Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ProxyRunOptions ¶
type ProxyRunOptions struct {
// Certificate setup for securing communication to the "client" i.e. the Kube API Server.
ServerCert string
ServerKey string
ServerCaCert string
// Certificate setup for securing communication to the "agent" i.e. the managed cluster.
ClusterCert string
ClusterKey string
ClusterCaCert string
// Flag to switch between gRPC and HTTP Connect
Mode string
// Location for use by the "unix" network. Setting enables UDS for server connections.
UdsName string
// If file UdsName already exists, delete the file before listen on that UDS file.
DeleteUDSFile bool
// Port we listen for server connections on.
ServerPort uint
// Port we listen for agent connections on.
AgentPort uint
// Port we listen for admin connections on.
AdminPort uint
// Port we listen for health connections on.
HealthPort uint
// After a duration of this time if the server doesn't see any activity it
// pings the client to see if the transport is still alive.
KeepaliveTime time.Duration
FrontendKeepaliveTime time.Duration
// Enables pprof at host:AdminPort/debug/pprof.
EnableProfiling bool
// If EnableProfiling is true, this enables the lock contention
// profiling at host:AdminPort/debug/pprof/block.
EnableContentionProfiling bool
// ID of this proxy server.
ServerID string
// Number of proxy server instances, should be 1 unless it is a HA proxy server.
ServerCount uint
// Agent pod's namespace for token-based agent authentication
AgentNamespace string
// Agent pod's service account for token-based agent authentication
AgentServiceAccount string
// Token's audience for token-based agent authentication
AuthenticationAudience string
// Path to kubeconfig (used by kubernetes client)
KubeconfigPath string
// Client maximum QPS.
KubeconfigQPS float32
// Client maximum burst for throttle.
KubeconfigBurst int
// Proxy strategies used by the server.
// NOTE the order of the strategies matters. e.g., for list
// "destHost,destCIDR", the server will try to find a backend associating
// to the destination host first, if not found, it will try to find a
// backend within the destCIDR. if it still can't find any backend,
// it will use the default backend manager to choose a random backend.
ProxyStrategies string
// This controls if we attempt to push onto a "full" transfer channel.
// However checking that the transfer channel is full is not safe.
// It violates our race condition checking. Adding locks around a potentially
// blocking call has its own problems, so it cannot easily be made race condition safe.
// The check is an "unlocked" read but is still use at your own peril.
WarnOnChannelLimit bool
// Cipher suites used by the server.
// If empty, the default suite will be used from tls.CipherSuites(),
// also checks if given comma separated list contains cipher from tls.InsecureCipherSuites().
// NOTE that cipher suites are not configurable for TLS1.3,
// see: https://pkg.go.dev/crypto/tls#Config, so in that case, this option won't have any effect.
CipherSuites string
}
func NewProxyRunOptions ¶
func NewProxyRunOptions() *ProxyRunOptions
func (*ProxyRunOptions) Flags ¶
func (o *ProxyRunOptions) Flags() *pflag.FlagSet
func (*ProxyRunOptions) Print ¶
func (o *ProxyRunOptions) Print()
func (*ProxyRunOptions) Validate ¶
func (o *ProxyRunOptions) Validate() error
Source Files
Click to show internal directories.
Click to hide internal directories.