mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #41083 from deads2k/apiserver-02-audit
Automatic merge from submit-queue (batch tested with PRs 38796, 40823, 40756, 41083, 41105) Add more options to the RecommendedOptions struct. Builds on https://github.com/kubernetes/kubernetes/pull/41028 Adds `AuditOptions` to the `RecommendedOptions` @sttts @kubernetes/sig-api-machinery-pr-reviews
This commit is contained in:
commit
fa14198bb2
@ -45,10 +45,7 @@ import (
|
|||||||
const defaultEtcdPathPrefix = "/registry/kube-aggregator.kubernetes.io/"
|
const defaultEtcdPathPrefix = "/registry/kube-aggregator.kubernetes.io/"
|
||||||
|
|
||||||
type AggregatorOptions struct {
|
type AggregatorOptions struct {
|
||||||
Etcd *genericoptions.EtcdOptions
|
RecommendedOptions *genericoptions.RecommendedOptions
|
||||||
SecureServing *genericoptions.SecureServingOptions
|
|
||||||
Authentication *genericoptions.DelegatingAuthenticationOptions
|
|
||||||
Authorization *genericoptions.DelegatingAuthorizationOptions
|
|
||||||
|
|
||||||
// ProxyClientCert/Key are the client cert used to identify this proxy. Backing APIServices use
|
// ProxyClientCert/Key are the client cert used to identify this proxy. Backing APIServices use
|
||||||
// this to confirm the proxy's identity
|
// this to confirm the proxy's identity
|
||||||
@ -62,18 +59,15 @@ type AggregatorOptions struct {
|
|||||||
// NewCommandStartMaster provides a CLI handler for 'start master' command
|
// NewCommandStartMaster provides a CLI handler for 'start master' command
|
||||||
func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
|
func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
|
||||||
o := &AggregatorOptions{
|
o := &AggregatorOptions{
|
||||||
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
RecommendedOptions: genericoptions.NewRecommendedOptions(api.Scheme),
|
||||||
SecureServing: genericoptions.NewSecureServingOptions(),
|
|
||||||
Authentication: genericoptions.NewDelegatingAuthenticationOptions(),
|
|
||||||
Authorization: genericoptions.NewDelegatingAuthorizationOptions(),
|
|
||||||
|
|
||||||
StdOut: out,
|
StdOut: out,
|
||||||
StdErr: err,
|
StdErr: err,
|
||||||
}
|
}
|
||||||
o.Etcd.StorageConfig.Type = storagebackend.StorageTypeETCD3
|
o.RecommendedOptions.Etcd.StorageConfig.Type = storagebackend.StorageTypeETCD3
|
||||||
o.Etcd.StorageConfig.Prefix = defaultEtcdPathPrefix
|
o.RecommendedOptions.Etcd.StorageConfig.Prefix = defaultEtcdPathPrefix
|
||||||
o.Etcd.StorageConfig.Codec = api.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion)
|
o.RecommendedOptions.Etcd.StorageConfig.Codec = api.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion)
|
||||||
o.SecureServing.ServingOptions.BindPort = 443
|
o.RecommendedOptions.SecureServing.ServingOptions.BindPort = 443
|
||||||
|
|
||||||
cmd := &cobra.Command{
|
cmd := &cobra.Command{
|
||||||
Short: "Launch a API aggregator and proxy server",
|
Short: "Launch a API aggregator and proxy server",
|
||||||
@ -86,10 +80,7 @@ func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
|
|||||||
}
|
}
|
||||||
|
|
||||||
flags := cmd.Flags()
|
flags := cmd.Flags()
|
||||||
o.Etcd.AddFlags(flags)
|
o.RecommendedOptions.AddFlags(flags)
|
||||||
o.SecureServing.AddFlags(flags)
|
|
||||||
o.Authentication.AddFlags(flags)
|
|
||||||
o.Authorization.AddFlags(flags)
|
|
||||||
flags.StringVar(&o.ProxyClientCertFile, "proxy-client-cert-file", o.ProxyClientCertFile, "client certificate used identify the proxy to the API server")
|
flags.StringVar(&o.ProxyClientCertFile, "proxy-client-cert-file", o.ProxyClientCertFile, "client certificate used identify the proxy to the API server")
|
||||||
flags.StringVar(&o.ProxyClientKeyFile, "proxy-client-key-file", o.ProxyClientKeyFile, "client certificate key used identify the proxy to the API server")
|
flags.StringVar(&o.ProxyClientKeyFile, "proxy-client-key-file", o.ProxyClientKeyFile, "client certificate key used identify the proxy to the API server")
|
||||||
|
|
||||||
@ -106,30 +97,24 @@ func (o *AggregatorOptions) Complete() error {
|
|||||||
|
|
||||||
func (o AggregatorOptions) RunAggregator() error {
|
func (o AggregatorOptions) RunAggregator() error {
|
||||||
// TODO have a "real" external address
|
// TODO have a "real" external address
|
||||||
if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost"); err != nil {
|
if err := o.RecommendedOptions.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost"); err != nil {
|
||||||
return fmt.Errorf("error creating self-signed certificates: %v", err)
|
return fmt.Errorf("error creating self-signed certificates: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
genericAPIServerConfig := genericapiserver.NewConfig().
|
serverConfig := genericapiserver.NewConfig().
|
||||||
WithSerializer(api.Codecs)
|
WithSerializer(api.Codecs)
|
||||||
|
|
||||||
if err := o.SecureServing.ApplyTo(genericAPIServerConfig); err != nil {
|
if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil {
|
||||||
return fmt.Errorf("failed to configure https: %s", err)
|
|
||||||
}
|
|
||||||
if err := o.Authentication.ApplyTo(genericAPIServerConfig); err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := o.Authorization.ApplyTo(genericAPIServerConfig); err != nil {
|
serverConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(
|
||||||
return err
|
|
||||||
}
|
|
||||||
genericAPIServerConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(
|
|
||||||
sets.NewString("watch", "proxy"),
|
sets.NewString("watch", "proxy"),
|
||||||
sets.NewString("attach", "exec", "proxy", "log", "portforward"),
|
sets.NewString("attach", "exec", "proxy", "log", "portforward"),
|
||||||
)
|
)
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
privilegedLoopbackToken := uuid.NewRandom().String()
|
privilegedLoopbackToken := uuid.NewRandom().String()
|
||||||
if genericAPIServerConfig.LoopbackClientConfig, err = genericAPIServerConfig.SecureServingInfo.NewSelfClientConfig(privilegedLoopbackToken); err != nil {
|
if serverConfig.LoopbackClientConfig, err = serverConfig.SecureServingInfo.NewSelfClientConfig(privilegedLoopbackToken); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -143,8 +128,8 @@ func (o AggregatorOptions) RunAggregator() error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
config := apiserver.Config{
|
config := apiserver.Config{
|
||||||
GenericConfig: genericAPIServerConfig,
|
GenericConfig: serverConfig,
|
||||||
RESTOptionsGetter: &restOptionsFactory{storageConfig: &o.Etcd.StorageConfig},
|
RESTOptionsGetter: &restOptionsFactory{storageConfig: &o.RecommendedOptions.Etcd.StorageConfig},
|
||||||
CoreAPIServerClient: coreAPIServerClient,
|
CoreAPIServerClient: coreAPIServerClient,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -44,6 +44,8 @@ type ServerRunOptions struct {
|
|||||||
Etcd *genericoptions.EtcdOptions
|
Etcd *genericoptions.EtcdOptions
|
||||||
SecureServing *genericoptions.SecureServingOptions
|
SecureServing *genericoptions.SecureServingOptions
|
||||||
InsecureServing *genericoptions.ServingOptions
|
InsecureServing *genericoptions.ServingOptions
|
||||||
|
Audit *genericoptions.AuditLogOptions
|
||||||
|
Features *genericoptions.FeatureOptions
|
||||||
Authentication *kubeoptions.BuiltInAuthenticationOptions
|
Authentication *kubeoptions.BuiltInAuthenticationOptions
|
||||||
Authorization *kubeoptions.BuiltInAuthorizationOptions
|
Authorization *kubeoptions.BuiltInAuthorizationOptions
|
||||||
CloudProvider *kubeoptions.CloudProviderOptions
|
CloudProvider *kubeoptions.CloudProviderOptions
|
||||||
@ -69,6 +71,8 @@ func NewServerRunOptions() *ServerRunOptions {
|
|||||||
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
||||||
SecureServing: genericoptions.NewSecureServingOptions(),
|
SecureServing: genericoptions.NewSecureServingOptions(),
|
||||||
InsecureServing: genericoptions.NewInsecureServingOptions(),
|
InsecureServing: genericoptions.NewInsecureServingOptions(),
|
||||||
|
Audit: genericoptions.NewAuditLogOptions(),
|
||||||
|
Features: genericoptions.NewFeatureOptions(),
|
||||||
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
|
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
|
||||||
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
|
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
|
||||||
CloudProvider: kubeoptions.NewCloudProviderOptions(),
|
CloudProvider: kubeoptions.NewCloudProviderOptions(),
|
||||||
@ -92,7 +96,7 @@ func NewServerRunOptions() *ServerRunOptions {
|
|||||||
ServiceNodePortRange: DefaultServiceNodePortRange,
|
ServiceNodePortRange: DefaultServiceNodePortRange,
|
||||||
}
|
}
|
||||||
// Overwrite the default for storage data format.
|
// Overwrite the default for storage data format.
|
||||||
s.GenericServerRunOptions.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
|
s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
|
||||||
return &s
|
return &s
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -105,6 +109,8 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
|
|||||||
s.SecureServing.AddDeprecatedFlags(fs)
|
s.SecureServing.AddDeprecatedFlags(fs)
|
||||||
s.InsecureServing.AddFlags(fs)
|
s.InsecureServing.AddFlags(fs)
|
||||||
s.InsecureServing.AddDeprecatedFlags(fs)
|
s.InsecureServing.AddDeprecatedFlags(fs)
|
||||||
|
s.Audit.AddFlags(fs)
|
||||||
|
s.Features.AddFlags(fs)
|
||||||
s.Authentication.AddFlags(fs)
|
s.Authentication.AddFlags(fs)
|
||||||
s.Authorization.AddFlags(fs)
|
s.Authorization.AddFlags(fs)
|
||||||
s.CloudProvider.AddFlags(fs)
|
s.CloudProvider.AddFlags(fs)
|
||||||
|
@ -28,7 +28,7 @@ func TestAddFlagsFlag(t *testing.T) {
|
|||||||
f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
|
f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
|
||||||
s := NewServerRunOptions()
|
s := NewServerRunOptions()
|
||||||
s.AddFlags(f)
|
s.AddFlags(f)
|
||||||
if s.GenericServerRunOptions.EnableSwaggerUI {
|
if s.Features.EnableSwaggerUI {
|
||||||
t.Errorf("Expected s.EnableSwaggerUI to be false by default")
|
t.Errorf("Expected s.EnableSwaggerUI to be false by default")
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -36,7 +36,7 @@ func TestAddFlagsFlag(t *testing.T) {
|
|||||||
"--enable-swagger-ui=true",
|
"--enable-swagger-ui=true",
|
||||||
}
|
}
|
||||||
f.Parse(args)
|
f.Parse(args)
|
||||||
if !s.GenericServerRunOptions.EnableSwaggerUI {
|
if !s.Features.EnableSwaggerUI {
|
||||||
t.Errorf("Expected s.EnableSwaggerUI to be true")
|
t.Errorf("Expected s.EnableSwaggerUI to be true")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -120,6 +120,12 @@ func Run(s *options.ServerRunOptions) error {
|
|||||||
if err := s.Authentication.ApplyTo(genericConfig); err != nil {
|
if err := s.Authentication.ApplyTo(genericConfig); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err := s.Audit.ApplyTo(genericConfig); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := s.Features.ApplyTo(genericConfig); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
capabilities.Initialize(capabilities.Capabilities{
|
capabilities.Initialize(capabilities.Capabilities{
|
||||||
AllowPrivileged: s.AllowPrivileged,
|
AllowPrivileged: s.AllowPrivileged,
|
||||||
@ -199,7 +205,7 @@ func Run(s *options.ServerRunOptions) error {
|
|||||||
return fmt.Errorf("error generating storage version map: %s", err)
|
return fmt.Errorf("error generating storage version map: %s", err)
|
||||||
}
|
}
|
||||||
storageFactory, err := kubeapiserver.BuildDefaultStorageFactory(
|
storageFactory, err := kubeapiserver.BuildDefaultStorageFactory(
|
||||||
s.Etcd.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs,
|
s.Etcd.StorageConfig, s.Etcd.DefaultStorageMediaType, api.Codecs,
|
||||||
genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion,
|
genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion,
|
||||||
// FIXME: this GroupVersionResource override should be configurable
|
// FIXME: this GroupVersionResource override should be configurable
|
||||||
[]schema.GroupVersionResource{batch.Resource("cronjobs").WithVersion("v2alpha1")},
|
[]schema.GroupVersionResource{batch.Resource("cronjobs").WithVersion("v2alpha1")},
|
||||||
|
@ -36,6 +36,8 @@ type ServerRunOptions struct {
|
|||||||
Etcd *genericoptions.EtcdOptions
|
Etcd *genericoptions.EtcdOptions
|
||||||
SecureServing *genericoptions.SecureServingOptions
|
SecureServing *genericoptions.SecureServingOptions
|
||||||
InsecureServing *genericoptions.ServingOptions
|
InsecureServing *genericoptions.ServingOptions
|
||||||
|
Audit *genericoptions.AuditLogOptions
|
||||||
|
Features *genericoptions.FeatureOptions
|
||||||
Authentication *kubeoptions.BuiltInAuthenticationOptions
|
Authentication *kubeoptions.BuiltInAuthenticationOptions
|
||||||
Authorization *kubeoptions.BuiltInAuthorizationOptions
|
Authorization *kubeoptions.BuiltInAuthorizationOptions
|
||||||
CloudProvider *kubeoptions.CloudProviderOptions
|
CloudProvider *kubeoptions.CloudProviderOptions
|
||||||
@ -52,6 +54,8 @@ func NewServerRunOptions() *ServerRunOptions {
|
|||||||
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
||||||
SecureServing: genericoptions.NewSecureServingOptions(),
|
SecureServing: genericoptions.NewSecureServingOptions(),
|
||||||
InsecureServing: genericoptions.NewInsecureServingOptions(),
|
InsecureServing: genericoptions.NewInsecureServingOptions(),
|
||||||
|
Audit: genericoptions.NewAuditLogOptions(),
|
||||||
|
Features: genericoptions.NewFeatureOptions(),
|
||||||
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
|
Authentication: kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
|
||||||
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
|
Authorization: kubeoptions.NewBuiltInAuthorizationOptions(),
|
||||||
CloudProvider: kubeoptions.NewCloudProviderOptions(),
|
CloudProvider: kubeoptions.NewCloudProviderOptions(),
|
||||||
@ -61,7 +65,7 @@ func NewServerRunOptions() *ServerRunOptions {
|
|||||||
EventTTL: 1 * time.Hour,
|
EventTTL: 1 * time.Hour,
|
||||||
}
|
}
|
||||||
// Overwrite the default for storage data format.
|
// Overwrite the default for storage data format.
|
||||||
s.GenericServerRunOptions.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
|
s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
|
||||||
return &s
|
return &s
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -72,6 +76,8 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
|
|||||||
s.Etcd.AddFlags(fs)
|
s.Etcd.AddFlags(fs)
|
||||||
s.SecureServing.AddFlags(fs)
|
s.SecureServing.AddFlags(fs)
|
||||||
s.InsecureServing.AddFlags(fs)
|
s.InsecureServing.AddFlags(fs)
|
||||||
|
s.Audit.AddFlags(fs)
|
||||||
|
s.Features.AddFlags(fs)
|
||||||
s.Authentication.AddFlags(fs)
|
s.Authentication.AddFlags(fs)
|
||||||
s.Authorization.AddFlags(fs)
|
s.Authorization.AddFlags(fs)
|
||||||
s.CloudProvider.AddFlags(fs)
|
s.CloudProvider.AddFlags(fs)
|
||||||
|
@ -103,6 +103,12 @@ func Run(s *options.ServerRunOptions) error {
|
|||||||
if err := s.Authentication.ApplyTo(genericConfig); err != nil {
|
if err := s.Authentication.ApplyTo(genericConfig); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err := s.Audit.ApplyTo(genericConfig); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := s.Features.ApplyTo(genericConfig); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// TODO: register cluster federation resources here.
|
// TODO: register cluster federation resources here.
|
||||||
resourceConfig := genericapiserver.NewResourceConfig()
|
resourceConfig := genericapiserver.NewResourceConfig()
|
||||||
@ -116,7 +122,7 @@ func Run(s *options.ServerRunOptions) error {
|
|||||||
return fmt.Errorf("error generating storage version map: %s", err)
|
return fmt.Errorf("error generating storage version map: %s", err)
|
||||||
}
|
}
|
||||||
storageFactory, err := kubeapiserver.BuildDefaultStorageFactory(
|
storageFactory, err := kubeapiserver.BuildDefaultStorageFactory(
|
||||||
s.Etcd.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs,
|
s.Etcd.StorageConfig, s.Etcd.DefaultStorageMediaType, api.Codecs,
|
||||||
genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion,
|
genericapiserver.NewDefaultResourceEncodingConfig(api.Registry), storageGroupsToEncodingVersion,
|
||||||
[]schema.GroupVersionResource{}, resourceConfig, s.APIEnablement.RuntimeConfig)
|
[]schema.GroupVersionResource{}, resourceConfig, s.APIEnablement.RuntimeConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -208,7 +214,7 @@ func Run(s *options.ServerRunOptions) error {
|
|||||||
// TODO: Refactor this code to share it with kube-apiserver rather than duplicating it here.
|
// TODO: Refactor this code to share it with kube-apiserver rather than duplicating it here.
|
||||||
restOptionsFactory := &restOptionsFactory{
|
restOptionsFactory := &restOptionsFactory{
|
||||||
storageFactory: storageFactory,
|
storageFactory: storageFactory,
|
||||||
enableGarbageCollection: s.GenericServerRunOptions.EnableGarbageCollection,
|
enableGarbageCollection: s.Features.EnableGarbageCollection,
|
||||||
deleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers,
|
deleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers,
|
||||||
}
|
}
|
||||||
if s.GenericServerRunOptions.EnableWatchCache {
|
if s.GenericServerRunOptions.EnableWatchCache {
|
||||||
|
60
staging/src/k8s.io/apiserver/pkg/server/options/audit.go
Normal file
60
staging/src/k8s.io/apiserver/pkg/server/options/audit.go
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
/*
|
||||||
|
Copyright 2017 The Kubernetes Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package options
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/spf13/pflag"
|
||||||
|
"gopkg.in/natefinch/lumberjack.v2"
|
||||||
|
|
||||||
|
"k8s.io/apiserver/pkg/server"
|
||||||
|
)
|
||||||
|
|
||||||
|
type AuditLogOptions struct {
|
||||||
|
Path string
|
||||||
|
MaxAge int
|
||||||
|
MaxBackups int
|
||||||
|
MaxSize int
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewAuditLogOptions() *AuditLogOptions {
|
||||||
|
return &AuditLogOptions{}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet) {
|
||||||
|
fs.StringVar(&o.Path, "audit-log-path", o.Path,
|
||||||
|
"If set, all requests coming to the apiserver will be logged to this file.")
|
||||||
|
fs.IntVar(&o.MaxAge, "audit-log-maxage", o.MaxBackups,
|
||||||
|
"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
|
||||||
|
fs.IntVar(&o.MaxBackups, "audit-log-maxbackup", o.MaxBackups,
|
||||||
|
"The maximum number of old audit log files to retain.")
|
||||||
|
fs.IntVar(&o.MaxSize, "audit-log-maxsize", o.MaxSize,
|
||||||
|
"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *AuditLogOptions) ApplyTo(c *server.Config) error {
|
||||||
|
if len(o.Path) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
c.AuditWriter = &lumberjack.Logger{
|
||||||
|
Filename: o.Path,
|
||||||
|
MaxAge: o.MaxAge,
|
||||||
|
MaxBackups: o.MaxBackups,
|
||||||
|
MaxSize: o.MaxSize,
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
@ -33,6 +33,10 @@ type EtcdOptions struct {
|
|||||||
StorageConfig storagebackend.Config
|
StorageConfig storagebackend.Config
|
||||||
|
|
||||||
EtcdServersOverrides []string
|
EtcdServersOverrides []string
|
||||||
|
|
||||||
|
// To enable protobuf as storage format, it is enough
|
||||||
|
// to set it to "application/vnd.kubernetes.protobuf".
|
||||||
|
DefaultStorageMediaType string
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewEtcdOptions(scheme *runtime.Scheme) *EtcdOptions {
|
func NewEtcdOptions(scheme *runtime.Scheme) *EtcdOptions {
|
||||||
@ -44,6 +48,7 @@ func NewEtcdOptions(scheme *runtime.Scheme) *EtcdOptions {
|
|||||||
DeserializationCacheSize: 0,
|
DeserializationCacheSize: 0,
|
||||||
Copier: scheme,
|
Copier: scheme,
|
||||||
},
|
},
|
||||||
|
DefaultStorageMediaType: "application/json",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -62,6 +67,10 @@ func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet) {
|
|||||||
"Per-resource etcd servers overrides, comma separated. The individual override "+
|
"Per-resource etcd servers overrides, comma separated. The individual override "+
|
||||||
"format: group/resource#servers, where servers are http://ip:port, semicolon separated.")
|
"format: group/resource#servers, where servers are http://ip:port, semicolon separated.")
|
||||||
|
|
||||||
|
fs.StringVar(&s.DefaultStorageMediaType, "storage-media-type", s.DefaultStorageMediaType, ""+
|
||||||
|
"The media type to use to store objects in storage. Defaults to application/json. "+
|
||||||
|
"Some resources may only support a specific media type and will ignore this setting.")
|
||||||
|
|
||||||
fs.StringVar(&s.StorageConfig.Type, "storage-backend", s.StorageConfig.Type,
|
fs.StringVar(&s.StorageConfig.Type, "storage-backend", s.StorageConfig.Type,
|
||||||
"The storage backend for persistence. Options: 'etcd3' (default), 'etcd2'.")
|
"The storage backend for persistence. Options: 'etcd3' (default), 'etcd2'.")
|
||||||
|
|
||||||
|
62
staging/src/k8s.io/apiserver/pkg/server/options/feature.go
Normal file
62
staging/src/k8s.io/apiserver/pkg/server/options/feature.go
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
/*
|
||||||
|
Copyright 2017 The Kubernetes Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package options
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/spf13/pflag"
|
||||||
|
|
||||||
|
"k8s.io/apiserver/pkg/server"
|
||||||
|
)
|
||||||
|
|
||||||
|
type FeatureOptions struct {
|
||||||
|
EnableGarbageCollection bool
|
||||||
|
EnableProfiling bool
|
||||||
|
EnableContentionProfiling bool
|
||||||
|
EnableSwaggerUI bool
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewFeatureOptions() *FeatureOptions {
|
||||||
|
defaults := server.NewConfig()
|
||||||
|
|
||||||
|
return &FeatureOptions{
|
||||||
|
EnableGarbageCollection: defaults.EnableGarbageCollection,
|
||||||
|
EnableProfiling: defaults.EnableProfiling,
|
||||||
|
EnableContentionProfiling: defaults.EnableContentionProfiling,
|
||||||
|
EnableSwaggerUI: defaults.EnableSwaggerUI,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet) {
|
||||||
|
fs.BoolVar(&o.EnableGarbageCollection, "enable-garbage-collector", o.EnableGarbageCollection, ""+
|
||||||
|
"Enables the generic garbage collector. MUST be synced with the corresponding flag "+
|
||||||
|
"of the kube-controller-manager.")
|
||||||
|
fs.BoolVar(&o.EnableProfiling, "profiling", o.EnableProfiling,
|
||||||
|
"Enable profiling via web interface host:port/debug/pprof/")
|
||||||
|
fs.BoolVar(&o.EnableContentionProfiling, "contention-profiling", o.EnableContentionProfiling,
|
||||||
|
"Enable contention profiling. Requires --profiling to be set to work.")
|
||||||
|
fs.BoolVar(&o.EnableSwaggerUI, "enable-swagger-ui", o.EnableSwaggerUI,
|
||||||
|
"Enables swagger ui on the apiserver at /swagger-ui")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *FeatureOptions) ApplyTo(c *server.Config) error {
|
||||||
|
c.EnableGarbageCollection = o.EnableGarbageCollection
|
||||||
|
c.EnableProfiling = o.EnableProfiling
|
||||||
|
c.EnableContentionProfiling = o.EnableContentionProfiling
|
||||||
|
c.EnableSwaggerUI = o.EnableSwaggerUI
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
@ -0,0 +1,75 @@
|
|||||||
|
/*
|
||||||
|
Copyright 2016 The Kubernetes Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package options
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/spf13/pflag"
|
||||||
|
|
||||||
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
|
"k8s.io/apiserver/pkg/server"
|
||||||
|
)
|
||||||
|
|
||||||
|
// RecommendedOptions contains the recommended options for running an API server
|
||||||
|
// If you add something to this list, it should be in a logical grouping
|
||||||
|
type RecommendedOptions struct {
|
||||||
|
Etcd *EtcdOptions
|
||||||
|
SecureServing *SecureServingOptions
|
||||||
|
Authentication *DelegatingAuthenticationOptions
|
||||||
|
Authorization *DelegatingAuthorizationOptions
|
||||||
|
Audit *AuditLogOptions
|
||||||
|
Features *FeatureOptions
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewRecommendedOptions(scheme *runtime.Scheme) *RecommendedOptions {
|
||||||
|
return &RecommendedOptions{
|
||||||
|
Etcd: NewEtcdOptions(scheme),
|
||||||
|
SecureServing: NewSecureServingOptions(),
|
||||||
|
Authentication: NewDelegatingAuthenticationOptions(),
|
||||||
|
Authorization: NewDelegatingAuthorizationOptions(),
|
||||||
|
Audit: NewAuditLogOptions(),
|
||||||
|
Features: NewFeatureOptions(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet) {
|
||||||
|
o.Etcd.AddFlags(fs)
|
||||||
|
o.SecureServing.AddFlags(fs)
|
||||||
|
o.Authentication.AddFlags(fs)
|
||||||
|
o.Authorization.AddFlags(fs)
|
||||||
|
o.Audit.AddFlags(fs)
|
||||||
|
o.Features.AddFlags(fs)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *RecommendedOptions) ApplyTo(config *server.Config) error {
|
||||||
|
if err := o.SecureServing.ApplyTo(config); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := o.Authentication.ApplyTo(config); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := o.Authorization.ApplyTo(config); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := o.Audit.ApplyTo(config); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := o.Features.ApplyTo(config); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
@ -30,7 +30,6 @@ import (
|
|||||||
_ "k8s.io/apiserver/pkg/features"
|
_ "k8s.io/apiserver/pkg/features"
|
||||||
|
|
||||||
"github.com/spf13/pflag"
|
"github.com/spf13/pflag"
|
||||||
"gopkg.in/natefinch/lumberjack.v2"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// ServerRunOptions contains the options while running a generic api server.
|
// ServerRunOptions contains the options while running a generic api server.
|
||||||
@ -40,18 +39,7 @@ type ServerRunOptions struct {
|
|||||||
AdvertiseAddress net.IP
|
AdvertiseAddress net.IP
|
||||||
|
|
||||||
CorsAllowedOriginList []string
|
CorsAllowedOriginList []string
|
||||||
// To enable protobuf as storage format, it is enough
|
|
||||||
// to set it to "application/vnd.kubernetes.protobuf".
|
|
||||||
DefaultStorageMediaType string
|
|
||||||
DeleteCollectionWorkers int
|
DeleteCollectionWorkers int
|
||||||
AuditLogPath string
|
|
||||||
AuditLogMaxAge int
|
|
||||||
AuditLogMaxBackups int
|
|
||||||
AuditLogMaxSize int
|
|
||||||
EnableGarbageCollection bool
|
|
||||||
EnableProfiling bool
|
|
||||||
EnableContentionProfiling bool
|
|
||||||
EnableSwaggerUI bool
|
|
||||||
EnableWatchCache bool
|
EnableWatchCache bool
|
||||||
ExternalHost string
|
ExternalHost string
|
||||||
MaxRequestsInFlight int
|
MaxRequestsInFlight int
|
||||||
@ -66,11 +54,7 @@ func NewServerRunOptions() *ServerRunOptions {
|
|||||||
|
|
||||||
return &ServerRunOptions{
|
return &ServerRunOptions{
|
||||||
AdmissionControl: "AlwaysAdmit",
|
AdmissionControl: "AlwaysAdmit",
|
||||||
DefaultStorageMediaType: "application/json",
|
|
||||||
DeleteCollectionWorkers: 1,
|
DeleteCollectionWorkers: 1,
|
||||||
EnableGarbageCollection: defaults.EnableGarbageCollection,
|
|
||||||
EnableProfiling: defaults.EnableProfiling,
|
|
||||||
EnableContentionProfiling: false,
|
|
||||||
EnableWatchCache: true,
|
EnableWatchCache: true,
|
||||||
MaxRequestsInFlight: defaults.MaxRequestsInFlight,
|
MaxRequestsInFlight: defaults.MaxRequestsInFlight,
|
||||||
MaxMutatingRequestsInFlight: defaults.MaxMutatingRequestsInFlight,
|
MaxMutatingRequestsInFlight: defaults.MaxMutatingRequestsInFlight,
|
||||||
@ -80,20 +64,7 @@ func NewServerRunOptions() *ServerRunOptions {
|
|||||||
|
|
||||||
// ApplyOptions applies the run options to the method receiver and returns self
|
// ApplyOptions applies the run options to the method receiver and returns self
|
||||||
func (s *ServerRunOptions) ApplyTo(c *server.Config) error {
|
func (s *ServerRunOptions) ApplyTo(c *server.Config) error {
|
||||||
if len(s.AuditLogPath) != 0 {
|
|
||||||
c.AuditWriter = &lumberjack.Logger{
|
|
||||||
Filename: s.AuditLogPath,
|
|
||||||
MaxAge: s.AuditLogMaxAge,
|
|
||||||
MaxBackups: s.AuditLogMaxBackups,
|
|
||||||
MaxSize: s.AuditLogMaxSize,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
c.CorsAllowedOriginList = s.CorsAllowedOriginList
|
c.CorsAllowedOriginList = s.CorsAllowedOriginList
|
||||||
c.EnableGarbageCollection = s.EnableGarbageCollection
|
|
||||||
c.EnableProfiling = s.EnableProfiling
|
|
||||||
c.EnableContentionProfiling = s.EnableContentionProfiling
|
|
||||||
c.EnableSwaggerUI = s.EnableSwaggerUI
|
|
||||||
c.ExternalAddress = s.ExternalHost
|
c.ExternalAddress = s.ExternalHost
|
||||||
c.MaxRequestsInFlight = s.MaxRequestsInFlight
|
c.MaxRequestsInFlight = s.MaxRequestsInFlight
|
||||||
c.MaxMutatingRequestsInFlight = s.MaxMutatingRequestsInFlight
|
c.MaxMutatingRequestsInFlight = s.MaxMutatingRequestsInFlight
|
||||||
@ -153,34 +124,9 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) {
|
|||||||
"List of allowed origins for CORS, comma separated. An allowed origin can be a regular "+
|
"List of allowed origins for CORS, comma separated. An allowed origin can be a regular "+
|
||||||
"expression to support subdomain matching. If this list is empty CORS will not be enabled.")
|
"expression to support subdomain matching. If this list is empty CORS will not be enabled.")
|
||||||
|
|
||||||
fs.StringVar(&s.DefaultStorageMediaType, "storage-media-type", s.DefaultStorageMediaType, ""+
|
|
||||||
"The media type to use to store objects in storage. Defaults to application/json. "+
|
|
||||||
"Some resources may only support a specific media type and will ignore this setting.")
|
|
||||||
|
|
||||||
fs.IntVar(&s.DeleteCollectionWorkers, "delete-collection-workers", s.DeleteCollectionWorkers,
|
fs.IntVar(&s.DeleteCollectionWorkers, "delete-collection-workers", s.DeleteCollectionWorkers,
|
||||||
"Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.")
|
"Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.")
|
||||||
|
|
||||||
fs.StringVar(&s.AuditLogPath, "audit-log-path", s.AuditLogPath,
|
|
||||||
"If set, all requests coming to the apiserver will be logged to this file.")
|
|
||||||
fs.IntVar(&s.AuditLogMaxAge, "audit-log-maxage", s.AuditLogMaxBackups,
|
|
||||||
"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
|
|
||||||
fs.IntVar(&s.AuditLogMaxBackups, "audit-log-maxbackup", s.AuditLogMaxBackups,
|
|
||||||
"The maximum number of old audit log files to retain.")
|
|
||||||
fs.IntVar(&s.AuditLogMaxSize, "audit-log-maxsize", s.AuditLogMaxSize,
|
|
||||||
"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
|
|
||||||
|
|
||||||
fs.BoolVar(&s.EnableGarbageCollection, "enable-garbage-collector", s.EnableGarbageCollection, ""+
|
|
||||||
"Enables the generic garbage collector. MUST be synced with the corresponding flag "+
|
|
||||||
"of the kube-controller-manager.")
|
|
||||||
|
|
||||||
fs.BoolVar(&s.EnableProfiling, "profiling", s.EnableProfiling,
|
|
||||||
"Enable profiling via web interface host:port/debug/pprof/")
|
|
||||||
fs.BoolVar(&s.EnableContentionProfiling, "contention-profiling", s.EnableContentionProfiling,
|
|
||||||
"Enable contention profiling. Requires --profiling to be set to work.")
|
|
||||||
|
|
||||||
fs.BoolVar(&s.EnableSwaggerUI, "enable-swagger-ui", s.EnableSwaggerUI,
|
|
||||||
"Enables swagger ui on the apiserver at /swagger-ui")
|
|
||||||
|
|
||||||
// TODO: enable cache in integration tests.
|
// TODO: enable cache in integration tests.
|
||||||
fs.BoolVar(&s.EnableWatchCache, "watch-cache", s.EnableWatchCache,
|
fs.BoolVar(&s.EnableWatchCache, "watch-cache", s.EnableWatchCache,
|
||||||
"Enable watch caching in the apiserver")
|
"Enable watch caching in the apiserver")
|
||||||
|
3
vendor/BUILD
vendored
3
vendor/BUILD
vendored
@ -14089,10 +14089,13 @@ go_library(
|
|||||||
go_library(
|
go_library(
|
||||||
name = "k8s.io/apiserver/pkg/server/options",
|
name = "k8s.io/apiserver/pkg/server/options",
|
||||||
srcs = [
|
srcs = [
|
||||||
|
"k8s.io/apiserver/pkg/server/options/audit.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/authentication.go",
|
"k8s.io/apiserver/pkg/server/options/authentication.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/authorization.go",
|
"k8s.io/apiserver/pkg/server/options/authorization.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/doc.go",
|
"k8s.io/apiserver/pkg/server/options/doc.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/etcd.go",
|
"k8s.io/apiserver/pkg/server/options/etcd.go",
|
||||||
|
"k8s.io/apiserver/pkg/server/options/feature.go",
|
||||||
|
"k8s.io/apiserver/pkg/server/options/recommended.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/server_run_options.go",
|
"k8s.io/apiserver/pkg/server/options/server_run_options.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/serving.go",
|
"k8s.io/apiserver/pkg/server/options/serving.go",
|
||||||
],
|
],
|
||||||
|
Loading…
Reference in New Issue
Block a user