mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 12:15:52 +00:00
move auditoptions to separate struct
This commit is contained in:
parent
cfbdbb4450
commit
51b5d5a51b
@ -44,6 +44,7 @@ type ServerRunOptions struct {
|
|||||||
Etcd *genericoptions.EtcdOptions
|
Etcd *genericoptions.EtcdOptions
|
||||||
SecureServing *genericoptions.SecureServingOptions
|
SecureServing *genericoptions.SecureServingOptions
|
||||||
InsecureServing *genericoptions.ServingOptions
|
InsecureServing *genericoptions.ServingOptions
|
||||||
|
Audit *genericoptions.AuditLogOptions
|
||||||
Authentication *kubeoptions.BuiltInAuthenticationOptions
|
Authentication *kubeoptions.BuiltInAuthenticationOptions
|
||||||
Authorization *kubeoptions.BuiltInAuthorizationOptions
|
Authorization *kubeoptions.BuiltInAuthorizationOptions
|
||||||
CloudProvider *kubeoptions.CloudProviderOptions
|
CloudProvider *kubeoptions.CloudProviderOptions
|
||||||
@ -68,6 +69,7 @@ func NewServerRunOptions() *ServerRunOptions {
|
|||||||
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
||||||
SecureServing: genericoptions.NewSecureServingOptions(),
|
SecureServing: genericoptions.NewSecureServingOptions(),
|
||||||
InsecureServing: genericoptions.NewInsecureServingOptions(),
|
InsecureServing: genericoptions.NewInsecureServingOptions(),
|
||||||
|
Audit: genericoptions.NewAuditLogOptions(),
|
||||||
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
|
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
|
||||||
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
|
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
|
||||||
CloudProvider: kubeoptions.NewCloudProviderOptions(),
|
CloudProvider: kubeoptions.NewCloudProviderOptions(),
|
||||||
@ -103,6 +105,7 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
|
|||||||
s.SecureServing.AddDeprecatedFlags(fs)
|
s.SecureServing.AddDeprecatedFlags(fs)
|
||||||
s.InsecureServing.AddFlags(fs)
|
s.InsecureServing.AddFlags(fs)
|
||||||
s.InsecureServing.AddDeprecatedFlags(fs)
|
s.InsecureServing.AddDeprecatedFlags(fs)
|
||||||
|
s.Audit.AddFlags(fs)
|
||||||
s.Authentication.AddFlags(fs)
|
s.Authentication.AddFlags(fs)
|
||||||
s.Authorization.AddFlags(fs)
|
s.Authorization.AddFlags(fs)
|
||||||
s.CloudProvider.AddFlags(fs)
|
s.CloudProvider.AddFlags(fs)
|
||||||
|
@ -120,6 +120,9 @@ func Run(s *options.ServerRunOptions) error {
|
|||||||
if err := s.Authentication.ApplyTo(genericConfig); err != nil {
|
if err := s.Authentication.ApplyTo(genericConfig); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err := s.Audit.ApplyTo(genericConfig); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
capabilities.Initialize(capabilities.Capabilities{
|
capabilities.Initialize(capabilities.Capabilities{
|
||||||
AllowPrivileged: s.AllowPrivileged,
|
AllowPrivileged: s.AllowPrivileged,
|
||||||
|
@ -36,6 +36,7 @@ type ServerRunOptions struct {
|
|||||||
Etcd *genericoptions.EtcdOptions
|
Etcd *genericoptions.EtcdOptions
|
||||||
SecureServing *genericoptions.SecureServingOptions
|
SecureServing *genericoptions.SecureServingOptions
|
||||||
InsecureServing *genericoptions.ServingOptions
|
InsecureServing *genericoptions.ServingOptions
|
||||||
|
Audit *genericoptions.AuditLogOptions
|
||||||
Authentication *kubeoptions.BuiltInAuthenticationOptions
|
Authentication *kubeoptions.BuiltInAuthenticationOptions
|
||||||
Authorization *kubeoptions.BuiltInAuthorizationOptions
|
Authorization *kubeoptions.BuiltInAuthorizationOptions
|
||||||
CloudProvider *kubeoptions.CloudProviderOptions
|
CloudProvider *kubeoptions.CloudProviderOptions
|
||||||
@ -51,6 +52,7 @@ func NewServerRunOptions() *ServerRunOptions {
|
|||||||
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
||||||
SecureServing: genericoptions.NewSecureServingOptions(),
|
SecureServing: genericoptions.NewSecureServingOptions(),
|
||||||
InsecureServing: genericoptions.NewInsecureServingOptions(),
|
InsecureServing: genericoptions.NewInsecureServingOptions(),
|
||||||
|
Audit: genericoptions.NewAuditLogOptions(),
|
||||||
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
|
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
|
||||||
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
|
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
|
||||||
CloudProvider: kubeoptions.NewCloudProviderOptions(),
|
CloudProvider: kubeoptions.NewCloudProviderOptions(),
|
||||||
@ -70,6 +72,7 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
|
|||||||
s.Etcd.AddFlags(fs)
|
s.Etcd.AddFlags(fs)
|
||||||
s.SecureServing.AddFlags(fs)
|
s.SecureServing.AddFlags(fs)
|
||||||
s.InsecureServing.AddFlags(fs)
|
s.InsecureServing.AddFlags(fs)
|
||||||
|
s.Audit.AddFlags(fs)
|
||||||
s.Authentication.AddFlags(fs)
|
s.Authentication.AddFlags(fs)
|
||||||
s.Authorization.AddFlags(fs)
|
s.Authorization.AddFlags(fs)
|
||||||
s.CloudProvider.AddFlags(fs)
|
s.CloudProvider.AddFlags(fs)
|
||||||
|
@ -103,6 +103,9 @@ func Run(s *options.ServerRunOptions) error {
|
|||||||
if err := s.Authentication.ApplyTo(genericConfig); err != nil {
|
if err := s.Authentication.ApplyTo(genericConfig); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err := s.Audit.ApplyTo(genericConfig); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// TODO: register cluster federation resources here.
|
// TODO: register cluster federation resources here.
|
||||||
resourceConfig := genericapiserver.NewResourceConfig()
|
resourceConfig := genericapiserver.NewResourceConfig()
|
||||||
|
60
staging/src/k8s.io/apiserver/pkg/server/options/audit.go
Normal file
60
staging/src/k8s.io/apiserver/pkg/server/options/audit.go
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
/*
|
||||||
|
Copyright 2017 The Kubernetes Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package options
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/spf13/pflag"
|
||||||
|
"gopkg.in/natefinch/lumberjack.v2"
|
||||||
|
|
||||||
|
"k8s.io/apiserver/pkg/server"
|
||||||
|
)
|
||||||
|
|
||||||
|
type AuditLogOptions struct {
|
||||||
|
Path string
|
||||||
|
MaxAge int
|
||||||
|
MaxBackups int
|
||||||
|
MaxSize int
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewAuditLogOptions() *AuditLogOptions {
|
||||||
|
return &AuditLogOptions{}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet) {
|
||||||
|
fs.StringVar(&o.Path, "audit-log-path", o.Path,
|
||||||
|
"If set, all requests coming to the apiserver will be logged to this file.")
|
||||||
|
fs.IntVar(&o.MaxAge, "audit-log-maxage", o.MaxBackups,
|
||||||
|
"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
|
||||||
|
fs.IntVar(&o.MaxBackups, "audit-log-maxbackup", o.MaxBackups,
|
||||||
|
"The maximum number of old audit log files to retain.")
|
||||||
|
fs.IntVar(&o.MaxSize, "audit-log-maxsize", o.MaxSize,
|
||||||
|
"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *AuditLogOptions) ApplyTo(c *server.Config) error {
|
||||||
|
if len(o.Path) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
c.AuditWriter = &lumberjack.Logger{
|
||||||
|
Filename: o.Path,
|
||||||
|
MaxAge: o.MaxAge,
|
||||||
|
MaxBackups: o.MaxBackups,
|
||||||
|
MaxSize: o.MaxSize,
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
@ -30,6 +30,7 @@ type RecommendedOptions struct {
|
|||||||
SecureServing *SecureServingOptions
|
SecureServing *SecureServingOptions
|
||||||
Authentication *DelegatingAuthenticationOptions
|
Authentication *DelegatingAuthenticationOptions
|
||||||
Authorization *DelegatingAuthorizationOptions
|
Authorization *DelegatingAuthorizationOptions
|
||||||
|
Audit *AuditLogOptions
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewRecommendedOptions(scheme *runtime.Scheme) *RecommendedOptions {
|
func NewRecommendedOptions(scheme *runtime.Scheme) *RecommendedOptions {
|
||||||
@ -38,6 +39,7 @@ func NewRecommendedOptions(scheme *runtime.Scheme) *RecommendedOptions {
|
|||||||
SecureServing: NewSecureServingOptions(),
|
SecureServing: NewSecureServingOptions(),
|
||||||
Authentication: NewDelegatingAuthenticationOptions(),
|
Authentication: NewDelegatingAuthenticationOptions(),
|
||||||
Authorization: NewDelegatingAuthorizationOptions(),
|
Authorization: NewDelegatingAuthorizationOptions(),
|
||||||
|
Audit: NewAuditLogOptions(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -46,6 +48,7 @@ func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet) {
|
|||||||
o.SecureServing.AddFlags(fs)
|
o.SecureServing.AddFlags(fs)
|
||||||
o.Authentication.AddFlags(fs)
|
o.Authentication.AddFlags(fs)
|
||||||
o.Authorization.AddFlags(fs)
|
o.Authorization.AddFlags(fs)
|
||||||
|
o.Audit.AddFlags(fs)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (o *RecommendedOptions) ApplyTo(config *server.Config) error {
|
func (o *RecommendedOptions) ApplyTo(config *server.Config) error {
|
||||||
@ -58,6 +61,9 @@ func (o *RecommendedOptions) ApplyTo(config *server.Config) error {
|
|||||||
if err := o.Authorization.ApplyTo(config); err != nil {
|
if err := o.Authorization.ApplyTo(config); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err := o.Audit.ApplyTo(config); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -31,7 +31,6 @@ import (
|
|||||||
_ "k8s.io/apiserver/pkg/features"
|
_ "k8s.io/apiserver/pkg/features"
|
||||||
|
|
||||||
"github.com/spf13/pflag"
|
"github.com/spf13/pflag"
|
||||||
"gopkg.in/natefinch/lumberjack.v2"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// ServerRunOptions contains the options while running a generic api server.
|
// ServerRunOptions contains the options while running a generic api server.
|
||||||
@ -45,10 +44,6 @@ type ServerRunOptions struct {
|
|||||||
// to set it to "application/vnd.kubernetes.protobuf".
|
// to set it to "application/vnd.kubernetes.protobuf".
|
||||||
DefaultStorageMediaType string
|
DefaultStorageMediaType string
|
||||||
DeleteCollectionWorkers int
|
DeleteCollectionWorkers int
|
||||||
AuditLogPath string
|
|
||||||
AuditLogMaxAge int
|
|
||||||
AuditLogMaxBackups int
|
|
||||||
AuditLogMaxSize int
|
|
||||||
EnableGarbageCollection bool
|
EnableGarbageCollection bool
|
||||||
EnableProfiling bool
|
EnableProfiling bool
|
||||||
EnableContentionProfiling bool
|
EnableContentionProfiling bool
|
||||||
@ -83,15 +78,6 @@ func NewServerRunOptions() *ServerRunOptions {
|
|||||||
|
|
||||||
// ApplyOptions applies the run options to the method receiver and returns self
|
// ApplyOptions applies the run options to the method receiver and returns self
|
||||||
func (s *ServerRunOptions) ApplyTo(c *server.Config) error {
|
func (s *ServerRunOptions) ApplyTo(c *server.Config) error {
|
||||||
if len(s.AuditLogPath) != 0 {
|
|
||||||
c.AuditWriter = &lumberjack.Logger{
|
|
||||||
Filename: s.AuditLogPath,
|
|
||||||
MaxAge: s.AuditLogMaxAge,
|
|
||||||
MaxBackups: s.AuditLogMaxBackups,
|
|
||||||
MaxSize: s.AuditLogMaxSize,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
c.CorsAllowedOriginList = s.CorsAllowedOriginList
|
c.CorsAllowedOriginList = s.CorsAllowedOriginList
|
||||||
c.EnableGarbageCollection = s.EnableGarbageCollection
|
c.EnableGarbageCollection = s.EnableGarbageCollection
|
||||||
c.EnableProfiling = s.EnableProfiling
|
c.EnableProfiling = s.EnableProfiling
|
||||||
@ -163,15 +149,6 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) {
|
|||||||
fs.IntVar(&s.DeleteCollectionWorkers, "delete-collection-workers", s.DeleteCollectionWorkers,
|
fs.IntVar(&s.DeleteCollectionWorkers, "delete-collection-workers", s.DeleteCollectionWorkers,
|
||||||
"Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.")
|
"Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.")
|
||||||
|
|
||||||
fs.StringVar(&s.AuditLogPath, "audit-log-path", s.AuditLogPath,
|
|
||||||
"If set, all requests coming to the apiserver will be logged to this file.")
|
|
||||||
fs.IntVar(&s.AuditLogMaxAge, "audit-log-maxage", s.AuditLogMaxBackups,
|
|
||||||
"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
|
|
||||||
fs.IntVar(&s.AuditLogMaxBackups, "audit-log-maxbackup", s.AuditLogMaxBackups,
|
|
||||||
"The maximum number of old audit log files to retain.")
|
|
||||||
fs.IntVar(&s.AuditLogMaxSize, "audit-log-maxsize", s.AuditLogMaxSize,
|
|
||||||
"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
|
|
||||||
|
|
||||||
fs.BoolVar(&s.EnableGarbageCollection, "enable-garbage-collector", s.EnableGarbageCollection, ""+
|
fs.BoolVar(&s.EnableGarbageCollection, "enable-garbage-collector", s.EnableGarbageCollection, ""+
|
||||||
"Enables the generic garbage collector. MUST be synced with the corresponding flag "+
|
"Enables the generic garbage collector. MUST be synced with the corresponding flag "+
|
||||||
"of the kube-controller-manager.")
|
"of the kube-controller-manager.")
|
||||||
|
1
vendor/BUILD
vendored
1
vendor/BUILD
vendored
@ -14089,6 +14089,7 @@ go_library(
|
|||||||
go_library(
|
go_library(
|
||||||
name = "k8s.io/apiserver/pkg/server/options",
|
name = "k8s.io/apiserver/pkg/server/options",
|
||||||
srcs = [
|
srcs = [
|
||||||
|
"k8s.io/apiserver/pkg/server/options/audit.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/authentication.go",
|
"k8s.io/apiserver/pkg/server/options/authentication.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/authorization.go",
|
"k8s.io/apiserver/pkg/server/options/authorization.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/doc.go",
|
"k8s.io/apiserver/pkg/server/options/doc.go",
|
||||||
|
Loading…
Reference in New Issue
Block a user