Merge pull request #41083 from deads2k/apiserver-02-audit

Automatic merge from submit-queue (batch tested with PRs 38796, 40823, 40756, 41083, 41105)

Add more options to the RecommendedOptions struct.

Builds on https://github.com/kubernetes/kubernetes/pull/41028

Adds `AuditOptions` to the `RecommendedOptions`

@sttts @kubernetes/sig-api-machinery-pr-reviews

cmd/kube-aggregator/pkg/cmd/server/start.go

@@ -45,10 +45,7 @@ import (
 const defaultEtcdPathPrefix = "/registry/kube-aggregator.kubernetes.io/"
 
 type AggregatorOptions struct {
-	Etcd           *genericoptions.EtcdOptions
-	SecureServing  *genericoptions.SecureServingOptions
-	Authentication *genericoptions.DelegatingAuthenticationOptions
-	Authorization  *genericoptions.DelegatingAuthorizationOptions
+	RecommendedOptions *genericoptions.RecommendedOptions
 
 	// ProxyClientCert/Key are the client cert used to identify this proxy. Backing APIServices use
 	// this to confirm the proxy's identity
@@ -62,18 +59,15 @@ type AggregatorOptions struct {
 // NewCommandStartMaster provides a CLI handler for 'start master' command
 func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
 	o := &AggregatorOptions{
-		Etcd:           genericoptions.NewEtcdOptions(api.Scheme),
-		SecureServing:  genericoptions.NewSecureServingOptions(),
-		Authentication: genericoptions.NewDelegatingAuthenticationOptions(),
-		Authorization:  genericoptions.NewDelegatingAuthorizationOptions(),
+		RecommendedOptions: genericoptions.NewRecommendedOptions(api.Scheme),
 
 		StdOut: out,
 		StdErr: err,
 	}
-	o.Etcd.StorageConfig.Type = storagebackend.StorageTypeETCD3
-	o.Etcd.StorageConfig.Prefix = defaultEtcdPathPrefix
-	o.Etcd.StorageConfig.Codec = api.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion)
-	o.SecureServing.ServingOptions.BindPort = 443
+	o.RecommendedOptions.Etcd.StorageConfig.Type = storagebackend.StorageTypeETCD3
+	o.RecommendedOptions.Etcd.StorageConfig.Prefix = defaultEtcdPathPrefix
+	o.RecommendedOptions.Etcd.StorageConfig.Codec = api.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion)
+	o.RecommendedOptions.SecureServing.ServingOptions.BindPort = 443
 
 	cmd := &cobra.Command{
 		Short: "Launch a API aggregator and proxy server",
@@ -86,10 +80,7 @@ func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
 	}
 
 	flags := cmd.Flags()
-	o.Etcd.AddFlags(flags)
-	o.SecureServing.AddFlags(flags)
-	o.Authentication.AddFlags(flags)
-	o.Authorization.AddFlags(flags)
+	o.RecommendedOptions.AddFlags(flags)
 	flags.StringVar(&o.ProxyClientCertFile, "proxy-client-cert-file", o.ProxyClientCertFile, "client certificate used identify the proxy to the API server")
 	flags.StringVar(&o.ProxyClientKeyFile, "proxy-client-key-file", o.ProxyClientKeyFile, "client certificate key used identify the proxy to the API server")
 
@@ -106,30 +97,24 @@ func (o *AggregatorOptions) Complete() error {
 
 func (o AggregatorOptions) RunAggregator() error {
 	// TODO have a "real" external address
-	if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost"); err != nil {
+	if err := o.RecommendedOptions.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost"); err != nil {
 		return fmt.Errorf("error creating self-signed certificates: %v", err)
 	}
 
-	genericAPIServerConfig := genericapiserver.NewConfig().
+	serverConfig := genericapiserver.NewConfig().
 		WithSerializer(api.Codecs)
 
-	if err := o.SecureServing.ApplyTo(genericAPIServerConfig); err != nil {
-		return fmt.Errorf("failed to configure https: %s", err)
-	}
-	if err := o.Authentication.ApplyTo(genericAPIServerConfig); err != nil {
+	if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil {
 		return err
 	}
-	if err := o.Authorization.ApplyTo(genericAPIServerConfig); err != nil {
-		return err
-	}
-	genericAPIServerConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(
+	serverConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(
 		sets.NewString("watch", "proxy"),
 		sets.NewString("attach", "exec", "proxy", "log", "portforward"),
 	)
 
 	var err error
 	privilegedLoopbackToken := uuid.NewRandom().String()
-	if genericAPIServerConfig.LoopbackClientConfig, err = genericAPIServerConfig.SecureServingInfo.NewSelfClientConfig(privilegedLoopbackToken); err != nil {
+	if serverConfig.LoopbackClientConfig, err = serverConfig.SecureServingInfo.NewSelfClientConfig(privilegedLoopbackToken); err != nil {
 		return err
 	}
 
@@ -143,8 +128,8 @@ func (o AggregatorOptions) RunAggregator() error {
 	}
 
 	config := apiserver.Config{
-		GenericConfig:       genericAPIServerConfig,
-		RESTOptionsGetter:   &restOptionsFactory{storageConfig: &o.Etcd.StorageConfig},
+		GenericConfig:       serverConfig,
+		RESTOptionsGetter:   &restOptionsFactory{storageConfig: &o.RecommendedOptions.Etcd.StorageConfig},
 		CoreAPIServerClient: coreAPIServerClient,
 	}
 

cmd/kube-apiserver/app/options/options.go

@@ -44,6 +44,8 @@ type ServerRunOptions struct {
 	Etcd                    *genericoptions.EtcdOptions
 	SecureServing           *genericoptions.SecureServingOptions
 	InsecureServing         *genericoptions.ServingOptions
+	Audit                   *genericoptions.AuditLogOptions
+	Features                *genericoptions.FeatureOptions
 	Authentication          *kubeoptions.BuiltInAuthenticationOptions
 	Authorization           *kubeoptions.BuiltInAuthorizationOptions
 	CloudProvider           *kubeoptions.CloudProviderOptions
@@ -69,6 +71,8 @@ func NewServerRunOptions() *ServerRunOptions {
 		Etcd:                 genericoptions.NewEtcdOptions(api.Scheme),
 		SecureServing:        genericoptions.NewSecureServingOptions(),
 		InsecureServing:      genericoptions.NewInsecureServingOptions(),
+		Audit:                genericoptions.NewAuditLogOptions(),
+		Features:             genericoptions.NewFeatureOptions(),
 		Authentication:       kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
 		Authorization:        kubeoptions.NewBuiltInAuthorizationOptions(),
 		CloudProvider:        kubeoptions.NewCloudProviderOptions(),
@@ -92,7 +96,7 @@ func NewServerRunOptions() *ServerRunOptions {
 		ServiceNodePortRange: DefaultServiceNodePortRange,
 	}
 	// Overwrite the default for storage data format.
-	s.GenericServerRunOptions.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
+	s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
 	return &s
 }
 
@@ -105,6 +109,8 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
 	s.SecureServing.AddDeprecatedFlags(fs)
 	s.InsecureServing.AddFlags(fs)
 	s.InsecureServing.AddDeprecatedFlags(fs)
+	s.Audit.AddFlags(fs)
+	s.Features.AddFlags(fs)
 	s.Authentication.AddFlags(fs)
 	s.Authorization.AddFlags(fs)
 	s.CloudProvider.AddFlags(fs)

cmd/kube-apiserver/app/options/options_test.go

@@ -28,7 +28,7 @@ func TestAddFlagsFlag(t *testing.T) {
 	f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
 	s := NewServerRunOptions()
 	s.AddFlags(f)
-	if s.GenericServerRunOptions.EnableSwaggerUI {
+	if s.Features.EnableSwaggerUI {
 		t.Errorf("Expected s.EnableSwaggerUI to be false by default")
 	}
 
@@ -36,7 +36,7 @@ func TestAddFlagsFlag(t *testing.T) {
 		"--enable-swagger-ui=true",
 	}
 	f.Parse(args)
-	if !s.GenericServerRunOptions.EnableSwaggerUI {
+	if !s.Features.EnableSwaggerUI {
 		t.Errorf("Expected s.EnableSwaggerUI to be true")
 	}
 }

cmd/kube-apiserver/app/server.go

@@ -120,6 +120,12 @@ func Run(s *options.ServerRunOptions) error {
 	if err := s.Authentication.ApplyTo(genericConfig); err != nil {
 		return err
 	}
+	if err := s.Audit.ApplyTo(genericConfig); err != nil {
+		return err
+	}
+	if err := s.Features.ApplyTo(genericConfig); err != nil {
+		return err
+	}
 
 	capabilities.Initialize(capabilities.Capabilities{
 		AllowPrivileged: s.AllowPrivileged,
@@ -199,7 +205,7 @@ func Run(s *options.ServerRunOptions) error {
 		return fmt.Errorf("error generating storage version map: %s", err)
 	}
 	storageFactory, err := kubeapiserver.BuildDefaultStorageFactory(
-		s.Etcd.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs,
+		s.Etcd.StorageConfig, s.Etcd.DefaultStorageMediaType, api.Codecs,
 		genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion,
 		// FIXME: this GroupVersionResource override should be configurable
 		[]schema.GroupVersionResource{batch.Resource("cronjobs").WithVersion("v2alpha1")},

federation/cmd/federation-apiserver/app/options/options.go

@@ -36,6 +36,8 @@ type ServerRunOptions struct {
 	Etcd                    *genericoptions.EtcdOptions
 	SecureServing           *genericoptions.SecureServingOptions
 	InsecureServing         *genericoptions.ServingOptions
+	Audit                   *genericoptions.AuditLogOptions
+	Features                *genericoptions.FeatureOptions
 	Authentication          *kubeoptions.BuiltInAuthenticationOptions
 	Authorization           *kubeoptions.BuiltInAuthorizationOptions
 	CloudProvider           *kubeoptions.CloudProviderOptions
@@ -52,6 +54,8 @@ func NewServerRunOptions() *ServerRunOptions {
 		Etcd:                 genericoptions.NewEtcdOptions(api.Scheme),
 		SecureServing:        genericoptions.NewSecureServingOptions(),
 		InsecureServing:      genericoptions.NewInsecureServingOptions(),
+		Audit:                genericoptions.NewAuditLogOptions(),
+		Features:             genericoptions.NewFeatureOptions(),
 		Authentication:       kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
 		Authorization:        kubeoptions.NewBuiltInAuthorizationOptions(),
 		CloudProvider:        kubeoptions.NewCloudProviderOptions(),
@@ -61,7 +65,7 @@ func NewServerRunOptions() *ServerRunOptions {
 		EventTTL: 1 * time.Hour,
 	}
 	// Overwrite the default for storage data format.
-	s.GenericServerRunOptions.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
+	s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
 	return &s
 }
 
@@ -72,6 +76,8 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
 	s.Etcd.AddFlags(fs)
 	s.SecureServing.AddFlags(fs)
 	s.InsecureServing.AddFlags(fs)
+	s.Audit.AddFlags(fs)
+	s.Features.AddFlags(fs)
 	s.Authentication.AddFlags(fs)
 	s.Authorization.AddFlags(fs)
 	s.CloudProvider.AddFlags(fs)

federation/cmd/federation-apiserver/app/server.go

@@ -103,6 +103,12 @@ func Run(s *options.ServerRunOptions) error {
 	if err := s.Authentication.ApplyTo(genericConfig); err != nil {
 		return err
 	}
+	if err := s.Audit.ApplyTo(genericConfig); err != nil {
+		return err
+	}
+	if err := s.Features.ApplyTo(genericConfig); err != nil {
+		return err
+	}
 
 	// TODO: register cluster federation resources here.
 	resourceConfig := genericapiserver.NewResourceConfig()
@@ -116,7 +122,7 @@ func Run(s *options.ServerRunOptions) error {
 		return fmt.Errorf("error generating storage version map: %s", err)
 	}
 	storageFactory, err := kubeapiserver.BuildDefaultStorageFactory(
-		s.Etcd.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs,
+		s.Etcd.StorageConfig, s.Etcd.DefaultStorageMediaType, api.Codecs,
 		genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion,
 		[]schema.GroupVersionResource{}, resourceConfig, s.APIEnablement.RuntimeConfig)
 	if err != nil {
@@ -208,7 +214,7 @@ func Run(s *options.ServerRunOptions) error {
 	// TODO: Refactor this code to share it with kube-apiserver rather than duplicating it here.
 	restOptionsFactory := &restOptionsFactory{
 		storageFactory:          storageFactory,
-		enableGarbageCollection: s.GenericServerRunOptions.EnableGarbageCollection,
+		enableGarbageCollection: s.Features.EnableGarbageCollection,
 		deleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers,
 	}
 	if s.GenericServerRunOptions.EnableWatchCache {

staging/src/k8s.io/apiserver/pkg/server/options/audit.go

@@ -0,0 +1,60 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"github.com/spf13/pflag"
+	"gopkg.in/natefinch/lumberjack.v2"
+
+	"k8s.io/apiserver/pkg/server"
+)
+
+type AuditLogOptions struct {
+	Path       string
+	MaxAge     int
+	MaxBackups int
+	MaxSize    int
+}
+
+func NewAuditLogOptions() *AuditLogOptions {
+	return &AuditLogOptions{}
+}
+
+func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet) {
+	fs.StringVar(&o.Path, "audit-log-path", o.Path,
+		"If set, all requests coming to the apiserver will be logged to this file.")
+	fs.IntVar(&o.MaxAge, "audit-log-maxage", o.MaxBackups,
+		"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
+	fs.IntVar(&o.MaxBackups, "audit-log-maxbackup", o.MaxBackups,
+		"The maximum number of old audit log files to retain.")
+	fs.IntVar(&o.MaxSize, "audit-log-maxsize", o.MaxSize,
+		"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
+}
+
+func (o *AuditLogOptions) ApplyTo(c *server.Config) error {
+	if len(o.Path) == 0 {
+		return nil
+	}
+
+	c.AuditWriter = &lumberjack.Logger{
+		Filename:   o.Path,
+		MaxAge:     o.MaxAge,
+		MaxBackups: o.MaxBackups,
+		MaxSize:    o.MaxSize,
+	}
+	return nil
+}

staging/src/k8s.io/apiserver/pkg/server/options/etcd.go

@@ -33,6 +33,10 @@ type EtcdOptions struct {
 	StorageConfig storagebackend.Config
 
 	EtcdServersOverrides []string
+
+	// To enable protobuf as storage format, it is enough
+	// to set it to "application/vnd.kubernetes.protobuf".
+	DefaultStorageMediaType string
 }
 
 func NewEtcdOptions(scheme *runtime.Scheme) *EtcdOptions {
@@ -44,6 +48,7 @@ func NewEtcdOptions(scheme *runtime.Scheme) *EtcdOptions {
 			DeserializationCacheSize: 0,
 			Copier: scheme,
 		},
+		DefaultStorageMediaType: "application/json",
 	}
 }
 
@@ -62,6 +67,10 @@ func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet) {
 		"Per-resource etcd servers overrides, comma separated. The individual override "+
 		"format: group/resource#servers, where servers are http://ip:port, semicolon separated.")
 
+	fs.StringVar(&s.DefaultStorageMediaType, "storage-media-type", s.DefaultStorageMediaType, ""+
+		"The media type to use to store objects in storage. Defaults to application/json. "+
+		"Some resources may only support a specific media type and will ignore this setting.")
+
 	fs.StringVar(&s.StorageConfig.Type, "storage-backend", s.StorageConfig.Type,
 		"The storage backend for persistence. Options: 'etcd3' (default), 'etcd2'.")
 

staging/src/k8s.io/apiserver/pkg/server/options/feature.go

@@ -0,0 +1,62 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"github.com/spf13/pflag"
+
+	"k8s.io/apiserver/pkg/server"
+)
+
+type FeatureOptions struct {
+	EnableGarbageCollection   bool
+	EnableProfiling           bool
+	EnableContentionProfiling bool
+	EnableSwaggerUI           bool
+}
+
+func NewFeatureOptions() *FeatureOptions {
+	defaults := server.NewConfig()
+
+	return &FeatureOptions{
+		EnableGarbageCollection:   defaults.EnableGarbageCollection,
+		EnableProfiling:           defaults.EnableProfiling,
+		EnableContentionProfiling: defaults.EnableContentionProfiling,
+		EnableSwaggerUI:           defaults.EnableSwaggerUI,
+	}
+}
+
+func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet) {
+	fs.BoolVar(&o.EnableGarbageCollection, "enable-garbage-collector", o.EnableGarbageCollection, ""+
+		"Enables the generic garbage collector. MUST be synced with the corresponding flag "+
+		"of the kube-controller-manager.")
+	fs.BoolVar(&o.EnableProfiling, "profiling", o.EnableProfiling,
+		"Enable profiling via web interface host:port/debug/pprof/")
+	fs.BoolVar(&o.EnableContentionProfiling, "contention-profiling", o.EnableContentionProfiling,
+		"Enable contention profiling. Requires --profiling to be set to work.")
+	fs.BoolVar(&o.EnableSwaggerUI, "enable-swagger-ui", o.EnableSwaggerUI,
+		"Enables swagger ui on the apiserver at /swagger-ui")
+}
+
+func (o *FeatureOptions) ApplyTo(c *server.Config) error {
+	c.EnableGarbageCollection = o.EnableGarbageCollection
+	c.EnableProfiling = o.EnableProfiling
+	c.EnableContentionProfiling = o.EnableContentionProfiling
+	c.EnableSwaggerUI = o.EnableSwaggerUI
+
+	return nil
+}

staging/src/k8s.io/apiserver/pkg/server/options/recommended.go

@@ -0,0 +1,75 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"github.com/spf13/pflag"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apiserver/pkg/server"
+)
+
+// RecommendedOptions contains the recommended options for running an API server
+// If you add something to this list, it should be in a logical grouping
+type RecommendedOptions struct {
+	Etcd           *EtcdOptions
+	SecureServing  *SecureServingOptions
+	Authentication *DelegatingAuthenticationOptions
+	Authorization  *DelegatingAuthorizationOptions
+	Audit          *AuditLogOptions
+	Features       *FeatureOptions
+}
+
+func NewRecommendedOptions(scheme *runtime.Scheme) *RecommendedOptions {
+	return &RecommendedOptions{
+		Etcd:           NewEtcdOptions(scheme),
+		SecureServing:  NewSecureServingOptions(),
+		Authentication: NewDelegatingAuthenticationOptions(),
+		Authorization:  NewDelegatingAuthorizationOptions(),
+		Audit:          NewAuditLogOptions(),
+		Features:       NewFeatureOptions(),
+	}
+}
+
+func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet) {
+	o.Etcd.AddFlags(fs)
+	o.SecureServing.AddFlags(fs)
+	o.Authentication.AddFlags(fs)
+	o.Authorization.AddFlags(fs)
+	o.Audit.AddFlags(fs)
+	o.Features.AddFlags(fs)
+}
+
+func (o *RecommendedOptions) ApplyTo(config *server.Config) error {
+	if err := o.SecureServing.ApplyTo(config); err != nil {
+		return err
+	}
+	if err := o.Authentication.ApplyTo(config); err != nil {
+		return err
+	}
+	if err := o.Authorization.ApplyTo(config); err != nil {
+		return err
+	}
+	if err := o.Audit.ApplyTo(config); err != nil {
+		return err
+	}
+	if err := o.Features.ApplyTo(config); err != nil {
+		return err
+	}
+
+	return nil
+}

staging/src/k8s.io/apiserver/pkg/server/options/server_run_options.go

@@ -30,7 +30,6 @@ import (
 	_ "k8s.io/apiserver/pkg/features"
 
 	"github.com/spf13/pflag"
-	"gopkg.in/natefinch/lumberjack.v2"
 )
 
 // ServerRunOptions contains the options while running a generic api server.
@@ -39,19 +38,8 @@ type ServerRunOptions struct {
 	AdmissionControlConfigFile string
 	AdvertiseAddress           net.IP
 
-	CorsAllowedOriginList []string
-	// To enable protobuf as storage format, it is enough
-	// to set it to "application/vnd.kubernetes.protobuf".
-	DefaultStorageMediaType     string
+	CorsAllowedOriginList       []string
 	DeleteCollectionWorkers     int
-	AuditLogPath                string
-	AuditLogMaxAge              int
-	AuditLogMaxBackups          int
-	AuditLogMaxSize             int
-	EnableGarbageCollection     bool
-	EnableProfiling             bool
-	EnableContentionProfiling   bool
-	EnableSwaggerUI             bool
 	EnableWatchCache            bool
 	ExternalHost                string
 	MaxRequestsInFlight         int
@@ -66,11 +54,7 @@ func NewServerRunOptions() *ServerRunOptions {
 
 	return &ServerRunOptions{
 		AdmissionControl:            "AlwaysAdmit",
-		DefaultStorageMediaType:     "application/json",
 		DeleteCollectionWorkers:     1,
-		EnableGarbageCollection:     defaults.EnableGarbageCollection,
-		EnableProfiling:             defaults.EnableProfiling,
-		EnableContentionProfiling:   false,
 		EnableWatchCache:            true,
 		MaxRequestsInFlight:         defaults.MaxRequestsInFlight,
 		MaxMutatingRequestsInFlight: defaults.MaxMutatingRequestsInFlight,
@@ -80,20 +64,7 @@ func NewServerRunOptions() *ServerRunOptions {
 
 // ApplyOptions applies the run options to the method receiver and returns self
 func (s *ServerRunOptions) ApplyTo(c *server.Config) error {
-	if len(s.AuditLogPath) != 0 {
-		c.AuditWriter = &lumberjack.Logger{
-			Filename:   s.AuditLogPath,
-			MaxAge:     s.AuditLogMaxAge,
-			MaxBackups: s.AuditLogMaxBackups,
-			MaxSize:    s.AuditLogMaxSize,
-		}
-	}
-
 	c.CorsAllowedOriginList = s.CorsAllowedOriginList
-	c.EnableGarbageCollection = s.EnableGarbageCollection
-	c.EnableProfiling = s.EnableProfiling
-	c.EnableContentionProfiling = s.EnableContentionProfiling
-	c.EnableSwaggerUI = s.EnableSwaggerUI
 	c.ExternalAddress = s.ExternalHost
 	c.MaxRequestsInFlight = s.MaxRequestsInFlight
 	c.MaxMutatingRequestsInFlight = s.MaxMutatingRequestsInFlight
@@ -153,34 +124,9 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) {
 		"List of allowed origins for CORS, comma separated.  An allowed origin can be a regular "+
 		"expression to support subdomain matching. If this list is empty CORS will not be enabled.")
 
-	fs.StringVar(&s.DefaultStorageMediaType, "storage-media-type", s.DefaultStorageMediaType, ""+
-		"The media type to use to store objects in storage. Defaults to application/json. "+
-		"Some resources may only support a specific media type and will ignore this setting.")
-
 	fs.IntVar(&s.DeleteCollectionWorkers, "delete-collection-workers", s.DeleteCollectionWorkers,
 		"Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.")
 
-	fs.StringVar(&s.AuditLogPath, "audit-log-path", s.AuditLogPath,
-		"If set, all requests coming to the apiserver will be logged to this file.")
-	fs.IntVar(&s.AuditLogMaxAge, "audit-log-maxage", s.AuditLogMaxBackups,
-		"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
-	fs.IntVar(&s.AuditLogMaxBackups, "audit-log-maxbackup", s.AuditLogMaxBackups,
-		"The maximum number of old audit log files to retain.")
-	fs.IntVar(&s.AuditLogMaxSize, "audit-log-maxsize", s.AuditLogMaxSize,
-		"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
-
-	fs.BoolVar(&s.EnableGarbageCollection, "enable-garbage-collector", s.EnableGarbageCollection, ""+
-		"Enables the generic garbage collector. MUST be synced with the corresponding flag "+
-		"of the kube-controller-manager.")
-
-	fs.BoolVar(&s.EnableProfiling, "profiling", s.EnableProfiling,
-		"Enable profiling via web interface host:port/debug/pprof/")
-	fs.BoolVar(&s.EnableContentionProfiling, "contention-profiling", s.EnableContentionProfiling,
-		"Enable contention profiling. Requires --profiling to be set to work.")
-
-	fs.BoolVar(&s.EnableSwaggerUI, "enable-swagger-ui", s.EnableSwaggerUI,
-		"Enables swagger ui on the apiserver at /swagger-ui")
-
 	// TODO: enable cache in integration tests.
 	fs.BoolVar(&s.EnableWatchCache, "watch-cache", s.EnableWatchCache,
 		"Enable watch caching in the apiserver")

vendor/BUILD

@@ -14089,10 +14089,13 @@ go_library(
 go_library(
     name = "k8s.io/apiserver/pkg/server/options",
     srcs = [
+        "k8s.io/apiserver/pkg/server/options/audit.go",
         "k8s.io/apiserver/pkg/server/options/authentication.go",
         "k8s.io/apiserver/pkg/server/options/authorization.go",
         "k8s.io/apiserver/pkg/server/options/doc.go",
         "k8s.io/apiserver/pkg/server/options/etcd.go",
+        "k8s.io/apiserver/pkg/server/options/feature.go",
+        "k8s.io/apiserver/pkg/server/options/recommended.go",
         "k8s.io/apiserver/pkg/server/options/server_run_options.go",
         "k8s.io/apiserver/pkg/server/options/serving.go",
     ],