Documentation

Overview

    Package options contains flags and options for initializing kube-apiserver

    Index

    Constants

    View Source
    const DefaultEtcdPathPrefix = "/registry"

    Variables

      AllOrderedPlugins is the list of all the plugins in order.

      View Source
      var DefaultServiceIPCIDR net.IPNet = net.IPNet{IP: net.ParseIP("10.0.0.0"), Mask: net.CIDRMask(24, 32)}

        DefaultServiceIPCIDR is a CIDR notation of IP range from which to allocate service cluster IPs

        View Source
        var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768}

          DefaultServiceNodePortRange is the default port range for NodePort services.

          Functions

          func DefaultAdvertiseAddress

            DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions. If the SecureServingOptions is not present, DefaultExternalAddress will fall back to the insecure ServingOptions.

            func DefaultOffAdmissionPlugins

            func DefaultOffAdmissionPlugins() sets.String

              DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.

              func NewInsecureServingOptions

                NewInsecureServingOptions gives default values for the kube-apiserver. TODO: switch insecure serving off by default

                func NewSecureServingOptions

                func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback

                  NewSecureServingOptions gives default values for the kube-apiserver which are not the options wanted by "normal" API servers running on the platform

                  func RegisterAllAdmissionPlugins

                  func RegisterAllAdmissionPlugins(plugins *admission.Plugins)

                    RegisterAllAdmissionPlugins registers all admission plugins and sets the recommended plugins order.

                    Types

                    type AdmissionOptions

                    type AdmissionOptions struct {
                    	// GenericAdmission holds the generic admission options.
                    	GenericAdmission *genericoptions.AdmissionOptions
                    	// DEPRECATED flag, should use EnabledAdmissionPlugins and DisabledAdmissionPlugins.
                    	// They are mutually exclusive, specify both will lead to an error.
                    	PluginNames []string
                    }

                      AdmissionOptions holds the admission options. It is a wrap of generic AdmissionOptions.

                      func NewAdmissionOptions

                      func NewAdmissionOptions() *AdmissionOptions

                        NewAdmissionOptions creates a new instance of AdmissionOptions Note:

                        In addition it calls RegisterAllAdmissionPlugins to register
                        all kube-apiserver admission plugins.
                        
                        Provides the list of RecommendedPluginOrder that holds sane values
                        that can be used by servers that don't care about admission chain.
                        Servers that do care can overwrite/append that field after creation.
                        

                        func (*AdmissionOptions) AddFlags

                        func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet)

                          AddFlags adds flags related to admission for kube-apiserver to the specified FlagSet

                          func (*AdmissionOptions) ApplyTo

                          func (a *AdmissionOptions) ApplyTo(
                          	c *server.Config,
                          	informers informers.SharedInformerFactory,
                          	kubeAPIServerClientConfig *rest.Config,
                          	pluginInitializers ...admission.PluginInitializer,
                          ) error

                            ApplyTo adds the admission chain to the server configuration. Kube-apiserver just call generic AdmissionOptions.ApplyTo.

                            func (*AdmissionOptions) Validate

                            func (a *AdmissionOptions) Validate() []error

                              Validate verifies flags passed to kube-apiserver AdmissionOptions. Kube-apiserver verifies PluginNames and then call generic AdmissionOptions.Validate.

                              type AnonymousAuthenticationOptions

                              type AnonymousAuthenticationOptions struct {
                              	Allow bool
                              }

                              type BootstrapTokenAuthenticationOptions

                              type BootstrapTokenAuthenticationOptions struct {
                              	Enable bool
                              }

                              type BuiltInAuthenticationOptions

                              type BuiltInAuthenticationOptions struct {
                              	APIAudiences    []string
                              	Anonymous       *AnonymousAuthenticationOptions
                              	BootstrapToken  *BootstrapTokenAuthenticationOptions
                              	ClientCert      *genericoptions.ClientCertAuthenticationOptions
                              	OIDC            *OIDCAuthenticationOptions
                              	PasswordFile    *PasswordFileAuthenticationOptions
                              	RequestHeader   *genericoptions.RequestHeaderAuthenticationOptions
                              	ServiceAccounts *ServiceAccountAuthenticationOptions
                              	TokenFile       *TokenFileAuthenticationOptions
                              	WebHook         *WebHookAuthenticationOptions
                              
                              	TokenSuccessCacheTTL time.Duration
                              	TokenFailureCacheTTL time.Duration
                              }

                              func NewBuiltInAuthenticationOptions

                              func NewBuiltInAuthenticationOptions() *BuiltInAuthenticationOptions

                              func (*BuiltInAuthenticationOptions) AddFlags

                              func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet)

                              func (*BuiltInAuthenticationOptions) ApplyAuthorization

                              func (o *BuiltInAuthenticationOptions) ApplyAuthorization(authorization *BuiltInAuthorizationOptions)

                                ApplyAuthorization will conditionally modify the authentication options based on the authorization options

                                func (*BuiltInAuthenticationOptions) ApplyTo

                                func (*BuiltInAuthenticationOptions) ToAuthenticationConfig

                                func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() kubeauthenticator.Config

                                func (*BuiltInAuthenticationOptions) Validate

                                func (s *BuiltInAuthenticationOptions) Validate() []error

                                  Validate checks invalid config combination

                                  func (*BuiltInAuthenticationOptions) WithAll

                                  func (*BuiltInAuthenticationOptions) WithAnonymous

                                  func (*BuiltInAuthenticationOptions) WithBootstrapToken

                                  func (*BuiltInAuthenticationOptions) WithClientCert

                                  func (*BuiltInAuthenticationOptions) WithOIDC

                                  func (*BuiltInAuthenticationOptions) WithPasswordFile

                                  func (*BuiltInAuthenticationOptions) WithRequestHeader

                                  func (*BuiltInAuthenticationOptions) WithServiceAccounts

                                  func (*BuiltInAuthenticationOptions) WithTokenFile

                                  func (*BuiltInAuthenticationOptions) WithWebHook

                                  type BuiltInAuthorizationOptions

                                  type BuiltInAuthorizationOptions struct {
                                  	Modes                       []string
                                  	PolicyFile                  string
                                  	WebhookConfigFile           string
                                  	WebhookCacheAuthorizedTTL   time.Duration
                                  	WebhookCacheUnauthorizedTTL time.Duration
                                  }

                                  func NewBuiltInAuthorizationOptions

                                  func NewBuiltInAuthorizationOptions() *BuiltInAuthorizationOptions

                                  func (*BuiltInAuthorizationOptions) AddFlags

                                  func (s *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet)

                                  func (*BuiltInAuthorizationOptions) ToAuthorizationConfig

                                  func (s *BuiltInAuthorizationOptions) ToAuthorizationConfig(versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.Config

                                  func (*BuiltInAuthorizationOptions) Validate

                                  func (s *BuiltInAuthorizationOptions) Validate() []error

                                  type CloudProviderOptions

                                  type CloudProviderOptions struct {
                                  	CloudConfigFile string
                                  	CloudProvider   string
                                  }

                                  func NewCloudProviderOptions

                                  func NewCloudProviderOptions() *CloudProviderOptions

                                  func (*CloudProviderOptions) AddFlags

                                  func (s *CloudProviderOptions) AddFlags(fs *pflag.FlagSet)

                                  func (*CloudProviderOptions) Validate

                                  func (s *CloudProviderOptions) Validate() []error

                                  type OIDCAuthenticationOptions

                                  type OIDCAuthenticationOptions struct {
                                  	CAFile         string
                                  	ClientID       string
                                  	IssuerURL      string
                                  	UsernameClaim  string
                                  	UsernamePrefix string
                                  	GroupsClaim    string
                                  	GroupsPrefix   string
                                  	SigningAlgs    []string
                                  	RequiredClaims map[string]string
                                  }

                                  type PasswordFileAuthenticationOptions

                                  type PasswordFileAuthenticationOptions struct {
                                  	BasicAuthFile string
                                  }

                                  type ServiceAccountAuthenticationOptions

                                  type ServiceAccountAuthenticationOptions struct {
                                  	KeyFiles      []string
                                  	Lookup        bool
                                  	Issuer        string
                                  	MaxExpiration time.Duration
                                  }

                                  type TokenFileAuthenticationOptions

                                  type TokenFileAuthenticationOptions struct {
                                  	TokenFile string
                                  }

                                  type WebHookAuthenticationOptions

                                  type WebHookAuthenticationOptions struct {
                                  	ConfigFile string
                                  	CacheTTL   time.Duration
                                  }