k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cmd/kube-controller-manager/app/options/serviceaccountcontroller.go

k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cmd/kube-controller-manager/app/options/serviceaccountcontroller.go (about)

     1  /*
     2  Copyright 2018 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package options
    18  
    19  import (
    20  	"github.com/spf13/pflag"
    21  
    22  	serviceaccountconfig "k8s.io/kubernetes/pkg/controller/serviceaccount/config"
    23  )
    24  
    25  // SAControllerOptions holds the ServiceAccountController options.
    26  type SAControllerOptions struct {
    27  	*serviceaccountconfig.SAControllerConfiguration
    28  }
    29  
    30  // AddFlags adds flags related to ServiceAccountController for controller manager to the specified FlagSet
    31  func (o *SAControllerOptions) AddFlags(fs *pflag.FlagSet) {
    32  	if o == nil {
    33  		return
    34  	}
    35  
    36  	fs.StringVar(&o.ServiceAccountKeyFile, "service-account-private-key-file", o.ServiceAccountKeyFile, "Filename containing a PEM-encoded private RSA or ECDSA key used to sign service account tokens.")
    37  	fs.Int32Var(&o.ConcurrentSATokenSyncs, "concurrent-serviceaccount-token-syncs", o.ConcurrentSATokenSyncs, "The number of service account token objects that are allowed to sync concurrently. Larger number = more responsive token generation, but more CPU (and network) load")
    38  	fs.StringVar(&o.RootCAFile, "root-ca-file", o.RootCAFile, "If set, this root certificate authority will be included in service account's token secret. This must be a valid PEM-encoded CA bundle.")
    39  }
    40  
    41  // ApplyTo fills up ServiceAccountController config with options.
    42  func (o *SAControllerOptions) ApplyTo(cfg *serviceaccountconfig.SAControllerConfiguration) error {
    43  	if o == nil {
    44  		return nil
    45  	}
    46  
    47  	cfg.ServiceAccountKeyFile = o.ServiceAccountKeyFile
    48  	cfg.ConcurrentSATokenSyncs = o.ConcurrentSATokenSyncs
    49  	cfg.RootCAFile = o.RootCAFile
    50  
    51  	return nil
    52  }
    53  
    54  // Validate checks validation of ServiceAccountControllerOptions.
    55  func (o *SAControllerOptions) Validate() []error {
    56  	if o == nil {
    57  		return nil
    58  	}
    59  
    60  	errs := []error{}
    61  	return errs
    62  }