diff --git a/cmd/kube-apiserver/app/options/options.go b/cmd/kube-apiserver/app/options/options.go index a0ca0be05a8..e0a98be2ce1 100644 --- a/cmd/kube-apiserver/app/options/options.go +++ b/cmd/kube-apiserver/app/options/options.go @@ -158,24 +158,12 @@ func (s *APIServer) StorageGroupsToGroupVersions() map[string]string { // AddFlags adds flags for a specific APIServer to the specified FlagSet func (s *APIServer) AddFlags(fs *pflag.FlagSet) { + // Add the generic flags. + s.ServerRunOptions.AddFlags(fs) // Note: the weird ""+ in below lines seems to be the only way to get gofmt to // arrange these text blocks sensibly. Grrr. - fs.IntVar(&s.InsecurePort, "insecure-port", s.InsecurePort, ""+ - "The port on which to serve unsecured, unauthenticated access. Default 8080. It is assumed "+ - "that firewall rules are set up such that this port is not reachable from outside of "+ - "the cluster and that port 443 on the cluster's public address is proxied to this "+ - "port. This is performed by nginx in the default setup.") - fs.IntVar(&s.InsecurePort, "port", s.InsecurePort, "DEPRECATED: see --insecure-port instead") fs.MarkDeprecated("port", "see --insecure-port instead") - fs.IPVar(&s.InsecureBindAddress, "insecure-bind-address", s.InsecureBindAddress, ""+ - "The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all interfaces). "+ - "Defaults to localhost.") - fs.IPVar(&s.InsecureBindAddress, "address", s.InsecureBindAddress, "DEPRECATED: see --insecure-bind-address instead") fs.MarkDeprecated("address", "see --insecure-bind-address instead") - fs.IPVar(&s.BindAddress, "bind-address", s.BindAddress, ""+ - "The IP address on which to listen for the --secure-port port. The "+ - "associated interface(s) must be reachable by the rest of the cluster, and by CLI/web "+ - "clients. If blank, all interfaces will be used (0.0.0.0).") fs.IPVar(&s.AdvertiseAddress, "advertise-address", s.AdvertiseAddress, ""+ "The IP address on which to advertise the apiserver to members of the cluster. This "+ "address must be reachable by the rest of the cluster. If blank, the --bind-address "+ @@ -183,16 +171,6 @@ func (s *APIServer) AddFlags(fs *pflag.FlagSet) { "be used.") fs.IPVar(&s.BindAddress, "public-address-override", s.BindAddress, "DEPRECATED: see --bind-address instead") fs.MarkDeprecated("public-address-override", "see --bind-address instead") - fs.IntVar(&s.SecurePort, "secure-port", s.SecurePort, ""+ - "The port on which to serve HTTPS with authentication and authorization. If 0, "+ - "don't serve HTTPS at all.") - fs.StringVar(&s.TLSCertFile, "tls-cert-file", s.TLSCertFile, ""+ - "File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). "+ - "If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, "+ - "a self-signed certificate and key are generated for the public address and saved to /var/run/kubernetes.") - fs.StringVar(&s.TLSPrivateKeyFile, "tls-private-key-file", s.TLSPrivateKeyFile, "File containing x509 private key matching --tls-cert-file.") - fs.StringVar(&s.CertDirectory, "cert-dir", s.CertDirectory, "The directory where the TLS certs are located (by default /var/run/kubernetes). "+ - "If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.") fs.StringVar(&s.APIPrefix, "api-prefix", s.APIPrefix, "The prefix for API requests on the server. Default '/api'.") fs.MarkDeprecated("api-prefix", "--api-prefix is deprecated and will be removed when the v1 API is retired.") fs.StringVar(&s.DeprecatedStorageVersion, "storage-version", s.DeprecatedStorageVersion, "The version to store the legacy v1 resources with. Defaults to server preferred") @@ -206,7 +184,6 @@ func (s *APIServer) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&s.CloudConfigFile, "cloud-config", s.CloudConfigFile, "The path to the cloud provider configuration file. Empty string for no configuration file.") fs.DurationVar(&s.EventTTL, "event-ttl", s.EventTTL, "Amount of time to retain events. Default 1 hour.") fs.StringVar(&s.BasicAuthFile, "basic-auth-file", s.BasicAuthFile, "If set, the file that will be used to admit requests to the secure port of the API server via http basic authentication.") - fs.StringVar(&s.ClientCAFile, "client-ca-file", s.ClientCAFile, "If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.") fs.StringVar(&s.TokenAuthFile, "token-auth-file", s.TokenAuthFile, "If set, the file that will be used to secure the secure port of the API server via token authentication.") fs.StringVar(&s.OIDCIssuerURL, "oidc-issuer-url", s.OIDCIssuerURL, "The URL of the OpenID issuer, only HTTPS scheme will be accepted. If set, it will be used to verify the OIDC JSON Web Token (JWT)") fs.StringVar(&s.OIDCClientID, "oidc-client-id", s.OIDCClientID, "The client ID for the OpenID Connect client, must be set if oidc-issuer-url is set") @@ -247,9 +224,7 @@ func (s *APIServer) AddFlags(fs *pflag.FlagSet) { fs.BoolVar(&s.EnableWatchCache, "watch-cache", true, "Enable watch caching in the apiserver") fs.BoolVar(&s.EnableSwaggerUI, "enable-swagger-ui", false, "Enables swagger ui on the apiserver at /swagger-ui") fs.StringVar(&s.ExternalHost, "external-hostname", "", "The hostname to use when generating externalized URLs for this master (e.g. Swagger API Docs.)") - fs.IntVar(&s.MaxRequestsInFlight, "max-requests-inflight", 400, "The maximum number of requests in flight at a given time. When the server exceeds this, it rejects requests. Zero for no limit.") fs.IntVar(&s.MinRequestTimeout, "min-request-timeout", 1800, "An optional field indicating the minimum number of seconds a handler must keep a request open before timing it out. Currently only honored by the watch request handler, which picks a randomized value above this number as the connection timeout, to spread out load.") - fs.StringVar(&s.LongRunningRequestRE, "long-running-request-regexp", s.LongRunningRequestRE, "A regular expression matching long running requests which should be excluded from maximum inflight request handling.") fs.StringVar(&s.SSHUser, "ssh-user", "", "If non-empty, use secure SSH proxy to the nodes, using this user name") fs.StringVar(&s.SSHKeyfile, "ssh-keyfile", "", "If non-empty, use secure SSH proxy to the nodes, using this user keyfile") fs.Int64Var(&s.MaxConnectionBytesPerSec, "max-connection-bytes-per-sec", 0, "If non-zero, throttle each user connection to this number of bytes/sec. Currently only applies to long-running requests") diff --git a/examples/apiserver/apiserver.go b/examples/apiserver/apiserver.go index 79394fff79d..e6f12c87297 100644 --- a/examples/apiserver/apiserver.go +++ b/examples/apiserver/apiserver.go @@ -55,7 +55,14 @@ func newStorageDestinations(groupName string, groupMeta *apimachinery.GroupMeta) return &storageDestinations, nil } -func Run() error { +func NewServerRunOptions() *genericapiserver.ServerRunOptions { + serverOptions := genericapiserver.NewServerRunOptions() + serverOptions.InsecurePort = InsecurePort + serverOptions.SecurePort = SecurePort + return serverOptions +} + +func Run(serverOptions *genericapiserver.ServerRunOptions) error { config := genericapiserver.Config{ EnableIndex: true, EnableSwaggerSupport: true, @@ -93,9 +100,6 @@ func Run() error { if err := s.InstallAPIGroups([]genericapiserver.APIGroupInfo{apiGroupInfo}); err != nil { return fmt.Errorf("Error in installing API: %v", err) } - serverOptions := genericapiserver.NewServerRunOptions() - serverOptions.InsecurePort = InsecurePort - serverOptions.SecurePort = SecurePort s.Run(serverOptions) return nil } diff --git a/examples/apiserver/apiserver_test.go b/examples/apiserver/apiserver_test.go index 5884ef095b7..e36b359c24c 100644 --- a/examples/apiserver/apiserver_test.go +++ b/examples/apiserver/apiserver_test.go @@ -41,7 +41,7 @@ var groupVersionForDiscovery = unversioned.GroupVersionForDiscovery{ func TestRun(t *testing.T) { go func() { - if err := Run(); err != nil { + if err := Run(NewServerRunOptions()); err != nil { t.Fatalf("Error in bringing up the server: %v", err) } }() diff --git a/examples/apiserver/server/main.go b/examples/apiserver/server/main.go index aec0ef0ec90..d0bdeef1d5b 100644 --- a/examples/apiserver/server/main.go +++ b/examples/apiserver/server/main.go @@ -18,12 +18,20 @@ package main import ( "k8s.io/kubernetes/examples/apiserver" + "k8s.io/kubernetes/pkg/util/flag" "github.com/golang/glog" + "github.com/spf13/pflag" ) func main() { - if err := apiserver.Run(); err != nil { + serverRunOptions := apiserver.NewServerRunOptions() + + // Parse command line flags. + serverRunOptions.AddFlags(pflag.CommandLine) + flag.InitFlags() + + if err := apiserver.Run(serverRunOptions); err != nil { glog.Fatalf("Error in bringing up the server: %v", err) } } diff --git a/pkg/genericapiserver/server_run_options.go b/pkg/genericapiserver/server_run_options.go index 2ebc3d77aa6..a78db5ff171 100644 --- a/pkg/genericapiserver/server_run_options.go +++ b/pkg/genericapiserver/server_run_options.go @@ -18,6 +18,8 @@ package genericapiserver import ( "net" + + "github.com/spf13/pflag" ) const ( @@ -49,3 +51,36 @@ func NewServerRunOptions() *ServerRunOptions { SecurePort: 6443, } } + +// AddFlags adds flags for a specific APIServer to the specified FlagSet +func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) { + // Note: the weird ""+ in below lines seems to be the only way to get gofmt to + // arrange these text blocks sensibly. Grrr. + fs.IPVar(&s.BindAddress, "bind-address", s.BindAddress, ""+ + "The IP address on which to listen for the --secure-port port. The "+ + "associated interface(s) must be reachable by the rest of the cluster, and by CLI/web "+ + "clients. If blank, all interfaces will be used (0.0.0.0).") + fs.StringVar(&s.CertDirectory, "cert-dir", s.CertDirectory, "The directory where the TLS certs are located (by default /var/run/kubernetes). "+ + "If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.") + fs.StringVar(&s.ClientCAFile, "client-ca-file", s.ClientCAFile, "If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.") + fs.IPVar(&s.InsecureBindAddress, "insecure-bind-address", s.InsecureBindAddress, ""+ + "The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all interfaces). "+ + "Defaults to localhost.") + fs.IPVar(&s.InsecureBindAddress, "address", s.InsecureBindAddress, "DEPRECATED: see --insecure-bind-address instead") + fs.IntVar(&s.InsecurePort, "insecure-port", s.InsecurePort, ""+ + "The port on which to serve unsecured, unauthenticated access. Default 8080. It is assumed "+ + "that firewall rules are set up such that this port is not reachable from outside of "+ + "the cluster and that port 443 on the cluster's public address is proxied to this "+ + "port. This is performed by nginx in the default setup.") + fs.IntVar(&s.InsecurePort, "port", s.InsecurePort, "DEPRECATED: see --insecure-port instead") + fs.StringVar(&s.LongRunningRequestRE, "long-running-request-regexp", s.LongRunningRequestRE, "A regular expression matching long running requests which should be excluded from maximum inflight request handling.") + fs.IntVar(&s.MaxRequestsInFlight, "max-requests-inflight", 400, "The maximum number of requests in flight at a given time. When the server exceeds this, it rejects requests. Zero for no limit.") + fs.IntVar(&s.SecurePort, "secure-port", s.SecurePort, ""+ + "The port on which to serve HTTPS with authentication and authorization. If 0, "+ + "don't serve HTTPS at all.") + fs.StringVar(&s.TLSCertFile, "tls-cert-file", s.TLSCertFile, ""+ + "File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). "+ + "If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, "+ + "a self-signed certificate and key are generated for the public address and saved to /var/run/kubernetes.") + fs.StringVar(&s.TLSPrivateKeyFile, "tls-private-key-file", s.TLSPrivateKeyFile, "File containing x509 private key matching --tls-cert-file.") +}