Documentation ¶
Overview ¶
Package options contains flags and options for initializing kube-apiserver
Index ¶
- Constants
- Variables
- func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, insecure *InsecureServingOptions) error
- func DefaultOffAdmissionPlugins() sets.String
- func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback
- func RegisterAllAdmissionPlugins(plugins *admission.Plugins)
- type AdmissionOptions
- type AnonymousAuthenticationOptions
- type BootstrapTokenAuthenticationOptions
- type BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
- func (o *BuiltInAuthenticationOptions) ApplyAuthorization(authorization *BuiltInAuthorizationOptions)
- func (o *BuiltInAuthenticationOptions) ApplyTo(c *genericapiserver.Config) error
- func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() authenticator.AuthenticatorConfig
- func (s *BuiltInAuthenticationOptions) Validate() []error
- func (s *BuiltInAuthenticationOptions) WithAll() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithAnonymous() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithBootstrapToken() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithClientCert() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithOIDC() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithPasswordFile() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithRequestHeader() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithTokenFile() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithWebHook() *BuiltInAuthenticationOptions
- type BuiltInAuthorizationOptions
- func (s *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet)
- func (s *BuiltInAuthorizationOptions) Modes() []string
- func (s *BuiltInAuthorizationOptions) ToAuthorizationConfig(informerFactory informers.SharedInformerFactory, ...) authorizer.AuthorizationConfig
- func (s *BuiltInAuthorizationOptions) Validate() []error
- type CloudProviderOptions
- type InsecureServingOptions
- func (s *InsecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet)
- func (s *InsecureServingOptions) AddFlags(fs *pflag.FlagSet)
- func (s *InsecureServingOptions) ApplyTo(c *server.Config) (*kubeserver.InsecureServingInfo, error)
- func (s *InsecureServingOptions) DefaultExternalAddress() (net.IP, error)
- func (s InsecureServingOptions) Validate(portArg string) []error
- type OIDCAuthenticationOptions
- type PasswordFileAuthenticationOptions
- type ServiceAccountAuthenticationOptions
- type StorageSerializationOptions
- type TokenFileAuthenticationOptions
- type WebHookAuthenticationOptions
Constants ¶
const (
DefaultEtcdPathPrefix = "/registry"
)
Variables ¶
var AllOrderedPlugins = []string{ admit.PluginName, autoprovision.PluginName, lifecycle.PluginName, exists.PluginName, scdeny.PluginName, antiaffinity.PluginName, initialresources.PluginName, podpreset.PluginName, limitranger.PluginName, serviceaccount.PluginName, noderestriction.PluginName, alwayspullimages.PluginName, imagepolicy.PluginName, podsecuritypolicy.PluginName, podnodeselector.PluginName, podpriority.PluginName, defaulttolerationseconds.PluginName, podtolerationrestriction.PluginName, exec.DenyEscalatingExec, exec.DenyExecOnPrivileged, eventratelimit.PluginName, extendedresourcetoleration.PluginName, label.PluginName, setdefault.PluginName, storageobjectinuseprotection.PluginName, gc.PluginName, resize.PluginName, mutatingwebhook.PluginName, initialization.PluginName, validatingwebhook.PluginName, resourcequota.PluginName, deny.PluginName, }
AllOrderedPlugins is the list of all the plugins in order.
var DefaultServiceIPCIDR net.IPNet = net.IPNet{IP: net.ParseIP("10.0.0.0"), Mask: net.CIDRMask(24, 32)}
DefaultServiceIPCIDR is a CIDR notation of IP range from which to allocate service cluster IPs
var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768}
DefaultServiceNodePortRange is the default port range for NodePort services.
Functions ¶
func DefaultAdvertiseAddress ¶
func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, insecure *InsecureServingOptions) error
DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions. If the SecureServingOptions is not present, DefaultExternalAddress will fall back to the insecure ServingOptions.
func DefaultOffAdmissionPlugins ¶ added in v1.10.8
DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.
func NewSecureServingOptions ¶
func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback
NewSecureServingOptions gives default values for the kube-apiserver which are not the options wanted by "normal" API servers running on the platform
func RegisterAllAdmissionPlugins ¶ added in v1.10.8
RegisterAllAdmissionPlugins registers all admission plugins and sets the recommended plugins order.
Types ¶
type AdmissionOptions ¶ added in v1.10.8
type AdmissionOptions struct { // GenericAdmission holds the generic admission options. GenericAdmission *genericoptions.AdmissionOptions // DEPRECATED flag, should use EnabledAdmissionPlugins and DisabledAdmissionPlugins. // They are mutually exclusive, specify both will lead to an error. PluginNames []string }
AdmissionOptions holds the admission options. It is a wrap of generic AdmissionOptions.
func NewAdmissionOptions ¶ added in v1.10.8
func NewAdmissionOptions() *AdmissionOptions
NewAdmissionOptions creates a new instance of AdmissionOptions Note:
In addition it calls RegisterAllAdmissionPlugins to register all kube-apiserver admission plugins. Provides the list of RecommendedPluginOrder that holds sane values that can be used by servers that don't care about admission chain. Servers that do care can overwrite/append that field after creation.
func (*AdmissionOptions) AddFlags ¶ added in v1.10.8
func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet)
AddFlags adds flags related to admission for kube-apiserver to the specified FlagSet
func (*AdmissionOptions) ApplyTo ¶ added in v1.10.8
func (a *AdmissionOptions) ApplyTo( c *server.Config, informers informers.SharedInformerFactory, kubeAPIServerClientConfig *rest.Config, scheme *runtime.Scheme, pluginInitializers ...admission.PluginInitializer, ) error
ApplyTo adds the admission chain to the server configuration. Kube-apiserver just call generic AdmissionOptions.ApplyTo.
func (*AdmissionOptions) Validate ¶ added in v1.10.8
func (a *AdmissionOptions) Validate() []error
Validate verifies flags passed to kube-apiserver AdmissionOptions. Kube-apiserver verifies PluginNames and then call generic AdmissionOptions.Validate.
type AnonymousAuthenticationOptions ¶
type AnonymousAuthenticationOptions struct {
Allow bool
}
type BootstrapTokenAuthenticationOptions ¶
type BootstrapTokenAuthenticationOptions struct {
Enable bool
}
type BuiltInAuthenticationOptions ¶
type BuiltInAuthenticationOptions struct { Anonymous *AnonymousAuthenticationOptions BootstrapToken *BootstrapTokenAuthenticationOptions ClientCert *genericoptions.ClientCertAuthenticationOptions OIDC *OIDCAuthenticationOptions PasswordFile *PasswordFileAuthenticationOptions RequestHeader *genericoptions.RequestHeaderAuthenticationOptions ServiceAccounts *ServiceAccountAuthenticationOptions TokenFile *TokenFileAuthenticationOptions WebHook *WebHookAuthenticationOptions TokenSuccessCacheTTL time.Duration TokenFailureCacheTTL time.Duration }
func NewBuiltInAuthenticationOptions ¶
func NewBuiltInAuthenticationOptions() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) AddFlags ¶
func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
func (*BuiltInAuthenticationOptions) ApplyAuthorization ¶
func (o *BuiltInAuthenticationOptions) ApplyAuthorization(authorization *BuiltInAuthorizationOptions)
ApplyAuthorization will conditionally modify the authentication options based on the authorization options
func (*BuiltInAuthenticationOptions) ApplyTo ¶
func (o *BuiltInAuthenticationOptions) ApplyTo(c *genericapiserver.Config) error
func (*BuiltInAuthenticationOptions) ToAuthenticationConfig ¶
func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() authenticator.AuthenticatorConfig
func (*BuiltInAuthenticationOptions) Validate ¶
func (s *BuiltInAuthenticationOptions) Validate() []error
Validate checks invalid config combination
func (*BuiltInAuthenticationOptions) WithAll ¶
func (s *BuiltInAuthenticationOptions) WithAll() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithAnonymous ¶ added in v1.8.8
func (s *BuiltInAuthenticationOptions) WithAnonymous() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithBootstrapToken ¶
func (s *BuiltInAuthenticationOptions) WithBootstrapToken() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithClientCert ¶
func (s *BuiltInAuthenticationOptions) WithClientCert() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithOIDC ¶
func (s *BuiltInAuthenticationOptions) WithOIDC() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithPasswordFile ¶
func (s *BuiltInAuthenticationOptions) WithPasswordFile() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithRequestHeader ¶
func (s *BuiltInAuthenticationOptions) WithRequestHeader() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithServiceAccounts ¶
func (s *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithTokenFile ¶
func (s *BuiltInAuthenticationOptions) WithTokenFile() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithWebHook ¶
func (s *BuiltInAuthenticationOptions) WithWebHook() *BuiltInAuthenticationOptions
type BuiltInAuthorizationOptions ¶
type BuiltInAuthorizationOptions struct { Mode string PolicyFile string WebhookConfigFile string WebhookCacheAuthorizedTTL time.Duration }
func NewBuiltInAuthorizationOptions ¶
func NewBuiltInAuthorizationOptions() *BuiltInAuthorizationOptions
func (*BuiltInAuthorizationOptions) AddFlags ¶
func (s *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet)
func (*BuiltInAuthorizationOptions) Modes ¶
func (s *BuiltInAuthorizationOptions) Modes() []string
func (*BuiltInAuthorizationOptions) ToAuthorizationConfig ¶
func (s *BuiltInAuthorizationOptions) ToAuthorizationConfig(informerFactory informers.SharedInformerFactory, versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.AuthorizationConfig
func (*BuiltInAuthorizationOptions) Validate ¶
func (s *BuiltInAuthorizationOptions) Validate() []error
type CloudProviderOptions ¶
func NewCloudProviderOptions ¶
func NewCloudProviderOptions() *CloudProviderOptions
func (*CloudProviderOptions) AddFlags ¶
func (s *CloudProviderOptions) AddFlags(fs *pflag.FlagSet)
func (*CloudProviderOptions) Validate ¶
func (s *CloudProviderOptions) Validate() []error
type InsecureServingOptions ¶
InsecureServingOptions are for creating an unauthenticated, unauthorized, insecure port. No one should be using these anymore.
func NewInsecureServingOptions ¶
func NewInsecureServingOptions() *InsecureServingOptions
NewInsecureServingOptions is for creating an unauthenticated, unauthorized, insecure port. No one should be using these anymore.
func (*InsecureServingOptions) AddDeprecatedFlags ¶
func (s *InsecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet)
TODO: remove it until kops stop using `--address`
func (*InsecureServingOptions) AddFlags ¶
func (s *InsecureServingOptions) AddFlags(fs *pflag.FlagSet)
func (*InsecureServingOptions) ApplyTo ¶
func (s *InsecureServingOptions) ApplyTo(c *server.Config) (*kubeserver.InsecureServingInfo, error)
func (*InsecureServingOptions) DefaultExternalAddress ¶
func (s *InsecureServingOptions) DefaultExternalAddress() (net.IP, error)
func (InsecureServingOptions) Validate ¶
func (s InsecureServingOptions) Validate(portArg string) []error
type PasswordFileAuthenticationOptions ¶
type PasswordFileAuthenticationOptions struct {
BasicAuthFile string
}
type StorageSerializationOptions ¶
type StorageSerializationOptions struct { StorageVersions string // The default values for StorageVersions. StorageVersions overrides // these; you can change this if you want to change the defaults (e.g., // for testing). This is not actually exposed as a flag. DefaultStorageVersions string }
StorageSerializationOptions contains the options for encoding resources.
func NewStorageSerializationOptions ¶
func NewStorageSerializationOptions() *StorageSerializationOptions
func (*StorageSerializationOptions) AddFlags ¶
func (s *StorageSerializationOptions) AddFlags(fs *pflag.FlagSet)
AddFlags adds flags for a specific APIServer to the specified FlagSet
func (*StorageSerializationOptions) StorageGroupsToEncodingVersion ¶
func (s *StorageSerializationOptions) StorageGroupsToEncodingVersion() (map[string]schema.GroupVersion, error)
StorageGroupsToEncodingVersion returns a map from group name to group version, computed from s.StorageVersions flag.
type TokenFileAuthenticationOptions ¶
type TokenFileAuthenticationOptions struct {
TokenFile string
}