Merge pull request #41083 from deads2k/apiserver-02-audit

Automatic merge from submit-queue (batch tested with PRs 38796, 40823, 40756, 41083, 41105)

Add more options to the RecommendedOptions struct.

Builds on https://github.com/kubernetes/kubernetes/pull/41028

Adds `AuditOptions` to the `RecommendedOptions`

@sttts @kubernetes/sig-api-machinery-pr-reviews
This commit is contained in:
Kubernetes Submit Queue 2017-02-08 00:49:49 -08:00 committed by GitHub
commit fa14198bb2
12 changed files with 255 additions and 91 deletions

View File

@ -45,10 +45,7 @@ import (
const defaultEtcdPathPrefix = "/registry/kube-aggregator.kubernetes.io/" const defaultEtcdPathPrefix = "/registry/kube-aggregator.kubernetes.io/"
type AggregatorOptions struct { type AggregatorOptions struct {
Etcd *genericoptions.EtcdOptions RecommendedOptions *genericoptions.RecommendedOptions
SecureServing *genericoptions.SecureServingOptions
Authentication *genericoptions.DelegatingAuthenticationOptions
Authorization *genericoptions.DelegatingAuthorizationOptions
// ProxyClientCert/Key are the client cert used to identify this proxy. Backing APIServices use // ProxyClientCert/Key are the client cert used to identify this proxy. Backing APIServices use
// this to confirm the proxy's identity // this to confirm the proxy's identity
@ -62,18 +59,15 @@ type AggregatorOptions struct {
// NewCommandStartMaster provides a CLI handler for 'start master' command // NewCommandStartMaster provides a CLI handler for 'start master' command
func NewCommandStartAggregator(out, err io.Writer) *cobra.Command { func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
o := &AggregatorOptions{ o := &AggregatorOptions{
Etcd: genericoptions.NewEtcdOptions(api.Scheme), RecommendedOptions: genericoptions.NewRecommendedOptions(api.Scheme),
SecureServing: genericoptions.NewSecureServingOptions(),
Authentication: genericoptions.NewDelegatingAuthenticationOptions(),
Authorization: genericoptions.NewDelegatingAuthorizationOptions(),
StdOut: out, StdOut: out,
StdErr: err, StdErr: err,
} }
o.Etcd.StorageConfig.Type = storagebackend.StorageTypeETCD3 o.RecommendedOptions.Etcd.StorageConfig.Type = storagebackend.StorageTypeETCD3
o.Etcd.StorageConfig.Prefix = defaultEtcdPathPrefix o.RecommendedOptions.Etcd.StorageConfig.Prefix = defaultEtcdPathPrefix
o.Etcd.StorageConfig.Codec = api.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion) o.RecommendedOptions.Etcd.StorageConfig.Codec = api.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion)
o.SecureServing.ServingOptions.BindPort = 443 o.RecommendedOptions.SecureServing.ServingOptions.BindPort = 443
cmd := &cobra.Command{ cmd := &cobra.Command{
Short: "Launch a API aggregator and proxy server", Short: "Launch a API aggregator and proxy server",
@ -86,10 +80,7 @@ func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
} }
flags := cmd.Flags() flags := cmd.Flags()
o.Etcd.AddFlags(flags) o.RecommendedOptions.AddFlags(flags)
o.SecureServing.AddFlags(flags)
o.Authentication.AddFlags(flags)
o.Authorization.AddFlags(flags)
flags.StringVar(&o.ProxyClientCertFile, "proxy-client-cert-file", o.ProxyClientCertFile, "client certificate used identify the proxy to the API server") flags.StringVar(&o.ProxyClientCertFile, "proxy-client-cert-file", o.ProxyClientCertFile, "client certificate used identify the proxy to the API server")
flags.StringVar(&o.ProxyClientKeyFile, "proxy-client-key-file", o.ProxyClientKeyFile, "client certificate key used identify the proxy to the API server") flags.StringVar(&o.ProxyClientKeyFile, "proxy-client-key-file", o.ProxyClientKeyFile, "client certificate key used identify the proxy to the API server")
@ -106,30 +97,24 @@ func (o *AggregatorOptions) Complete() error {
func (o AggregatorOptions) RunAggregator() error { func (o AggregatorOptions) RunAggregator() error {
// TODO have a "real" external address // TODO have a "real" external address
if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost"); err != nil { if err := o.RecommendedOptions.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost"); err != nil {
return fmt.Errorf("error creating self-signed certificates: %v", err) return fmt.Errorf("error creating self-signed certificates: %v", err)
} }
genericAPIServerConfig := genericapiserver.NewConfig(). serverConfig := genericapiserver.NewConfig().
WithSerializer(api.Codecs) WithSerializer(api.Codecs)
if err := o.SecureServing.ApplyTo(genericAPIServerConfig); err != nil { if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil {
return fmt.Errorf("failed to configure https: %s", err)
}
if err := o.Authentication.ApplyTo(genericAPIServerConfig); err != nil {
return err return err
} }
if err := o.Authorization.ApplyTo(genericAPIServerConfig); err != nil { serverConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(
return err
}
genericAPIServerConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(
sets.NewString("watch", "proxy"), sets.NewString("watch", "proxy"),
sets.NewString("attach", "exec", "proxy", "log", "portforward"), sets.NewString("attach", "exec", "proxy", "log", "portforward"),
) )
var err error var err error
privilegedLoopbackToken := uuid.NewRandom().String() privilegedLoopbackToken := uuid.NewRandom().String()
if genericAPIServerConfig.LoopbackClientConfig, err = genericAPIServerConfig.SecureServingInfo.NewSelfClientConfig(privilegedLoopbackToken); err != nil { if serverConfig.LoopbackClientConfig, err = serverConfig.SecureServingInfo.NewSelfClientConfig(privilegedLoopbackToken); err != nil {
return err return err
} }
@ -143,8 +128,8 @@ func (o AggregatorOptions) RunAggregator() error {
} }
config := apiserver.Config{ config := apiserver.Config{
GenericConfig: genericAPIServerConfig, GenericConfig: serverConfig,
RESTOptionsGetter: &restOptionsFactory{storageConfig: &o.Etcd.StorageConfig}, RESTOptionsGetter: &restOptionsFactory{storageConfig: &o.RecommendedOptions.Etcd.StorageConfig},
CoreAPIServerClient: coreAPIServerClient, CoreAPIServerClient: coreAPIServerClient,
} }

View File

@ -44,6 +44,8 @@ type ServerRunOptions struct {
Etcd *genericoptions.EtcdOptions Etcd *genericoptions.EtcdOptions
SecureServing *genericoptions.SecureServingOptions SecureServing *genericoptions.SecureServingOptions
InsecureServing *genericoptions.ServingOptions InsecureServing *genericoptions.ServingOptions
Audit *genericoptions.AuditLogOptions
Features *genericoptions.FeatureOptions
Authentication *kubeoptions.BuiltInAuthenticationOptions Authentication *kubeoptions.BuiltInAuthenticationOptions
Authorization *kubeoptions.BuiltInAuthorizationOptions Authorization *kubeoptions.BuiltInAuthorizationOptions
CloudProvider *kubeoptions.CloudProviderOptions CloudProvider *kubeoptions.CloudProviderOptions
@ -69,6 +71,8 @@ func NewServerRunOptions() *ServerRunOptions {
Etcd: genericoptions.NewEtcdOptions(api.Scheme), Etcd: genericoptions.NewEtcdOptions(api.Scheme),
SecureServing: genericoptions.NewSecureServingOptions(), SecureServing: genericoptions.NewSecureServingOptions(),
InsecureServing: genericoptions.NewInsecureServingOptions(), InsecureServing: genericoptions.NewInsecureServingOptions(),
Audit: genericoptions.NewAuditLogOptions(),
Features: genericoptions.NewFeatureOptions(),
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(), Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(), Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
CloudProvider: kubeoptions.NewCloudProviderOptions(), CloudProvider: kubeoptions.NewCloudProviderOptions(),
@ -92,7 +96,7 @@ func NewServerRunOptions() *ServerRunOptions {
ServiceNodePortRange: DefaultServiceNodePortRange, ServiceNodePortRange: DefaultServiceNodePortRange,
} }
// Overwrite the default for storage data format. // Overwrite the default for storage data format.
s.GenericServerRunOptions.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf" s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
return &s return &s
} }
@ -105,6 +109,8 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
s.SecureServing.AddDeprecatedFlags(fs) s.SecureServing.AddDeprecatedFlags(fs)
s.InsecureServing.AddFlags(fs) s.InsecureServing.AddFlags(fs)
s.InsecureServing.AddDeprecatedFlags(fs) s.InsecureServing.AddDeprecatedFlags(fs)
s.Audit.AddFlags(fs)
s.Features.AddFlags(fs)
s.Authentication.AddFlags(fs) s.Authentication.AddFlags(fs)
s.Authorization.AddFlags(fs) s.Authorization.AddFlags(fs)
s.CloudProvider.AddFlags(fs) s.CloudProvider.AddFlags(fs)

View File

@ -28,7 +28,7 @@ func TestAddFlagsFlag(t *testing.T) {
f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError) f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
s := NewServerRunOptions() s := NewServerRunOptions()
s.AddFlags(f) s.AddFlags(f)
if s.GenericServerRunOptions.EnableSwaggerUI { if s.Features.EnableSwaggerUI {
t.Errorf("Expected s.EnableSwaggerUI to be false by default") t.Errorf("Expected s.EnableSwaggerUI to be false by default")
} }
@ -36,7 +36,7 @@ func TestAddFlagsFlag(t *testing.T) {
"--enable-swagger-ui=true", "--enable-swagger-ui=true",
} }
f.Parse(args) f.Parse(args)
if !s.GenericServerRunOptions.EnableSwaggerUI { if !s.Features.EnableSwaggerUI {
t.Errorf("Expected s.EnableSwaggerUI to be true") t.Errorf("Expected s.EnableSwaggerUI to be true")
} }
} }

View File

@ -120,6 +120,12 @@ func Run(s *options.ServerRunOptions) error {
if err := s.Authentication.ApplyTo(genericConfig); err != nil { if err := s.Authentication.ApplyTo(genericConfig); err != nil {
return err return err
} }
if err := s.Audit.ApplyTo(genericConfig); err != nil {
return err
}
if err := s.Features.ApplyTo(genericConfig); err != nil {
return err
}
capabilities.Initialize(capabilities.Capabilities{ capabilities.Initialize(capabilities.Capabilities{
AllowPrivileged: s.AllowPrivileged, AllowPrivileged: s.AllowPrivileged,
@ -199,7 +205,7 @@ func Run(s *options.ServerRunOptions) error {
return fmt.Errorf("error generating storage version map: %s", err) return fmt.Errorf("error generating storage version map: %s", err)
} }
storageFactory, err := kubeapiserver.BuildDefaultStorageFactory( storageFactory, err := kubeapiserver.BuildDefaultStorageFactory(
s.Etcd.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs, s.Etcd.StorageConfig, s.Etcd.DefaultStorageMediaType, api.Codecs,
genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion, genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion,
// FIXME: this GroupVersionResource override should be configurable // FIXME: this GroupVersionResource override should be configurable
[]schema.GroupVersionResource{batch.Resource("cronjobs").WithVersion("v2alpha1")}, []schema.GroupVersionResource{batch.Resource("cronjobs").WithVersion("v2alpha1")},

View File

@ -36,6 +36,8 @@ type ServerRunOptions struct {
Etcd *genericoptions.EtcdOptions Etcd *genericoptions.EtcdOptions
SecureServing *genericoptions.SecureServingOptions SecureServing *genericoptions.SecureServingOptions
InsecureServing *genericoptions.ServingOptions InsecureServing *genericoptions.ServingOptions
Audit *genericoptions.AuditLogOptions
Features *genericoptions.FeatureOptions
Authentication *kubeoptions.BuiltInAuthenticationOptions Authentication *kubeoptions.BuiltInAuthenticationOptions
Authorization *kubeoptions.BuiltInAuthorizationOptions Authorization *kubeoptions.BuiltInAuthorizationOptions
CloudProvider *kubeoptions.CloudProviderOptions CloudProvider *kubeoptions.CloudProviderOptions
@ -52,6 +54,8 @@ func NewServerRunOptions() *ServerRunOptions {
Etcd: genericoptions.NewEtcdOptions(api.Scheme), Etcd: genericoptions.NewEtcdOptions(api.Scheme),
SecureServing: genericoptions.NewSecureServingOptions(), SecureServing: genericoptions.NewSecureServingOptions(),
InsecureServing: genericoptions.NewInsecureServingOptions(), InsecureServing: genericoptions.NewInsecureServingOptions(),
Audit: genericoptions.NewAuditLogOptions(),
Features: genericoptions.NewFeatureOptions(),
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(), Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(), Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
CloudProvider: kubeoptions.NewCloudProviderOptions(), CloudProvider: kubeoptions.NewCloudProviderOptions(),
@ -61,7 +65,7 @@ func NewServerRunOptions() *ServerRunOptions {
EventTTL: 1 * time.Hour, EventTTL: 1 * time.Hour,
} }
// Overwrite the default for storage data format. // Overwrite the default for storage data format.
s.GenericServerRunOptions.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf" s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
return &s return &s
} }
@ -72,6 +76,8 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
s.Etcd.AddFlags(fs) s.Etcd.AddFlags(fs)
s.SecureServing.AddFlags(fs) s.SecureServing.AddFlags(fs)
s.InsecureServing.AddFlags(fs) s.InsecureServing.AddFlags(fs)
s.Audit.AddFlags(fs)
s.Features.AddFlags(fs)
s.Authentication.AddFlags(fs) s.Authentication.AddFlags(fs)
s.Authorization.AddFlags(fs) s.Authorization.AddFlags(fs)
s.CloudProvider.AddFlags(fs) s.CloudProvider.AddFlags(fs)

View File

@ -103,6 +103,12 @@ func Run(s *options.ServerRunOptions) error {
if err := s.Authentication.ApplyTo(genericConfig); err != nil { if err := s.Authentication.ApplyTo(genericConfig); err != nil {
return err return err
} }
if err := s.Audit.ApplyTo(genericConfig); err != nil {
return err
}
if err := s.Features.ApplyTo(genericConfig); err != nil {
return err
}
// TODO: register cluster federation resources here. // TODO: register cluster federation resources here.
resourceConfig := genericapiserver.NewResourceConfig() resourceConfig := genericapiserver.NewResourceConfig()
@ -116,7 +122,7 @@ func Run(s *options.ServerRunOptions) error {
return fmt.Errorf("error generating storage version map: %s", err) return fmt.Errorf("error generating storage version map: %s", err)
} }
storageFactory, err := kubeapiserver.BuildDefaultStorageFactory( storageFactory, err := kubeapiserver.BuildDefaultStorageFactory(
s.Etcd.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs, s.Etcd.StorageConfig, s.Etcd.DefaultStorageMediaType, api.Codecs,
genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion, genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion,
[]schema.GroupVersionResource{}, resourceConfig, s.APIEnablement.RuntimeConfig) []schema.GroupVersionResource{}, resourceConfig, s.APIEnablement.RuntimeConfig)
if err != nil { if err != nil {
@ -208,7 +214,7 @@ func Run(s *options.ServerRunOptions) error {
// TODO: Refactor this code to share it with kube-apiserver rather than duplicating it here. // TODO: Refactor this code to share it with kube-apiserver rather than duplicating it here.
restOptionsFactory := &restOptionsFactory{ restOptionsFactory := &restOptionsFactory{
storageFactory: storageFactory, storageFactory: storageFactory,
enableGarbageCollection: s.GenericServerRunOptions.EnableGarbageCollection, enableGarbageCollection: s.Features.EnableGarbageCollection,
deleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers, deleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers,
} }
if s.GenericServerRunOptions.EnableWatchCache { if s.GenericServerRunOptions.EnableWatchCache {

View File

@ -0,0 +1,60 @@
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
import (
"github.com/spf13/pflag"
"gopkg.in/natefinch/lumberjack.v2"
"k8s.io/apiserver/pkg/server"
)
type AuditLogOptions struct {
Path string
MaxAge int
MaxBackups int
MaxSize int
}
func NewAuditLogOptions() *AuditLogOptions {
return &AuditLogOptions{}
}
func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(&o.Path, "audit-log-path", o.Path,
"If set, all requests coming to the apiserver will be logged to this file.")
fs.IntVar(&o.MaxAge, "audit-log-maxage", o.MaxBackups,
"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
fs.IntVar(&o.MaxBackups, "audit-log-maxbackup", o.MaxBackups,
"The maximum number of old audit log files to retain.")
fs.IntVar(&o.MaxSize, "audit-log-maxsize", o.MaxSize,
"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
}
func (o *AuditLogOptions) ApplyTo(c *server.Config) error {
if len(o.Path) == 0 {
return nil
}
c.AuditWriter = &lumberjack.Logger{
Filename: o.Path,
MaxAge: o.MaxAge,
MaxBackups: o.MaxBackups,
MaxSize: o.MaxSize,
}
return nil
}

View File

@ -33,6 +33,10 @@ type EtcdOptions struct {
StorageConfig storagebackend.Config StorageConfig storagebackend.Config
EtcdServersOverrides []string EtcdServersOverrides []string
// To enable protobuf as storage format, it is enough
// to set it to "application/vnd.kubernetes.protobuf".
DefaultStorageMediaType string
} }
func NewEtcdOptions(scheme *runtime.Scheme) *EtcdOptions { func NewEtcdOptions(scheme *runtime.Scheme) *EtcdOptions {
@ -44,6 +48,7 @@ func NewEtcdOptions(scheme *runtime.Scheme) *EtcdOptions {
DeserializationCacheSize: 0, DeserializationCacheSize: 0,
Copier: scheme, Copier: scheme,
}, },
DefaultStorageMediaType: "application/json",
} }
} }
@ -62,6 +67,10 @@ func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet) {
"Per-resource etcd servers overrides, comma separated. The individual override "+ "Per-resource etcd servers overrides, comma separated. The individual override "+
"format: group/resource#servers, where servers are http://ip:port, semicolon separated.") "format: group/resource#servers, where servers are http://ip:port, semicolon separated.")
fs.StringVar(&s.DefaultStorageMediaType, "storage-media-type", s.DefaultStorageMediaType, ""+
"The media type to use to store objects in storage. Defaults to application/json. "+
"Some resources may only support a specific media type and will ignore this setting.")
fs.StringVar(&s.StorageConfig.Type, "storage-backend", s.StorageConfig.Type, fs.StringVar(&s.StorageConfig.Type, "storage-backend", s.StorageConfig.Type,
"The storage backend for persistence. Options: 'etcd3' (default), 'etcd2'.") "The storage backend for persistence. Options: 'etcd3' (default), 'etcd2'.")

View File

@ -0,0 +1,62 @@
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
import (
"github.com/spf13/pflag"
"k8s.io/apiserver/pkg/server"
)
type FeatureOptions struct {
EnableGarbageCollection bool
EnableProfiling bool
EnableContentionProfiling bool
EnableSwaggerUI bool
}
func NewFeatureOptions() *FeatureOptions {
defaults := server.NewConfig()
return &FeatureOptions{
EnableGarbageCollection: defaults.EnableGarbageCollection,
EnableProfiling: defaults.EnableProfiling,
EnableContentionProfiling: defaults.EnableContentionProfiling,
EnableSwaggerUI: defaults.EnableSwaggerUI,
}
}
func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet) {
fs.BoolVar(&o.EnableGarbageCollection, "enable-garbage-collector", o.EnableGarbageCollection, ""+
"Enables the generic garbage collector. MUST be synced with the corresponding flag "+
"of the kube-controller-manager.")
fs.BoolVar(&o.EnableProfiling, "profiling", o.EnableProfiling,
"Enable profiling via web interface host:port/debug/pprof/")
fs.BoolVar(&o.EnableContentionProfiling, "contention-profiling", o.EnableContentionProfiling,
"Enable contention profiling. Requires --profiling to be set to work.")
fs.BoolVar(&o.EnableSwaggerUI, "enable-swagger-ui", o.EnableSwaggerUI,
"Enables swagger ui on the apiserver at /swagger-ui")
}
func (o *FeatureOptions) ApplyTo(c *server.Config) error {
c.EnableGarbageCollection = o.EnableGarbageCollection
c.EnableProfiling = o.EnableProfiling
c.EnableContentionProfiling = o.EnableContentionProfiling
c.EnableSwaggerUI = o.EnableSwaggerUI
return nil
}

View File

@ -0,0 +1,75 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
import (
"github.com/spf13/pflag"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apiserver/pkg/server"
)
// RecommendedOptions contains the recommended options for running an API server
// If you add something to this list, it should be in a logical grouping
type RecommendedOptions struct {
Etcd *EtcdOptions
SecureServing *SecureServingOptions
Authentication *DelegatingAuthenticationOptions
Authorization *DelegatingAuthorizationOptions
Audit *AuditLogOptions
Features *FeatureOptions
}
func NewRecommendedOptions(scheme *runtime.Scheme) *RecommendedOptions {
return &RecommendedOptions{
Etcd: NewEtcdOptions(scheme),
SecureServing: NewSecureServingOptions(),
Authentication: NewDelegatingAuthenticationOptions(),
Authorization: NewDelegatingAuthorizationOptions(),
Audit: NewAuditLogOptions(),
Features: NewFeatureOptions(),
}
}
func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet) {
o.Etcd.AddFlags(fs)
o.SecureServing.AddFlags(fs)
o.Authentication.AddFlags(fs)
o.Authorization.AddFlags(fs)
o.Audit.AddFlags(fs)
o.Features.AddFlags(fs)
}
func (o *RecommendedOptions) ApplyTo(config *server.Config) error {
if err := o.SecureServing.ApplyTo(config); err != nil {
return err
}
if err := o.Authentication.ApplyTo(config); err != nil {
return err
}
if err := o.Authorization.ApplyTo(config); err != nil {
return err
}
if err := o.Audit.ApplyTo(config); err != nil {
return err
}
if err := o.Features.ApplyTo(config); err != nil {
return err
}
return nil
}

View File

@ -30,7 +30,6 @@ import (
_ "k8s.io/apiserver/pkg/features" _ "k8s.io/apiserver/pkg/features"
"github.com/spf13/pflag" "github.com/spf13/pflag"
"gopkg.in/natefinch/lumberjack.v2"
) )
// ServerRunOptions contains the options while running a generic api server. // ServerRunOptions contains the options while running a generic api server.
@ -40,18 +39,7 @@ type ServerRunOptions struct {
AdvertiseAddress net.IP AdvertiseAddress net.IP
CorsAllowedOriginList []string CorsAllowedOriginList []string
// To enable protobuf as storage format, it is enough
// to set it to "application/vnd.kubernetes.protobuf".
DefaultStorageMediaType string
DeleteCollectionWorkers int DeleteCollectionWorkers int
AuditLogPath string
AuditLogMaxAge int
AuditLogMaxBackups int
AuditLogMaxSize int
EnableGarbageCollection bool
EnableProfiling bool
EnableContentionProfiling bool
EnableSwaggerUI bool
EnableWatchCache bool EnableWatchCache bool
ExternalHost string ExternalHost string
MaxRequestsInFlight int MaxRequestsInFlight int
@ -66,11 +54,7 @@ func NewServerRunOptions() *ServerRunOptions {
return &ServerRunOptions{ return &ServerRunOptions{
AdmissionControl: "AlwaysAdmit", AdmissionControl: "AlwaysAdmit",
DefaultStorageMediaType: "application/json",
DeleteCollectionWorkers: 1, DeleteCollectionWorkers: 1,
EnableGarbageCollection: defaults.EnableGarbageCollection,
EnableProfiling: defaults.EnableProfiling,
EnableContentionProfiling: false,
EnableWatchCache: true, EnableWatchCache: true,
MaxRequestsInFlight: defaults.MaxRequestsInFlight, MaxRequestsInFlight: defaults.MaxRequestsInFlight,
MaxMutatingRequestsInFlight: defaults.MaxMutatingRequestsInFlight, MaxMutatingRequestsInFlight: defaults.MaxMutatingRequestsInFlight,
@ -80,20 +64,7 @@ func NewServerRunOptions() *ServerRunOptions {
// ApplyOptions applies the run options to the method receiver and returns self // ApplyOptions applies the run options to the method receiver and returns self
func (s *ServerRunOptions) ApplyTo(c *server.Config) error { func (s *ServerRunOptions) ApplyTo(c *server.Config) error {
if len(s.AuditLogPath) != 0 {
c.AuditWriter = &lumberjack.Logger{
Filename: s.AuditLogPath,
MaxAge: s.AuditLogMaxAge,
MaxBackups: s.AuditLogMaxBackups,
MaxSize: s.AuditLogMaxSize,
}
}
c.CorsAllowedOriginList = s.CorsAllowedOriginList c.CorsAllowedOriginList = s.CorsAllowedOriginList
c.EnableGarbageCollection = s.EnableGarbageCollection
c.EnableProfiling = s.EnableProfiling
c.EnableContentionProfiling = s.EnableContentionProfiling
c.EnableSwaggerUI = s.EnableSwaggerUI
c.ExternalAddress = s.ExternalHost c.ExternalAddress = s.ExternalHost
c.MaxRequestsInFlight = s.MaxRequestsInFlight c.MaxRequestsInFlight = s.MaxRequestsInFlight
c.MaxMutatingRequestsInFlight = s.MaxMutatingRequestsInFlight c.MaxMutatingRequestsInFlight = s.MaxMutatingRequestsInFlight
@ -153,34 +124,9 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) {
"List of allowed origins for CORS, comma separated. An allowed origin can be a regular "+ "List of allowed origins for CORS, comma separated. An allowed origin can be a regular "+
"expression to support subdomain matching. If this list is empty CORS will not be enabled.") "expression to support subdomain matching. If this list is empty CORS will not be enabled.")
fs.StringVar(&s.DefaultStorageMediaType, "storage-media-type", s.DefaultStorageMediaType, ""+
"The media type to use to store objects in storage. Defaults to application/json. "+
"Some resources may only support a specific media type and will ignore this setting.")
fs.IntVar(&s.DeleteCollectionWorkers, "delete-collection-workers", s.DeleteCollectionWorkers, fs.IntVar(&s.DeleteCollectionWorkers, "delete-collection-workers", s.DeleteCollectionWorkers,
"Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.") "Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.")
fs.StringVar(&s.AuditLogPath, "audit-log-path", s.AuditLogPath,
"If set, all requests coming to the apiserver will be logged to this file.")
fs.IntVar(&s.AuditLogMaxAge, "audit-log-maxage", s.AuditLogMaxBackups,
"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
fs.IntVar(&s.AuditLogMaxBackups, "audit-log-maxbackup", s.AuditLogMaxBackups,
"The maximum number of old audit log files to retain.")
fs.IntVar(&s.AuditLogMaxSize, "audit-log-maxsize", s.AuditLogMaxSize,
"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
fs.BoolVar(&s.EnableGarbageCollection, "enable-garbage-collector", s.EnableGarbageCollection, ""+
"Enables the generic garbage collector. MUST be synced with the corresponding flag "+
"of the kube-controller-manager.")
fs.BoolVar(&s.EnableProfiling, "profiling", s.EnableProfiling,
"Enable profiling via web interface host:port/debug/pprof/")
fs.BoolVar(&s.EnableContentionProfiling, "contention-profiling", s.EnableContentionProfiling,
"Enable contention profiling. Requires --profiling to be set to work.")
fs.BoolVar(&s.EnableSwaggerUI, "enable-swagger-ui", s.EnableSwaggerUI,
"Enables swagger ui on the apiserver at /swagger-ui")
// TODO: enable cache in integration tests. // TODO: enable cache in integration tests.
fs.BoolVar(&s.EnableWatchCache, "watch-cache", s.EnableWatchCache, fs.BoolVar(&s.EnableWatchCache, "watch-cache", s.EnableWatchCache,
"Enable watch caching in the apiserver") "Enable watch caching in the apiserver")

3
vendor/BUILD vendored
View File

@ -14089,10 +14089,13 @@ go_library(
go_library( go_library(
name = "k8s.io/apiserver/pkg/server/options", name = "k8s.io/apiserver/pkg/server/options",
srcs = [ srcs = [
"k8s.io/apiserver/pkg/server/options/audit.go",
"k8s.io/apiserver/pkg/server/options/authentication.go", "k8s.io/apiserver/pkg/server/options/authentication.go",
"k8s.io/apiserver/pkg/server/options/authorization.go", "k8s.io/apiserver/pkg/server/options/authorization.go",
"k8s.io/apiserver/pkg/server/options/doc.go", "k8s.io/apiserver/pkg/server/options/doc.go",
"k8s.io/apiserver/pkg/server/options/etcd.go", "k8s.io/apiserver/pkg/server/options/etcd.go",
"k8s.io/apiserver/pkg/server/options/feature.go",
"k8s.io/apiserver/pkg/server/options/recommended.go",
"k8s.io/apiserver/pkg/server/options/server_run_options.go", "k8s.io/apiserver/pkg/server/options/server_run_options.go",
"k8s.io/apiserver/pkg/server/options/serving.go", "k8s.io/apiserver/pkg/server/options/serving.go",
], ],