Documentation ¶
Overview ¶
Package options contains flags and options for initializing kube-apiserver
Index ¶
- Constants
- Variables
- func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, ...) error
- func DefaultOffAdmissionPlugins() sets.String
- func NewInsecureServingOptions() *genericoptions.DeprecatedInsecureServingOptionsWithLoopback
- func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback
- func RegisterAllAdmissionPlugins(plugins *admission.Plugins)
- type AdmissionOptions
- type AnonymousAuthenticationOptions
- type BootstrapTokenAuthenticationOptions
- type BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
- func (o *BuiltInAuthenticationOptions) ApplyAuthorization(authorization *BuiltInAuthorizationOptions)
- func (o *BuiltInAuthenticationOptions) ApplyTo(authInfo *genericapiserver.AuthenticationInfo, ...) error
- func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() (kubeauthenticator.Config, error)
- func (s *BuiltInAuthenticationOptions) Validate() []error
- func (s *BuiltInAuthenticationOptions) WithAll() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithAnonymous() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithBootstrapToken() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithClientCert() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithOIDC() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithPasswordFile() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithRequestHeader() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithTokenFile() *BuiltInAuthenticationOptions
- func (s *BuiltInAuthenticationOptions) WithWebHook() *BuiltInAuthenticationOptions
- type BuiltInAuthorizationOptions
- type CloudProviderOptions
- type OIDCAuthenticationOptions
- type PasswordFileAuthenticationOptions
- type ServiceAccountAuthenticationOptions
- type TokenFileAuthenticationOptions
- type WebHookAuthenticationOptions
Constants ¶
const DefaultEtcdPathPrefix = "/registry"
Variables ¶
var AllOrderedPlugins = []string{ admit.PluginName, autoprovision.PluginName, lifecycle.PluginName, exists.PluginName, scdeny.PluginName, antiaffinity.PluginName, podpreset.PluginName, limitranger.PluginName, serviceaccount.PluginName, noderestriction.PluginName, nodetaint.PluginName, alwayspullimages.PluginName, imagepolicy.PluginName, podsecuritypolicy.PluginName, podnodeselector.PluginName, podpriority.PluginName, defaulttolerationseconds.PluginName, podtolerationrestriction.PluginName, exec.DenyEscalatingExec, exec.DenyExecOnPrivileged, eventratelimit.PluginName, extendedresourcetoleration.PluginName, label.PluginName, setdefault.PluginName, storageobjectinuseprotection.PluginName, gc.PluginName, resize.PluginName, runtimeclass.PluginName, certapproval.PluginName, certsigning.PluginName, certsubjectrestriction.PluginName, defaultingressclass.PluginName, mutatingwebhook.PluginName, validatingwebhook.PluginName, resourcequota.PluginName, deny.PluginName, }
AllOrderedPlugins is the list of all the plugins in order.
var DefaultServiceIPCIDR net.IPNet = net.IPNet{IP: net.ParseIP("10.0.0.0"), Mask: net.CIDRMask(24, 32)}
DefaultServiceIPCIDR is a CIDR notation of IP range from which to allocate service cluster IPs
var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768}
DefaultServiceNodePortRange is the default port range for NodePort services.
Functions ¶
func DefaultAdvertiseAddress ¶ added in v1.7.0
func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, insecure *genericoptions.DeprecatedInsecureServingOptions) error
DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions. If the SecureServingOptions is not present, DefaultExternalAddress will fall back to the insecure ServingOptions.
func DefaultOffAdmissionPlugins ¶ added in v1.10.0
DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.
func NewInsecureServingOptions ¶ added in v1.7.0
func NewInsecureServingOptions() *genericoptions.DeprecatedInsecureServingOptionsWithLoopback
NewInsecureServingOptions gives default values for the kube-apiserver. TODO: switch insecure serving off by default
func NewSecureServingOptions ¶
func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback
NewSecureServingOptions gives default values for the kube-apiserver which are not the options wanted by "normal" API servers running on the platform
func RegisterAllAdmissionPlugins ¶ added in v1.10.0
RegisterAllAdmissionPlugins registers all admission plugins and sets the recommended plugins order.
Types ¶
type AdmissionOptions ¶ added in v1.10.0
type AdmissionOptions struct { // GenericAdmission holds the generic admission options. GenericAdmission *genericoptions.AdmissionOptions // DEPRECATED flag, should use EnabledAdmissionPlugins and DisabledAdmissionPlugins. // They are mutually exclusive, specify both will lead to an error. PluginNames []string }
AdmissionOptions holds the admission options. It is a wrap of generic AdmissionOptions.
func NewAdmissionOptions ¶ added in v1.10.0
func NewAdmissionOptions() *AdmissionOptions
NewAdmissionOptions creates a new instance of AdmissionOptions Note:
In addition it calls RegisterAllAdmissionPlugins to register all kube-apiserver admission plugins. Provides the list of RecommendedPluginOrder that holds sane values that can be used by servers that don't care about admission chain. Servers that do care can overwrite/append that field after creation.
func (*AdmissionOptions) AddFlags ¶ added in v1.10.0
func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet)
AddFlags adds flags related to admission for kube-apiserver to the specified FlagSet
func (*AdmissionOptions) ApplyTo ¶ added in v1.10.0
func (a *AdmissionOptions) ApplyTo( c *server.Config, informers informers.SharedInformerFactory, kubeAPIServerClientConfig *rest.Config, features featuregate.FeatureGate, pluginInitializers ...admission.PluginInitializer, ) error
ApplyTo adds the admission chain to the server configuration. Kube-apiserver just call generic AdmissionOptions.ApplyTo.
func (*AdmissionOptions) Validate ¶ added in v1.10.0
func (a *AdmissionOptions) Validate() []error
Validate verifies flags passed to kube-apiserver AdmissionOptions. Kube-apiserver verifies PluginNames and then call generic AdmissionOptions.Validate.
type AnonymousAuthenticationOptions ¶
type AnonymousAuthenticationOptions struct {
Allow bool
}
type BootstrapTokenAuthenticationOptions ¶
type BootstrapTokenAuthenticationOptions struct {
Enable bool
}
type BuiltInAuthenticationOptions ¶
type BuiltInAuthenticationOptions struct { APIAudiences []string Anonymous *AnonymousAuthenticationOptions BootstrapToken *BootstrapTokenAuthenticationOptions ClientCert *genericoptions.ClientCertAuthenticationOptions OIDC *OIDCAuthenticationOptions PasswordFile *PasswordFileAuthenticationOptions RequestHeader *genericoptions.RequestHeaderAuthenticationOptions ServiceAccounts *ServiceAccountAuthenticationOptions TokenFile *TokenFileAuthenticationOptions WebHook *WebHookAuthenticationOptions TokenSuccessCacheTTL time.Duration TokenFailureCacheTTL time.Duration }
func NewBuiltInAuthenticationOptions ¶
func NewBuiltInAuthenticationOptions() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) AddFlags ¶
func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
func (*BuiltInAuthenticationOptions) ApplyAuthorization ¶
func (o *BuiltInAuthenticationOptions) ApplyAuthorization(authorization *BuiltInAuthorizationOptions)
ApplyAuthorization will conditionally modify the authentication options based on the authorization options
func (*BuiltInAuthenticationOptions) ApplyTo ¶
func (o *BuiltInAuthenticationOptions) ApplyTo(authInfo *genericapiserver.AuthenticationInfo, secureServing *genericapiserver.SecureServingInfo, egressSelector *egressselector.EgressSelector, openAPIConfig *openapicommon.Config, extclient kubernetes.Interface, versionedInformer informers.SharedInformerFactory) error
ApplyTo requires already applied OpenAPIConfig and EgressSelector if present.
func (*BuiltInAuthenticationOptions) ToAuthenticationConfig ¶
func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() (kubeauthenticator.Config, error)
func (*BuiltInAuthenticationOptions) Validate ¶
func (s *BuiltInAuthenticationOptions) Validate() []error
Validate checks invalid config combination
func (*BuiltInAuthenticationOptions) WithAll ¶
func (s *BuiltInAuthenticationOptions) WithAll() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithAnonymous ¶ added in v1.8.0
func (s *BuiltInAuthenticationOptions) WithAnonymous() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithBootstrapToken ¶
func (s *BuiltInAuthenticationOptions) WithBootstrapToken() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithClientCert ¶
func (s *BuiltInAuthenticationOptions) WithClientCert() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithOIDC ¶
func (s *BuiltInAuthenticationOptions) WithOIDC() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithPasswordFile ¶
func (s *BuiltInAuthenticationOptions) WithPasswordFile() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithRequestHeader ¶
func (s *BuiltInAuthenticationOptions) WithRequestHeader() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithServiceAccounts ¶
func (s *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithTokenFile ¶
func (s *BuiltInAuthenticationOptions) WithTokenFile() *BuiltInAuthenticationOptions
func (*BuiltInAuthenticationOptions) WithWebHook ¶
func (s *BuiltInAuthenticationOptions) WithWebHook() *BuiltInAuthenticationOptions
type BuiltInAuthorizationOptions ¶
type BuiltInAuthorizationOptions struct { Modes []string PolicyFile string WebhookConfigFile string WebhookVersion string WebhookCacheAuthorizedTTL time.Duration }
func NewBuiltInAuthorizationOptions ¶
func NewBuiltInAuthorizationOptions() *BuiltInAuthorizationOptions
func (*BuiltInAuthorizationOptions) AddFlags ¶
func (s *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet)
func (*BuiltInAuthorizationOptions) ToAuthorizationConfig ¶
func (s *BuiltInAuthorizationOptions) ToAuthorizationConfig(versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.Config
func (*BuiltInAuthorizationOptions) Validate ¶
func (s *BuiltInAuthorizationOptions) Validate() []error
type CloudProviderOptions ¶
func NewCloudProviderOptions ¶
func NewCloudProviderOptions() *CloudProviderOptions
func (*CloudProviderOptions) AddFlags ¶
func (s *CloudProviderOptions) AddFlags(fs *pflag.FlagSet)
func (*CloudProviderOptions) Validate ¶
func (s *CloudProviderOptions) Validate() []error
type PasswordFileAuthenticationOptions ¶
type PasswordFileAuthenticationOptions struct {
BasicAuthFile string
}
type TokenFileAuthenticationOptions ¶
type TokenFileAuthenticationOptions struct {
TokenFile string
}