istio.io/istio@v0.0.0-20240520182934-d79c90f27776/istioctl/pkg/clioptions/central.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package clioptions 16 17 import ( 18 "fmt" 19 "time" 20 21 "github.com/spf13/cobra" 22 "github.com/spf13/viper" 23 ) 24 25 // CentralControlPlaneOptions holds options common to all subcommands 26 // that invoke Istiod via xDS REST endpoint 27 type CentralControlPlaneOptions struct { 28 // Xds is XDS endpoint, e.g. localhost:15010. 29 Xds string 30 31 // XdsPodLabel is a Kubernetes label on the Istiod pods 32 XdsPodLabel string 33 34 // XdsPodPort is a port exposing XDS (typically 15010 or 15012) 35 XdsPodPort int 36 37 // CertDir is the local directory containing certificates 38 CertDir string 39 40 // Timeout is how long to wait before giving up on XDS 41 Timeout time.Duration 42 43 // InsecureSkipVerify skips client verification the server's certificate chain and host name. 44 InsecureSkipVerify bool 45 46 // XDSSAN is the expected Subject Alternative Name of the XDS server 47 XDSSAN string 48 49 // Plaintext forces plain text communication (for talking to port 15010) 50 Plaintext bool 51 52 // GCP project number or ID to use for XDS calls, if any. 53 GCPProject string 54 55 // Istiod address. For MCP may be different than Xds. 56 IstiodAddr string 57 } 58 59 // AttachControlPlaneFlags attaches control-plane flags to a Cobra command. 60 // (Currently just --endpoint) 61 func (o *CentralControlPlaneOptions) AttachControlPlaneFlags(cmd *cobra.Command) { 62 cmd.PersistentFlags().StringVar(&o.Xds, "xds-address", viper.GetString("XDS-ADDRESS"), 63 "XDS Endpoint") 64 cmd.PersistentFlags().StringVar(&o.CertDir, "cert-dir", viper.GetString("CERT-DIR"), 65 "XDS Endpoint certificate directory") 66 cmd.PersistentFlags().StringVar(&o.XdsPodLabel, "xds-label", "", 67 "Istiod pod label selector") 68 cmd.PersistentFlags().IntVar(&o.XdsPodPort, "xds-port", viper.GetInt("XDS-PORT"), 69 "Istiod pod port") 70 cmd.PersistentFlags().DurationVar(&o.Timeout, "timeout", time.Second*30, 71 "The duration to wait before failing") 72 cmd.PersistentFlags().StringVar(&o.XDSSAN, "authority", viper.GetString("AUTHORITY"), 73 "XDS Subject Alternative Name (for example istiod.istio-system.svc)") 74 cmd.PersistentFlags().BoolVar(&o.InsecureSkipVerify, "insecure", viper.GetBool("INSECURE"), 75 "Skip server certificate and domain verification. (NOT SECURE!)") 76 cmd.PersistentFlags().BoolVar(&o.Plaintext, "plaintext", viper.GetBool("PLAINTEXT"), 77 "Use plain-text HTTP/2 when connecting to server (no TLS).") 78 } 79 80 // ValidateControlPlaneFlags checks arguments for valid values and combinations 81 func (o *CentralControlPlaneOptions) ValidateControlPlaneFlags() error { 82 if o.Xds != "" && o.XdsPodLabel != "" { 83 return fmt.Errorf("either --xds-address or --xds-label, not both") 84 } 85 if o.Plaintext && o.CertDir != "" { 86 return fmt.Errorf("either --plaintext or --cert-dir, not both") 87 } 88 return nil 89 }