2019-01-12 04:58:27 +00:00
/ *
Copyright 2016 The Kubernetes Authors .
Licensed under the Apache License , Version 2.0 ( the "License" ) ;
you may not use this file except in compliance with the License .
You may obtain a copy of the License at
http : //www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing , software
distributed under the License is distributed on an "AS IS" BASIS ,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
See the License for the specific language governing permissions and
limitations under the License .
* /
package options
import (
2021-07-02 08:43:15 +00:00
"fmt"
2019-01-12 04:58:27 +00:00
"github.com/spf13/pflag"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apiserver/pkg/admission"
2020-03-26 21:07:15 +00:00
"k8s.io/apiserver/pkg/features"
2019-01-12 04:58:27 +00:00
"k8s.io/apiserver/pkg/server"
"k8s.io/apiserver/pkg/storage/storagebackend"
2020-03-26 21:07:15 +00:00
"k8s.io/apiserver/pkg/util/feature"
utilflowcontrol "k8s.io/apiserver/pkg/util/flowcontrol"
"k8s.io/client-go/kubernetes"
2019-12-12 01:27:03 +00:00
"k8s.io/component-base/featuregate"
2021-03-19 18:50:37 +00:00
"k8s.io/klog/v2"
2019-01-12 04:58:27 +00:00
)
// RecommendedOptions contains the recommended options for running an API server.
// If you add something to this list, it should be in a logical grouping.
// Each of them can be nil to leave the feature unconfigured on ApplyTo.
type RecommendedOptions struct {
Etcd * EtcdOptions
SecureServing * SecureServingOptionsWithLoopback
Authentication * DelegatingAuthenticationOptions
Authorization * DelegatingAuthorizationOptions
Audit * AuditOptions
Features * FeatureOptions
CoreAPI * CoreAPIOptions
2019-12-12 01:27:03 +00:00
// FeatureGate is a way to plumb feature gate through if you have them.
FeatureGate featuregate . FeatureGate
2019-01-12 04:58:27 +00:00
// ExtraAdmissionInitializers is called once after all ApplyTo from the options above, to pass the returned
// admission plugin initializers to Admission.ApplyTo.
ExtraAdmissionInitializers func ( c * server . RecommendedConfig ) ( [ ] admission . PluginInitializer , error )
Admission * AdmissionOptions
2019-09-27 21:51:53 +00:00
// API Server Egress Selector is used to control outbound traffic from the API Server
EgressSelector * EgressSelectorOptions
2021-07-02 08:43:15 +00:00
// Traces contains options to control distributed request tracing.
Traces * TracingOptions
2019-01-12 04:58:27 +00:00
}
2020-08-10 17:43:49 +00:00
func NewRecommendedOptions ( prefix string , codec runtime . Codec ) * RecommendedOptions {
2019-01-12 04:58:27 +00:00
sso := NewSecureServingOptions ( )
// We are composing recommended options for an aggregated api-server,
// whose client is typically a proxy multiplexing many operations ---
// notably including long-running ones --- into one HTTP/2 connection
// into this server. So allow many concurrent operations.
sso . HTTP2MaxStreamsPerConnection = 1000
return & RecommendedOptions {
2019-12-12 01:27:03 +00:00
Etcd : NewEtcdOptions ( storagebackend . NewDefaultConfig ( prefix , codec ) ) ,
SecureServing : sso . WithLoopback ( ) ,
Authentication : NewDelegatingAuthenticationOptions ( ) ,
Authorization : NewDelegatingAuthorizationOptions ( ) ,
Audit : NewAuditOptions ( ) ,
Features : NewFeatureOptions ( ) ,
CoreAPI : NewCoreAPIOptions ( ) ,
// Wired a global by default that sadly people will abuse to have different meanings in different repos.
// Please consider creating your own FeatureGate so you can have a consistent meaning for what a variable contains
// across different repos. Future you will thank you.
FeatureGate : feature . DefaultFeatureGate ,
2019-01-12 04:58:27 +00:00
ExtraAdmissionInitializers : func ( c * server . RecommendedConfig ) ( [ ] admission . PluginInitializer , error ) { return nil , nil } ,
Admission : NewAdmissionOptions ( ) ,
2019-09-27 21:51:53 +00:00
EgressSelector : NewEgressSelectorOptions ( ) ,
2021-07-02 08:43:15 +00:00
Traces : NewTracingOptions ( ) ,
2019-01-12 04:58:27 +00:00
}
}
func ( o * RecommendedOptions ) AddFlags ( fs * pflag . FlagSet ) {
o . Etcd . AddFlags ( fs )
o . SecureServing . AddFlags ( fs )
o . Authentication . AddFlags ( fs )
o . Authorization . AddFlags ( fs )
o . Audit . AddFlags ( fs )
o . Features . AddFlags ( fs )
o . CoreAPI . AddFlags ( fs )
o . Admission . AddFlags ( fs )
2019-09-27 21:51:53 +00:00
o . EgressSelector . AddFlags ( fs )
2021-07-02 08:43:15 +00:00
o . Traces . AddFlags ( fs )
2019-01-12 04:58:27 +00:00
}
// ApplyTo adds RecommendedOptions to the server configuration.
// pluginInitializers can be empty, it is only need for additional initializers.
2019-04-07 17:07:55 +00:00
func ( o * RecommendedOptions ) ApplyTo ( config * server . RecommendedConfig ) error {
2019-01-12 04:58:27 +00:00
if err := o . Etcd . ApplyTo ( & config . Config ) ; err != nil {
return err
}
2021-07-02 08:43:15 +00:00
if err := o . EgressSelector . ApplyTo ( & config . Config ) ; err != nil {
return err
}
if feature . DefaultFeatureGate . Enabled ( features . APIServerTracing ) {
if err := o . Traces . ApplyTo ( config . Config . EgressSelector , & config . Config ) ; err != nil {
return err
}
}
2019-01-12 04:58:27 +00:00
if err := o . SecureServing . ApplyTo ( & config . Config . SecureServing , & config . Config . LoopbackClientConfig ) ; err != nil {
return err
}
2019-08-30 18:33:25 +00:00
if err := o . Authentication . ApplyTo ( & config . Config . Authentication , config . SecureServing , config . OpenAPIConfig ) ; err != nil {
2019-01-12 04:58:27 +00:00
return err
}
if err := o . Authorization . ApplyTo ( & config . Config . Authorization ) ; err != nil {
return err
}
2020-08-10 17:43:49 +00:00
if err := o . Audit . ApplyTo ( & config . Config ) ; err != nil {
2019-01-12 04:58:27 +00:00
return err
}
if err := o . Features . ApplyTo ( & config . Config ) ; err != nil {
return err
}
if err := o . CoreAPI . ApplyTo ( config ) ; err != nil {
return err
}
if initializers , err := o . ExtraAdmissionInitializers ( config ) ; err != nil {
return err
2019-12-12 01:27:03 +00:00
} else if err := o . Admission . ApplyTo ( & config . Config , config . SharedInformerFactory , config . ClientConfig , o . FeatureGate , initializers ... ) ; err != nil {
2019-01-12 04:58:27 +00:00
return err
}
2020-03-26 21:07:15 +00:00
if feature . DefaultFeatureGate . Enabled ( features . APIPriorityAndFairness ) {
2021-03-19 18:50:37 +00:00
if config . ClientConfig != nil {
2021-07-02 08:43:15 +00:00
if config . MaxRequestsInFlight + config . MaxMutatingRequestsInFlight <= 0 {
return fmt . Errorf ( "invalid configuration: MaxRequestsInFlight=%d and MaxMutatingRequestsInFlight=%d; they must add up to something positive" , config . MaxRequestsInFlight , config . MaxMutatingRequestsInFlight )
}
2021-03-19 18:50:37 +00:00
config . FlowControl = utilflowcontrol . New (
config . SharedInformerFactory ,
kubernetes . NewForConfigOrDie ( config . ClientConfig ) . FlowcontrolV1beta1 ( ) ,
config . MaxRequestsInFlight + config . MaxMutatingRequestsInFlight ,
config . RequestTimeout / 4 ,
)
} else {
klog . Warningf ( "Neither kubeconfig is provided nor service-account is mounted, so APIPriorityAndFairness will be disabled" )
}
2020-03-26 21:07:15 +00:00
}
2019-01-12 04:58:27 +00:00
return nil
}
func ( o * RecommendedOptions ) Validate ( ) [ ] error {
errors := [ ] error { }
errors = append ( errors , o . Etcd . Validate ( ) ... )
errors = append ( errors , o . SecureServing . Validate ( ) ... )
errors = append ( errors , o . Authentication . Validate ( ) ... )
errors = append ( errors , o . Authorization . Validate ( ) ... )
errors = append ( errors , o . Audit . Validate ( ) ... )
errors = append ( errors , o . Features . Validate ( ) ... )
errors = append ( errors , o . CoreAPI . Validate ( ) ... )
errors = append ( errors , o . Admission . Validate ( ) ... )
2019-09-27 21:51:53 +00:00
errors = append ( errors , o . EgressSelector . Validate ( ) ... )
2021-07-02 08:43:15 +00:00
errors = append ( errors , o . Traces . Validate ( ) ... )
2019-01-12 04:58:27 +00:00
return errors
}
