From 9dca164ddd874da0ef1cd6e9225e87f9edac45d1 Mon Sep 17 00:00:00 2001 From: CJ Cullen Date: Fri, 19 May 2017 15:17:51 -0700 Subject: [PATCH] Allow the /logs handler on the apiserver to be toggled. Change-Id: Ibf173b7f85cf7fffe8482eaee74fb77da2b2588b --- cluster/gce/container-linux/configure-helper.sh | 4 ++++ cluster/gce/gci/configure-helper.sh | 4 ++++ cmd/kube-apiserver/app/options/options.go | 9 +++++++-- cmd/kube-apiserver/app/server.go | 2 +- hack/verify-flags/known-flags.txt | 1 + 5 files changed, 17 insertions(+), 3 deletions(-) diff --git a/cluster/gce/container-linux/configure-helper.sh b/cluster/gce/container-linux/configure-helper.sh index 5bc903d9434..64a98a0c525 100755 --- a/cluster/gce/container-linux/configure-helper.sh +++ b/cluster/gce/container-linux/configure-helper.sh @@ -848,6 +848,10 @@ function start-kube-apiserver { params+=" --audit-log-maxsize=2000000000" fi + if [[ "${ENABLE_APISERVER_LOGS_HANDLER:-}" == "false" ]]; then + params+=" --enable-logs-handler=false" + fi + local admission_controller_config_mount="" local admission_controller_config_volume="" local image_policy_webhook_config_mount="" diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index 00eece088ca..29b077e5088 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -1055,6 +1055,10 @@ function start-kube-apiserver { params+=" --audit-log-maxsize=2000000000" fi + if [[ "${ENABLE_APISERVER_LOGS_HANDLER:-}" == "false" ]]; then + params+=" --enable-logs-handler=false" + fi + local admission_controller_config_mount="" local admission_controller_config_volume="" local image_policy_webhook_config_mount="" diff --git a/cmd/kube-apiserver/app/options/options.go b/cmd/kube-apiserver/app/options/options.go index a2f606114e5..cb7d8513fd6 100644 --- a/cmd/kube-apiserver/app/options/options.go +++ b/cmd/kube-apiserver/app/options/options.go @@ -56,6 +56,7 @@ type ServerRunOptions struct { APIEnablement *kubeoptions.APIEnablementOptions AllowPrivileged bool + EnableLogsHandler bool EventTTL time.Duration KubeletConfig kubeletclient.KubeletClientConfig KubernetesServiceNodePort int @@ -86,8 +87,9 @@ func NewServerRunOptions() *ServerRunOptions { StorageSerialization: kubeoptions.NewStorageSerializationOptions(), APIEnablement: kubeoptions.NewAPIEnablementOptions(), - EventTTL: 1 * time.Hour, - MasterCount: 1, + EnableLogsHandler: true, + EventTTL: 1 * time.Hour, + MasterCount: 1, KubeletConfig: kubeletclient.KubeletClientConfig{ Port: ports.KubeletPort, ReadOnlyPort: ports.KubeletReadOnlyPort, @@ -142,6 +144,9 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) { fs.BoolVar(&s.AllowPrivileged, "allow-privileged", s.AllowPrivileged, "If true, allow privileged containers.") + fs.BoolVar(&s.EnableLogsHandler, "enable-logs-handler", s.EnableLogsHandler, + "If true, install a /logs handler for the apiserver logs.") + fs.StringVar(&s.SSHUser, "ssh-user", s.SSHUser, "If non-empty, use secure SSH proxy to the nodes, using this user name") diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index ece70bb421e..aca102fabef 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -263,7 +263,7 @@ func CreateKubeAPIServerConfig(s *options.ServerRunOptions) (*master.Config, inf EventTTL: s.EventTTL, KubeletClientConfig: s.KubeletConfig, EnableUISupport: true, - EnableLogsSupport: true, + EnableLogsSupport: s.EnableLogsHandler, ProxyTransport: proxyTransport, Tunneler: nodeTunneler, diff --git a/hack/verify-flags/known-flags.txt b/hack/verify-flags/known-flags.txt index c8e061ce8fa..5a1ac71b0da 100644 --- a/hack/verify-flags/known-flags.txt +++ b/hack/verify-flags/known-flags.txt @@ -198,6 +198,7 @@ enable-garbage-collector enable-garbage-collector enable-garbage-collector enable-hostpath-provisioner +enable-logs-handler enable-server enable-swagger-ui enable-taint-manager