Documentation
¶
Index ¶
Constants ¶
View Source
const UnreserveTip = "ignore"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ApiserverLitekubeOptions ¶
type ApiserverLitekubeOptions struct {
AllowPrivileged bool `yaml:"allow-privileged"`
AuthorizationMode string `yaml:"authorization-mode"`
AnonymousAuth bool `yaml:"anonymous-auth"`
//EnableSwaggerUI bool `yaml:"enable-swagger-ui"`
EnableAdmissionPlugins string `yaml:"enable-admission-plugins"`
EncryptionProviderConfig string `yaml:"encryption-provider-config"`
Profiling bool `yaml:"profiling"`
ServiceClusterIpRange string `yaml:"service-cluster-ip-range"`
ServiceNodePortRange string `yaml:"service-node-port-range"`
SecurePort uint16 `yaml:"secure-port"`
}
options for Litekube to start kube-apiserver
var DefaultALO ApiserverLitekubeOptions = ApiserverLitekubeOptions{ AllowPrivileged: true, AuthorizationMode: strings.Join([]string{modes.ModeNode, modes.ModeRBAC}, ","), AnonymousAuth: false, EnableAdmissionPlugins: "NodeRestriction", Profiling: false, ServiceClusterIpRange: "10.0.0.0/16", ServiceNodePortRange: "30000-32767", SecurePort: 6443, }
func NewApiserverLitekubeOptions ¶
func NewApiserverLitekubeOptions() *ApiserverLitekubeOptions
func (*ApiserverLitekubeOptions) AddTips ¶
func (opt *ApiserverLitekubeOptions) AddTips(section *help.Section)
type ApiserverOptions ¶
type ApiserverOptions struct {
ReservedOptions map[string]string `yaml:"reserve"`
ProfessionalOptions *ApiserverProfessionalOptions `yaml:"professional"`
Options *ApiserverLitekubeOptions `yaml:"options"`
IgnoreOptions map[string]string `yaml:"-"`
}
struct to store args from input
func NewApiserverOptions ¶
func NewApiserverOptions() *ApiserverOptions
func (*ApiserverOptions) CheckReservedOptions ¶
func (opt *ApiserverOptions) CheckReservedOptions() error
delete keys already be disable or define in other block
func (*ApiserverOptions) HelpSection ¶
func (opt *ApiserverOptions) HelpSection() *help.Section
func (*ApiserverOptions) PrintFlags ¶
func (opt *ApiserverOptions) PrintFlags(prefix string, printFunc func(format string, a ...interface{}) error) error
print all flags
type ApiserverProfessionalOptions ¶
type ApiserverProfessionalOptions struct {
ECTDOptions `yaml:",inline"`
ServerCertOptions `yaml:",inline"`
KubeletClientCertOptions `yaml:",inline"`
BindAddress string `yaml:"bind-address"`
AdvertiseAddress string `yaml:"advertise-address"`
//InsecurePort uint16 `yaml:"insecure-port"`
FeatureGates string `yaml:"feature-gates"`
}
Empirically assigned parameters are not recommended
var DefaultAPO ApiserverProfessionalOptions = ApiserverProfessionalOptions{ ECTDOptions: *NewECTDOptions(), ServerCertOptions: *NewServerCertOptions(), KubeletClientCertOptions: *NewKubeletClientCertOptions(), BindAddress: "0.0.0.0", FeatureGates: "JobTrackingWithFinalizers=true", }
func NewApiserverProfessionalOptions ¶
func NewApiserverProfessionalOptions() *ApiserverProfessionalOptions
func (*ApiserverProfessionalOptions) AddTips ¶
func (opt *ApiserverProfessionalOptions) AddTips(section *help.Section)
type ECTDOptions ¶
type ECTDOptions struct {
StorageBackend string `yaml:"storage-backend"`
EtcdServers string `yaml:"etcd-servers"`
EtcdCafile string `yaml:"etcd-cafile"`
EtcdCertfile string `yaml:"etcd-certfile"`
EtcdKeyfile string `yaml:"etcd-keyfile"`
}
etcd options
var DefaultEO ECTDOptions = ECTDOptions{
StorageBackend: "etcd3",
EtcdServers: "https://127.0.0.1:2379",
}
func NewECTDOptions ¶
func NewECTDOptions() *ECTDOptions
func (*ECTDOptions) AddTips ¶
func (opt *ECTDOptions) AddTips(section *help.Section)
type KubeletClientCertOptions ¶
type KubeletClientCertOptions struct {
KubeletCertificateAuthority string `yaml:"kubelet-certificate-authority"`
KubeletClientCertificate string `yaml:"kubelet-client-certificate"`
KubeletClientKey string `yaml:"kubelet-client-key"`
}
security information for apiserver-kubelet-client-config
var DefaultKCCO KubeletClientCertOptions = KubeletClientCertOptions{
KubeletCertificateAuthority: "-",
}
func NewKubeletClientCertOptions ¶
func NewKubeletClientCertOptions() *KubeletClientCertOptions
func (*KubeletClientCertOptions) AddTips ¶
func (opt *KubeletClientCertOptions) AddTips(section *help.Section)
type ServerCertOptions ¶
type ServerCertOptions struct {
CertDir string `yaml:"cert-dir"`
TlsCertFile string `yaml:"tls-cert-file"`
TlsPrivateKeyFile string `yaml:"tls-private-key-file"`
ApiAudiences string `yaml:"api-audiences"`
TokenAuthFile string `yaml:"token-auth-file"`
EnableBootstrapTokenAuth bool `yaml:"enable-bootstrap-token-auth"`
ServiceAccountSigningKeyFile string `yaml:"service-account-signing-key-file"`
ServiceAccountKeyFile string `yaml:"service-account-key-file"`
ServiceAccountIssuer string `yaml:"service-account-issuer"`
ClientCAFile string `yaml:"client-ca-file"`
// for access-proxy to kube-apiserver
RequestheaderExtraHeadersPrefix string `yaml:"requestheader-extra-headers-prefix"`
RequestheaderGroupHeaders string `yaml:"requestheader-group-headers"`
RequestheaderUsernameHeaders string `yaml:"requestheader-username-headers"`
RequestheaderClientCAFile string `yaml:"requestheader-client-ca-file"`
RequestheaderAllowedNames string `yaml:"requestheader-allowed-names"`
ProxyClientCertFile string `yaml:"proxy-client-cert-file"`
ProxyClientKeyFile string `yaml:"proxy-client-key-file"`
EnableAggregatorRouting bool `yaml:"enable-aggregator-routing"`
}
server security
var DefaultSCO ServerCertOptions = ServerCertOptions{ ApiAudiences: "unknown", EnableBootstrapTokenAuth: true, ServiceAccountIssuer: "litekube", RequestheaderExtraHeadersPrefix: "X-Remote-Extra-", RequestheaderGroupHeaders: "X-Remote-Group", RequestheaderUsernameHeaders: "X-Remote-User", RequestheaderAllowedNames: "system:auth-proxy", EnableAggregatorRouting: true, }
func NewServerCertOptions ¶
func NewServerCertOptions() *ServerCertOptions
func (*ServerCertOptions) AddTips ¶
func (opt *ServerCertOptions) AddTips(section *help.Section)
Source Files
Click to show internal directories.
Click to hide internal directories.