mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 11:21:47 +00:00
Merge pull request #41083 from deads2k/apiserver-02-audit
Automatic merge from submit-queue (batch tested with PRs 38796, 40823, 40756, 41083, 41105) Add more options to the RecommendedOptions struct. Builds on https://github.com/kubernetes/kubernetes/pull/41028 Adds `AuditOptions` to the `RecommendedOptions` @sttts @kubernetes/sig-api-machinery-pr-reviews
This commit is contained in:
commit
fa14198bb2
@ -45,10 +45,7 @@ import (
|
||||
const defaultEtcdPathPrefix = "/registry/kube-aggregator.kubernetes.io/"
|
||||
|
||||
type AggregatorOptions struct {
|
||||
Etcd *genericoptions.EtcdOptions
|
||||
SecureServing *genericoptions.SecureServingOptions
|
||||
Authentication *genericoptions.DelegatingAuthenticationOptions
|
||||
Authorization *genericoptions.DelegatingAuthorizationOptions
|
||||
RecommendedOptions *genericoptions.RecommendedOptions
|
||||
|
||||
// ProxyClientCert/Key are the client cert used to identify this proxy. Backing APIServices use
|
||||
// this to confirm the proxy's identity
|
||||
@ -62,18 +59,15 @@ type AggregatorOptions struct {
|
||||
// NewCommandStartMaster provides a CLI handler for 'start master' command
|
||||
func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
|
||||
o := &AggregatorOptions{
|
||||
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
||||
SecureServing: genericoptions.NewSecureServingOptions(),
|
||||
Authentication: genericoptions.NewDelegatingAuthenticationOptions(),
|
||||
Authorization: genericoptions.NewDelegatingAuthorizationOptions(),
|
||||
RecommendedOptions: genericoptions.NewRecommendedOptions(api.Scheme),
|
||||
|
||||
StdOut: out,
|
||||
StdErr: err,
|
||||
}
|
||||
o.Etcd.StorageConfig.Type = storagebackend.StorageTypeETCD3
|
||||
o.Etcd.StorageConfig.Prefix = defaultEtcdPathPrefix
|
||||
o.Etcd.StorageConfig.Codec = api.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion)
|
||||
o.SecureServing.ServingOptions.BindPort = 443
|
||||
o.RecommendedOptions.Etcd.StorageConfig.Type = storagebackend.StorageTypeETCD3
|
||||
o.RecommendedOptions.Etcd.StorageConfig.Prefix = defaultEtcdPathPrefix
|
||||
o.RecommendedOptions.Etcd.StorageConfig.Codec = api.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion)
|
||||
o.RecommendedOptions.SecureServing.ServingOptions.BindPort = 443
|
||||
|
||||
cmd := &cobra.Command{
|
||||
Short: "Launch a API aggregator and proxy server",
|
||||
@ -86,10 +80,7 @@ func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
|
||||
}
|
||||
|
||||
flags := cmd.Flags()
|
||||
o.Etcd.AddFlags(flags)
|
||||
o.SecureServing.AddFlags(flags)
|
||||
o.Authentication.AddFlags(flags)
|
||||
o.Authorization.AddFlags(flags)
|
||||
o.RecommendedOptions.AddFlags(flags)
|
||||
flags.StringVar(&o.ProxyClientCertFile, "proxy-client-cert-file", o.ProxyClientCertFile, "client certificate used identify the proxy to the API server")
|
||||
flags.StringVar(&o.ProxyClientKeyFile, "proxy-client-key-file", o.ProxyClientKeyFile, "client certificate key used identify the proxy to the API server")
|
||||
|
||||
@ -106,30 +97,24 @@ func (o *AggregatorOptions) Complete() error {
|
||||
|
||||
func (o AggregatorOptions) RunAggregator() error {
|
||||
// TODO have a "real" external address
|
||||
if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost"); err != nil {
|
||||
if err := o.RecommendedOptions.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost"); err != nil {
|
||||
return fmt.Errorf("error creating self-signed certificates: %v", err)
|
||||
}
|
||||
|
||||
genericAPIServerConfig := genericapiserver.NewConfig().
|
||||
serverConfig := genericapiserver.NewConfig().
|
||||
WithSerializer(api.Codecs)
|
||||
|
||||
if err := o.SecureServing.ApplyTo(genericAPIServerConfig); err != nil {
|
||||
return fmt.Errorf("failed to configure https: %s", err)
|
||||
}
|
||||
if err := o.Authentication.ApplyTo(genericAPIServerConfig); err != nil {
|
||||
if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := o.Authorization.ApplyTo(genericAPIServerConfig); err != nil {
|
||||
return err
|
||||
}
|
||||
genericAPIServerConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(
|
||||
serverConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(
|
||||
sets.NewString("watch", "proxy"),
|
||||
sets.NewString("attach", "exec", "proxy", "log", "portforward"),
|
||||
)
|
||||
|
||||
var err error
|
||||
privilegedLoopbackToken := uuid.NewRandom().String()
|
||||
if genericAPIServerConfig.LoopbackClientConfig, err = genericAPIServerConfig.SecureServingInfo.NewSelfClientConfig(privilegedLoopbackToken); err != nil {
|
||||
if serverConfig.LoopbackClientConfig, err = serverConfig.SecureServingInfo.NewSelfClientConfig(privilegedLoopbackToken); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@ -143,8 +128,8 @@ func (o AggregatorOptions) RunAggregator() error {
|
||||
}
|
||||
|
||||
config := apiserver.Config{
|
||||
GenericConfig: genericAPIServerConfig,
|
||||
RESTOptionsGetter: &restOptionsFactory{storageConfig: &o.Etcd.StorageConfig},
|
||||
GenericConfig: serverConfig,
|
||||
RESTOptionsGetter: &restOptionsFactory{storageConfig: &o.RecommendedOptions.Etcd.StorageConfig},
|
||||
CoreAPIServerClient: coreAPIServerClient,
|
||||
}
|
||||
|
||||
|
@ -44,6 +44,8 @@ type ServerRunOptions struct {
|
||||
Etcd *genericoptions.EtcdOptions
|
||||
SecureServing *genericoptions.SecureServingOptions
|
||||
InsecureServing *genericoptions.ServingOptions
|
||||
Audit *genericoptions.AuditLogOptions
|
||||
Features *genericoptions.FeatureOptions
|
||||
Authentication *kubeoptions.BuiltInAuthenticationOptions
|
||||
Authorization *kubeoptions.BuiltInAuthorizationOptions
|
||||
CloudProvider *kubeoptions.CloudProviderOptions
|
||||
@ -69,6 +71,8 @@ func NewServerRunOptions() *ServerRunOptions {
|
||||
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
||||
SecureServing: genericoptions.NewSecureServingOptions(),
|
||||
InsecureServing: genericoptions.NewInsecureServingOptions(),
|
||||
Audit: genericoptions.NewAuditLogOptions(),
|
||||
Features: genericoptions.NewFeatureOptions(),
|
||||
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
|
||||
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
|
||||
CloudProvider: kubeoptions.NewCloudProviderOptions(),
|
||||
@ -92,7 +96,7 @@ func NewServerRunOptions() *ServerRunOptions {
|
||||
ServiceNodePortRange: DefaultServiceNodePortRange,
|
||||
}
|
||||
// Overwrite the default for storage data format.
|
||||
s.GenericServerRunOptions.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
|
||||
s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
|
||||
return &s
|
||||
}
|
||||
|
||||
@ -105,6 +109,8 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
s.SecureServing.AddDeprecatedFlags(fs)
|
||||
s.InsecureServing.AddFlags(fs)
|
||||
s.InsecureServing.AddDeprecatedFlags(fs)
|
||||
s.Audit.AddFlags(fs)
|
||||
s.Features.AddFlags(fs)
|
||||
s.Authentication.AddFlags(fs)
|
||||
s.Authorization.AddFlags(fs)
|
||||
s.CloudProvider.AddFlags(fs)
|
||||
|
@ -28,7 +28,7 @@ func TestAddFlagsFlag(t *testing.T) {
|
||||
f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
|
||||
s := NewServerRunOptions()
|
||||
s.AddFlags(f)
|
||||
if s.GenericServerRunOptions.EnableSwaggerUI {
|
||||
if s.Features.EnableSwaggerUI {
|
||||
t.Errorf("Expected s.EnableSwaggerUI to be false by default")
|
||||
}
|
||||
|
||||
@ -36,7 +36,7 @@ func TestAddFlagsFlag(t *testing.T) {
|
||||
"--enable-swagger-ui=true",
|
||||
}
|
||||
f.Parse(args)
|
||||
if !s.GenericServerRunOptions.EnableSwaggerUI {
|
||||
if !s.Features.EnableSwaggerUI {
|
||||
t.Errorf("Expected s.EnableSwaggerUI to be true")
|
||||
}
|
||||
}
|
||||
|
@ -120,6 +120,12 @@ func Run(s *options.ServerRunOptions) error {
|
||||
if err := s.Authentication.ApplyTo(genericConfig); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.Audit.ApplyTo(genericConfig); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.Features.ApplyTo(genericConfig); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
capabilities.Initialize(capabilities.Capabilities{
|
||||
AllowPrivileged: s.AllowPrivileged,
|
||||
@ -199,7 +205,7 @@ func Run(s *options.ServerRunOptions) error {
|
||||
return fmt.Errorf("error generating storage version map: %s", err)
|
||||
}
|
||||
storageFactory, err := kubeapiserver.BuildDefaultStorageFactory(
|
||||
s.Etcd.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs,
|
||||
s.Etcd.StorageConfig, s.Etcd.DefaultStorageMediaType, api.Codecs,
|
||||
genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion,
|
||||
// FIXME: this GroupVersionResource override should be configurable
|
||||
[]schema.GroupVersionResource{batch.Resource("cronjobs").WithVersion("v2alpha1")},
|
||||
|
@ -36,6 +36,8 @@ type ServerRunOptions struct {
|
||||
Etcd *genericoptions.EtcdOptions
|
||||
SecureServing *genericoptions.SecureServingOptions
|
||||
InsecureServing *genericoptions.ServingOptions
|
||||
Audit *genericoptions.AuditLogOptions
|
||||
Features *genericoptions.FeatureOptions
|
||||
Authentication *kubeoptions.BuiltInAuthenticationOptions
|
||||
Authorization *kubeoptions.BuiltInAuthorizationOptions
|
||||
CloudProvider *kubeoptions.CloudProviderOptions
|
||||
@ -52,6 +54,8 @@ func NewServerRunOptions() *ServerRunOptions {
|
||||
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
||||
SecureServing: genericoptions.NewSecureServingOptions(),
|
||||
InsecureServing: genericoptions.NewInsecureServingOptions(),
|
||||
Audit: genericoptions.NewAuditLogOptions(),
|
||||
Features: genericoptions.NewFeatureOptions(),
|
||||
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
|
||||
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
|
||||
CloudProvider: kubeoptions.NewCloudProviderOptions(),
|
||||
@ -61,7 +65,7 @@ func NewServerRunOptions() *ServerRunOptions {
|
||||
EventTTL: 1 * time.Hour,
|
||||
}
|
||||
// Overwrite the default for storage data format.
|
||||
s.GenericServerRunOptions.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
|
||||
s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
|
||||
return &s
|
||||
}
|
||||
|
||||
@ -72,6 +76,8 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
s.Etcd.AddFlags(fs)
|
||||
s.SecureServing.AddFlags(fs)
|
||||
s.InsecureServing.AddFlags(fs)
|
||||
s.Audit.AddFlags(fs)
|
||||
s.Features.AddFlags(fs)
|
||||
s.Authentication.AddFlags(fs)
|
||||
s.Authorization.AddFlags(fs)
|
||||
s.CloudProvider.AddFlags(fs)
|
||||
|
@ -103,6 +103,12 @@ func Run(s *options.ServerRunOptions) error {
|
||||
if err := s.Authentication.ApplyTo(genericConfig); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.Audit.ApplyTo(genericConfig); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.Features.ApplyTo(genericConfig); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// TODO: register cluster federation resources here.
|
||||
resourceConfig := genericapiserver.NewResourceConfig()
|
||||
@ -116,7 +122,7 @@ func Run(s *options.ServerRunOptions) error {
|
||||
return fmt.Errorf("error generating storage version map: %s", err)
|
||||
}
|
||||
storageFactory, err := kubeapiserver.BuildDefaultStorageFactory(
|
||||
s.Etcd.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs,
|
||||
s.Etcd.StorageConfig, s.Etcd.DefaultStorageMediaType, api.Codecs,
|
||||
genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion,
|
||||
[]schema.GroupVersionResource{}, resourceConfig, s.APIEnablement.RuntimeConfig)
|
||||
if err != nil {
|
||||
@ -208,7 +214,7 @@ func Run(s *options.ServerRunOptions) error {
|
||||
// TODO: Refactor this code to share it with kube-apiserver rather than duplicating it here.
|
||||
restOptionsFactory := &restOptionsFactory{
|
||||
storageFactory: storageFactory,
|
||||
enableGarbageCollection: s.GenericServerRunOptions.EnableGarbageCollection,
|
||||
enableGarbageCollection: s.Features.EnableGarbageCollection,
|
||||
deleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers,
|
||||
}
|
||||
if s.GenericServerRunOptions.EnableWatchCache {
|
||||
|
60
staging/src/k8s.io/apiserver/pkg/server/options/audit.go
Normal file
60
staging/src/k8s.io/apiserver/pkg/server/options/audit.go
Normal file
@ -0,0 +1,60 @@
|
||||
/*
|
||||
Copyright 2017 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package options
|
||||
|
||||
import (
|
||||
"github.com/spf13/pflag"
|
||||
"gopkg.in/natefinch/lumberjack.v2"
|
||||
|
||||
"k8s.io/apiserver/pkg/server"
|
||||
)
|
||||
|
||||
type AuditLogOptions struct {
|
||||
Path string
|
||||
MaxAge int
|
||||
MaxBackups int
|
||||
MaxSize int
|
||||
}
|
||||
|
||||
func NewAuditLogOptions() *AuditLogOptions {
|
||||
return &AuditLogOptions{}
|
||||
}
|
||||
|
||||
func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
fs.StringVar(&o.Path, "audit-log-path", o.Path,
|
||||
"If set, all requests coming to the apiserver will be logged to this file.")
|
||||
fs.IntVar(&o.MaxAge, "audit-log-maxage", o.MaxBackups,
|
||||
"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
|
||||
fs.IntVar(&o.MaxBackups, "audit-log-maxbackup", o.MaxBackups,
|
||||
"The maximum number of old audit log files to retain.")
|
||||
fs.IntVar(&o.MaxSize, "audit-log-maxsize", o.MaxSize,
|
||||
"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
|
||||
}
|
||||
|
||||
func (o *AuditLogOptions) ApplyTo(c *server.Config) error {
|
||||
if len(o.Path) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
c.AuditWriter = &lumberjack.Logger{
|
||||
Filename: o.Path,
|
||||
MaxAge: o.MaxAge,
|
||||
MaxBackups: o.MaxBackups,
|
||||
MaxSize: o.MaxSize,
|
||||
}
|
||||
return nil
|
||||
}
|
@ -33,6 +33,10 @@ type EtcdOptions struct {
|
||||
StorageConfig storagebackend.Config
|
||||
|
||||
EtcdServersOverrides []string
|
||||
|
||||
// To enable protobuf as storage format, it is enough
|
||||
// to set it to "application/vnd.kubernetes.protobuf".
|
||||
DefaultStorageMediaType string
|
||||
}
|
||||
|
||||
func NewEtcdOptions(scheme *runtime.Scheme) *EtcdOptions {
|
||||
@ -44,6 +48,7 @@ func NewEtcdOptions(scheme *runtime.Scheme) *EtcdOptions {
|
||||
DeserializationCacheSize: 0,
|
||||
Copier: scheme,
|
||||
},
|
||||
DefaultStorageMediaType: "application/json",
|
||||
}
|
||||
}
|
||||
|
||||
@ -62,6 +67,10 @@ func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
"Per-resource etcd servers overrides, comma separated. The individual override "+
|
||||
"format: group/resource#servers, where servers are http://ip:port, semicolon separated.")
|
||||
|
||||
fs.StringVar(&s.DefaultStorageMediaType, "storage-media-type", s.DefaultStorageMediaType, ""+
|
||||
"The media type to use to store objects in storage. Defaults to application/json. "+
|
||||
"Some resources may only support a specific media type and will ignore this setting.")
|
||||
|
||||
fs.StringVar(&s.StorageConfig.Type, "storage-backend", s.StorageConfig.Type,
|
||||
"The storage backend for persistence. Options: 'etcd3' (default), 'etcd2'.")
|
||||
|
||||
|
62
staging/src/k8s.io/apiserver/pkg/server/options/feature.go
Normal file
62
staging/src/k8s.io/apiserver/pkg/server/options/feature.go
Normal file
@ -0,0 +1,62 @@
|
||||
/*
|
||||
Copyright 2017 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package options
|
||||
|
||||
import (
|
||||
"github.com/spf13/pflag"
|
||||
|
||||
"k8s.io/apiserver/pkg/server"
|
||||
)
|
||||
|
||||
type FeatureOptions struct {
|
||||
EnableGarbageCollection bool
|
||||
EnableProfiling bool
|
||||
EnableContentionProfiling bool
|
||||
EnableSwaggerUI bool
|
||||
}
|
||||
|
||||
func NewFeatureOptions() *FeatureOptions {
|
||||
defaults := server.NewConfig()
|
||||
|
||||
return &FeatureOptions{
|
||||
EnableGarbageCollection: defaults.EnableGarbageCollection,
|
||||
EnableProfiling: defaults.EnableProfiling,
|
||||
EnableContentionProfiling: defaults.EnableContentionProfiling,
|
||||
EnableSwaggerUI: defaults.EnableSwaggerUI,
|
||||
}
|
||||
}
|
||||
|
||||
func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
fs.BoolVar(&o.EnableGarbageCollection, "enable-garbage-collector", o.EnableGarbageCollection, ""+
|
||||
"Enables the generic garbage collector. MUST be synced with the corresponding flag "+
|
||||
"of the kube-controller-manager.")
|
||||
fs.BoolVar(&o.EnableProfiling, "profiling", o.EnableProfiling,
|
||||
"Enable profiling via web interface host:port/debug/pprof/")
|
||||
fs.BoolVar(&o.EnableContentionProfiling, "contention-profiling", o.EnableContentionProfiling,
|
||||
"Enable contention profiling. Requires --profiling to be set to work.")
|
||||
fs.BoolVar(&o.EnableSwaggerUI, "enable-swagger-ui", o.EnableSwaggerUI,
|
||||
"Enables swagger ui on the apiserver at /swagger-ui")
|
||||
}
|
||||
|
||||
func (o *FeatureOptions) ApplyTo(c *server.Config) error {
|
||||
c.EnableGarbageCollection = o.EnableGarbageCollection
|
||||
c.EnableProfiling = o.EnableProfiling
|
||||
c.EnableContentionProfiling = o.EnableContentionProfiling
|
||||
c.EnableSwaggerUI = o.EnableSwaggerUI
|
||||
|
||||
return nil
|
||||
}
|
@ -0,0 +1,75 @@
|
||||
/*
|
||||
Copyright 2016 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package options
|
||||
|
||||
import (
|
||||
"github.com/spf13/pflag"
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apiserver/pkg/server"
|
||||
)
|
||||
|
||||
// RecommendedOptions contains the recommended options for running an API server
|
||||
// If you add something to this list, it should be in a logical grouping
|
||||
type RecommendedOptions struct {
|
||||
Etcd *EtcdOptions
|
||||
SecureServing *SecureServingOptions
|
||||
Authentication *DelegatingAuthenticationOptions
|
||||
Authorization *DelegatingAuthorizationOptions
|
||||
Audit *AuditLogOptions
|
||||
Features *FeatureOptions
|
||||
}
|
||||
|
||||
func NewRecommendedOptions(scheme *runtime.Scheme) *RecommendedOptions {
|
||||
return &RecommendedOptions{
|
||||
Etcd: NewEtcdOptions(scheme),
|
||||
SecureServing: NewSecureServingOptions(),
|
||||
Authentication: NewDelegatingAuthenticationOptions(),
|
||||
Authorization: NewDelegatingAuthorizationOptions(),
|
||||
Audit: NewAuditLogOptions(),
|
||||
Features: NewFeatureOptions(),
|
||||
}
|
||||
}
|
||||
|
||||
func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
o.Etcd.AddFlags(fs)
|
||||
o.SecureServing.AddFlags(fs)
|
||||
o.Authentication.AddFlags(fs)
|
||||
o.Authorization.AddFlags(fs)
|
||||
o.Audit.AddFlags(fs)
|
||||
o.Features.AddFlags(fs)
|
||||
}
|
||||
|
||||
func (o *RecommendedOptions) ApplyTo(config *server.Config) error {
|
||||
if err := o.SecureServing.ApplyTo(config); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := o.Authentication.ApplyTo(config); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := o.Authorization.ApplyTo(config); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := o.Audit.ApplyTo(config); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := o.Features.ApplyTo(config); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
@ -30,7 +30,6 @@ import (
|
||||
_ "k8s.io/apiserver/pkg/features"
|
||||
|
||||
"github.com/spf13/pflag"
|
||||
"gopkg.in/natefinch/lumberjack.v2"
|
||||
)
|
||||
|
||||
// ServerRunOptions contains the options while running a generic api server.
|
||||
@ -39,19 +38,8 @@ type ServerRunOptions struct {
|
||||
AdmissionControlConfigFile string
|
||||
AdvertiseAddress net.IP
|
||||
|
||||
CorsAllowedOriginList []string
|
||||
// To enable protobuf as storage format, it is enough
|
||||
// to set it to "application/vnd.kubernetes.protobuf".
|
||||
DefaultStorageMediaType string
|
||||
CorsAllowedOriginList []string
|
||||
DeleteCollectionWorkers int
|
||||
AuditLogPath string
|
||||
AuditLogMaxAge int
|
||||
AuditLogMaxBackups int
|
||||
AuditLogMaxSize int
|
||||
EnableGarbageCollection bool
|
||||
EnableProfiling bool
|
||||
EnableContentionProfiling bool
|
||||
EnableSwaggerUI bool
|
||||
EnableWatchCache bool
|
||||
ExternalHost string
|
||||
MaxRequestsInFlight int
|
||||
@ -66,11 +54,7 @@ func NewServerRunOptions() *ServerRunOptions {
|
||||
|
||||
return &ServerRunOptions{
|
||||
AdmissionControl: "AlwaysAdmit",
|
||||
DefaultStorageMediaType: "application/json",
|
||||
DeleteCollectionWorkers: 1,
|
||||
EnableGarbageCollection: defaults.EnableGarbageCollection,
|
||||
EnableProfiling: defaults.EnableProfiling,
|
||||
EnableContentionProfiling: false,
|
||||
EnableWatchCache: true,
|
||||
MaxRequestsInFlight: defaults.MaxRequestsInFlight,
|
||||
MaxMutatingRequestsInFlight: defaults.MaxMutatingRequestsInFlight,
|
||||
@ -80,20 +64,7 @@ func NewServerRunOptions() *ServerRunOptions {
|
||||
|
||||
// ApplyOptions applies the run options to the method receiver and returns self
|
||||
func (s *ServerRunOptions) ApplyTo(c *server.Config) error {
|
||||
if len(s.AuditLogPath) != 0 {
|
||||
c.AuditWriter = &lumberjack.Logger{
|
||||
Filename: s.AuditLogPath,
|
||||
MaxAge: s.AuditLogMaxAge,
|
||||
MaxBackups: s.AuditLogMaxBackups,
|
||||
MaxSize: s.AuditLogMaxSize,
|
||||
}
|
||||
}
|
||||
|
||||
c.CorsAllowedOriginList = s.CorsAllowedOriginList
|
||||
c.EnableGarbageCollection = s.EnableGarbageCollection
|
||||
c.EnableProfiling = s.EnableProfiling
|
||||
c.EnableContentionProfiling = s.EnableContentionProfiling
|
||||
c.EnableSwaggerUI = s.EnableSwaggerUI
|
||||
c.ExternalAddress = s.ExternalHost
|
||||
c.MaxRequestsInFlight = s.MaxRequestsInFlight
|
||||
c.MaxMutatingRequestsInFlight = s.MaxMutatingRequestsInFlight
|
||||
@ -153,34 +124,9 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) {
|
||||
"List of allowed origins for CORS, comma separated. An allowed origin can be a regular "+
|
||||
"expression to support subdomain matching. If this list is empty CORS will not be enabled.")
|
||||
|
||||
fs.StringVar(&s.DefaultStorageMediaType, "storage-media-type", s.DefaultStorageMediaType, ""+
|
||||
"The media type to use to store objects in storage. Defaults to application/json. "+
|
||||
"Some resources may only support a specific media type and will ignore this setting.")
|
||||
|
||||
fs.IntVar(&s.DeleteCollectionWorkers, "delete-collection-workers", s.DeleteCollectionWorkers,
|
||||
"Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.")
|
||||
|
||||
fs.StringVar(&s.AuditLogPath, "audit-log-path", s.AuditLogPath,
|
||||
"If set, all requests coming to the apiserver will be logged to this file.")
|
||||
fs.IntVar(&s.AuditLogMaxAge, "audit-log-maxage", s.AuditLogMaxBackups,
|
||||
"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
|
||||
fs.IntVar(&s.AuditLogMaxBackups, "audit-log-maxbackup", s.AuditLogMaxBackups,
|
||||
"The maximum number of old audit log files to retain.")
|
||||
fs.IntVar(&s.AuditLogMaxSize, "audit-log-maxsize", s.AuditLogMaxSize,
|
||||
"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
|
||||
|
||||
fs.BoolVar(&s.EnableGarbageCollection, "enable-garbage-collector", s.EnableGarbageCollection, ""+
|
||||
"Enables the generic garbage collector. MUST be synced with the corresponding flag "+
|
||||
"of the kube-controller-manager.")
|
||||
|
||||
fs.BoolVar(&s.EnableProfiling, "profiling", s.EnableProfiling,
|
||||
"Enable profiling via web interface host:port/debug/pprof/")
|
||||
fs.BoolVar(&s.EnableContentionProfiling, "contention-profiling", s.EnableContentionProfiling,
|
||||
"Enable contention profiling. Requires --profiling to be set to work.")
|
||||
|
||||
fs.BoolVar(&s.EnableSwaggerUI, "enable-swagger-ui", s.EnableSwaggerUI,
|
||||
"Enables swagger ui on the apiserver at /swagger-ui")
|
||||
|
||||
// TODO: enable cache in integration tests.
|
||||
fs.BoolVar(&s.EnableWatchCache, "watch-cache", s.EnableWatchCache,
|
||||
"Enable watch caching in the apiserver")
|
||||
|
3
vendor/BUILD
vendored
3
vendor/BUILD
vendored
@ -14089,10 +14089,13 @@ go_library(
|
||||
go_library(
|
||||
name = "k8s.io/apiserver/pkg/server/options",
|
||||
srcs = [
|
||||
"k8s.io/apiserver/pkg/server/options/audit.go",
|
||||
"k8s.io/apiserver/pkg/server/options/authentication.go",
|
||||
"k8s.io/apiserver/pkg/server/options/authorization.go",
|
||||
"k8s.io/apiserver/pkg/server/options/doc.go",
|
||||
"k8s.io/apiserver/pkg/server/options/etcd.go",
|
||||
"k8s.io/apiserver/pkg/server/options/feature.go",
|
||||
"k8s.io/apiserver/pkg/server/options/recommended.go",
|
||||
"k8s.io/apiserver/pkg/server/options/server_run_options.go",
|
||||
"k8s.io/apiserver/pkg/server/options/serving.go",
|
||||
],
|
||||
|
Loading…
Reference in New Issue
Block a user