Documentation
¶
Overview ¶
package options is the public flags and options used by a generic api server. It takes a minimal set of dependencies and does not reference implementations, in order to ensure it may be reused by multiple components (such as CLI commands that wish to generate or validate config).
Index ¶
- type AuditLogOptions
- type CertKey
- type ClientCertAuthenticationOptions
- type DelegatingAuthenticationOptions
- func (s *DelegatingAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
- func (s *DelegatingAuthenticationOptions) ApplyTo(c *server.Config) error
- func (s *DelegatingAuthenticationOptions) ToAuthenticationConfig() (authenticatorfactory.DelegatingAuthenticatorConfig, error)
- func (s *DelegatingAuthenticationOptions) Validate() []error
- type DelegatingAuthorizationOptions
- func (s *DelegatingAuthorizationOptions) AddFlags(fs *pflag.FlagSet)
- func (s *DelegatingAuthorizationOptions) ApplyTo(c *server.Config) error
- func (s *DelegatingAuthorizationOptions) ToAuthorizationConfig() (authorizerfactory.DelegatingAuthorizerConfig, error)
- func (s *DelegatingAuthorizationOptions) Validate() []error
- type EtcdOptions
- type FeatureOptions
- type GeneratableKeyCert
- type RecommendedOptions
- type RequestHeaderAuthenticationOptions
- type SecureServingOptions
- func (s *SecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet)
- func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet)
- func (s *SecureServingOptions) ApplyTo(c *server.Config) error
- func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress string, alternateIPs ...net.IP) error
- func (s *SecureServingOptions) Validate() []error
- type ServerRunOptions
- type ServingOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditLogOptions ¶
func NewAuditLogOptions ¶
func NewAuditLogOptions() *AuditLogOptions
func (*AuditLogOptions) AddFlags ¶
func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet)
type ClientCertAuthenticationOptions ¶
type ClientCertAuthenticationOptions struct {
// ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates
ClientCA string
}
func (*ClientCertAuthenticationOptions) AddFlags ¶
func (s *ClientCertAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
type DelegatingAuthenticationOptions ¶
type DelegatingAuthenticationOptions struct {
// RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the
// TokenAccessReview.authentication.k8s.io endpoint for checking tokens.
RemoteKubeConfigFile string
// CacheTTL is the length of time that a token authentication answer will be cached.
CacheTTL time.Duration
ClientCert ClientCertAuthenticationOptions
RequestHeader RequestHeaderAuthenticationOptions
SkipInClusterLookup bool
}
DelegatingAuthenticationOptions provides an easy way for composing API servers to delegate their authentication to the root kube API server. The API federator will act as a front proxy and direction connections will be able to delegate to the core kube API server
func NewDelegatingAuthenticationOptions ¶
func NewDelegatingAuthenticationOptions() *DelegatingAuthenticationOptions
func (*DelegatingAuthenticationOptions) AddFlags ¶
func (s *DelegatingAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
func (*DelegatingAuthenticationOptions) ApplyTo ¶
func (s *DelegatingAuthenticationOptions) ApplyTo(c *server.Config) error
func (*DelegatingAuthenticationOptions) ToAuthenticationConfig ¶
func (s *DelegatingAuthenticationOptions) ToAuthenticationConfig() (authenticatorfactory.DelegatingAuthenticatorConfig, error)
func (*DelegatingAuthenticationOptions) Validate ¶
func (s *DelegatingAuthenticationOptions) Validate() []error
type DelegatingAuthorizationOptions ¶
type DelegatingAuthorizationOptions struct {
// RemoteKubeConfigFile is the file to use to connect to a "normal" kube API server which hosts the
// SubjectAccessReview.authorization.k8s.io endpoint for checking tokens.
RemoteKubeConfigFile string
// AllowCacheTTL is the length of time that a successful authorization response will be cached
AllowCacheTTL time.Duration
// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
// You generally want more responsive, "deny, try again" flows.
DenyCacheTTL time.Duration
}
DelegatingAuthorizationOptions provides an easy way for composing API servers to delegate their authorization to the root kube API server
func NewDelegatingAuthorizationOptions ¶
func NewDelegatingAuthorizationOptions() *DelegatingAuthorizationOptions
func (*DelegatingAuthorizationOptions) AddFlags ¶
func (s *DelegatingAuthorizationOptions) AddFlags(fs *pflag.FlagSet)
func (*DelegatingAuthorizationOptions) ApplyTo ¶
func (s *DelegatingAuthorizationOptions) ApplyTo(c *server.Config) error
func (*DelegatingAuthorizationOptions) ToAuthorizationConfig ¶
func (s *DelegatingAuthorizationOptions) ToAuthorizationConfig() (authorizerfactory.DelegatingAuthorizerConfig, error)
func (*DelegatingAuthorizationOptions) Validate ¶
func (s *DelegatingAuthorizationOptions) Validate() []error
type EtcdOptions ¶
type EtcdOptions struct {
StorageConfig storagebackend.Config
EtcdServersOverrides []string
// To enable protobuf as storage format, it is enough
// to set it to "application/vnd.kubernetes.protobuf".
DefaultStorageMediaType string
DeleteCollectionWorkers int
EnableGarbageCollection bool
EnableWatchCache bool
}
func NewEtcdOptions ¶
func NewEtcdOptions(backendConfig *storagebackend.Config) *EtcdOptions
func (*EtcdOptions) AddFlags ¶
func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet)
AddEtcdFlags adds flags related to etcd storage for a specific APIServer to the specified FlagSet
func (*EtcdOptions) ApplyWithStorageFactoryTo ¶
func (s *EtcdOptions) ApplyWithStorageFactoryTo(factory serverstorage.StorageFactory, c *server.Config) error
func (*EtcdOptions) Validate ¶
func (s *EtcdOptions) Validate() []error
type FeatureOptions ¶
type FeatureOptions struct {
EnableProfiling bool
EnableContentionProfiling bool
EnableSwaggerUI bool
}
func NewFeatureOptions ¶
func NewFeatureOptions() *FeatureOptions
func (*FeatureOptions) AddFlags ¶
func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet)
type GeneratableKeyCert ¶
type GeneratableKeyCert struct {
CertKey CertKey
// CACertFile is an optional file containing the certificate chain for CertKey.CertFile
CACertFile string
// CertDirectory is a directory that will contain the certificates. If the cert and key aren't specifically set
// this will be used to derive a match with the "pair-name"
CertDirectory string
// PairName is the name which will be used with CertDirectory to make a cert and key names
// It becomes CertDirector/PairName.crt and CertDirector/PairName.key
PairName string
}
type RecommendedOptions ¶
type RecommendedOptions struct {
Etcd *EtcdOptions
SecureServing *SecureServingOptions
Authentication *DelegatingAuthenticationOptions
Authorization *DelegatingAuthorizationOptions
Audit *AuditLogOptions
Features *FeatureOptions
}
RecommendedOptions contains the recommended options for running an API server If you add something to this list, it should be in a logical grouping
func NewRecommendedOptions ¶
func NewRecommendedOptions(prefix string, copier runtime.ObjectCopier, codec runtime.Codec) *RecommendedOptions
func (*RecommendedOptions) AddFlags ¶
func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet)
type RequestHeaderAuthenticationOptions ¶
type RequestHeaderAuthenticationOptions struct {
UsernameHeaders []string
GroupHeaders []string
ExtraHeaderPrefixes []string
ClientCAFile string
AllowedNames []string
}
func (*RequestHeaderAuthenticationOptions) AddFlags ¶
func (s *RequestHeaderAuthenticationOptions) AddFlags(fs *pflag.FlagSet)
func (*RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig ¶
func (s *RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig() *authenticatorfactory.RequestHeaderConfig
ToAuthenticationRequestHeaderConfig returns a RequestHeaderConfig config object for these options if necessary, nil otherwise.
type SecureServingOptions ¶
type SecureServingOptions struct {
ServingOptions ServingOptions
// ServerCert is the TLS cert info for serving secure traffic
ServerCert GeneratableKeyCert
// SNICertKeys are named CertKeys for serving secure traffic with SNI support.
SNICertKeys []utilflag.NamedCertKey
}
func NewSecureServingOptions ¶
func NewSecureServingOptions() *SecureServingOptions
func (*SecureServingOptions) AddDeprecatedFlags ¶
func (s *SecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet)
func (*SecureServingOptions) AddFlags ¶
func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet)
func (*SecureServingOptions) ApplyTo ¶
func (s *SecureServingOptions) ApplyTo(c *server.Config) error
func (*SecureServingOptions) MaybeDefaultWithSelfSignedCerts ¶
func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress string, alternateIPs ...net.IP) error
func (*SecureServingOptions) Validate ¶
func (s *SecureServingOptions) Validate() []error
type ServerRunOptions ¶
type ServerRunOptions struct {
AdmissionControl string
AdmissionControlConfigFile string
AdvertiseAddress net.IP
CorsAllowedOriginList []string
ExternalHost string
MaxRequestsInFlight int
MaxMutatingRequestsInFlight int
MinRequestTimeout int
TargetRAMMB int
WatchCacheSizes []string
}
ServerRunOptions contains the options while running a generic api server.
func NewServerRunOptions ¶
func NewServerRunOptions() *ServerRunOptions
func (*ServerRunOptions) AddUniversalFlags ¶
func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet)
AddFlags adds flags for a specific APIServer to the specified FlagSet
func (*ServerRunOptions) ApplyTo ¶
func (s *ServerRunOptions) ApplyTo(c *server.Config) error
ApplyOptions applies the run options to the method receiver and returns self
func (*ServerRunOptions) DefaultAdvertiseAddress ¶
func (s *ServerRunOptions) DefaultAdvertiseAddress(secure *SecureServingOptions, insecure *ServingOptions) error
DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions. If the SecureServingOptions is not present, DefaultExternalAddress will fall back to the insecure ServingOptions.
type ServingOptions ¶
func NewInsecureServingOptions ¶
func NewInsecureServingOptions() *ServingOptions
func (*ServingOptions) AddDeprecatedFlags ¶
func (s *ServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet)
func (*ServingOptions) AddFlags ¶
func (s *ServingOptions) AddFlags(fs *pflag.FlagSet)
func (*ServingOptions) DefaultExternalAddress ¶
func (s *ServingOptions) DefaultExternalAddress() (net.IP, error)
func (ServingOptions) Validate ¶
func (s ServingOptions) Validate(portArg string) []error
Source Files
Click to show internal directories.
Click to hide internal directories.