sigs.k8s.io/cluster-api@v1.7.1/util/flags/diagnostics.go (about) 1 /* 2 Copyright 2022 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 // Package flags implements the webhook server TLS options utilities. 18 package flags 19 20 import ( 21 "net/http" 22 "net/http/pprof" 23 24 "github.com/spf13/pflag" 25 "k8s.io/apiserver/pkg/server/routes" 26 "k8s.io/component-base/logs" 27 "sigs.k8s.io/controller-runtime/pkg/metrics/filters" 28 metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" 29 ) 30 31 // DiagnosticsOptions has the options to configure diagnostics. 32 type DiagnosticsOptions struct { 33 // MetricsBindAddr 34 // 35 // Deprecated: This field will be removed in an upcoming release. 36 MetricsBindAddr string 37 DiagnosticsAddress string 38 InsecureDiagnostics bool 39 } 40 41 // AddDiagnosticsOptions adds the diagnostics flags to the flag set. 42 func AddDiagnosticsOptions(fs *pflag.FlagSet, options *DiagnosticsOptions) { 43 fs.StringVar(&options.MetricsBindAddr, "metrics-bind-addr", "", 44 "The address the metrics endpoint binds to.") 45 _ = fs.MarkDeprecated("metrics-bind-addr", "Please use --diagnostics-address instead. To continue to serve"+ 46 "metrics via http and without authentication/authorization set --insecure-diagnostics as well.") 47 48 fs.StringVar(&options.DiagnosticsAddress, "diagnostics-address", ":8443", 49 "The address the diagnostics endpoint binds to. Per default metrics are served via https and with"+ 50 "authentication/authorization. To serve via http and without authentication/authorization set --insecure-diagnostics."+ 51 "If --insecure-diagnostics is not set the diagnostics endpoint also serves pprof endpoints and an endpoint to change the log level.") 52 53 fs.BoolVar(&options.InsecureDiagnostics, "insecure-diagnostics", false, 54 "Enable insecure diagnostics serving. For more details see the description of --diagnostics-address.") 55 } 56 57 // GetDiagnosticsOptions returns metrics options which can be used to configure a Manager. 58 func GetDiagnosticsOptions(options DiagnosticsOptions) metricsserver.Options { 59 // If the deprecated "--metrics-bind-addr" flag is set, continue to serve metrics via http 60 // and without authentication/authorization. 61 if options.MetricsBindAddr != "" { 62 return metricsserver.Options{ 63 BindAddress: options.MetricsBindAddr, 64 } 65 } 66 67 // If "--insecure-diagnostics" is set, serve metrics via http 68 // and without authentication/authorization. 69 if options.InsecureDiagnostics { 70 return metricsserver.Options{ 71 BindAddress: options.DiagnosticsAddress, 72 SecureServing: false, 73 } 74 } 75 76 // If "--insecure-diagnostics" is not set, serve metrics via https 77 // and with authentication/authorization. As the endpoint is protected, 78 // we also serve pprof endpoints and an endpoint to change the log level. 79 return metricsserver.Options{ 80 BindAddress: options.DiagnosticsAddress, 81 SecureServing: true, 82 FilterProvider: filters.WithAuthenticationAndAuthorization, 83 ExtraHandlers: map[string]http.Handler{ 84 // Add handler to dynamically change log level. 85 "/debug/flags/v": routes.StringFlagPutHandler(logs.GlogSetter), 86 // Add pprof handler. 87 "/debug/pprof/": http.HandlerFunc(pprof.Index), 88 "/debug/pprof/cmdline": http.HandlerFunc(pprof.Cmdline), 89 "/debug/pprof/profile": http.HandlerFunc(pprof.Profile), 90 "/debug/pprof/symbol": http.HandlerFunc(pprof.Symbol), 91 "/debug/pprof/trace": http.HandlerFunc(pprof.Trace), 92 }, 93 } 94 }