Matthias Andreas Benkard | 832a54e | 2019-01-29 09:27:38 +0100 | [diff] [blame^] | 1 | /* |
| 2 | Copyright 2016 The Kubernetes Authors. |
| 3 | |
| 4 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | you may not use this file except in compliance with the License. |
| 6 | You may obtain a copy of the License at |
| 7 | |
| 8 | http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | |
| 10 | Unless required by applicable law or agreed to in writing, software |
| 11 | distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | See the License for the specific language governing permissions and |
| 14 | limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package options |
| 18 | |
| 19 | import ( |
| 20 | "github.com/spf13/pflag" |
| 21 | |
| 22 | "k8s.io/apimachinery/pkg/runtime" |
| 23 | "k8s.io/apiserver/pkg/admission" |
| 24 | "k8s.io/apiserver/pkg/server" |
| 25 | "k8s.io/apiserver/pkg/storage/storagebackend" |
| 26 | ) |
| 27 | |
| 28 | // RecommendedOptions contains the recommended options for running an API server. |
| 29 | // If you add something to this list, it should be in a logical grouping. |
| 30 | // Each of them can be nil to leave the feature unconfigured on ApplyTo. |
| 31 | type RecommendedOptions struct { |
| 32 | Etcd *EtcdOptions |
| 33 | SecureServing *SecureServingOptionsWithLoopback |
| 34 | Authentication *DelegatingAuthenticationOptions |
| 35 | Authorization *DelegatingAuthorizationOptions |
| 36 | Audit *AuditOptions |
| 37 | Features *FeatureOptions |
| 38 | CoreAPI *CoreAPIOptions |
| 39 | |
| 40 | // ExtraAdmissionInitializers is called once after all ApplyTo from the options above, to pass the returned |
| 41 | // admission plugin initializers to Admission.ApplyTo. |
| 42 | ExtraAdmissionInitializers func(c *server.RecommendedConfig) ([]admission.PluginInitializer, error) |
| 43 | Admission *AdmissionOptions |
| 44 | } |
| 45 | |
| 46 | func NewRecommendedOptions(prefix string, codec runtime.Codec) *RecommendedOptions { |
| 47 | sso := NewSecureServingOptions() |
| 48 | |
| 49 | // We are composing recommended options for an aggregated api-server, |
| 50 | // whose client is typically a proxy multiplexing many operations --- |
| 51 | // notably including long-running ones --- into one HTTP/2 connection |
| 52 | // into this server. So allow many concurrent operations. |
| 53 | sso.HTTP2MaxStreamsPerConnection = 1000 |
| 54 | |
| 55 | return &RecommendedOptions{ |
| 56 | Etcd: NewEtcdOptions(storagebackend.NewDefaultConfig(prefix, codec)), |
| 57 | SecureServing: WithLoopback(sso), |
| 58 | Authentication: NewDelegatingAuthenticationOptions(), |
| 59 | Authorization: NewDelegatingAuthorizationOptions(), |
| 60 | Audit: NewAuditOptions(), |
| 61 | Features: NewFeatureOptions(), |
| 62 | CoreAPI: NewCoreAPIOptions(), |
| 63 | ExtraAdmissionInitializers: func(c *server.RecommendedConfig) ([]admission.PluginInitializer, error) { return nil, nil }, |
| 64 | Admission: NewAdmissionOptions(), |
| 65 | } |
| 66 | } |
| 67 | |
| 68 | func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet) { |
| 69 | o.Etcd.AddFlags(fs) |
| 70 | o.SecureServing.AddFlags(fs) |
| 71 | o.Authentication.AddFlags(fs) |
| 72 | o.Authorization.AddFlags(fs) |
| 73 | o.Audit.AddFlags(fs) |
| 74 | o.Features.AddFlags(fs) |
| 75 | o.CoreAPI.AddFlags(fs) |
| 76 | o.Admission.AddFlags(fs) |
| 77 | } |
| 78 | |
| 79 | // ApplyTo adds RecommendedOptions to the server configuration. |
| 80 | // scheme is the scheme of the apiserver types that are sent to the admission chain. |
| 81 | // pluginInitializers can be empty, it is only need for additional initializers. |
| 82 | func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig, scheme *runtime.Scheme) error { |
| 83 | if err := o.Etcd.ApplyTo(&config.Config); err != nil { |
| 84 | return err |
| 85 | } |
| 86 | if err := o.SecureServing.ApplyTo(&config.Config); err != nil { |
| 87 | return err |
| 88 | } |
| 89 | if err := o.Authentication.ApplyTo(&config.Config.Authentication, config.SecureServing, config.OpenAPIConfig); err != nil { |
| 90 | return err |
| 91 | } |
| 92 | if err := o.Authorization.ApplyTo(&config.Config.Authorization); err != nil { |
| 93 | return err |
| 94 | } |
| 95 | if err := o.Audit.ApplyTo(&config.Config); err != nil { |
| 96 | return err |
| 97 | } |
| 98 | if err := o.Features.ApplyTo(&config.Config); err != nil { |
| 99 | return err |
| 100 | } |
| 101 | if err := o.CoreAPI.ApplyTo(config); err != nil { |
| 102 | return err |
| 103 | } |
| 104 | if initializers, err := o.ExtraAdmissionInitializers(config); err != nil { |
| 105 | return err |
| 106 | } else if err := o.Admission.ApplyTo(&config.Config, config.SharedInformerFactory, config.ClientConfig, scheme, initializers...); err != nil { |
| 107 | return err |
| 108 | } |
| 109 | |
| 110 | return nil |
| 111 | } |
| 112 | |
| 113 | func (o *RecommendedOptions) Validate() []error { |
| 114 | errors := []error{} |
| 115 | errors = append(errors, o.Etcd.Validate()...) |
| 116 | errors = append(errors, o.SecureServing.Validate()...) |
| 117 | errors = append(errors, o.Authentication.Validate()...) |
| 118 | errors = append(errors, o.Authorization.Validate()...) |
| 119 | errors = append(errors, o.Audit.Validate()...) |
| 120 | errors = append(errors, o.Features.Validate()...) |
| 121 | errors = append(errors, o.CoreAPI.Validate()...) |
| 122 | errors = append(errors, o.Admission.Validate()...) |
| 123 | |
| 124 | return errors |
| 125 | } |