Version: v1.10.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Apr 12, 2018 License: Apache-2.0 Imports: 56 Imported by: 0



Package options contains flags and options for initializing kube-apiserver



View Source
const (
	DefaultEtcdPathPrefix = "/registry"


AllOrderedPlugins is the list of all the plugins in order.

View Source
var DefaultServiceIPCIDR net.IPNet = net.IPNet{IP: net.ParseIP(""), Mask: net.CIDRMask(24, 32)}

DefaultServiceIPCIDR is a CIDR notation of IP range from which to allocate service cluster IPs

View Source
var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768}

DefaultServiceNodePortRange is the default port range for NodePort services.


func DefaultAdvertiseAddress added in v1.7.0

func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, insecure *InsecureServingOptions) error

DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions. If the SecureServingOptions is not present, DefaultExternalAddress will fall back to the insecure ServingOptions.

func DefaultOffAdmissionPlugins added in v1.10.0

func DefaultOffAdmissionPlugins() sets.String

DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.

func NewSecureServingOptions

func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback

NewSecureServingOptions gives default values for the kube-apiserver which are not the options wanted by "normal" API servers running on the platform

func RegisterAllAdmissionPlugins added in v1.10.0

func RegisterAllAdmissionPlugins(plugins *admission.Plugins)

RegisterAllAdmissionPlugins registers all admission plugins and sets the recommended plugins order.


type AdmissionOptions added in v1.10.0

type AdmissionOptions struct {
	// GenericAdmission holds the generic admission options.
	GenericAdmission *genericoptions.AdmissionOptions
	// DEPRECATED flag, should use EnabledAdmissionPlugins and DisabledAdmissionPlugins.
	// They are mutually exclusive, specify both will lead to an error.
	PluginNames []string

AdmissionOptions holds the admission options. It is a wrap of generic AdmissionOptions.

func NewAdmissionOptions added in v1.10.0

func NewAdmissionOptions() *AdmissionOptions

NewAdmissionOptions creates a new instance of AdmissionOptions Note:

In addition it calls RegisterAllAdmissionPlugins to register
all kube-apiserver admission plugins.

Provides the list of RecommendedPluginOrder that holds sane values
that can be used by servers that don't care about admission chain.
Servers that do care can overwrite/append that field after creation.

func (*AdmissionOptions) AddFlags added in v1.10.0

func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet)

AddFlags adds flags related to admission for kube-apiserver to the specified FlagSet

func (*AdmissionOptions) ApplyTo added in v1.10.0

func (a *AdmissionOptions) ApplyTo(
	c *server.Config,
	informers informers.SharedInformerFactory,
	kubeAPIServerClientConfig *rest.Config,
	scheme *runtime.Scheme,
	pluginInitializers ...admission.PluginInitializer,
) error

ApplyTo adds the admission chain to the server configuration. Kube-apiserver just call generic AdmissionOptions.ApplyTo.

func (*AdmissionOptions) Validate added in v1.10.0

func (a *AdmissionOptions) Validate() []error

Validate verifies flags passed to kube-apiserver AdmissionOptions. Kube-apiserver verifies PluginNames and then call generic AdmissionOptions.Validate.

type AnonymousAuthenticationOptions

type AnonymousAuthenticationOptions struct {
	Allow bool

type BootstrapTokenAuthenticationOptions

type BootstrapTokenAuthenticationOptions struct {
	Enable bool

type BuiltInAuthenticationOptions

func NewBuiltInAuthenticationOptions

func NewBuiltInAuthenticationOptions() *BuiltInAuthenticationOptions

func (*BuiltInAuthenticationOptions) AddFlags

func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet)

func (*BuiltInAuthenticationOptions) ApplyAuthorization

func (o *BuiltInAuthenticationOptions) ApplyAuthorization(authorization *BuiltInAuthorizationOptions)

ApplyAuthorization will conditionally modify the authentication options based on the authorization options

func (*BuiltInAuthenticationOptions) ApplyTo

func (*BuiltInAuthenticationOptions) ToAuthenticationConfig

func (*BuiltInAuthenticationOptions) Validate

func (s *BuiltInAuthenticationOptions) Validate() []error

Validate checks invalid config combination

func (*BuiltInAuthenticationOptions) WithAll

func (*BuiltInAuthenticationOptions) WithAnonymous added in v1.8.0

func (*BuiltInAuthenticationOptions) WithBootstrapToken

func (*BuiltInAuthenticationOptions) WithClientCert

func (*BuiltInAuthenticationOptions) WithOIDC

func (*BuiltInAuthenticationOptions) WithPasswordFile

func (*BuiltInAuthenticationOptions) WithRequestHeader

func (*BuiltInAuthenticationOptions) WithServiceAccounts

func (*BuiltInAuthenticationOptions) WithTokenFile

func (*BuiltInAuthenticationOptions) WithWebHook

type BuiltInAuthorizationOptions

type BuiltInAuthorizationOptions struct {
	Mode                        string
	PolicyFile                  string
	WebhookConfigFile           string
	WebhookCacheAuthorizedTTL   time.Duration
	WebhookCacheUnauthorizedTTL time.Duration

func NewBuiltInAuthorizationOptions

func NewBuiltInAuthorizationOptions() *BuiltInAuthorizationOptions

func (*BuiltInAuthorizationOptions) AddFlags

func (s *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet)

func (*BuiltInAuthorizationOptions) Modes added in v1.6.2

func (s *BuiltInAuthorizationOptions) Modes() []string

func (*BuiltInAuthorizationOptions) ToAuthorizationConfig

func (*BuiltInAuthorizationOptions) Validate

func (s *BuiltInAuthorizationOptions) Validate() []error

type CloudProviderOptions

type CloudProviderOptions struct {
	CloudConfigFile string
	CloudProvider   string

func NewCloudProviderOptions

func NewCloudProviderOptions() *CloudProviderOptions

func (*CloudProviderOptions) AddFlags

func (s *CloudProviderOptions) AddFlags(fs *pflag.FlagSet)

func (*CloudProviderOptions) Validate

func (s *CloudProviderOptions) Validate() []error

type InsecureServingOptions added in v1.7.0

type InsecureServingOptions struct {
	BindAddress net.IP
	BindPort    int

InsecureServingOptions are for creating an unauthenticated, unauthorized, insecure port. No one should be using these anymore.

func NewInsecureServingOptions added in v1.7.0

func NewInsecureServingOptions() *InsecureServingOptions

NewInsecureServingOptions is for creating an unauthenticated, unauthorized, insecure port. No one should be using these anymore.

func (*InsecureServingOptions) AddDeprecatedFlags added in v1.7.0

func (s *InsecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet)

TODO: remove it until kops stop using `--address`

func (*InsecureServingOptions) AddFlags added in v1.7.0

func (s *InsecureServingOptions) AddFlags(fs *pflag.FlagSet)

func (*InsecureServingOptions) ApplyTo added in v1.7.0

func (*InsecureServingOptions) DefaultExternalAddress added in v1.7.0

func (s *InsecureServingOptions) DefaultExternalAddress() (net.IP, error)

func (InsecureServingOptions) Validate added in v1.7.0

func (s InsecureServingOptions) Validate(portArg string) []error

type OIDCAuthenticationOptions

type OIDCAuthenticationOptions struct {
	CAFile         string
	ClientID       string
	IssuerURL      string
	UsernameClaim  string
	UsernamePrefix string
	GroupsClaim    string
	GroupsPrefix   string
	SigningAlgs    []string

type PasswordFileAuthenticationOptions

type PasswordFileAuthenticationOptions struct {
	BasicAuthFile string

type ServiceAccountAuthenticationOptions

type ServiceAccountAuthenticationOptions struct {
	KeyFiles     []string
	Lookup       bool
	Issuer       string
	APIAudiences []string

type StorageSerializationOptions

type StorageSerializationOptions struct {
	StorageVersions string
	// The default values for StorageVersions. StorageVersions overrides
	// these; you can change this if you want to change the defaults (e.g.,
	// for testing). This is not actually exposed as a flag.
	DefaultStorageVersions string

StorageSerializationOptions contains the options for encoding resources.

func NewStorageSerializationOptions

func NewStorageSerializationOptions() *StorageSerializationOptions

func (*StorageSerializationOptions) AddFlags

func (s *StorageSerializationOptions) AddFlags(fs *pflag.FlagSet)

AddFlags adds flags for a specific APIServer to the specified FlagSet

func (*StorageSerializationOptions) StorageGroupsToEncodingVersion

func (s *StorageSerializationOptions) StorageGroupsToEncodingVersion() (map[string]schema.GroupVersion, error)

StorageGroupsToEncodingVersion returns a map from group name to group version, computed from s.StorageVersions flag.

type TokenFileAuthenticationOptions

type TokenFileAuthenticationOptions struct {
	TokenFile string

type WebHookAuthenticationOptions

type WebHookAuthenticationOptions struct {
	ConfigFile string
	CacheTTL   time.Duration

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL