k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cmd/kube-controller-manager/app/options/options.go (about) 1 /* 2 Copyright 2014 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 // Package options provides the flags used for the controller manager. 18 package options 19 20 import ( 21 "fmt" 22 "net" 23 24 v1 "k8s.io/api/core/v1" 25 utilerrors "k8s.io/apimachinery/pkg/util/errors" 26 apiserveroptions "k8s.io/apiserver/pkg/server/options" 27 utilfeature "k8s.io/apiserver/pkg/util/feature" 28 clientset "k8s.io/client-go/kubernetes" 29 clientgokubescheme "k8s.io/client-go/kubernetes/scheme" 30 restclient "k8s.io/client-go/rest" 31 "k8s.io/client-go/tools/clientcmd" 32 "k8s.io/client-go/tools/record" 33 cpnames "k8s.io/cloud-provider/names" 34 cpoptions "k8s.io/cloud-provider/options" 35 cliflag "k8s.io/component-base/cli/flag" 36 "k8s.io/component-base/logs" 37 logsapi "k8s.io/component-base/logs/api/v1" 38 "k8s.io/component-base/metrics" 39 cmoptions "k8s.io/controller-manager/options" 40 kubectrlmgrconfigv1alpha1 "k8s.io/kube-controller-manager/config/v1alpha1" 41 kubecontrollerconfig "k8s.io/kubernetes/cmd/kube-controller-manager/app/config" 42 "k8s.io/kubernetes/cmd/kube-controller-manager/names" 43 "k8s.io/kubernetes/pkg/cluster/ports" 44 kubectrlmgrconfig "k8s.io/kubernetes/pkg/controller/apis/config" 45 kubectrlmgrconfigscheme "k8s.io/kubernetes/pkg/controller/apis/config/scheme" 46 "k8s.io/kubernetes/pkg/controller/garbagecollector" 47 garbagecollectorconfig "k8s.io/kubernetes/pkg/controller/garbagecollector/config" 48 netutils "k8s.io/utils/net" 49 50 // add the kubernetes feature gates 51 _ "k8s.io/kubernetes/pkg/features" 52 ) 53 54 const ( 55 // KubeControllerManagerUserAgent is the userAgent name when starting kube-controller managers. 56 KubeControllerManagerUserAgent = "kube-controller-manager" 57 ) 58 59 // KubeControllerManagerOptions is the main context object for the kube-controller manager. 60 type KubeControllerManagerOptions struct { 61 Generic *cmoptions.GenericControllerManagerConfigurationOptions 62 KubeCloudShared *cpoptions.KubeCloudSharedOptions 63 ServiceController *cpoptions.ServiceControllerOptions 64 65 AttachDetachController *AttachDetachControllerOptions 66 CSRSigningController *CSRSigningControllerOptions 67 DaemonSetController *DaemonSetControllerOptions 68 DeploymentController *DeploymentControllerOptions 69 StatefulSetController *StatefulSetControllerOptions 70 DeprecatedFlags *DeprecatedControllerOptions 71 EndpointController *EndpointControllerOptions 72 EndpointSliceController *EndpointSliceControllerOptions 73 EndpointSliceMirroringController *EndpointSliceMirroringControllerOptions 74 EphemeralVolumeController *EphemeralVolumeControllerOptions 75 GarbageCollectorController *GarbageCollectorControllerOptions 76 HPAController *HPAControllerOptions 77 JobController *JobControllerOptions 78 CronJobController *CronJobControllerOptions 79 LegacySATokenCleaner *LegacySATokenCleanerOptions 80 NamespaceController *NamespaceControllerOptions 81 NodeIPAMController *NodeIPAMControllerOptions 82 NodeLifecycleController *NodeLifecycleControllerOptions 83 PersistentVolumeBinderController *PersistentVolumeBinderControllerOptions 84 PodGCController *PodGCControllerOptions 85 ReplicaSetController *ReplicaSetControllerOptions 86 ReplicationController *ReplicationControllerOptions 87 ResourceQuotaController *ResourceQuotaControllerOptions 88 SAController *SAControllerOptions 89 TTLAfterFinishedController *TTLAfterFinishedControllerOptions 90 ValidatingAdmissionPolicyStatusController *ValidatingAdmissionPolicyStatusControllerOptions 91 92 SecureServing *apiserveroptions.SecureServingOptionsWithLoopback 93 Authentication *apiserveroptions.DelegatingAuthenticationOptions 94 Authorization *apiserveroptions.DelegatingAuthorizationOptions 95 Metrics *metrics.Options 96 Logs *logs.Options 97 98 Master string 99 ShowHiddenMetricsForVersion string 100 } 101 102 // NewKubeControllerManagerOptions creates a new KubeControllerManagerOptions with a default config. 103 func NewKubeControllerManagerOptions() (*KubeControllerManagerOptions, error) { 104 componentConfig, err := NewDefaultComponentConfig() 105 if err != nil { 106 return nil, err 107 } 108 109 s := KubeControllerManagerOptions{ 110 Generic: cmoptions.NewGenericControllerManagerConfigurationOptions(&componentConfig.Generic), 111 KubeCloudShared: cpoptions.NewKubeCloudSharedOptions(&componentConfig.KubeCloudShared), 112 ServiceController: &cpoptions.ServiceControllerOptions{ 113 ServiceControllerConfiguration: &componentConfig.ServiceController, 114 }, 115 AttachDetachController: &AttachDetachControllerOptions{ 116 &componentConfig.AttachDetachController, 117 }, 118 CSRSigningController: &CSRSigningControllerOptions{ 119 &componentConfig.CSRSigningController, 120 }, 121 DaemonSetController: &DaemonSetControllerOptions{ 122 &componentConfig.DaemonSetController, 123 }, 124 DeploymentController: &DeploymentControllerOptions{ 125 &componentConfig.DeploymentController, 126 }, 127 StatefulSetController: &StatefulSetControllerOptions{ 128 &componentConfig.StatefulSetController, 129 }, 130 DeprecatedFlags: &DeprecatedControllerOptions{ 131 &componentConfig.DeprecatedController, 132 }, 133 EndpointController: &EndpointControllerOptions{ 134 &componentConfig.EndpointController, 135 }, 136 EndpointSliceController: &EndpointSliceControllerOptions{ 137 &componentConfig.EndpointSliceController, 138 }, 139 EndpointSliceMirroringController: &EndpointSliceMirroringControllerOptions{ 140 &componentConfig.EndpointSliceMirroringController, 141 }, 142 EphemeralVolumeController: &EphemeralVolumeControllerOptions{ 143 &componentConfig.EphemeralVolumeController, 144 }, 145 GarbageCollectorController: &GarbageCollectorControllerOptions{ 146 &componentConfig.GarbageCollectorController, 147 }, 148 HPAController: &HPAControllerOptions{ 149 &componentConfig.HPAController, 150 }, 151 JobController: &JobControllerOptions{ 152 &componentConfig.JobController, 153 }, 154 CronJobController: &CronJobControllerOptions{ 155 &componentConfig.CronJobController, 156 }, 157 LegacySATokenCleaner: &LegacySATokenCleanerOptions{ 158 &componentConfig.LegacySATokenCleaner, 159 }, 160 NamespaceController: &NamespaceControllerOptions{ 161 &componentConfig.NamespaceController, 162 }, 163 NodeIPAMController: &NodeIPAMControllerOptions{ 164 &componentConfig.NodeIPAMController, 165 }, 166 NodeLifecycleController: &NodeLifecycleControllerOptions{ 167 &componentConfig.NodeLifecycleController, 168 }, 169 PersistentVolumeBinderController: &PersistentVolumeBinderControllerOptions{ 170 &componentConfig.PersistentVolumeBinderController, 171 }, 172 PodGCController: &PodGCControllerOptions{ 173 &componentConfig.PodGCController, 174 }, 175 ReplicaSetController: &ReplicaSetControllerOptions{ 176 &componentConfig.ReplicaSetController, 177 }, 178 ReplicationController: &ReplicationControllerOptions{ 179 &componentConfig.ReplicationController, 180 }, 181 ResourceQuotaController: &ResourceQuotaControllerOptions{ 182 &componentConfig.ResourceQuotaController, 183 }, 184 SAController: &SAControllerOptions{ 185 &componentConfig.SAController, 186 }, 187 TTLAfterFinishedController: &TTLAfterFinishedControllerOptions{ 188 &componentConfig.TTLAfterFinishedController, 189 }, 190 ValidatingAdmissionPolicyStatusController: &ValidatingAdmissionPolicyStatusControllerOptions{ 191 &componentConfig.ValidatingAdmissionPolicyStatusController, 192 }, 193 SecureServing: apiserveroptions.NewSecureServingOptions().WithLoopback(), 194 Authentication: apiserveroptions.NewDelegatingAuthenticationOptions(), 195 Authorization: apiserveroptions.NewDelegatingAuthorizationOptions(), 196 Metrics: metrics.NewOptions(), 197 Logs: logs.NewOptions(), 198 } 199 200 s.Authentication.RemoteKubeConfigFileOptional = true 201 s.Authorization.RemoteKubeConfigFileOptional = true 202 203 // Set the PairName but leave certificate directory blank to generate in-memory by default 204 s.SecureServing.ServerCert.CertDirectory = "" 205 s.SecureServing.ServerCert.PairName = "kube-controller-manager" 206 s.SecureServing.BindPort = ports.KubeControllerManagerPort 207 208 gcIgnoredResources := make([]garbagecollectorconfig.GroupResource, 0, len(garbagecollector.DefaultIgnoredResources())) 209 for r := range garbagecollector.DefaultIgnoredResources() { 210 gcIgnoredResources = append(gcIgnoredResources, garbagecollectorconfig.GroupResource{Group: r.Group, Resource: r.Resource}) 211 } 212 213 s.GarbageCollectorController.GCIgnoredResources = gcIgnoredResources 214 s.Generic.LeaderElection.ResourceName = "kube-controller-manager" 215 s.Generic.LeaderElection.ResourceNamespace = "kube-system" 216 217 return &s, nil 218 } 219 220 // NewDefaultComponentConfig returns kube-controller manager configuration object. 221 func NewDefaultComponentConfig() (kubectrlmgrconfig.KubeControllerManagerConfiguration, error) { 222 versioned := kubectrlmgrconfigv1alpha1.KubeControllerManagerConfiguration{} 223 kubectrlmgrconfigscheme.Scheme.Default(&versioned) 224 225 internal := kubectrlmgrconfig.KubeControllerManagerConfiguration{} 226 if err := kubectrlmgrconfigscheme.Scheme.Convert(&versioned, &internal, nil); err != nil { 227 return internal, err 228 } 229 return internal, nil 230 } 231 232 // Flags returns flags for a specific KubeController by section name 233 func (s *KubeControllerManagerOptions) Flags(allControllers []string, disabledByDefaultControllers []string, controllerAliases map[string]string) cliflag.NamedFlagSets { 234 fss := cliflag.NamedFlagSets{} 235 s.Generic.AddFlags(&fss, allControllers, disabledByDefaultControllers, controllerAliases) 236 s.KubeCloudShared.AddFlags(fss.FlagSet("generic")) 237 s.ServiceController.AddFlags(fss.FlagSet(cpnames.ServiceLBController)) 238 239 s.SecureServing.AddFlags(fss.FlagSet("secure serving")) 240 s.Authentication.AddFlags(fss.FlagSet("authentication")) 241 s.Authorization.AddFlags(fss.FlagSet("authorization")) 242 243 s.AttachDetachController.AddFlags(fss.FlagSet(names.PersistentVolumeAttachDetachController)) 244 s.CSRSigningController.AddFlags(fss.FlagSet(names.CertificateSigningRequestSigningController)) 245 s.DeploymentController.AddFlags(fss.FlagSet(names.DeploymentController)) 246 s.StatefulSetController.AddFlags(fss.FlagSet(names.StatefulSetController)) 247 s.DaemonSetController.AddFlags(fss.FlagSet(names.DaemonSetController)) 248 s.DeprecatedFlags.AddFlags(fss.FlagSet("deprecated")) 249 s.EndpointController.AddFlags(fss.FlagSet(names.EndpointsController)) 250 s.EndpointSliceController.AddFlags(fss.FlagSet(names.EndpointSliceController)) 251 s.EndpointSliceMirroringController.AddFlags(fss.FlagSet(names.EndpointSliceMirroringController)) 252 s.EphemeralVolumeController.AddFlags(fss.FlagSet(names.EphemeralVolumeController)) 253 s.GarbageCollectorController.AddFlags(fss.FlagSet(names.GarbageCollectorController)) 254 s.HPAController.AddFlags(fss.FlagSet(names.HorizontalPodAutoscalerController)) 255 s.JobController.AddFlags(fss.FlagSet(names.JobController)) 256 s.CronJobController.AddFlags(fss.FlagSet(names.CronJobController)) 257 s.LegacySATokenCleaner.AddFlags(fss.FlagSet(names.LegacyServiceAccountTokenCleanerController)) 258 s.NamespaceController.AddFlags(fss.FlagSet(names.NamespaceController)) 259 s.NodeIPAMController.AddFlags(fss.FlagSet(names.NodeIpamController)) 260 s.NodeLifecycleController.AddFlags(fss.FlagSet(names.NodeLifecycleController)) 261 s.PersistentVolumeBinderController.AddFlags(fss.FlagSet(names.PersistentVolumeBinderController)) 262 s.PodGCController.AddFlags(fss.FlagSet(names.PodGarbageCollectorController)) 263 s.ReplicaSetController.AddFlags(fss.FlagSet(names.ReplicaSetController)) 264 s.ReplicationController.AddFlags(fss.FlagSet(names.ReplicationControllerController)) 265 s.ResourceQuotaController.AddFlags(fss.FlagSet(names.ResourceQuotaController)) 266 s.SAController.AddFlags(fss.FlagSet(names.ServiceAccountController)) 267 s.TTLAfterFinishedController.AddFlags(fss.FlagSet(names.TTLAfterFinishedController)) 268 s.ValidatingAdmissionPolicyStatusController.AddFlags(fss.FlagSet(names.ValidatingAdmissionPolicyStatusController)) 269 270 s.Metrics.AddFlags(fss.FlagSet("metrics")) 271 logsapi.AddFlags(s.Logs, fss.FlagSet("logs")) 272 273 fs := fss.FlagSet("misc") 274 fs.StringVar(&s.Master, "master", s.Master, "The address of the Kubernetes API server (overrides any value in kubeconfig).") 275 fs.StringVar(&s.Generic.ClientConnection.Kubeconfig, "kubeconfig", s.Generic.ClientConnection.Kubeconfig, "Path to kubeconfig file with authorization and master location information (the master location can be overridden by the master flag).") 276 utilfeature.DefaultMutableFeatureGate.AddFlag(fss.FlagSet("generic")) 277 278 return fss 279 } 280 281 // ApplyTo fills up controller manager config with options. 282 func (s *KubeControllerManagerOptions) ApplyTo(c *kubecontrollerconfig.Config, allControllers []string, disabledByDefaultControllers []string, controllerAliases map[string]string) error { 283 if err := s.Generic.ApplyTo(&c.ComponentConfig.Generic, allControllers, disabledByDefaultControllers, controllerAliases); err != nil { 284 return err 285 } 286 if err := s.KubeCloudShared.ApplyTo(&c.ComponentConfig.KubeCloudShared); err != nil { 287 return err 288 } 289 if err := s.AttachDetachController.ApplyTo(&c.ComponentConfig.AttachDetachController); err != nil { 290 return err 291 } 292 if err := s.CSRSigningController.ApplyTo(&c.ComponentConfig.CSRSigningController); err != nil { 293 return err 294 } 295 if err := s.DaemonSetController.ApplyTo(&c.ComponentConfig.DaemonSetController); err != nil { 296 return err 297 } 298 if err := s.DeploymentController.ApplyTo(&c.ComponentConfig.DeploymentController); err != nil { 299 return err 300 } 301 if err := s.StatefulSetController.ApplyTo(&c.ComponentConfig.StatefulSetController); err != nil { 302 return err 303 } 304 if err := s.DeprecatedFlags.ApplyTo(&c.ComponentConfig.DeprecatedController); err != nil { 305 return err 306 } 307 if err := s.EndpointController.ApplyTo(&c.ComponentConfig.EndpointController); err != nil { 308 return err 309 } 310 if err := s.EndpointSliceController.ApplyTo(&c.ComponentConfig.EndpointSliceController); err != nil { 311 return err 312 } 313 if err := s.EndpointSliceMirroringController.ApplyTo(&c.ComponentConfig.EndpointSliceMirroringController); err != nil { 314 return err 315 } 316 if err := s.EphemeralVolumeController.ApplyTo(&c.ComponentConfig.EphemeralVolumeController); err != nil { 317 return err 318 } 319 if err := s.GarbageCollectorController.ApplyTo(&c.ComponentConfig.GarbageCollectorController); err != nil { 320 return err 321 } 322 if err := s.HPAController.ApplyTo(&c.ComponentConfig.HPAController); err != nil { 323 return err 324 } 325 if err := s.JobController.ApplyTo(&c.ComponentConfig.JobController); err != nil { 326 return err 327 } 328 if err := s.CronJobController.ApplyTo(&c.ComponentConfig.CronJobController); err != nil { 329 return err 330 } 331 if err := s.LegacySATokenCleaner.ApplyTo(&c.ComponentConfig.LegacySATokenCleaner); err != nil { 332 return err 333 } 334 if err := s.NamespaceController.ApplyTo(&c.ComponentConfig.NamespaceController); err != nil { 335 return err 336 } 337 if err := s.NodeIPAMController.ApplyTo(&c.ComponentConfig.NodeIPAMController); err != nil { 338 return err 339 } 340 if err := s.NodeLifecycleController.ApplyTo(&c.ComponentConfig.NodeLifecycleController); err != nil { 341 return err 342 } 343 if err := s.PersistentVolumeBinderController.ApplyTo(&c.ComponentConfig.PersistentVolumeBinderController); err != nil { 344 return err 345 } 346 if err := s.PodGCController.ApplyTo(&c.ComponentConfig.PodGCController); err != nil { 347 return err 348 } 349 if err := s.ReplicaSetController.ApplyTo(&c.ComponentConfig.ReplicaSetController); err != nil { 350 return err 351 } 352 if err := s.ReplicationController.ApplyTo(&c.ComponentConfig.ReplicationController); err != nil { 353 return err 354 } 355 if err := s.ResourceQuotaController.ApplyTo(&c.ComponentConfig.ResourceQuotaController); err != nil { 356 return err 357 } 358 if err := s.SAController.ApplyTo(&c.ComponentConfig.SAController); err != nil { 359 return err 360 } 361 if err := s.ServiceController.ApplyTo(&c.ComponentConfig.ServiceController); err != nil { 362 return err 363 } 364 if err := s.TTLAfterFinishedController.ApplyTo(&c.ComponentConfig.TTLAfterFinishedController); err != nil { 365 return err 366 } 367 if err := s.ValidatingAdmissionPolicyStatusController.ApplyTo(&c.ComponentConfig.ValidatingAdmissionPolicyStatusController); err != nil { 368 return err 369 } 370 if err := s.SecureServing.ApplyTo(&c.SecureServing, &c.LoopbackClientConfig); err != nil { 371 return err 372 } 373 if s.SecureServing.BindPort != 0 || s.SecureServing.Listener != nil { 374 if err := s.Authentication.ApplyTo(&c.Authentication, c.SecureServing, nil); err != nil { 375 return err 376 } 377 if err := s.Authorization.ApplyTo(&c.Authorization); err != nil { 378 return err 379 } 380 } 381 return nil 382 } 383 384 // Validate is used to validate the options and config before launching the controller manager 385 func (s *KubeControllerManagerOptions) Validate(allControllers []string, disabledByDefaultControllers []string, controllerAliases map[string]string) error { 386 var errs []error 387 388 errs = append(errs, s.Generic.Validate(allControllers, disabledByDefaultControllers, controllerAliases)...) 389 errs = append(errs, s.KubeCloudShared.Validate()...) 390 errs = append(errs, s.AttachDetachController.Validate()...) 391 errs = append(errs, s.CSRSigningController.Validate()...) 392 errs = append(errs, s.DaemonSetController.Validate()...) 393 errs = append(errs, s.DeploymentController.Validate()...) 394 errs = append(errs, s.StatefulSetController.Validate()...) 395 errs = append(errs, s.DeprecatedFlags.Validate()...) 396 errs = append(errs, s.EndpointController.Validate()...) 397 errs = append(errs, s.EndpointSliceController.Validate()...) 398 errs = append(errs, s.EndpointSliceMirroringController.Validate()...) 399 errs = append(errs, s.EphemeralVolumeController.Validate()...) 400 errs = append(errs, s.GarbageCollectorController.Validate()...) 401 errs = append(errs, s.HPAController.Validate()...) 402 errs = append(errs, s.JobController.Validate()...) 403 errs = append(errs, s.CronJobController.Validate()...) 404 errs = append(errs, s.LegacySATokenCleaner.Validate()...) 405 errs = append(errs, s.NamespaceController.Validate()...) 406 errs = append(errs, s.NodeIPAMController.Validate()...) 407 errs = append(errs, s.NodeLifecycleController.Validate()...) 408 errs = append(errs, s.PersistentVolumeBinderController.Validate()...) 409 errs = append(errs, s.PodGCController.Validate()...) 410 errs = append(errs, s.ReplicaSetController.Validate()...) 411 errs = append(errs, s.ReplicationController.Validate()...) 412 errs = append(errs, s.ResourceQuotaController.Validate()...) 413 errs = append(errs, s.SAController.Validate()...) 414 errs = append(errs, s.ServiceController.Validate()...) 415 errs = append(errs, s.TTLAfterFinishedController.Validate()...) 416 errs = append(errs, s.SecureServing.Validate()...) 417 errs = append(errs, s.Authentication.Validate()...) 418 errs = append(errs, s.Authorization.Validate()...) 419 errs = append(errs, s.Metrics.Validate()...) 420 421 // TODO: validate component config, master and kubeconfig 422 423 return utilerrors.NewAggregate(errs) 424 } 425 426 // Config return a controller manager config objective 427 func (s KubeControllerManagerOptions) Config(allControllers []string, disabledByDefaultControllers []string, controllerAliases map[string]string) (*kubecontrollerconfig.Config, error) { 428 if err := s.Validate(allControllers, disabledByDefaultControllers, controllerAliases); err != nil { 429 return nil, err 430 } 431 432 if err := s.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{netutils.ParseIPSloppy("127.0.0.1")}); err != nil { 433 return nil, fmt.Errorf("error creating self-signed certificates: %v", err) 434 } 435 436 kubeconfig, err := clientcmd.BuildConfigFromFlags(s.Master, s.Generic.ClientConnection.Kubeconfig) 437 if err != nil { 438 return nil, err 439 } 440 kubeconfig.DisableCompression = true 441 kubeconfig.ContentConfig.AcceptContentTypes = s.Generic.ClientConnection.AcceptContentTypes 442 kubeconfig.ContentConfig.ContentType = s.Generic.ClientConnection.ContentType 443 kubeconfig.QPS = s.Generic.ClientConnection.QPS 444 kubeconfig.Burst = int(s.Generic.ClientConnection.Burst) 445 446 client, err := clientset.NewForConfig(restclient.AddUserAgent(kubeconfig, KubeControllerManagerUserAgent)) 447 if err != nil { 448 return nil, err 449 } 450 451 eventBroadcaster := record.NewBroadcaster() 452 eventRecorder := eventBroadcaster.NewRecorder(clientgokubescheme.Scheme, v1.EventSource{Component: KubeControllerManagerUserAgent}) 453 454 c := &kubecontrollerconfig.Config{ 455 Client: client, 456 Kubeconfig: kubeconfig, 457 EventBroadcaster: eventBroadcaster, 458 EventRecorder: eventRecorder, 459 } 460 if err := s.ApplyTo(c, allControllers, disabledByDefaultControllers, controllerAliases); err != nil { 461 return nil, err 462 } 463 s.Metrics.Apply() 464 465 return c, nil 466 }