Documentation

Overview

    Package options contains flags and options for initializing kube-apiserver

    Index

    Constants

    View Source
    const (
    	DefaultEtcdPathPrefix = "/registry"
    )

    Variables

      AllOrderedPlugins is the list of all the plugins in order.

      View Source
      var DefaultServiceIPCIDR net.IPNet = net.IPNet{IP: net.ParseIP("10.0.0.0"), Mask: net.CIDRMask(24, 32)}

        DefaultServiceIPCIDR is a CIDR notation of IP range from which to allocate service cluster IPs

        View Source
        var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768}

          DefaultServiceNodePortRange is the default port range for NodePort services.

          Functions

          func DefaultAdvertiseAddress

          func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, insecure *InsecureServingOptions) error

            DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions. If the SecureServingOptions is not present, DefaultExternalAddress will fall back to the insecure ServingOptions.

            func DefaultOffAdmissionPlugins

            func DefaultOffAdmissionPlugins() sets.String

              DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.

              func NewSecureServingOptions

              func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback

                NewSecureServingOptions gives default values for the kube-apiserver which are not the options wanted by "normal" API servers running on the platform

                func RegisterAllAdmissionPlugins

                func RegisterAllAdmissionPlugins(plugins *admission.Plugins)

                  RegisterAllAdmissionPlugins registers all admission plugins and sets the recommended plugins order.

                  Types

                  type AdmissionOptions

                  type AdmissionOptions struct {
                  	// GenericAdmission holds the generic admission options.
                  	GenericAdmission *genericoptions.AdmissionOptions
                  	// DEPRECATED flag, should use EnabledAdmissionPlugins and DisabledAdmissionPlugins.
                  	// They are mutually exclusive, specify both will lead to an error.
                  	PluginNames []string
                  }

                    AdmissionOptions holds the admission options. It is a wrap of generic AdmissionOptions.

                    func NewAdmissionOptions

                    func NewAdmissionOptions() *AdmissionOptions

                      NewAdmissionOptions creates a new instance of AdmissionOptions Note:

                      In addition it calls RegisterAllAdmissionPlugins to register
                      all kube-apiserver admission plugins.
                      
                      Provides the list of RecommendedPluginOrder that holds sane values
                      that can be used by servers that don't care about admission chain.
                      Servers that do care can overwrite/append that field after creation.
                      

                      func (*AdmissionOptions) AddFlags

                      func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet)

                        AddFlags adds flags related to admission for kube-apiserver to the specified FlagSet

                        func (*AdmissionOptions) ApplyTo

                        func (a *AdmissionOptions) ApplyTo(
                        	c *server.Config,
                        	informers informers.SharedInformerFactory,
                        	kubeAPIServerClientConfig *rest.Config,
                        	scheme *runtime.Scheme,
                        	pluginInitializers ...admission.PluginInitializer,
                        ) error

                          ApplyTo adds the admission chain to the server configuration. Kube-apiserver just call generic AdmissionOptions.ApplyTo.

                          func (*AdmissionOptions) Validate

                          func (a *AdmissionOptions) Validate() []error

                            Validate verifies flags passed to kube-apiserver AdmissionOptions. Kube-apiserver verifies PluginNames and then call generic AdmissionOptions.Validate.

                            type AnonymousAuthenticationOptions

                            type AnonymousAuthenticationOptions struct {
                            	Allow bool
                            }

                            type BootstrapTokenAuthenticationOptions

                            type BootstrapTokenAuthenticationOptions struct {
                            	Enable bool
                            }

                            type BuiltInAuthenticationOptions

                            func NewBuiltInAuthenticationOptions

                            func NewBuiltInAuthenticationOptions() *BuiltInAuthenticationOptions

                            func (*BuiltInAuthenticationOptions) AddFlags

                            func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet)

                            func (*BuiltInAuthenticationOptions) ApplyAuthorization

                            func (o *BuiltInAuthenticationOptions) ApplyAuthorization(authorization *BuiltInAuthorizationOptions)

                              ApplyAuthorization will conditionally modify the authentication options based on the authorization options

                              func (*BuiltInAuthenticationOptions) ApplyTo

                              func (*BuiltInAuthenticationOptions) ToAuthenticationConfig

                              func (*BuiltInAuthenticationOptions) Validate

                              func (s *BuiltInAuthenticationOptions) Validate() []error

                                Validate checks invalid config combination

                                func (*BuiltInAuthenticationOptions) WithAll

                                func (*BuiltInAuthenticationOptions) WithAnonymous

                                func (*BuiltInAuthenticationOptions) WithBootstrapToken

                                func (*BuiltInAuthenticationOptions) WithClientCert

                                func (*BuiltInAuthenticationOptions) WithOIDC

                                func (*BuiltInAuthenticationOptions) WithPasswordFile

                                func (*BuiltInAuthenticationOptions) WithRequestHeader

                                func (*BuiltInAuthenticationOptions) WithServiceAccounts

                                func (*BuiltInAuthenticationOptions) WithTokenFile

                                func (*BuiltInAuthenticationOptions) WithWebHook

                                type BuiltInAuthorizationOptions

                                type BuiltInAuthorizationOptions struct {
                                	Mode                        string
                                	PolicyFile                  string
                                	WebhookConfigFile           string
                                	WebhookCacheAuthorizedTTL   time.Duration
                                	WebhookCacheUnauthorizedTTL time.Duration
                                }

                                func NewBuiltInAuthorizationOptions

                                func NewBuiltInAuthorizationOptions() *BuiltInAuthorizationOptions

                                func (*BuiltInAuthorizationOptions) AddFlags

                                func (s *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet)

                                func (*BuiltInAuthorizationOptions) Modes

                                func (s *BuiltInAuthorizationOptions) Modes() []string

                                func (*BuiltInAuthorizationOptions) ToAuthorizationConfig

                                func (*BuiltInAuthorizationOptions) Validate

                                func (s *BuiltInAuthorizationOptions) Validate() []error

                                type CloudProviderOptions

                                type CloudProviderOptions struct {
                                	CloudConfigFile string
                                	CloudProvider   string
                                }

                                func NewCloudProviderOptions

                                func NewCloudProviderOptions() *CloudProviderOptions

                                func (*CloudProviderOptions) AddFlags

                                func (s *CloudProviderOptions) AddFlags(fs *pflag.FlagSet)

                                func (*CloudProviderOptions) Validate

                                func (s *CloudProviderOptions) Validate() []error

                                type InsecureServingOptions

                                type InsecureServingOptions struct {
                                	BindAddress net.IP
                                	BindPort    int
                                }

                                  InsecureServingOptions are for creating an unauthenticated, unauthorized, insecure port. No one should be using these anymore.

                                  func NewInsecureServingOptions

                                  func NewInsecureServingOptions() *InsecureServingOptions

                                    NewInsecureServingOptions is for creating an unauthenticated, unauthorized, insecure port. No one should be using these anymore.

                                    func (*InsecureServingOptions) AddDeprecatedFlags

                                    func (s *InsecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet)

                                      TODO: remove it until kops stop using `--address`

                                      func (*InsecureServingOptions) AddFlags

                                      func (s *InsecureServingOptions) AddFlags(fs *pflag.FlagSet)

                                      func (*InsecureServingOptions) ApplyTo

                                      func (*InsecureServingOptions) DefaultExternalAddress

                                      func (s *InsecureServingOptions) DefaultExternalAddress() (net.IP, error)

                                      func (InsecureServingOptions) Validate

                                      func (s InsecureServingOptions) Validate(portArg string) []error

                                      type OIDCAuthenticationOptions

                                      type OIDCAuthenticationOptions struct {
                                      	CAFile         string
                                      	ClientID       string
                                      	IssuerURL      string
                                      	UsernameClaim  string
                                      	UsernamePrefix string
                                      	GroupsClaim    string
                                      	GroupsPrefix   string
                                      	SigningAlgs    []string
                                      }

                                      type PasswordFileAuthenticationOptions

                                      type PasswordFileAuthenticationOptions struct {
                                      	BasicAuthFile string
                                      }

                                      type ServiceAccountAuthenticationOptions

                                      type ServiceAccountAuthenticationOptions struct {
                                      	KeyFiles     []string
                                      	Lookup       bool
                                      	Issuer       string
                                      	APIAudiences []string
                                      }

                                      type StorageSerializationOptions

                                      type StorageSerializationOptions struct {
                                      	StorageVersions string
                                      	// The default values for StorageVersions. StorageVersions overrides
                                      	// these; you can change this if you want to change the defaults (e.g.,
                                      	// for testing). This is not actually exposed as a flag.
                                      	DefaultStorageVersions string
                                      }

                                        StorageSerializationOptions contains the options for encoding resources.

                                        func NewStorageSerializationOptions

                                        func NewStorageSerializationOptions() *StorageSerializationOptions

                                        func (*StorageSerializationOptions) AddFlags

                                        func (s *StorageSerializationOptions) AddFlags(fs *pflag.FlagSet)

                                          AddFlags adds flags for a specific APIServer to the specified FlagSet

                                          func (*StorageSerializationOptions) StorageGroupsToEncodingVersion

                                          func (s *StorageSerializationOptions) StorageGroupsToEncodingVersion() (map[string]schema.GroupVersion, error)

                                            StorageGroupsToEncodingVersion returns a map from group name to group version, computed from s.StorageVersions flag.

                                            type TokenFileAuthenticationOptions

                                            type TokenFileAuthenticationOptions struct {
                                            	TokenFile string
                                            }

                                            type WebHookAuthenticationOptions

                                            type WebHookAuthenticationOptions struct {
                                            	ConfigFile string
                                            	CacheTTL   time.Duration
                                            }