Documentation ¶
Overview ¶
package options is the public flags and options used by a generic api server. It takes a minimal set of dependencies and does not reference implementations, in order to ensure it may be reused by multiple components (such as CLI commands that wish to generate or validate config).
Index ¶
- func CreateListener(network, addr string) (net.Listener, int, error)
- func ParseWatchCacheSizes(cacheSizes []string) (map[schema.GroupResource]int, error)
- func WriteWatchCacheSizes(watchCacheSizes map[schema.GroupResource]int) ([]string, error)
- type AdmissionOptions
- type AuditLogOptions
- type AuditOptions
- type AuditWebhookOptions
- type CertKey
- type ClientCertAuthenticationOptions
- type CoreAPIOptions
- type DelegatingAuthenticationOptions
- func (s *DelegatingAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
- func (s *DelegatingAuthenticationOptions) ApplyTo(c *server.Config) error
- func (s *DelegatingAuthenticationOptions) ToAuthenticationConfig() (authenticatorfactory.DelegatingAuthenticatorConfig, error)
- func (s *DelegatingAuthenticationOptions) Validate() []error
- type DelegatingAuthorizationOptions
- func (s *DelegatingAuthorizationOptions) AddFlags(fs *pflag.FlagSet)
- func (s *DelegatingAuthorizationOptions) ApplyTo(c *server.Config) error
- func (s *DelegatingAuthorizationOptions) ToAuthorizationConfig() (authorizerfactory.DelegatingAuthorizerConfig, error)
- func (s *DelegatingAuthorizationOptions) Validate() []error
- type EtcdOptions
- type FeatureOptions
- type GeneratableKeyCert
- type RecommendedOptions
- type RequestHeaderAuthenticationOptions
- type SecureServingOptions
- func (s *SecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet)
- func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet)
- func (s *SecureServingOptions) ApplyTo(c *server.Config) error
- func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error)
- func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress string, alternateDNS []string, alternateIPs []net.IP) error
- func (s *SecureServingOptions) Validate() []error
- type ServerRunOptions
- type SimpleRestOptionsFactory
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseWatchCacheSizes ¶
func ParseWatchCacheSizes(cacheSizes []string) (map[schema.GroupResource]int, error)
ParseWatchCacheSizes turns a list of cache size values into a map of group resources to requested sizes.
func WriteWatchCacheSizes ¶
func WriteWatchCacheSizes(watchCacheSizes map[schema.GroupResource]int) ([]string, error)
WriteWatchCacheSizes turns a map of cache size values into a list of string specifications.
Types ¶
type AdmissionOptions ¶
type AdmissionOptions struct { // RecommendedPluginOrder holds an ordered list of plugin names we recommend to use by default RecommendedPluginOrder []string // DefaultOffPlugins a list of plugin names that should be disabled by default DefaultOffPlugins []string PluginNames []string ConfigFile string Plugins *admission.Plugins }
AdmissionOptions holds the admission options
func NewAdmissionOptions ¶
func NewAdmissionOptions() *AdmissionOptions
NewAdmissionOptions creates a new instance of AdmissionOptions Note:
In addition it calls RegisterAllAdmissionPlugins to register all generic admission plugins. Provides the list of RecommendedPluginOrder that holds sane values that can be used by servers that don't care about admission chain. Servers that do care can overwrite/append that field after creation.
func (*AdmissionOptions) AddFlags ¶
func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet)
AddFlags adds flags related to admission for a specific APIServer to the specified FlagSet
func (*AdmissionOptions) ApplyTo ¶
func (a *AdmissionOptions) ApplyTo( c *server.Config, informers informers.SharedInformerFactory, kubeAPIServerClientConfig *rest.Config, scheme *runtime.Scheme, pluginInitializers ...admission.PluginInitializer, ) error
ApplyTo adds the admission chain to the server configuration. In case admission plugin names were not provided by a custer-admin they will be prepared from the recommended/default values. In addition the method lazily initializes a generic plugin that is appended to the list of pluginInitializers note this method uses:
genericconfig.Authorizer
func (*AdmissionOptions) Validate ¶
func (a *AdmissionOptions) Validate() []error
type AuditLogOptions ¶
AuditLogOptions determines the output of the structured audit log by default. If the AdvancedAuditing feature is set to false, AuditLogOptions holds the legacy audit log writer.
func (*AuditLogOptions) AddFlags ¶
func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet)
type AuditOptions ¶
type AuditOptions struct { // Policy configuration file for filtering audit events that are captured. // If unspecified, a default is provided. PolicyFile string LogOptions AuditLogOptions WebhookOptions AuditWebhookOptions }
func NewAuditOptions ¶
func NewAuditOptions() *AuditOptions
func (*AuditOptions) AddFlags ¶
func (o *AuditOptions) AddFlags(fs *pflag.FlagSet)
func (*AuditOptions) Validate ¶
func (o *AuditOptions) Validate() []error
Validate checks invalid config combination
type AuditWebhookOptions ¶
type AuditWebhookOptions struct { ConfigFile string // Should the webhook asynchronous batch events to the webhook backend or // should the webhook block responses? // // Defaults to asynchronous batch events. Mode string // Configuration for batching webhook. Only used in batch mode. BatchConfig pluginwebhook.BatchBackendConfig }
AuditWebhookOptions control the webhook configuration for audit events.
func (*AuditWebhookOptions) AddFlags ¶
func (o *AuditWebhookOptions) AddFlags(fs *pflag.FlagSet)
type ClientCertAuthenticationOptions ¶
type ClientCertAuthenticationOptions struct { // ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates ClientCA string }
func (*ClientCertAuthenticationOptions) AddFlags ¶
func (s *ClientCertAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
type CoreAPIOptions ¶
type CoreAPIOptions struct { // CoreAPIKubeconfigPath is a filename for a kubeconfig file to contact the core API server with. // If it is not set, the in cluster config is used. CoreAPIKubeconfigPath string }
CoreAPIOptions contains options to configure the connection to a core API Kubernetes apiserver.
func NewCoreAPIOptions ¶
func NewCoreAPIOptions() *CoreAPIOptions
func (*CoreAPIOptions) AddFlags ¶
func (o *CoreAPIOptions) AddFlags(fs *pflag.FlagSet)
func (*CoreAPIOptions) ApplyTo ¶
func (o *CoreAPIOptions) ApplyTo(config *server.RecommendedConfig) error
func (*CoreAPIOptions) Validate ¶
func (o *CoreAPIOptions) Validate() []error
type DelegatingAuthenticationOptions ¶
type DelegatingAuthenticationOptions struct { // RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the // TokenAccessReview.authentication.k8s.io endpoint for checking tokens. RemoteKubeConfigFile string // CacheTTL is the length of time that a token authentication answer will be cached. CacheTTL time.Duration ClientCert ClientCertAuthenticationOptions RequestHeader RequestHeaderAuthenticationOptions SkipInClusterLookup bool }
DelegatingAuthenticationOptions provides an easy way for composing API servers to delegate their authentication to the root kube API server. The API federator will act as a front proxy and direction connections will be able to delegate to the core kube API server
func NewDelegatingAuthenticationOptions ¶
func NewDelegatingAuthenticationOptions() *DelegatingAuthenticationOptions
func (*DelegatingAuthenticationOptions) AddFlags ¶
func (s *DelegatingAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
func (*DelegatingAuthenticationOptions) ApplyTo ¶
func (s *DelegatingAuthenticationOptions) ApplyTo(c *server.Config) error
func (*DelegatingAuthenticationOptions) ToAuthenticationConfig ¶
func (s *DelegatingAuthenticationOptions) ToAuthenticationConfig() (authenticatorfactory.DelegatingAuthenticatorConfig, error)
func (*DelegatingAuthenticationOptions) Validate ¶
func (s *DelegatingAuthenticationOptions) Validate() []error
type DelegatingAuthorizationOptions ¶
type DelegatingAuthorizationOptions struct { // RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the // SubjectAccessReview.authorization.k8s.io endpoint for checking tokens. RemoteKubeConfigFile string // AllowCacheTTL is the length of time that a successful authorization response will be cached AllowCacheTTL time.Duration // DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached. // You generally want more responsive, "deny, try again" flows. DenyCacheTTL time.Duration }
DelegatingAuthorizationOptions provides an easy way for composing API servers to delegate their authorization to the root kube API server
func NewDelegatingAuthorizationOptions ¶
func NewDelegatingAuthorizationOptions() *DelegatingAuthorizationOptions
func (*DelegatingAuthorizationOptions) AddFlags ¶
func (s *DelegatingAuthorizationOptions) AddFlags(fs *pflag.FlagSet)
func (*DelegatingAuthorizationOptions) ApplyTo ¶
func (s *DelegatingAuthorizationOptions) ApplyTo(c *server.Config) error
func (*DelegatingAuthorizationOptions) ToAuthorizationConfig ¶
func (s *DelegatingAuthorizationOptions) ToAuthorizationConfig() (authorizerfactory.DelegatingAuthorizerConfig, error)
func (*DelegatingAuthorizationOptions) Validate ¶
func (s *DelegatingAuthorizationOptions) Validate() []error
type EtcdOptions ¶
type EtcdOptions struct { // The value of Paging on StorageConfig will be overriden by the // calculated feature gate value. StorageConfig storagebackend.Config EncryptionProviderConfigFilepath string EtcdServersOverrides []string // To enable protobuf as storage format, it is enough // to set it to "application/vnd.kubernetes.protobuf". DefaultStorageMediaType string DeleteCollectionWorkers int EnableGarbageCollection bool // Set EnableWatchCache to false to disable all watch caches EnableWatchCache bool // Set DefaultWatchCacheSize to zero to disable watch caches for those resources that have no explicit cache size set DefaultWatchCacheSize int // WatchCacheSizes represents override to a given resource WatchCacheSizes []string }
func NewEtcdOptions ¶
func NewEtcdOptions(backendConfig *storagebackend.Config) *EtcdOptions
func (*EtcdOptions) AddFlags ¶
func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet)
AddEtcdFlags adds flags related to etcd storage for a specific APIServer to the specified FlagSet
func (*EtcdOptions) ApplyWithStorageFactoryTo ¶
func (s *EtcdOptions) ApplyWithStorageFactoryTo(factory serverstorage.StorageFactory, c *server.Config) error
func (*EtcdOptions) Validate ¶
func (s *EtcdOptions) Validate() []error
type FeatureOptions ¶
type FeatureOptions struct { EnableProfiling bool EnableContentionProfiling bool EnableSwaggerUI bool }
func NewFeatureOptions ¶
func NewFeatureOptions() *FeatureOptions
func (*FeatureOptions) AddFlags ¶
func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet)
func (*FeatureOptions) Validate ¶
func (o *FeatureOptions) Validate() []error
type GeneratableKeyCert ¶
type GeneratableKeyCert struct { CertKey CertKey // CACertFile is an optional file containing the certificate chain for CertKey.CertFile CACertFile string // CertDirectory is a directory that will contain the certificates. If the cert and key aren't specifically set // this will be used to derive a match with the "pair-name" CertDirectory string // PairName is the name which will be used with CertDirectory to make a cert and key names // It becomes CertDirector/PairName.crt and CertDirector/PairName.key PairName string }
type RecommendedOptions ¶
type RecommendedOptions struct { Etcd *EtcdOptions SecureServing *SecureServingOptions Authentication *DelegatingAuthenticationOptions Authorization *DelegatingAuthorizationOptions Audit *AuditOptions Features *FeatureOptions CoreAPI *CoreAPIOptions }
RecommendedOptions contains the recommended options for running an API server. If you add something to this list, it should be in a logical grouping. Each of them can be nil to leave the feature unconfigured on ApplyTo.
func NewRecommendedOptions ¶
func NewRecommendedOptions(prefix string, codec runtime.Codec) *RecommendedOptions
func (*RecommendedOptions) AddFlags ¶
func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet)
func (*RecommendedOptions) ApplyTo ¶
func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig) error
func (*RecommendedOptions) Validate ¶
func (o *RecommendedOptions) Validate() []error
type RequestHeaderAuthenticationOptions ¶
type RequestHeaderAuthenticationOptions struct { UsernameHeaders []string GroupHeaders []string ExtraHeaderPrefixes []string ClientCAFile string AllowedNames []string }
func (*RequestHeaderAuthenticationOptions) AddFlags ¶
func (s *RequestHeaderAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
func (*RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig ¶
func (s *RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig() *authenticatorfactory.RequestHeaderConfig
ToAuthenticationRequestHeaderConfig returns a RequestHeaderConfig config object for these options if necessary, nil otherwise.
type SecureServingOptions ¶
type SecureServingOptions struct { BindAddress net.IP BindPort int // BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp", // "tcp4", and "tcp6". BindNetwork string // Listener is the secure server network listener. // either Listener or BindAddress/BindPort/BindNetwork is set, // if Listener is set, use it and omit BindAddress/BindPort/BindNetwork. Listener net.Listener // ServerCert is the TLS cert info for serving secure traffic ServerCert GeneratableKeyCert // SNICertKeys are named CertKeys for serving secure traffic with SNI support. SNICertKeys []utilflag.NamedCertKey }
func NewSecureServingOptions ¶
func NewSecureServingOptions() *SecureServingOptions
func (*SecureServingOptions) AddDeprecatedFlags ¶
func (s *SecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet)
func (*SecureServingOptions) AddFlags ¶
func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet)
func (*SecureServingOptions) ApplyTo ¶
func (s *SecureServingOptions) ApplyTo(c *server.Config) error
ApplyTo fills up serving information in the server configuration.
func (*SecureServingOptions) DefaultExternalAddress ¶
func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error)
func (*SecureServingOptions) MaybeDefaultWithSelfSignedCerts ¶
func (*SecureServingOptions) Validate ¶
func (s *SecureServingOptions) Validate() []error
type ServerRunOptions ¶
type ServerRunOptions struct { AdvertiseAddress net.IP CorsAllowedOriginList []string ExternalHost string MaxRequestsInFlight int MaxMutatingRequestsInFlight int RequestTimeout time.Duration MinRequestTimeout int TargetRAMMB int }
ServerRunOptions contains the options while running a generic api server.
func NewServerRunOptions ¶
func NewServerRunOptions() *ServerRunOptions
func (*ServerRunOptions) AddUniversalFlags ¶
func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet)
AddFlags adds flags for a specific APIServer to the specified FlagSet
func (*ServerRunOptions) ApplyTo ¶
func (s *ServerRunOptions) ApplyTo(c *server.Config) error
ApplyOptions applies the run options to the method receiver and returns self
func (*ServerRunOptions) DefaultAdvertiseAddress ¶
func (s *ServerRunOptions) DefaultAdvertiseAddress(secure *SecureServingOptions) error
DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions.
func (*ServerRunOptions) Validate ¶
func (s *ServerRunOptions) Validate() []error
Validate checks validation of ServerRunOptions
type SimpleRestOptionsFactory ¶
type SimpleRestOptionsFactory struct {
Options EtcdOptions
}
func (*SimpleRestOptionsFactory) GetRESTOptions ¶
func (f *SimpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error)