-
Notifications
You must be signed in to change notification settings - Fork 0
/
options.go
88 lines (78 loc) · 4.05 KB
/
options.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
/*
Copyright 2022 The Firefly Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
import (
"github.com/spf13/pflag"
)
const (
defaultBindAddress = "0.0.0.0"
defaultPort = 8443
defaultCertDir = "/tmp/k8s-webhook-server/serving-certs"
defaultTLSMinVersion = "1.3"
)
// Options contains everything necessary to create and run webhook server.
type Options struct {
// BindAddress is the IP address on which to listen for the --secure-port port.
// Default is "0.0.0.0".
BindAddress string
// SecurePort is the port that the webhook server serves at.
// Default is 8443.
SecurePort int
// CertDir is the directory that contains the server key and certificate.
// if not set, webhook server would look up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs.
CertDir string
// CertName is the server certificate name. Defaults to tls.crt.
CertName string
// KeyName is the server key name. Defaults to tls.key.
KeyName string
// TLSMinVersion is the minimum version of TLS supported. Possible values: 1.0, 1.1, 1.2, 1.3.
// Some environments have automated security scans that trigger on TLS versions or insecure cipher suites, and
// setting TLS to 1.3 would solve both problems.
// Defaults to 1.3.
TLSMinVersion string
// KubeAPIQPS is the QPS to use while talking with karmada-apiserver.
KubeAPIQPS float32
// KubeAPIBurst is the burst to allow while talking with karmada-apiserver.
KubeAPIBurst int
// MetricsBindAddress is the TCP address that the controller should bind to
// for serving prometheus metrics.
// It can be set to "0" to disable the metrics serving.
// Defaults to ":8080".
MetricsBindAddress string
// HealthProbeBindAddress is the TCP address that the controller should bind to
// for serving health probes
// Defaults to ":8000".
HealthProbeBindAddress string
DefaultNotReadyTolerationSeconds int64
DefaultUnreachableTolerationSeconds int64
}
// NewOptions builds an empty options.
func NewOptions() *Options {
return &Options{}
}
// AddFlags adds flags to the specified FlagSet.
func (o *Options) AddFlags(flags *pflag.FlagSet) {
flags.StringVar(&o.BindAddress, "bind-address", defaultBindAddress,
"The IP address on which to listen for the --secure-port port.")
flags.IntVar(&o.SecurePort, "secure-port", defaultPort,
"The secure port on which to serve HTTPS.")
flags.StringVar(&o.CertDir, "cert-dir", defaultCertDir,
"The directory that contains the server key and certificate.")
flags.StringVar(&o.CertName, "tls-cert-file-name", "tls.crt", "The name of server certificate.")
flags.StringVar(&o.KeyName, "tls-private-key-file-name", "tls.key", "The name of server key.")
flags.StringVar(&o.TLSMinVersion, "tls-min-version", defaultTLSMinVersion, "Minimum TLS version supported. Possible values: 1.0, 1.1, 1.2, 1.3.")
flags.Float32Var(&o.KubeAPIQPS, "kube-api-qps", 40.0, "QPS to use while talking with karmada-apiserver. Doesn't cover events and node heartbeat apis which rate limiting is controlled by a different set of flags.")
flags.IntVar(&o.KubeAPIBurst, "kube-api-burst", 60, "Burst to use while talking with karmada-apiserver. Doesn't cover events and node heartbeat apis which rate limiting is controlled by a different set of flags.")
flags.StringVar(&o.MetricsBindAddress, "metrics-bind-address", ":8080", "The TCP address that the controller should bind to for serving prometheus metrics(e.g. 127.0.0.1:8088, :8088)")
flags.StringVar(&o.HealthProbeBindAddress, "health-probe-bind-address", ":8000", "The TCP address that the controller should bind to for serving health probes(e.g. 127.0.0.1:8000, :8000)")
}