apiserver

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 19, 2022 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source
const UnreserveTip = "ignore"

Variables

This section is empty.

Functions

This section is empty.

Types

type ApiserverLitekubeOptions

type ApiserverLitekubeOptions struct {
	AllowPrivileged   bool   `yaml:"allow-privileged"`
	AuthorizationMode string `yaml:"authorization-mode"`
	AnonymousAuth     bool   `yaml:"anonymous-auth"`
	//EnableSwaggerUI          bool   `yaml:"enable-swagger-ui"`
	EnableAdmissionPlugins   string `yaml:"enable-admission-plugins"`
	EncryptionProviderConfig string `yaml:"encryption-provider-config"`
	Profiling                bool   `yaml:"profiling"`
	ServiceClusterIpRange    string `yaml:"service-cluster-ip-range"`
	ServiceNodePortRange     string `yaml:"service-node-port-range"`
	SecurePort               uint16 `yaml:"secure-port"`
}

options for Litekube to start kube-apiserver

var DefaultALO ApiserverLitekubeOptions = ApiserverLitekubeOptions{
	AllowPrivileged:   true,
	AuthorizationMode: strings.Join([]string{modes.ModeNode, modes.ModeRBAC}, ","),
	AnonymousAuth:     false,

	EnableAdmissionPlugins: "NodeRestriction",
	Profiling:              false,
	ServiceClusterIpRange:  "10.0.0.0/16",
	ServiceNodePortRange:   "30000-32767",
	SecurePort:             6443,
}

func NewApiserverLitekubeOptions

func NewApiserverLitekubeOptions() *ApiserverLitekubeOptions

func (*ApiserverLitekubeOptions) AddTips

func (opt *ApiserverLitekubeOptions) AddTips(section *help.Section)

type ApiserverOptions

type ApiserverOptions struct {
	ReservedOptions     map[string]string             `yaml:"reserve"`
	ProfessionalOptions *ApiserverProfessionalOptions `yaml:"professional"`
	Options             *ApiserverLitekubeOptions     `yaml:"options"`
	IgnoreOptions       map[string]string             `yaml:"-"`
}

struct to store args from input

func NewApiserverOptions

func NewApiserverOptions() *ApiserverOptions

func (*ApiserverOptions) CheckReservedOptions

func (opt *ApiserverOptions) CheckReservedOptions() error

delete keys already be disable or define in other block

func (*ApiserverOptions) HelpSection

func (opt *ApiserverOptions) HelpSection() *help.Section

func (*ApiserverOptions) PrintFlags

func (opt *ApiserverOptions) PrintFlags(prefix string, printFunc func(format string, a ...interface{}) error) error

print all flags

func (*ApiserverOptions) ToMap

func (opt *ApiserverOptions) ToMap() (map[string]string, error)

type ApiserverProfessionalOptions

type ApiserverProfessionalOptions struct {
	ECTDOptions              `yaml:",inline"`
	ServerCertOptions        `yaml:",inline"`
	KubeletClientCertOptions `yaml:",inline"`

	BindAddress      string `yaml:"bind-address"`
	AdvertiseAddress string `yaml:"advertise-address"`
	//InsecurePort     uint16 `yaml:"insecure-port"`
	FeatureGates string `yaml:"feature-gates"`
}

Empirically assigned parameters are not recommended

var DefaultAPO ApiserverProfessionalOptions = ApiserverProfessionalOptions{
	ECTDOptions:              *NewECTDOptions(),
	ServerCertOptions:        *NewServerCertOptions(),
	KubeletClientCertOptions: *NewKubeletClientCertOptions(),
	BindAddress:              "0.0.0.0",

	FeatureGates: "JobTrackingWithFinalizers=true",
}

func NewApiserverProfessionalOptions

func NewApiserverProfessionalOptions() *ApiserverProfessionalOptions

func (*ApiserverProfessionalOptions) AddTips

func (opt *ApiserverProfessionalOptions) AddTips(section *help.Section)

type ECTDOptions

type ECTDOptions struct {
	StorageBackend string `yaml:"storage-backend"`
	EtcdServers    string `yaml:"etcd-servers"`
	EtcdCafile     string `yaml:"etcd-cafile"`
	EtcdCertfile   string `yaml:"etcd-certfile"`
	EtcdKeyfile    string `yaml:"etcd-keyfile"`
}

etcd options

var DefaultEO ECTDOptions = ECTDOptions{
	StorageBackend: "etcd3",
	EtcdServers:    "https://127.0.0.1:2379",
}

func NewECTDOptions

func NewECTDOptions() *ECTDOptions

func (*ECTDOptions) AddTips

func (opt *ECTDOptions) AddTips(section *help.Section)

type KubeletClientCertOptions

type KubeletClientCertOptions struct {
	KubeletCertificateAuthority string `yaml:"kubelet-certificate-authority"`
	KubeletClientCertificate    string `yaml:"kubelet-client-certificate"`
	KubeletClientKey            string `yaml:"kubelet-client-key"`
}

security information for apiserver-kubelet-client-config

var DefaultKCCO KubeletClientCertOptions = KubeletClientCertOptions{
	KubeletCertificateAuthority: "-",
}

func NewKubeletClientCertOptions

func NewKubeletClientCertOptions() *KubeletClientCertOptions

func (*KubeletClientCertOptions) AddTips

func (opt *KubeletClientCertOptions) AddTips(section *help.Section)

type ServerCertOptions

type ServerCertOptions struct {
	CertDir                      string `yaml:"cert-dir"`
	TlsCertFile                  string `yaml:"tls-cert-file"`
	TlsPrivateKeyFile            string `yaml:"tls-private-key-file"`
	ApiAudiences                 string `yaml:"api-audiences"`
	TokenAuthFile                string `yaml:"token-auth-file"`
	EnableBootstrapTokenAuth     bool   `yaml:"enable-bootstrap-token-auth"`
	ServiceAccountSigningKeyFile string `yaml:"service-account-signing-key-file"`
	ServiceAccountKeyFile        string `yaml:"service-account-key-file"`
	ServiceAccountIssuer         string `yaml:"service-account-issuer"`
	ClientCAFile                 string `yaml:"client-ca-file"`

	// for access-proxy to kube-apiserver
	RequestheaderExtraHeadersPrefix string `yaml:"requestheader-extra-headers-prefix"`
	RequestheaderGroupHeaders       string `yaml:"requestheader-group-headers"`
	RequestheaderUsernameHeaders    string `yaml:"requestheader-username-headers"`
	RequestheaderClientCAFile       string `yaml:"requestheader-client-ca-file"`
	RequestheaderAllowedNames       string `yaml:"requestheader-allowed-names"`
	ProxyClientCertFile             string `yaml:"proxy-client-cert-file"`
	ProxyClientKeyFile              string `yaml:"proxy-client-key-file"`
	EnableAggregatorRouting         bool   `yaml:"enable-aggregator-routing"`
}

server security

var DefaultSCO ServerCertOptions = ServerCertOptions{
	ApiAudiences:             "unknown",
	EnableBootstrapTokenAuth: true,
	ServiceAccountIssuer:     "litekube",

	RequestheaderExtraHeadersPrefix: "X-Remote-Extra-",
	RequestheaderGroupHeaders:       "X-Remote-Group",
	RequestheaderUsernameHeaders:    "X-Remote-User",
	RequestheaderAllowedNames:       "system:auth-proxy",
	EnableAggregatorRouting:         true,
}

func NewServerCertOptions

func NewServerCertOptions() *ServerCertOptions

func (*ServerCertOptions) AddTips

func (opt *ServerCertOptions) AddTips(section *help.Section)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL