volcano.sh/volcano@v1.9.0/cmd/webhook-manager/app/options/options.go (about) 1 /* 2 Copyright 2018 The Volcano Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package options 18 19 import ( 20 "fmt" 21 "os" 22 23 "github.com/spf13/pflag" 24 25 "volcano.sh/volcano/pkg/kube" 26 ) 27 28 const ( 29 defaultSchedulerName = "volcano" 30 defaultQPS = 50.0 31 defaultBurst = 100 32 defaultEnabledAdmission = "/jobs/mutate,/jobs/validate,/podgroups/mutate,/pods/validate,/pods/mutate,/queues/mutate,/queues/validate" 33 defaultIgnoredNamespaces = "volcano-system,kube-system" 34 defaultHealthzAddress = ":11251" 35 ) 36 37 // Config admission-controller server config. 38 type Config struct { 39 KubeClientOptions kube.ClientOptions 40 CertFile string 41 KeyFile string 42 CaCertFile string 43 CertData []byte 44 KeyData []byte 45 CaCertData []byte 46 ListenAddress string 47 Port int 48 PrintVersion bool 49 WebhookName string 50 WebhookNamespace string 51 SchedulerNames []string 52 WebhookURL string 53 ConfigPath string 54 EnabledAdmission string 55 IgnoredNamespaces string 56 57 EnableHealthz bool 58 // HealthzBindAddress is the IP address and port for the health check server to serve on 59 // defaulting to :11251 60 HealthzBindAddress string 61 } 62 63 type DecryptFunc func(c *Config) error 64 65 // NewConfig create new config. 66 func NewConfig() *Config { 67 c := Config{} 68 return &c 69 } 70 71 // AddFlags add flags. 72 func (c *Config) AddFlags(fs *pflag.FlagSet) { 73 fs.StringVar(&c.KubeClientOptions.Master, "master", c.KubeClientOptions.Master, "The address of the Kubernetes API server (overrides any value in kubeconfig)") 74 fs.StringVar(&c.KubeClientOptions.KubeConfig, "kubeconfig", c.KubeClientOptions.KubeConfig, "Path to kubeconfig file with authorization and master location information.") 75 fs.StringVar(&c.CertFile, "tls-cert-file", c.CertFile, ""+ 76 "File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated "+ 77 "after server cert).") 78 fs.StringVar(&c.KeyFile, "tls-private-key-file", c.KeyFile, "File containing the default x509 private key matching --tls-cert-file.") 79 fs.StringVar(&c.ListenAddress, "listen-address", "", "The address to listen on for the admission-controller-server.") 80 fs.IntVar(&c.Port, "port", 8443, "the port used by admission-controller-server.") 81 fs.BoolVar(&c.PrintVersion, "version", false, "Show version and quit") 82 fs.Float32Var(&c.KubeClientOptions.QPS, "kube-api-qps", defaultQPS, "QPS to use while talking with kubernetes apiserver") 83 fs.IntVar(&c.KubeClientOptions.Burst, "kube-api-burst", defaultBurst, "Burst to use while talking with kubernetes apiserver") 84 fs.StringVar(&c.CaCertFile, "ca-cert-file", c.CaCertFile, "File containing the x509 Certificate for HTTPS.") 85 fs.StringVar(&c.WebhookNamespace, "webhook-namespace", "", "The namespace of this webhook") 86 fs.StringVar(&c.WebhookName, "webhook-service-name", "", "The name of this webhook") 87 fs.StringVar(&c.WebhookURL, "webhook-url", "", "The url of this webhook") 88 fs.StringVar(&c.EnabledAdmission, "enabled-admission", defaultEnabledAdmission, "enabled admission webhooks, if this parameter is modified, make sure corresponding webhook configurations are the same.") 89 fs.StringArrayVar(&c.SchedulerNames, "scheduler-name", []string{defaultSchedulerName}, "Volcano will handle pods whose .spec.SchedulerName is same as scheduler-name") 90 fs.StringVar(&c.ConfigPath, "admission-conf", "", "The configmap file of this webhook") 91 fs.StringVar(&c.IgnoredNamespaces, "ignored-namespaces", defaultIgnoredNamespaces, "Comma-separated list of namespaces to be ignored by admission webhooks") 92 fs.BoolVar(&c.EnableHealthz, "enable-healthz", false, "Enable the health check; it is false by default") 93 fs.StringVar(&c.HealthzBindAddress, "healthz-address", defaultHealthzAddress, "The address to listen on for the health check server.") 94 } 95 96 // CheckPortOrDie check valid port range. 97 func (c *Config) CheckPortOrDie() error { 98 if c.Port < 1 || c.Port > 65535 { 99 return fmt.Errorf("the port should be in the range of 1 and 65535") 100 } 101 return nil 102 } 103 104 // readCAFiles read data from ca file path 105 func (c *Config) readCAFiles() error { 106 var err error 107 c.CaCertData, err = os.ReadFile(c.CaCertFile) 108 if err != nil { 109 return fmt.Errorf("failed to read cacert file (%s): %v", c.CaCertFile, err) 110 } 111 112 c.CertData, err = os.ReadFile(c.CertFile) 113 if err != nil { 114 return fmt.Errorf("failed to read cert file (%s): %v", c.CertFile, err) 115 } 116 117 c.KeyData, err = os.ReadFile(c.KeyFile) 118 if err != nil { 119 return fmt.Errorf("failed to read key file (%s): %v", c.KeyFile, err) 120 } 121 122 return nil 123 } 124 125 // ParseCAFiles parse ca file by decryptFunc 126 func (c *Config) ParseCAFiles(decryptFunc DecryptFunc) error { 127 if err := c.readCAFiles(); err != nil { 128 return err 129 } 130 131 // users can add one function to decrypt tha data by their own way if CA data is encrypted 132 if decryptFunc != nil { 133 return decryptFunc(c) 134 } 135 136 return nil 137 }