Documentation

Overview

    package options is the public flags and options used by a generic api server. It takes a minimal set of dependencies and does not reference implementations, in order to ensure it may be reused by multiple components (such as CLI commands that wish to generate or validate config).

    Index

    Constants

    View Source
    const (
    	// ModeBatch indicates that the audit backend should buffer audit events
    	// internally, sending batch updates either once a certain number of
    	// events have been received or a certain amount of time has passed.
    	ModeBatch = "batch"
    	// ModeBlocking causes the audit backend to block on every attempt to process
    	// a set of events. This causes requests to the API server to wait for the
    	// flush before sending a response.
    	ModeBlocking = "blocking"
    	// ModeBlockingStrict is the same as ModeBlocking, except when there is
    	// a failure during audit logging at RequestReceived stage, the whole
    	// request to apiserver will fail.
    	ModeBlockingStrict = "blocking-strict"
    )

    Variables

      AllowedModes is the modes known for audit backends.

      Functions

      func CreateListener

      func CreateListener(network, addr string) (net.Listener, int, error)

      func ParseWatchCacheSizes

      func ParseWatchCacheSizes(cacheSizes []string) (map[schema.GroupResource]int, error)

        ParseWatchCacheSizes turns a list of cache size values into a map of group resources to requested sizes.

        func WriteWatchCacheSizes

        func WriteWatchCacheSizes(watchCacheSizes map[schema.GroupResource]int) ([]string, error)

          WriteWatchCacheSizes turns a map of cache size values into a list of string specifications.

          Types

          type APIEnablementOptions

          type APIEnablementOptions struct {
          	RuntimeConfig cliflag.ConfigurationMap
          }

            APIEnablementOptions contains the options for which resources to turn on and off. Given small aggregated API servers, this option isn't required for "normal" API servers

            func NewAPIEnablementOptions

            func NewAPIEnablementOptions() *APIEnablementOptions

            func (*APIEnablementOptions) AddFlags

            func (s *APIEnablementOptions) AddFlags(fs *pflag.FlagSet)

              AddFlags adds flags for a specific APIServer to the specified FlagSet

              func (*APIEnablementOptions) ApplyTo

              func (s *APIEnablementOptions) ApplyTo(c *server.Config, defaultResourceConfig *serverstore.ResourceConfig, registry resourceconfig.GroupVersionRegistry) error

                ApplyTo override MergedResourceConfig with defaults and registry

                func (*APIEnablementOptions) Validate

                func (s *APIEnablementOptions) Validate(registries ...GroupRegisty) []error

                  Validate validates RuntimeConfig with a list of registries. Usually this list only has one element, the apiserver registry of the process. But in the advanced (and usually not recommended) case of delegated apiservers there can be more. Validate will filter out the known groups of each registry. If anything is left over after that, an error is returned.

                  type AdmissionOptions

                  type AdmissionOptions struct {
                  	// RecommendedPluginOrder holds an ordered list of plugin names we recommend to use by default
                  	RecommendedPluginOrder []string
                  	// DefaultOffPlugins is a set of plugin names that is disabled by default
                  	DefaultOffPlugins sets.String
                  
                  	// EnablePlugins indicates plugins to be enabled passed through `--enable-admission-plugins`.
                  	EnablePlugins []string
                  	// DisablePlugins indicates plugins to be disabled passed through `--disable-admission-plugins`.
                  	DisablePlugins []string
                  	// ConfigFile is the file path with admission control configuration.
                  	ConfigFile string
                  	// Plugins contains all registered plugins.
                  	Plugins *admission.Plugins
                  	// Decorators is a list of admission decorator to wrap around the admission plugins
                  	Decorators admission.Decorators
                  }

                    AdmissionOptions holds the admission options

                    func NewAdmissionOptions

                    func NewAdmissionOptions() *AdmissionOptions

                      NewAdmissionOptions creates a new instance of AdmissionOptions Note:

                      In addition it calls RegisterAllAdmissionPlugins to register
                      all generic admission plugins.
                      
                      Provides the list of RecommendedPluginOrder that holds sane values
                      that can be used by servers that don't care about admission chain.
                      Servers that do care can overwrite/append that field after creation.
                      

                      func (*AdmissionOptions) AddFlags

                      func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet)

                        AddFlags adds flags related to admission for a specific APIServer to the specified FlagSet

                        func (*AdmissionOptions) ApplyTo

                        func (a *AdmissionOptions) ApplyTo(
                        	c *server.Config,
                        	informers informers.SharedInformerFactory,
                        	kubeAPIServerClientConfig *rest.Config,
                        	pluginInitializers ...admission.PluginInitializer,
                        ) error

                          ApplyTo adds the admission chain to the server configuration. In case admission plugin names were not provided by a custer-admin they will be prepared from the recommended/default values. In addition the method lazily initializes a generic plugin that is appended to the list of pluginInitializers note this method uses:

                          genericconfig.Authorizer
                          

                          func (*AdmissionOptions) Validate

                          func (a *AdmissionOptions) Validate() []error

                            Validate verifies flags passed to AdmissionOptions.

                            type AuditBatchOptions

                            type AuditBatchOptions struct {
                            	// Should the backend asynchronous batch events to the webhook backend or
                            	// should the backend block responses?
                            	//
                            	// Defaults to asynchronous batch events.
                            	Mode string
                            	// Configuration for batching backend. Only used in batch mode.
                            	BatchConfig pluginbuffered.BatchConfig
                            }

                            func (*AuditBatchOptions) AddFlags

                            func (o *AuditBatchOptions) AddFlags(pluginName string, fs *pflag.FlagSet)

                            type AuditDynamicOptions

                            type AuditDynamicOptions struct {
                            	// Enabled tells whether the dynamic audit capability is enabled.
                            	Enabled bool
                            
                            	// Configuration for batching backend. This is currently only used as an override
                            	// for integration tests
                            	BatchConfig *pluginbuffered.BatchConfig
                            }

                              AuditDynamicOptions control the configuration of dynamic backends for audit events

                              func (*AuditDynamicOptions) AddFlags

                              func (o *AuditDynamicOptions) AddFlags(fs *pflag.FlagSet)

                              func (*AuditDynamicOptions) Validate

                              func (o *AuditDynamicOptions) Validate() []error

                              type AuditLogOptions

                              type AuditLogOptions struct {
                              	Path       string
                              	MaxAge     int
                              	MaxBackups int
                              	MaxSize    int
                              	Format     string
                              
                              	BatchOptions    AuditBatchOptions
                              	TruncateOptions AuditTruncateOptions
                              
                              	// API group version used for serializing audit events.
                              	GroupVersionString string
                              }

                                AuditLogOptions determines the output of the structured audit log by default.

                                func (*AuditLogOptions) AddFlags

                                func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet)

                                func (*AuditLogOptions) Validate

                                func (o *AuditLogOptions) Validate() []error

                                type AuditOptions

                                type AuditOptions struct {
                                	// Policy configuration file for filtering audit events that are captured.
                                	// If unspecified, a default is provided.
                                	PolicyFile string
                                
                                	// Plugin options
                                	LogOptions     AuditLogOptions
                                	WebhookOptions AuditWebhookOptions
                                	DynamicOptions AuditDynamicOptions
                                }

                                func NewAuditOptions

                                func NewAuditOptions() *AuditOptions

                                func (*AuditOptions) AddFlags

                                func (o *AuditOptions) AddFlags(fs *pflag.FlagSet)

                                func (*AuditOptions) ApplyTo

                                func (o *AuditOptions) ApplyTo(
                                	c *server.Config,
                                	kubeClientConfig *restclient.Config,
                                	informers informers.SharedInformerFactory,
                                	processInfo *ProcessInfo,
                                	webhookOptions *WebhookOptions,
                                ) error

                                func (*AuditOptions) Validate

                                func (o *AuditOptions) Validate() []error

                                  Validate checks invalid config combination

                                  type AuditTruncateOptions

                                  type AuditTruncateOptions struct {
                                  	// Whether truncating is enabled or not.
                                  	Enabled bool
                                  
                                  	// Truncating configuration.
                                  	TruncateConfig plugintruncate.Config
                                  }

                                  func NewAuditTruncateOptions

                                  func NewAuditTruncateOptions() AuditTruncateOptions

                                  func (*AuditTruncateOptions) AddFlags

                                  func (o *AuditTruncateOptions) AddFlags(pluginName string, fs *pflag.FlagSet)

                                  func (*AuditTruncateOptions) Validate

                                  func (o *AuditTruncateOptions) Validate(pluginName string) error

                                  type AuditWebhookOptions

                                  type AuditWebhookOptions struct {
                                  	ConfigFile     string
                                  	InitialBackoff time.Duration
                                  
                                  	BatchOptions    AuditBatchOptions
                                  	TruncateOptions AuditTruncateOptions
                                  
                                  	// API group version used for serializing audit events.
                                  	GroupVersionString string
                                  }

                                    AuditWebhookOptions control the webhook configuration for audit events.

                                    func (*AuditWebhookOptions) AddFlags

                                    func (o *AuditWebhookOptions) AddFlags(fs *pflag.FlagSet)

                                    func (*AuditWebhookOptions) Validate

                                    func (o *AuditWebhookOptions) Validate() []error

                                    type CertKey

                                    type CertKey struct {
                                    	// CertFile is a file containing a PEM-encoded certificate, and possibly the complete certificate chain
                                    	CertFile string
                                    	// KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile
                                    	KeyFile string
                                    }

                                    type ClientCertAuthenticationOptions

                                    type ClientCertAuthenticationOptions struct {
                                    	// ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates
                                    	ClientCA string
                                    }

                                    func (*ClientCertAuthenticationOptions) AddFlags

                                    type CoreAPIOptions

                                    type CoreAPIOptions struct {
                                    	// CoreAPIKubeconfigPath is a filename for a kubeconfig file to contact the core API server with.
                                    	// If it is not set, the in cluster config is used.
                                    	CoreAPIKubeconfigPath string
                                    }

                                      CoreAPIOptions contains options to configure the connection to a core API Kubernetes apiserver.

                                      func NewCoreAPIOptions

                                      func NewCoreAPIOptions() *CoreAPIOptions

                                      func (*CoreAPIOptions) AddFlags

                                      func (o *CoreAPIOptions) AddFlags(fs *pflag.FlagSet)

                                      func (*CoreAPIOptions) ApplyTo

                                      func (o *CoreAPIOptions) ApplyTo(config *server.RecommendedConfig) error

                                      func (*CoreAPIOptions) Validate

                                      func (o *CoreAPIOptions) Validate() []error

                                      type DelegatingAuthenticationOptions

                                      type DelegatingAuthenticationOptions struct {
                                      	// RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the
                                      	// TokenAccessReview.authentication.k8s.io endpoint for checking tokens.
                                      	RemoteKubeConfigFile string
                                      	// RemoteKubeConfigFileOptional is specifying whether not specifying the kubeconfig or
                                      	// a missing in-cluster config will be fatal.
                                      	RemoteKubeConfigFileOptional bool
                                      
                                      	// CacheTTL is the length of time that a token authentication answer will be cached.
                                      	CacheTTL time.Duration
                                      
                                      	ClientCert    ClientCertAuthenticationOptions
                                      	RequestHeader RequestHeaderAuthenticationOptions
                                      
                                      	// SkipInClusterLookup indicates missing authentication configuration should not be retrieved from the cluster configmap
                                      	SkipInClusterLookup bool
                                      
                                      	// TolerateInClusterLookupFailure indicates failures to look up authentication configuration from the cluster configmap should not be fatal.
                                      	// Setting this can result in an authenticator that will reject all requests.
                                      	TolerateInClusterLookupFailure bool
                                      }

                                        DelegatingAuthenticationOptions provides an easy way for composing API servers to delegate their authentication to the root kube API server. The API federator will act as a front proxy and direction connections will be able to delegate to the core kube API server

                                        func NewDelegatingAuthenticationOptions

                                        func NewDelegatingAuthenticationOptions() *DelegatingAuthenticationOptions

                                        func (*DelegatingAuthenticationOptions) AddFlags

                                        func (*DelegatingAuthenticationOptions) ApplyTo

                                        func (*DelegatingAuthenticationOptions) Validate

                                        func (s *DelegatingAuthenticationOptions) Validate() []error

                                        type DelegatingAuthorizationOptions

                                        type DelegatingAuthorizationOptions struct {
                                        	// RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the
                                        	// SubjectAccessReview.authorization.k8s.io endpoint for checking tokens.
                                        	RemoteKubeConfigFile string
                                        	// RemoteKubeConfigFileOptional is specifying whether not specifying the kubeconfig or
                                        	// a missing in-cluster config will be fatal.
                                        	RemoteKubeConfigFileOptional bool
                                        
                                        	// AllowCacheTTL is the length of time that a successful authorization response will be cached
                                        	AllowCacheTTL time.Duration
                                        
                                        	// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
                                        	// You generally want more responsive, "deny, try again" flows.
                                        	DenyCacheTTL time.Duration
                                        
                                        	// AlwaysAllowPaths are HTTP paths which are excluded from authorization. They can be plain
                                        	// paths or end in * in which case prefix-match is applied. A leading / is optional.
                                        	AlwaysAllowPaths []string
                                        
                                        	// AlwaysAllowGroups are groups which are allowed to take any actions.  In kube, this is system:masters.
                                        	AlwaysAllowGroups []string
                                        }

                                          DelegatingAuthorizationOptions provides an easy way for composing API servers to delegate their authorization to the root kube API server. WARNING: never assume that every authenticated incoming request already does authorization.

                                          The aggregator in the kube API server does this today, but this behaviour is not
                                          guaranteed in the future.
                                          

                                          func NewDelegatingAuthorizationOptions

                                          func NewDelegatingAuthorizationOptions() *DelegatingAuthorizationOptions

                                          func (*DelegatingAuthorizationOptions) AddFlags

                                          func (s *DelegatingAuthorizationOptions) AddFlags(fs *pflag.FlagSet)

                                          func (*DelegatingAuthorizationOptions) ApplyTo

                                          func (*DelegatingAuthorizationOptions) Validate

                                          func (s *DelegatingAuthorizationOptions) Validate() []error

                                          func (*DelegatingAuthorizationOptions) WithAlwaysAllowGroups

                                          func (s *DelegatingAuthorizationOptions) WithAlwaysAllowGroups(groups ...string) *DelegatingAuthorizationOptions

                                            WithAlwaysAllowGroups appends the list of paths to AlwaysAllowGroups

                                            func (*DelegatingAuthorizationOptions) WithAlwaysAllowPaths

                                            func (s *DelegatingAuthorizationOptions) WithAlwaysAllowPaths(paths ...string) *DelegatingAuthorizationOptions

                                              WithAlwaysAllowPaths appends the list of paths to AlwaysAllowPaths

                                              type DeprecatedInsecureServingOptions

                                              type DeprecatedInsecureServingOptions struct {
                                              	BindAddress net.IP
                                              	BindPort    int
                                              	// BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp",
                                              	// "tcp4", and "tcp6".
                                              	BindNetwork string
                                              
                                              	// Listener is the secure server network listener.
                                              	// either Listener or BindAddress/BindPort/BindNetwork is set,
                                              	// if Listener is set, use it and omit BindAddress/BindPort/BindNetwork.
                                              	Listener net.Listener
                                              
                                              	// ListenFunc can be overridden to create a custom listener, e.g. for mocking in tests.
                                              	// It defaults to options.CreateListener.
                                              	ListenFunc func(network, addr string) (net.Listener, int, error)
                                              }

                                                DeprecatedInsecureServingOptions are for creating an unauthenticated, unauthorized, insecure port. No one should be using these anymore. DEPRECATED: all insecure serving options are removed in a future version

                                                func (*DeprecatedInsecureServingOptions) AddFlags

                                                  AddFlags adds flags related to insecure serving to the specified FlagSet.

                                                  func (*DeprecatedInsecureServingOptions) AddUnqualifiedFlags

                                                  func (s *DeprecatedInsecureServingOptions) AddUnqualifiedFlags(fs *pflag.FlagSet)

                                                    AddUnqualifiedFlags adds flags related to insecure serving without the --insecure prefix to the specified FlagSet.

                                                    func (*DeprecatedInsecureServingOptions) ApplyTo

                                                      ApplyTo adds DeprecatedInsecureServingOptions to the insecureserverinfo and kube-controller manager configuration. Note: the double pointer allows to set the *DeprecatedInsecureServingInfo to nil without referencing the struct hosting this pointer.

                                                      func (*DeprecatedInsecureServingOptions) Validate

                                                      func (s *DeprecatedInsecureServingOptions) Validate() []error

                                                        Validate ensures that the insecure port values within the range of the port.

                                                        func (*DeprecatedInsecureServingOptions) WithLoopback

                                                          WithLoopback adds loopback functionality to the serving options.

                                                          type DeprecatedInsecureServingOptionsWithLoopback

                                                          type DeprecatedInsecureServingOptionsWithLoopback struct {
                                                          	*DeprecatedInsecureServingOptions
                                                          }

                                                            DeprecatedInsecureServingOptionsWithLoopback adds loopback functionality to the DeprecatedInsecureServingOptions. DEPRECATED: all insecure serving options will be removed in a future version, however note that there are security concerns over how health checks can work here - see e.g. #43784

                                                            func (*DeprecatedInsecureServingOptionsWithLoopback) ApplyTo

                                                            func (s *DeprecatedInsecureServingOptionsWithLoopback) ApplyTo(insecureServingInfo **server.DeprecatedInsecureServingInfo, loopbackClientConfig **rest.Config) error

                                                              ApplyTo fills up serving information in the server configuration.

                                                              type EtcdOptions

                                                              type EtcdOptions struct {
                                                              	// The value of Paging on StorageConfig will be overridden by the
                                                              	// calculated feature gate value.
                                                              	StorageConfig                    storagebackend.Config
                                                              	EncryptionProviderConfigFilepath string
                                                              
                                                              	EtcdServersOverrides []string
                                                              
                                                              	// To enable protobuf as storage format, it is enough
                                                              	// to set it to "application/vnd.kubernetes.protobuf".
                                                              	DefaultStorageMediaType string
                                                              	DeleteCollectionWorkers int
                                                              	EnableGarbageCollection bool
                                                              
                                                              	// Set EnableWatchCache to false to disable all watch caches
                                                              	EnableWatchCache bool
                                                              	// Set DefaultWatchCacheSize to zero to disable watch caches for those resources that have no explicit cache size set
                                                              	DefaultWatchCacheSize int
                                                              	// WatchCacheSizes represents override to a given resource
                                                              	WatchCacheSizes []string
                                                              }

                                                              func NewEtcdOptions

                                                              func NewEtcdOptions(backendConfig *storagebackend.Config) *EtcdOptions

                                                              func (*EtcdOptions) AddFlags

                                                              func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet)

                                                                AddEtcdFlags adds flags related to etcd storage for a specific APIServer to the specified FlagSet

                                                                func (*EtcdOptions) ApplyTo

                                                                func (s *EtcdOptions) ApplyTo(c *server.Config) error

                                                                func (*EtcdOptions) ApplyWithStorageFactoryTo

                                                                func (s *EtcdOptions) ApplyWithStorageFactoryTo(factory serverstorage.StorageFactory, c *server.Config) error

                                                                func (*EtcdOptions) Validate

                                                                func (s *EtcdOptions) Validate() []error

                                                                type FeatureOptions

                                                                type FeatureOptions struct {
                                                                	EnableProfiling           bool
                                                                	EnableContentionProfiling bool
                                                                }

                                                                func NewFeatureOptions

                                                                func NewFeatureOptions() *FeatureOptions

                                                                func (*FeatureOptions) AddFlags

                                                                func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet)

                                                                func (*FeatureOptions) ApplyTo

                                                                func (o *FeatureOptions) ApplyTo(c *server.Config) error

                                                                func (*FeatureOptions) Validate

                                                                func (o *FeatureOptions) Validate() []error

                                                                type GeneratableKeyCert

                                                                type GeneratableKeyCert struct {
                                                                	// CertKey allows setting an explicit cert/key file to use.
                                                                	CertKey CertKey
                                                                
                                                                	// CertDirectory specifies a directory to write generated certificates to if CertFile/KeyFile aren't explicitly set.
                                                                	// PairName is used to determine the filenames within CertDirectory.
                                                                	// If CertDirectory and PairName are not set, an in-memory certificate will be generated.
                                                                	CertDirectory string
                                                                	// PairName is the name which will be used with CertDirectory to make a cert and key filenames.
                                                                	// It becomes CertDirectory/PairName.crt and CertDirectory/PairName.key
                                                                	PairName string
                                                                
                                                                	// GeneratedCert holds an in-memory generated certificate if CertFile/KeyFile aren't explicitly set, and CertDirectory/PairName are not set.
                                                                	GeneratedCert *tls.Certificate
                                                                
                                                                	// FixtureDirectory is a directory that contains test fixture used to avoid regeneration of certs during tests.
                                                                	// The format is:
                                                                	// <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.crt
                                                                	// <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.key
                                                                	FixtureDirectory string
                                                                }

                                                                type GroupRegisty

                                                                type GroupRegisty interface {
                                                                	// IsRegistered returns true if given group is registered.
                                                                	IsGroupRegistered(group string) bool
                                                                }

                                                                  GroupRegisty provides a method to check whether given group is registered.

                                                                  type ProcessInfo

                                                                  type ProcessInfo struct {
                                                                  	// Name of the api process to identify events
                                                                  	Name string
                                                                  
                                                                  	// Namespace of the api process to send events
                                                                  	Namespace string
                                                                  }

                                                                    ProcessInfo holds the apiserver process information used to send events

                                                                    func NewProcessInfo

                                                                    func NewProcessInfo(name, namespace string) *ProcessInfo

                                                                      NewProcessInfo returns a new process info with the hostname concatenated to the name given

                                                                      type RecommendedOptions

                                                                      type RecommendedOptions struct {
                                                                      	Etcd           *EtcdOptions
                                                                      	SecureServing  *SecureServingOptionsWithLoopback
                                                                      	Authentication *DelegatingAuthenticationOptions
                                                                      	Authorization  *DelegatingAuthorizationOptions
                                                                      	Audit          *AuditOptions
                                                                      	Features       *FeatureOptions
                                                                      	CoreAPI        *CoreAPIOptions
                                                                      
                                                                      	// ExtraAdmissionInitializers is called once after all ApplyTo from the options above, to pass the returned
                                                                      	// admission plugin initializers to Admission.ApplyTo.
                                                                      	ExtraAdmissionInitializers func(c *server.RecommendedConfig) ([]admission.PluginInitializer, error)
                                                                      	Admission                  *AdmissionOptions
                                                                      	// ProcessInfo is used to identify events created by the server.
                                                                      	ProcessInfo *ProcessInfo
                                                                      	Webhook     *WebhookOptions
                                                                      }

                                                                        RecommendedOptions contains the recommended options for running an API server. If you add something to this list, it should be in a logical grouping. Each of them can be nil to leave the feature unconfigured on ApplyTo.

                                                                        func NewRecommendedOptions

                                                                        func NewRecommendedOptions(prefix string, codec runtime.Codec, processInfo *ProcessInfo) *RecommendedOptions

                                                                        func (*RecommendedOptions) AddFlags

                                                                        func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet)

                                                                        func (*RecommendedOptions) ApplyTo

                                                                        func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig) error

                                                                          ApplyTo adds RecommendedOptions to the server configuration. pluginInitializers can be empty, it is only need for additional initializers.

                                                                          func (*RecommendedOptions) Validate

                                                                          func (o *RecommendedOptions) Validate() []error

                                                                          type RequestHeaderAuthenticationOptions

                                                                          type RequestHeaderAuthenticationOptions struct {
                                                                          	// ClientCAFile is the root certificate bundle to verify client certificates on incoming requests
                                                                          	// before trusting usernames in headers.
                                                                          	ClientCAFile string
                                                                          
                                                                          	UsernameHeaders     []string
                                                                          	GroupHeaders        []string
                                                                          	ExtraHeaderPrefixes []string
                                                                          	AllowedNames        []string
                                                                          }

                                                                          func (*RequestHeaderAuthenticationOptions) AddFlags

                                                                          func (*RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig

                                                                          func (s *RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig() *authenticatorfactory.RequestHeaderConfig

                                                                            ToAuthenticationRequestHeaderConfig returns a RequestHeaderConfig config object for these options if necessary, nil otherwise.

                                                                            type SecureServingOptions

                                                                            type SecureServingOptions struct {
                                                                            	BindAddress net.IP
                                                                            	// BindPort is ignored when Listener is set, will serve https even with 0.
                                                                            	BindPort int
                                                                            	// BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp",
                                                                            	// "tcp4", and "tcp6".
                                                                            	BindNetwork string
                                                                            	// Required set to true means that BindPort cannot be zero.
                                                                            	Required bool
                                                                            	// ExternalAddress is the address advertised, even if BindAddress is a loopback. By default this
                                                                            	// is set to BindAddress if the later no loopback, or to the first host interface address.
                                                                            	ExternalAddress net.IP
                                                                            
                                                                            	// Listener is the secure server network listener.
                                                                            	// either Listener or BindAddress/BindPort/BindNetwork is set,
                                                                            	// if Listener is set, use it and omit BindAddress/BindPort/BindNetwork.
                                                                            	Listener net.Listener
                                                                            
                                                                            	// ServerCert is the TLS cert info for serving secure traffic
                                                                            	ServerCert GeneratableKeyCert
                                                                            	// SNICertKeys are named CertKeys for serving secure traffic with SNI support.
                                                                            	SNICertKeys []cliflag.NamedCertKey
                                                                            	// CipherSuites is the list of allowed cipher suites for the server.
                                                                            	// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
                                                                            	CipherSuites []string
                                                                            	// MinTLSVersion is the minimum TLS version supported.
                                                                            	// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
                                                                            	MinTLSVersion string
                                                                            
                                                                            	// HTTP2MaxStreamsPerConnection is the limit that the api server imposes on each client.
                                                                            	// A value of zero means to use the default provided by golang's HTTP/2 support.
                                                                            	HTTP2MaxStreamsPerConnection int
                                                                            }

                                                                            func NewSecureServingOptions

                                                                            func NewSecureServingOptions() *SecureServingOptions

                                                                            func (*SecureServingOptions) AddFlags

                                                                            func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet)

                                                                            func (*SecureServingOptions) ApplyTo

                                                                            func (s *SecureServingOptions) ApplyTo(config **server.SecureServingInfo) error

                                                                              ApplyTo fills up serving information in the server configuration.

                                                                              func (*SecureServingOptions) DefaultExternalAddress

                                                                              func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error)

                                                                              func (*SecureServingOptions) MaybeDefaultWithSelfSignedCerts

                                                                              func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress string, alternateDNS []string, alternateIPs []net.IP) error

                                                                              func (*SecureServingOptions) Validate

                                                                              func (s *SecureServingOptions) Validate() []error

                                                                              func (*SecureServingOptions) WithLoopback

                                                                              type SecureServingOptionsWithLoopback

                                                                              type SecureServingOptionsWithLoopback struct {
                                                                              	*SecureServingOptions
                                                                              }

                                                                              func (*SecureServingOptionsWithLoopback) ApplyTo

                                                                              func (s *SecureServingOptionsWithLoopback) ApplyTo(secureServingInfo **server.SecureServingInfo, loopbackClientConfig **rest.Config) error

                                                                                ApplyTo fills up serving information in the server configuration.

                                                                                type ServerRunOptions

                                                                                type ServerRunOptions struct {
                                                                                	AdvertiseAddress net.IP
                                                                                
                                                                                	CorsAllowedOriginList       []string
                                                                                	ExternalHost                string
                                                                                	MaxRequestsInFlight         int
                                                                                	MaxMutatingRequestsInFlight int
                                                                                	RequestTimeout              time.Duration
                                                                                	MinRequestTimeout           int
                                                                                	// We intentionally did not add a flag for this option. Users of the
                                                                                	// apiserver library can wire it to a flag.
                                                                                	JSONPatchMaxCopyBytes int64
                                                                                	// The limit on the request body size that would be accepted and
                                                                                	// decoded in a write request. 0 means no limit.
                                                                                	// We intentionally did not add a flag for this option. Users of the
                                                                                	// apiserver library can wire it to a flag.
                                                                                	MaxRequestBodyBytes int64
                                                                                	TargetRAMMB         int
                                                                                }

                                                                                  ServerRunOptions contains the options while running a generic api server.

                                                                                  func NewServerRunOptions

                                                                                  func NewServerRunOptions() *ServerRunOptions

                                                                                  func (*ServerRunOptions) AddUniversalFlags

                                                                                  func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet)

                                                                                    AddUniversalFlags adds flags for a specific APIServer to the specified FlagSet

                                                                                    func (*ServerRunOptions) ApplyTo

                                                                                    func (s *ServerRunOptions) ApplyTo(c *server.Config) error

                                                                                      ApplyOptions applies the run options to the method receiver and returns self

                                                                                      func (*ServerRunOptions) DefaultAdvertiseAddress

                                                                                      func (s *ServerRunOptions) DefaultAdvertiseAddress(secure *SecureServingOptions) error

                                                                                        DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions.

                                                                                        func (*ServerRunOptions) Validate

                                                                                        func (s *ServerRunOptions) Validate() []error

                                                                                          Validate checks validation of ServerRunOptions

                                                                                          type SimpleRestOptionsFactory

                                                                                          type SimpleRestOptionsFactory struct {
                                                                                          	Options EtcdOptions
                                                                                          }

                                                                                          func (*SimpleRestOptionsFactory) GetRESTOptions

                                                                                          func (f *SimpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error)

                                                                                          type StorageFactoryRestOptionsFactory

                                                                                          type StorageFactoryRestOptionsFactory struct {
                                                                                          	Options        EtcdOptions
                                                                                          	StorageFactory serverstorage.StorageFactory
                                                                                          }

                                                                                          func (*StorageFactoryRestOptionsFactory) GetRESTOptions

                                                                                          type WebhookOptions

                                                                                          type WebhookOptions struct {
                                                                                          	ServiceResolver         utilwebhook.ServiceResolver
                                                                                          	AuthInfoResolverWrapper utilwebhook.AuthenticationInfoResolverWrapper
                                                                                          }

                                                                                            WebhookOptions holds the outgoing webhook options

                                                                                            func NewWebhookOptions

                                                                                            func NewWebhookOptions() *WebhookOptions

                                                                                              NewWebhookOptions returns the default options for outgoing webhooks

                                                                                              Directories

                                                                                              Path Synopsis