestheaderClientCAFile string `yaml:"requestheader-client-ca-file"` RequestheaderAllowedNames string `yaml:"requestheader-allowed-names"` ProxyClientCertFile string `yaml:"proxy-client-cert-file"` ProxyClientKeyFile string `yaml:"proxy-client-key-file"` EnableAggregatorRouting bool `yaml:"enable-aggregator-routing"` }
server security
var DefaultSCO ServerCertOptions = ServerCertOptions{ ApiAudiences: "unknown", EnableBootstrapTokenAuth: true, ServiceAccountIssuer: "litekube", RequestheaderExtraHeadersPrefix: "X-Remote-Extra-", RequestheaderGroupHeaders: "X-Remote-Group", RequestheaderUsernameHeaders: "X-Remote-User", RequestheaderAllowedNames: "system:auth-proxy", EnableAggregatorRouting: true, }
func NewServerCertOptions ¶
func NewServerCertOptions() *ServerCertOptions
func (*ServerCertOptions) AddTips ¶
func (opt *ServerCertOptions) AddTips(section *help.Section)
Click to show internal directories.
Click to hide internal directories.