kubernetes: k8s.io/kubernetes/pkg/kubeapiserver/options Index | Files

package options

import "k8s.io/kubernetes/pkg/kubeapiserver/options"

Package options contains flags and options for initializing kube-apiserver

Index

Package Files

admission.go authentication.go authorization.go cloudprovider.go options.go plugins.go serving.go

Constants

const DefaultEtcdPathPrefix = "/registry"

DefaultEtcdPathPrefix is the default key prefix of etcd for API Server

Variables

var AllOrderedPlugins = []string{
    admit.PluginName,
    autoprovision.PluginName,
    lifecycle.PluginName,
    exists.PluginName,
    scdeny.PluginName,
    antiaffinity.PluginName,
    limitranger.PluginName,
    serviceaccount.PluginName,
    noderestriction.PluginName,
    nodetaint.PluginName,
    alwayspullimages.PluginName,
    imagepolicy.PluginName,
    podsecuritypolicy.PluginName,
    podnodeselector.PluginName,
    podpriority.PluginName,
    defaulttolerationseconds.PluginName,
    podtolerationrestriction.PluginName,
    exec.DenyEscalatingExec,
    exec.DenyExecOnPrivileged,
    eventratelimit.PluginName,
    extendedresourcetoleration.PluginName,
    label.PluginName,
    setdefault.PluginName,
    storageobjectinuseprotection.PluginName,
    gc.PluginName,
    resize.PluginName,
    runtimeclass.PluginName,
    certapproval.PluginName,
    certsigning.PluginName,
    certsubjectrestriction.PluginName,
    defaultingressclass.PluginName,

    mutatingwebhook.PluginName,
    validatingwebhook.PluginName,
    resourcequota.PluginName,
    deny.PluginName,
}

AllOrderedPlugins is the list of all the plugins in order.

var DefaultServiceIPCIDR = net.IPNet{IP: net.ParseIP("10.0.0.0"), Mask: net.CIDRMask(24, 32)}

DefaultServiceIPCIDR is a CIDR notation of IP range from which to allocate service cluster IPs

var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768}

DefaultServiceNodePortRange is the default port range for NodePort services.

func DefaultAdvertiseAddress Uses

func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, insecure *genericoptions.DeprecatedInsecureServingOptions) error

DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions. If the SecureServingOptions is not present, DefaultExternalAddress will fall back to the insecure ServingOptions.

func DefaultOffAdmissionPlugins Uses

func DefaultOffAdmissionPlugins() sets.String

DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.

func NewInsecureServingOptions Uses

func NewInsecureServingOptions() *genericoptions.DeprecatedInsecureServingOptionsWithLoopback

NewInsecureServingOptions gives default values for the kube-apiserver. TODO: switch insecure serving off by default

func NewSecureServingOptions Uses

func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback

NewSecureServingOptions gives default values for the kube-apiserver which are not the options wanted by "normal" API servers running on the platform

func RegisterAllAdmissionPlugins Uses

func RegisterAllAdmissionPlugins(plugins *admission.Plugins)

RegisterAllAdmissionPlugins registers all admission plugins and sets the recommended plugins order.

type AdmissionOptions Uses

type AdmissionOptions struct {
    // GenericAdmission holds the generic admission options.
    GenericAdmission *genericoptions.AdmissionOptions
    // DEPRECATED flag, should use EnabledAdmissionPlugins and DisabledAdmissionPlugins.
    // They are mutually exclusive, specify both will lead to an error.
    PluginNames []string
}

AdmissionOptions holds the admission options. It is a wrap of generic AdmissionOptions.

func NewAdmissionOptions Uses

func NewAdmissionOptions() *AdmissionOptions

NewAdmissionOptions creates a new instance of AdmissionOptions Note:

In addition it calls RegisterAllAdmissionPlugins to register
all kube-apiserver admission plugins.

Provides the list of RecommendedPluginOrder that holds sane values
that can be used by servers that don't care about admission chain.
Servers that do care can overwrite/append that field after creation.

func (*AdmissionOptions) AddFlags Uses

func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet)

AddFlags adds flags related to admission for kube-apiserver to the specified FlagSet

func (*AdmissionOptions) ApplyTo Uses

func (a *AdmissionOptions) ApplyTo(
    c *server.Config,
    informers informers.SharedInformerFactory,
    kubeAPIServerClientConfig *rest.Config,
    features featuregate.FeatureGate,
    pluginInitializers ...admission.PluginInitializer,
) error

ApplyTo adds the admission chain to the server configuration. Kube-apiserver just call generic AdmissionOptions.ApplyTo.

func (*AdmissionOptions) Validate Uses

func (a *AdmissionOptions) Validate() []error

Validate verifies flags passed to kube-apiserver AdmissionOptions. Kube-apiserver verifies PluginNames and then call generic AdmissionOptions.Validate.

type AnonymousAuthenticationOptions Uses

type AnonymousAuthenticationOptions struct {
    Allow bool
}

AnonymousAuthenticationOptions contains anonymous authentication options for API Server

type BootstrapTokenAuthenticationOptions Uses

type BootstrapTokenAuthenticationOptions struct {
    Enable bool
}

BootstrapTokenAuthenticationOptions contains bootstrap token authentication options for API Server

type BuiltInAuthenticationOptions Uses

type BuiltInAuthenticationOptions struct {
    APIAudiences    []string
    Anonymous       *AnonymousAuthenticationOptions
    BootstrapToken  *BootstrapTokenAuthenticationOptions
    ClientCert      *genericoptions.ClientCertAuthenticationOptions
    OIDC            *OIDCAuthenticationOptions
    RequestHeader   *genericoptions.RequestHeaderAuthenticationOptions
    ServiceAccounts *ServiceAccountAuthenticationOptions
    TokenFile       *TokenFileAuthenticationOptions
    WebHook         *WebHookAuthenticationOptions

    TokenSuccessCacheTTL time.Duration
    TokenFailureCacheTTL time.Duration
}

BuiltInAuthenticationOptions contains all build-in authentication options for API Server

func NewBuiltInAuthenticationOptions Uses

func NewBuiltInAuthenticationOptions() *BuiltInAuthenticationOptions

NewBuiltInAuthenticationOptions create a new BuiltInAuthenticationOptions, just set default token cache TTL

func (*BuiltInAuthenticationOptions) AddFlags Uses

func (o *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet)

AddFlags returns flags of authentication for a API Server

func (*BuiltInAuthenticationOptions) ApplyAuthorization Uses

func (o *BuiltInAuthenticationOptions) ApplyAuthorization(authorization *BuiltInAuthorizationOptions)

ApplyAuthorization will conditionally modify the authentication options based on the authorization options

func (*BuiltInAuthenticationOptions) ApplyTo Uses

func (o *BuiltInAuthenticationOptions) ApplyTo(authInfo *genericapiserver.AuthenticationInfo, secureServing *genericapiserver.SecureServingInfo, egressSelector *egressselector.EgressSelector, openAPIConfig *openapicommon.Config, extclient kubernetes.Interface, versionedInformer informers.SharedInformerFactory) error

ApplyTo requires already applied OpenAPIConfig and EgressSelector if present.

func (*BuiltInAuthenticationOptions) ToAuthenticationConfig Uses

func (o *BuiltInAuthenticationOptions) ToAuthenticationConfig() (kubeauthenticator.Config, error)

ToAuthenticationConfig convert BuiltInAuthenticationOptions to kubeauthenticator.Config

func (*BuiltInAuthenticationOptions) Validate Uses

func (o *BuiltInAuthenticationOptions) Validate() []error

Validate checks invalid config combination

func (*BuiltInAuthenticationOptions) WithAll Uses

func (o *BuiltInAuthenticationOptions) WithAll() *BuiltInAuthenticationOptions

WithAll set default value for every build-in authentication option

func (*BuiltInAuthenticationOptions) WithAnonymous Uses

func (o *BuiltInAuthenticationOptions) WithAnonymous() *BuiltInAuthenticationOptions

WithAnonymous set default value for anonymous authentication

func (*BuiltInAuthenticationOptions) WithBootstrapToken Uses

func (o *BuiltInAuthenticationOptions) WithBootstrapToken() *BuiltInAuthenticationOptions

WithBootstrapToken set default value for bootstrap token authentication

func (*BuiltInAuthenticationOptions) WithClientCert Uses

func (o *BuiltInAuthenticationOptions) WithClientCert() *BuiltInAuthenticationOptions

WithClientCert set default value for client cert

func (*BuiltInAuthenticationOptions) WithOIDC Uses

func (o *BuiltInAuthenticationOptions) WithOIDC() *BuiltInAuthenticationOptions

WithOIDC set default value for OIDC authentication

func (*BuiltInAuthenticationOptions) WithRequestHeader Uses

func (o *BuiltInAuthenticationOptions) WithRequestHeader() *BuiltInAuthenticationOptions

WithRequestHeader set default value for request header authentication

func (*BuiltInAuthenticationOptions) WithServiceAccounts Uses

func (o *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticationOptions

WithServiceAccounts set default value for service account authentication

func (*BuiltInAuthenticationOptions) WithTokenFile Uses

func (o *BuiltInAuthenticationOptions) WithTokenFile() *BuiltInAuthenticationOptions

WithTokenFile set default value for token file authentication

func (*BuiltInAuthenticationOptions) WithWebHook Uses

func (o *BuiltInAuthenticationOptions) WithWebHook() *BuiltInAuthenticationOptions

WithWebHook set default value for web hook authentication

type BuiltInAuthorizationOptions Uses

type BuiltInAuthorizationOptions struct {
    Modes                       []string
    PolicyFile                  string
    WebhookConfigFile           string
    WebhookVersion              string
    WebhookCacheAuthorizedTTL   time.Duration
    WebhookCacheUnauthorizedTTL time.Duration
}

BuiltInAuthorizationOptions contains all build-in authorization options for API Server

func NewBuiltInAuthorizationOptions Uses

func NewBuiltInAuthorizationOptions() *BuiltInAuthorizationOptions

NewBuiltInAuthorizationOptions create a BuiltInAuthorizationOptions with default value

func (*BuiltInAuthorizationOptions) AddFlags Uses

func (o *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet)

AddFlags returns flags of authorization for a API Server

func (*BuiltInAuthorizationOptions) ToAuthorizationConfig Uses

func (o *BuiltInAuthorizationOptions) ToAuthorizationConfig(versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.Config

ToAuthorizationConfig convert BuiltInAuthorizationOptions to authorizer.Config

func (*BuiltInAuthorizationOptions) Validate Uses

func (o *BuiltInAuthorizationOptions) Validate() []error

Validate checks invalid config combination

type CloudProviderOptions Uses

type CloudProviderOptions struct {
    CloudConfigFile string
    CloudProvider   string
}

CloudProviderOptions contains cloud provider config

func NewCloudProviderOptions Uses

func NewCloudProviderOptions() *CloudProviderOptions

NewCloudProviderOptions creates a default CloudProviderOptions

func (*CloudProviderOptions) AddFlags Uses

func (s *CloudProviderOptions) AddFlags(fs *pflag.FlagSet)

AddFlags returns flags of cloud provider for a API Server

func (*CloudProviderOptions) Validate Uses

func (s *CloudProviderOptions) Validate() []error

Validate checks invalid config

type OIDCAuthenticationOptions Uses

type OIDCAuthenticationOptions struct {
    CAFile         string
    ClientID       string
    IssuerURL      string
    UsernameClaim  string
    UsernamePrefix string
    GroupsClaim    string
    GroupsPrefix   string
    SigningAlgs    []string
    RequiredClaims map[string]string
}

OIDCAuthenticationOptions contains OIDC authentication options for API Server

type ServiceAccountAuthenticationOptions Uses

type ServiceAccountAuthenticationOptions struct {
    KeyFiles         []string
    Lookup           bool
    Issuer           string
    JWKSURI          string
    MaxExpiration    time.Duration
    ExtendExpiration bool
}

ServiceAccountAuthenticationOptions contains service account authentication options for API Server

type TokenFileAuthenticationOptions Uses

type TokenFileAuthenticationOptions struct {
    TokenFile string
}

TokenFileAuthenticationOptions contains token file authentication options for API Server

type WebHookAuthenticationOptions Uses

type WebHookAuthenticationOptions struct {
    ConfigFile string
    Version    string
    CacheTTL   time.Duration
}

WebHookAuthenticationOptions contains web hook authentication options for API Server

Package options imports 63 packages (graph) and is imported by 29 packages. Updated 2020-09-17. Refresh now. Tools for package owners.