kubernetes: k8s.io/kubernetes/pkg/kubeapiserver/options Index | Files

package options

import "k8s.io/kubernetes/pkg/kubeapiserver/options"

Package options contains flags and options for initializing kube-apiserver

Index

Package Files

admission.go authentication.go authorization.go cloudprovider.go options.go plugins.go serving.go

Constants

const DefaultEtcdPathPrefix = "/registry"

Variables

var AllOrderedPlugins = []string{
    admit.PluginName,
    autoprovision.PluginName,
    lifecycle.PluginName,
    exists.PluginName,
    scdeny.PluginName,
    antiaffinity.PluginName,
    podpreset.PluginName,
    limitranger.PluginName,
    serviceaccount.PluginName,
    noderestriction.PluginName,
    nodetaint.PluginName,
    alwayspullimages.PluginName,
    imagepolicy.PluginName,
    podsecuritypolicy.PluginName,
    podnodeselector.PluginName,
    podpriority.PluginName,
    defaulttolerationseconds.PluginName,
    podtolerationrestriction.PluginName,
    exec.DenyEscalatingExec,
    exec.DenyExecOnPrivileged,
    eventratelimit.PluginName,
    extendedresourcetoleration.PluginName,
    label.PluginName,
    setdefault.PluginName,
    storageobjectinuseprotection.PluginName,
    gc.PluginName,
    resize.PluginName,
    mutatingwebhook.PluginName,
    validatingwebhook.PluginName,
    runtimeclass.PluginName,
    resourcequota.PluginName,
    deny.PluginName,
}

AllOrderedPlugins is the list of all the plugins in order.

var DefaultServiceIPCIDR net.IPNet = net.IPNet{IP: net.ParseIP("10.0.0.0"), Mask: net.CIDRMask(24, 32)}

DefaultServiceIPCIDR is a CIDR notation of IP range from which to allocate service cluster IPs

var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768}

DefaultServiceNodePortRange is the default port range for NodePort services.

func DefaultAdvertiseAddress Uses

func DefaultAdvertiseAddress(s *genericoptions.ServerRunOptions, insecure *genericoptions.DeprecatedInsecureServingOptions) error

DefaultAdvertiseAddress sets the field AdvertiseAddress if unset. The field will be set based on the SecureServingOptions. If the SecureServingOptions is not present, DefaultExternalAddress will fall back to the insecure ServingOptions.

func DefaultOffAdmissionPlugins Uses

func DefaultOffAdmissionPlugins() sets.String

DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.

func NewInsecureServingOptions Uses

func NewInsecureServingOptions() *genericoptions.DeprecatedInsecureServingOptionsWithLoopback

NewInsecureServingOptions gives default values for the kube-apiserver. TODO: switch insecure serving off by default

func NewSecureServingOptions Uses

func NewSecureServingOptions() *genericoptions.SecureServingOptionsWithLoopback

NewSecureServingOptions gives default values for the kube-apiserver which are not the options wanted by "normal" API servers running on the platform

func RegisterAllAdmissionPlugins Uses

func RegisterAllAdmissionPlugins(plugins *admission.Plugins)

RegisterAllAdmissionPlugins registers all admission plugins and sets the recommended plugins order.

type AdmissionOptions Uses

type AdmissionOptions struct {
    // GenericAdmission holds the generic admission options.
    GenericAdmission *genericoptions.AdmissionOptions
    // DEPRECATED flag, should use EnabledAdmissionPlugins and DisabledAdmissionPlugins.
    // They are mutually exclusive, specify both will lead to an error.
    PluginNames []string
}

AdmissionOptions holds the admission options. It is a wrap of generic AdmissionOptions.

func NewAdmissionOptions Uses

func NewAdmissionOptions() *AdmissionOptions

NewAdmissionOptions creates a new instance of AdmissionOptions Note:

In addition it calls RegisterAllAdmissionPlugins to register
all kube-apiserver admission plugins.

Provides the list of RecommendedPluginOrder that holds sane values
that can be used by servers that don't care about admission chain.
Servers that do care can overwrite/append that field after creation.

func (*AdmissionOptions) AddFlags Uses

func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet)

AddFlags adds flags related to admission for kube-apiserver to the specified FlagSet

func (*AdmissionOptions) ApplyTo Uses

func (a *AdmissionOptions) ApplyTo(
    c *server.Config,
    informers informers.SharedInformerFactory,
    kubeAPIServerClientConfig *rest.Config,
    pluginInitializers ...admission.PluginInitializer,
) error

ApplyTo adds the admission chain to the server configuration. Kube-apiserver just call generic AdmissionOptions.ApplyTo.

func (*AdmissionOptions) Validate Uses

func (a *AdmissionOptions) Validate() []error

Validate verifies flags passed to kube-apiserver AdmissionOptions. Kube-apiserver verifies PluginNames and then call generic AdmissionOptions.Validate.

type AnonymousAuthenticationOptions Uses

type AnonymousAuthenticationOptions struct {
    Allow bool
}

type BootstrapTokenAuthenticationOptions Uses

type BootstrapTokenAuthenticationOptions struct {
    Enable bool
}

type BuiltInAuthenticationOptions Uses

type BuiltInAuthenticationOptions struct {
    APIAudiences    []string
    Anonymous       *AnonymousAuthenticationOptions
    BootstrapToken  *BootstrapTokenAuthenticationOptions
    ClientCert      *genericoptions.ClientCertAuthenticationOptions
    OIDC            *OIDCAuthenticationOptions
    PasswordFile    *PasswordFileAuthenticationOptions
    RequestHeader   *genericoptions.RequestHeaderAuthenticationOptions
    ServiceAccounts *ServiceAccountAuthenticationOptions
    TokenFile       *TokenFileAuthenticationOptions
    WebHook         *WebHookAuthenticationOptions

    TokenSuccessCacheTTL time.Duration
    TokenFailureCacheTTL time.Duration
}

func NewBuiltInAuthenticationOptions Uses

func NewBuiltInAuthenticationOptions() *BuiltInAuthenticationOptions

func (*BuiltInAuthenticationOptions) AddFlags Uses

func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet)

func (*BuiltInAuthenticationOptions) ApplyAuthorization Uses

func (o *BuiltInAuthenticationOptions) ApplyAuthorization(authorization *BuiltInAuthorizationOptions)

ApplyAuthorization will conditionally modify the authentication options based on the authorization options

func (*BuiltInAuthenticationOptions) ApplyTo Uses

func (o *BuiltInAuthenticationOptions) ApplyTo(c *genericapiserver.Config) error

func (*BuiltInAuthenticationOptions) ToAuthenticationConfig Uses

func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() kubeauthenticator.Config

func (*BuiltInAuthenticationOptions) Validate Uses

func (s *BuiltInAuthenticationOptions) Validate() []error

Validate checks invalid config combination

func (*BuiltInAuthenticationOptions) WithAll Uses

func (s *BuiltInAuthenticationOptions) WithAll() *BuiltInAuthenticationOptions

func (*BuiltInAuthenticationOptions) WithAnonymous Uses

func (s *BuiltInAuthenticationOptions) WithAnonymous() *BuiltInAuthenticationOptions

func (*BuiltInAuthenticationOptions) WithBootstrapToken Uses

func (s *BuiltInAuthenticationOptions) WithBootstrapToken() *BuiltInAuthenticationOptions

func (*BuiltInAuthenticationOptions) WithClientCert Uses

func (s *BuiltInAuthenticationOptions) WithClientCert() *BuiltInAuthenticationOptions

func (*BuiltInAuthenticationOptions) WithOIDC Uses

func (s *BuiltInAuthenticationOptions) WithOIDC() *BuiltInAuthenticationOptions

func (*BuiltInAuthenticationOptions) WithPasswordFile Uses

func (s *BuiltInAuthenticationOptions) WithPasswordFile() *BuiltInAuthenticationOptions

func (*BuiltInAuthenticationOptions) WithRequestHeader Uses

func (s *BuiltInAuthenticationOptions) WithRequestHeader() *BuiltInAuthenticationOptions

func (*BuiltInAuthenticationOptions) WithServiceAccounts Uses

func (s *BuiltInAuthenticationOptions) WithServiceAccounts() *BuiltInAuthenticationOptions

func (*BuiltInAuthenticationOptions) WithTokenFile Uses

func (s *BuiltInAuthenticationOptions) WithTokenFile() *BuiltInAuthenticationOptions

func (*BuiltInAuthenticationOptions) WithWebHook Uses

func (s *BuiltInAuthenticationOptions) WithWebHook() *BuiltInAuthenticationOptions

type BuiltInAuthorizationOptions Uses

type BuiltInAuthorizationOptions struct {
    Modes                       []string
    PolicyFile                  string
    WebhookConfigFile           string
    WebhookCacheAuthorizedTTL   time.Duration
    WebhookCacheUnauthorizedTTL time.Duration
}

func NewBuiltInAuthorizationOptions Uses

func NewBuiltInAuthorizationOptions() *BuiltInAuthorizationOptions

func (*BuiltInAuthorizationOptions) AddFlags Uses

func (s *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet)

func (*BuiltInAuthorizationOptions) ToAuthorizationConfig Uses

func (s *BuiltInAuthorizationOptions) ToAuthorizationConfig(versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.Config

func (*BuiltInAuthorizationOptions) Validate Uses

func (s *BuiltInAuthorizationOptions) Validate() []error

type CloudProviderOptions Uses

type CloudProviderOptions struct {
    CloudConfigFile string
    CloudProvider   string
}

func NewCloudProviderOptions Uses

func NewCloudProviderOptions() *CloudProviderOptions

func (*CloudProviderOptions) AddFlags Uses

func (s *CloudProviderOptions) AddFlags(fs *pflag.FlagSet)

func (*CloudProviderOptions) Validate Uses

func (s *CloudProviderOptions) Validate() []error

type OIDCAuthenticationOptions Uses

type OIDCAuthenticationOptions struct {
    CAFile         string
    ClientID       string
    IssuerURL      string
    UsernameClaim  string
    UsernamePrefix string
    GroupsClaim    string
    GroupsPrefix   string
    SigningAlgs    []string
    RequiredClaims map[string]string
}

type PasswordFileAuthenticationOptions Uses

type PasswordFileAuthenticationOptions struct {
    BasicAuthFile string
}

type ServiceAccountAuthenticationOptions Uses

type ServiceAccountAuthenticationOptions struct {
    KeyFiles      []string
    Lookup        bool
    Issuer        string
    MaxExpiration time.Duration
}

type TokenFileAuthenticationOptions Uses

type TokenFileAuthenticationOptions struct {
    TokenFile string
}

type WebHookAuthenticationOptions Uses

type WebHookAuthenticationOptions struct {
    ConfigFile string
    CacheTTL   time.Duration
}

Package options imports 53 packages (graph) and is imported by 19 packages. Updated 2019-08-10. Refresh now. Tools for package owners.