options

package
v1.12.1-lite6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2018 License: Apache-2.0, Apache-2.0 Imports: 55 Imported by: 0

Documentation

Overview

package options is the public flags and options used by a generic api server. It takes a minimal set of dependencies and does not reference implementations, in order to ensure it may be reused by multiple components (such as CLI commands that wish to generate or validate config).

Index

Constants

View Source 
const (
	// ModeBatch indicates that the audit backend should buffer audit events
	// internally, sending batch updates either once a certain number of
	// events have been received or a certain amount of time has passed.
	ModeBatch = "batch"
	// ModeBlocking causes the audit backend to block on every attempt to process
	// a set of events. This causes requests to the API server to wait for the
	// flush before sending a response.
	ModeBlocking = "blocking"
)

Variables

View Source 
var AllowedModes = []string{
	ModeBatch,
	ModeBlocking,
}

AllowedModes is the modes known for audit backends.

Functions

func CreateListener 

func CreateListener(network, addr string) (net.Listener, int, error)

func ParseWatchCacheSizes 

func ParseWatchCacheSizes(cacheSizes []string) (map[schema.GroupResource]int, error)

ParseWatchCacheSizes turns a list of cache size values into a map of group resources to requested sizes.

func WriteWatchCacheSizes 

func WriteWatchCacheSizes(watchCacheSizes map[schema.GroupResource]int) ([]string, error)

WriteWatchCacheSizes turns a map of cache size values into a list of string specifications.

Types

type APIEnablementOptions 

type APIEnablementOptions struct {
	RuntimeConfig utilflag.ConfigurationMap
}

APIEnablementOptions contains the options for which resources to turn on and off. Given small aggregated API servers, this option isn't required for "normal" API servers

func NewAPIEnablementOptions 

func NewAPIEnablementOptions() *APIEnablementOptions

func (*APIEnablementOptions) AddFlags 

func (s *APIEnablementOptions) AddFlags(fs *pflag.FlagSet)

AddFlags adds flags for a specific APIServer to the specified FlagSet

func (*APIEnablementOptions) ApplyTo 

func (s *APIEnablementOptions) ApplyTo(c *server.Config, defaultResourceConfig *serverstore.ResourceConfig, registry resourceconfig.GroupVersionRegistry) error

ApplyTo override MergedResourceConfig with defaults and registry

func (*APIEnablementOptions) Validate 

func (s *APIEnablementOptions) Validate(registries ...GroupRegisty) []error

Validate validates RuntimeConfig with a list of registries. Usually this list only has one element, the apiserver registry of the process. But in the advanced (and usually not recommended) case of delegated apiservers there can be more. Validate will filter out the known groups of each registry. If anything is left over after that, an error is returned.

type AdmissionOptions 

type AdmissionOptions struct {
	// RecommendedPluginOrder holds an ordered list of plugin names we recommend to use by default
	RecommendedPluginOrder []string
	// DefaultOffPlugins is a set of plugin names that is disabled by default
	DefaultOffPlugins sets.String

	// EnablePlugins indicates plugins to be enabled passed through `--enable-admission-plugins`.
	EnablePlugins []string
	// DisablePlugins indicates plugins to be disabled passed through `--disable-admission-plugins`.
	DisablePlugins []string
	// ConfigFile is the file path with admission control configuration.
	ConfigFile string
	// Plugins contains all registered plugins.
	Plugins *admission.Plugins
}

AdmissionOptions holds the admission options

func NewAdmissionOptions 

func NewAdmissionOptions() *AdmissionOptions

NewAdmissionOptions creates a new instance of AdmissionOptions Note: 

In addition it calls RegisterAllAdmissionPlugins to register
all generic admission plugins.

Provides the list of RecommendedPluginOrder that holds sane values
that can be used by servers that don't care about admission chain.
Servers that do care can overwrite/append that field after creation.

func (*AdmissionOptions) AddFlags 

func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet)

AddFlags adds flags related to admission for a specific APIServer to the specified FlagSet

func (*AdmissionOptions) ApplyTo 

func (a *AdmissionOptions) ApplyTo(
	c *server.Config,
	informers informers.SharedInformerFactory,
	kubeAPIServerClientConfig *rest.Config,
	scheme *runtime.Scheme,
	pluginInitializers ...admission.PluginInitializer,
) error

ApplyTo adds the admission chain to the server configuration. In case admission plugin names were not provided by a custer-admin they will be prepared from the recommended/default values. In addition the method lazily initializes a generic plugin that is appended to the list of pluginInitializers note this method uses: 

genericconfig.Authorizer

func (*AdmissionOptions) Validate 

func (a *AdmissionOptions) Validate() []error

Validate verifies flags passed to AdmissionOptions.

type AuditBatchOptions 

type AuditBatchOptions struct {
	// Should the backend asynchronous batch events to the webhook backend or
	// should the backend block responses?
	//
	// Defaults to asynchronous batch events.
	Mode string
	// Configuration for batching backend. Only used in batch mode.
	BatchConfig pluginbuffered.BatchConfig
}

func (*AuditBatchOptions) AddFlags 

func (o *AuditBatchOptions) AddFlags(pluginName string, fs *pflag.FlagSet)

type AuditLogOptions 

type AuditLogOptions struct {
	Path       string
	MaxAge     int
	MaxBackups int
	MaxSize    int
	Format     string

	BatchOptions    AuditBatchOptions
	TruncateOptions AuditTruncateOptions

	// API group version used for serializing audit events.
	GroupVersionString string
}

AuditLogOptions determines the output of the structured audit log by default.

func (*AuditLogOptions) AddFlags 

func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet)

func (*AuditLogOptions) Validate 

func (o *AuditLogOptions) Validate() []error

type AuditOptions 

type AuditOptions struct {
	// Policy configuration file for filtering audit events that are captured.
	// If unspecified, a default is provided.
	PolicyFile string

	// Plugin options
	LogOptions     AuditLogOptions
	WebhookOptions AuditWebhookOptions
}

func NewAuditOptions 

func NewAuditOptions() *AuditOptions

func (*AuditOptions) AddFlags 

func (o *AuditOptions) AddFlags(fs *pflag.FlagSet)

func (*AuditOptions) ApplyTo 

func (o *AuditOptions) ApplyTo(c *server.Config) error

func (*AuditOptions) Validate 

func (o *AuditOptions) Validate() []error

Validate checks invalid config combination

type AuditTruncateOptions 

type AuditTruncateOptions struct {
	// Whether truncating is enabled or not.
	Enabled bool

	// Truncating configuration.
	TruncateConfig plugintruncate.Config
}

func NewAuditTruncateOptions 

func NewAuditTruncateOptions() AuditTruncateOptions

func (*AuditTruncateOptions) AddFlags 

func (o *AuditTruncateOptions) AddFlags(pluginName string, fs *pflag.FlagSet)

func (*AuditTruncateOptions) Validate 

func (o *AuditTruncateOptions) Validate(pluginName string) error

type AuditWebhookOptions 

type AuditWebhookOptions struct {
	ConfigFile     string
	InitialBackoff time.Duration

	BatchOptions    AuditBatchOptions
	TruncateOptions AuditTruncateOptions

	// API group version used for serializing audit events.
	GroupVersionString string
}

AuditWebhookOptions control the webhook configuration for audit events.

func (*AuditWebhookOptions) AddFlags 

func (o *AuditWebhookOptions) AddFlags(fs *pflag.FlagSet)

func (*AuditWebhookOptions) Validate 

func (o *AuditWebhookOptions) Validate() []error

type CertKey 

type CertKey struct {
	// CertFile is a file containing a PEM-encoded certificate, and possibly the complete certificate chain
	CertFile string
	// KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile
	KeyFile string
}

type CoreAPIOptions 

type CoreAPIOptions struct {
	// CoreAPIKubeconfigPath is a filename for a kubeconfig file to contact the core API server with.
	// If it is not set, the in cluster config is used.
	CoreAPIKubeconfigPath string
}

CoreAPIOptions contains options to configure the connection to a core API Kubernetes apiserver.

func NewCoreAPIOptions 

func NewCoreAPIOptions() *CoreAPIOptions

func (*CoreAPIOptions) AddFlags 

func (o *CoreAPIOptions) AddFlags(fs *pflag.FlagSet)

func (*CoreAPIOptions) ApplyTo 

func (o *CoreAPIOptions) ApplyTo(config *server.RecommendedConfig) error

func (*CoreAPIOptions) Validate 

func (o *CoreAPIOptions) Validate() []error

type DelegatingAuthenticationOptions 

type DelegatingAuthenticationOptions struct {
	// RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the
	// TokenAccessReview.authentication.k8s.io endpoint for checking tokens.
	RemoteKubeConfigFile string
	// RemoteKubeConfigFileOptional is specifying whether not specifying the kubeconfig or
	// a missing in-cluster config will be fatal.
	RemoteKubeConfigFileOptional bool

	// CacheTTL is the length of time that a token authentication answer will be cached.
	CacheTTL time.Duration

	SkipInClusterLookup bool
}

DelegatingAuthenticationOptions provides an easy way for composing API servers to delegate their authentication to the root kube API server. The API federator will act as a front proxy and direction connections will be able to delegate to the core kube API server

func NewDelegatingAuthenticationOptions 

func NewDelegatingAuthenticationOptions() *DelegatingAuthenticationOptions

func (*DelegatingAuthenticationOptions) AddFlags 

func (s *DelegatingAuthenticationOptions) AddFlags(fs *pflag.FlagSet)

func (*DelegatingAuthenticationOptions) ApplyTo 

func (s *DelegatingAuthenticationOptions) ApplyTo(c *server.AuthenticationInfo, servingInfo *server.SecureServingInfo) error

func (*DelegatingAuthenticationOptions) Validate 

func (s *DelegatingAuthenticationOptions) Validate() []error

type DeprecatedInsecureServingOptions 

type DeprecatedInsecureServingOptions struct {
	BindAddress net.IP
	BindPort    int
	// BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp",
	// "tcp4", and "tcp6".
	BindNetwork string

	// Listener is the secure server network listener.
	// either Listener or BindAddress/BindPort/BindNetwork is set,
	// if Listener is set, use it and omit BindAddress/BindPort/BindNetwork.
	Listener net.Listener

	// ListenFunc can be overridden to create a custom listener, e.g. for mocking in tests.
	// It defaults to options.CreateListener.
	ListenFunc func(network, addr string) (net.Listener, int, error)
}

DeprecatedInsecureServingOptions are for creating an unauthenticated, unauthorized, insecure port. No one should be using these anymore. DEPRECATED: all insecure serving options are removed in a future version

func (*DeprecatedInsecureServingOptions) AddFlags 

func (s *DeprecatedInsecureServingOptions) AddFlags(fs *pflag.FlagSet)

AddFlags adds flags related to insecure serving to the specified FlagSet.

func (*DeprecatedInsecureServingOptions) AddUnqualifiedFlags 

func (s *DeprecatedInsecureServingOptions) AddUnqualifiedFlags(fs *pflag.FlagSet)

AddUnqualifiedFlags adds flags related to insecure serving without the --insecure prefix to the specified FlagSet.

func (*DeprecatedInsecureServingOptions) ApplyTo 

func (s *DeprecatedInsecureServingOptions) ApplyTo(c **server.DeprecatedInsecureServingInfo) error

ApplyTo adds DeprecatedInsecureServingOptions to the insecureserverinfo amd kube-controller manager configuration. Note: the double pointer allows to set the *DeprecatedInsecureServingInfo to nil without referencing the struct hosting this pointer.

func (*DeprecatedInsecureServingOptions) Validate 

func (s *DeprecatedInsecureServingOptions) Validate() []error

Validate ensures that the insecure port values within the range of the port.

func (*DeprecatedInsecureServingOptions) WithLoopback 

func (o *DeprecatedInsecureServingOptions) WithLoopback() *DeprecatedInsecureServingOptionsWithLoopback

WithLoopback adds loopback functionality to the serving options.

type DeprecatedInsecureServingOptionsWithLoopback 

type DeprecatedInsecureServingOptionsWithLoopback struct {
	*DeprecatedInsecureServingOptions
}

DeprecatedInsecureServingOptionsWithLoopback adds loopback functionality to the DeprecatedInsecureServingOptions. DEPRECATED: all insecure serving options are removed in a future version

func (*DeprecatedInsecureServingOptionsWithLoopback) ApplyTo 

func (s *DeprecatedInsecureServingOptionsWithLoopback) ApplyTo(insecureServingInfo **server.DeprecatedInsecureServingInfo, loopbackClientConfig **rest.Config) error

ApplyTo fills up serving information in the server configuration.

type EtcdOptions 

type EtcdOptions struct {
	// The value of Paging on StorageConfig will be overridden by the
	// calculated feature gate value.
	StorageConfig                    storagebackend.Config
	EncryptionProviderConfigFilepath string

	EtcdServersOverrides []string

	// To enable protobuf as storage format, it is enough
	// to set it to "application/vnd.kubernetes.protobuf".
	DefaultStorageMediaType string
	DeleteCollectionWorkers int
	EnableGarbageCollection bool

	// Set EnableWatchCache to false to disable all watch caches
	EnableWatchCache bool
	// Set DefaultWatchCacheSize to zero to disable watch caches for those resources that have no explicit cache size set
	DefaultWatchCacheSize int
	// WatchCacheSizes represents override to a given resource
	WatchCacheSizes []string
}

func NewEtcdOptions 

func NewEtcdOptions(backendConfig *storagebackend.Config) *EtcdOptions

func (*EtcdOptions) AddFlags 

func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet)

AddEtcdFlags adds flags related to etcd storage for a specific APIServer to the specified FlagSet

func (*EtcdOptions) ApplyTo 

func (s *EtcdOptions) ApplyTo(c *server.Config) error

func (*EtcdOptions) ApplyWithStorageFactoryTo 

func (s *EtcdOptions) ApplyWithStorageFactoryTo(factory serverstorage.StorageFactory, c *server.Config) error

func (*EtcdOptions) Validate 

func (s *EtcdOptions) Validate() []error

type FeatureOptions 

type FeatureOptions struct {
	EnableProfiling           bool
	EnableContentionProfiling bool
}

func NewFeatureOptions 

func NewFeatureOptions() *FeatureOptions

func (*FeatureOptions) AddFlags 

func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet)

func (*FeatureOptions) ApplyTo 

func (o *FeatureOptions) ApplyTo(c *server.Config) error

func (*FeatureOptions) Validate 

func (o *FeatureOptions) Validate() []error

type GeneratableKeyCert 

type GeneratableKeyCert struct {
	CertKey CertKey

	// CertDirectory is a directory that will contain the certificates.  If the cert and key aren't specifically set
	// this will be used to derive a match with the "pair-name"
	CertDirectory string
	// FixtureDirectory is a directory that contains test fixture used to avoid regeneration of certs during tests.
	// The format is:
	// <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.crt
	// <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.key
	FixtureDirectory string
	// PairName is the name which will be used with CertDirectory to make a cert and key names
	// It becomes CertDirector/PairName.crt and CertDirector/PairName.key
	PairName string
}

type GroupRegisty 

type GroupRegisty interface {
	// IsRegistered returns true if given group is registered.
	IsGroupRegistered(group string) bool
}

GroupRegisty provides a method to check whether given group is registered.

type RecommendedOptions 

type RecommendedOptions struct {
	Etcd           *EtcdOptions
	SecureServing  *SecureServingOptionsWithLoopback
	Authentication *DelegatingAuthenticationOptions
	Audit          *AuditOptions
	Features       *FeatureOptions
	CoreAPI        *CoreAPIOptions

	// ExtraAdmissionInitializers is called once after all ApplyTo from the options above, to pass the returned
	// admission plugin initializers to Admission.ApplyTo.
	ExtraAdmissionInitializers func(c *server.RecommendedConfig) ([]admission.PluginInitializer, error)
	Admission                  *AdmissionOptions
}

RecommendedOptions contains the recommended options for running an API server. If you add something to this list, it should be in a logical grouping. Each of them can be nil to leave the feature unconfigured on ApplyTo.

func NewRecommendedOptions 

func NewRecommendedOptions(prefix string, codec runtime.Codec) *RecommendedOptions

func (*RecommendedOptions) AddFlags 

func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet)

func (*RecommendedOptions) ApplyTo 

func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig, scheme *runtime.Scheme) error

ApplyTo adds RecommendedOptions to the server configuration. scheme is the scheme of the apiserver types that are sent to the admission chain. pluginInitializers can be empty, it is only need for additional initializers.

func (*RecommendedOptions) Validate 

func (o *RecommendedOptions) Validate() []error

type SecureServingOptions 

type SecureServingOptions struct {
	BindAddress net.IP
	// BindPort is ignored when Listener is set, will serve https even with 0.
	BindPort int
	// BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp",
	// "tcp4", and "tcp6".
	BindNetwork string
	// Required set to true means that BindPort cannot be zero.
	Required bool
	// ExternalAddress is the address advertised, even if BindAddress is a loopback. By default this
	// is set to BindAddress if the later no loopback, or to the first host interface address.
	ExternalAddress net.IP

	// Listener is the secure server network listener.
	// either Listener or BindAddress/BindPort/BindNetwork is set,
	// if Listener is set, use it and omit BindAddress/BindPort/BindNetwork.
	Listener net.Listener

	// ServerCert is the TLS cert info for serving secure traffic
	ServerCert GeneratableKeyCert
	// SNICertKeys are named CertKeys for serving secure traffic with SNI support.
	SNICertKeys []utilflag.NamedCertKey
	// CipherSuites is the list of allowed cipher suites for the server.
	// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
	CipherSuites []string
	// MinTLSVersion is the minimum TLS version supported.
	// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
	MinTLSVersion string

	// HTTP2MaxStreamsPerConnection is the limit that the api server imposes on each client.
	// A value of zero means to use the default provided by golang's HTTP/2 support.
	HTTP2MaxStreamsPerConnection int

	AdvertisePort int
}

func NewSecureServingOptions 

func NewSecureServingOptions() *SecureServingOptions

func (*SecureServingOptions) AddFlags 

func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet)

func (*SecureServingOptions) ApplyTo 

func (s *SecureServingOptions) ApplyTo(config **server.SecureServingInfo) error

ApplyTo fills up serving information in the server configuration.

func (*SecureServingOptions) DefaultExternalAddress 

func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error)

func (*SecureServingOptions) Validate 

func (s *SecureServingOptions) Validate() []error

func (*SecureServingOptions) WithLoopback 

func (o *SecureServingOptions) WithLoopback() *SecureServingOptionsWithLoopback

type SecureServingOptionsWithLoopback 

type SecureServingOptionsWithLoopback struct {
	*SecureServingOptions
}

func (*SecureServingOptionsWithLoopback) ApplyTo 

func (s *SecureServingOptionsWithLoopback) ApplyTo(secureServingInfo **server.SecureServingInfo, loopbackClientConfig **rest.Config) error

ApplyTo fills up serving information in the server configuration.

type ServerRunOptions 

type ServerRunOptions struct {
	AdvertiseAddress net.IP

	CorsAllowedOriginList       []string
	ExternalHost                string
	MaxRequestsInFlight         int
	MaxMutatingRequestsInFlight int
	RequestTimeout              time.Duration
	MinRequestTimeout           int
	TargetRAMMB                 int
}

ServerRunOptions contains the options while running a generic api server.

func NewServerRunOptions 

func NewServerRunOptions() *ServerRunOptions

func (*ServerRunOptions) AddUniversalFlags 

func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet)

AddFlags adds flags for a specific APIServer to the specified FlagSet

func (*ServerRunOptions) ApplyTo 

func (s *ServerRunOptions) ApplyTo(c *server.Config) error

ApplyOptions applies the run options to the method receiver and returns self

func (*ServerRunOptions) DefaultAdvertiseAddress 

func (s *ServerRunOptions) DefaultAdvertiseAddress(secure *SecureServingOptions) error

DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions.

func (*ServerRunOptions) Validate 

func (s *ServerRunOptions) Validate() []error

Validate checks validation of ServerRunOptions

type SimpleRestOptionsFactory 

type SimpleRestOptionsFactory struct {
	Options EtcdOptions
}

func (*SimpleRestOptionsFactory) GetRESTOptions 

func (f *SimpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error)

type StorageFactoryRestOptionsFactory 

type StorageFactoryRestOptionsFactory struct {
	Options        EtcdOptions
	StorageFactory serverstorage.StorageFactory
}

func (*StorageFactoryRestOptionsFactory) GetRESTOptions 

func (f *StorageFactoryRestOptionsFactory) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.