--service-node-port-range=: A port range to reserve for services with NodePort visibility. Example: '30000-32767'. Inclusive at both ends of the range.
--service-node-port-range=: A port range to reserve for services with NodePort visibility. Example: '30000-32767'. Inclusive at both ends of the range.
--ssh-keyfile="": If non-empty, use secure SSH proxy to the nodes, using this user keyfile
--ssh-keyfile="": If non-empty, use secure SSH proxy to the nodes, using this user keyfile
--ssh-user="": If non-empty, use secure SSH proxy to the nodes, using this user name
--ssh-user="": If non-empty, use secure SSH proxy to the nodes, using this user name
--storage-versions="componentconfig/v1alpha1,extensions/v1beta1,metrics/v1alpha1,v1": The versions to store resources with. Different groups may be stored in different versions. Specified in the format "group1/version1,group2/version2...". This flag expects a complete list of storage versions of ALL groups registered in the server. It defaults to a list of preferred versions of all registered groups, which is derived from the KUBE_API_VERSIONS environment variable.
--storage-versions="authorization.k8s.io/v1beta1,componentconfig/v1alpha1,extensions/v1beta1,metrics/v1alpha1,v1": The versions to store resources with. Different groups may be stored in different versions. Specified in the format "group1/version1,group2/version2...". This flag expects a complete list of storage versions of ALL groups registered in the server. It defaults to a list of preferred versions of all registered groups, which is derived from the KUBE_API_VERSIONS environment variable.
--tls-cert-file="": File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to /var/run/kubernetes.
--tls-cert-file="": File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If HTTPS serving is enabled, and --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to /var/run/kubernetes.
"":"LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.",
"spec":"Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.",
"status":"Status is filled in by the server and indicates whether the request is allowed or not",
"":"ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface",
"namespace":"Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces \"\" (empty) is defaulted for LocalSubjectAccessReviews \"\" (empty) is empty for cluster-scoped resources \"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview",
"verb":"Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
"group":"Group is the API Group of the Resource. \"*\" means all.",
"version":"Version is the API Version of the Resource. \"*\" means all.",
"resource":"Resource is one of the existing resource types. \"*\" means all.",
"subresource":"Subresource is one of the existing resource types. \"\" means none.",
"name":"Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.",
"":"SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means \"in all namespaces\". Self is a special case, because users should always be able to check whether they can perform an action",
"spec":"Spec holds information about the request being evaluated. user and groups must be empty",
"status":"Status is filled in by the server and indicates whether the request is allowed or not",
"":"SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set",
"resourceAttributes":"ResourceAuthorizationAttributes describes information for a resource access request",
"nonResourceAttributes":"NonResourceAttributes describes information for a non-resource access request",
"":"SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set",
"resourceAttributes":"ResourceAuthorizationAttributes describes information for a resource access request",
"nonResourceAttributes":"NonResourceAttributes describes information for a non-resource access request",
"user":"User is the user you're testing for. If you specify \"User\" but not \"Group\", then is it interpreted as \"What if User were not a member of any groups",
"group":"Groups is the groups you're testing for.",
allErrs=append(allErrs,field.Invalid(fldPath.Child("nonResourceAttributes"),spec.NonResourceAttributes,`cannot be specified in combination with resourceAttributes`))
allErrs=append(allErrs,field.Invalid(fldPath.Child("resourceAttributes"),spec.NonResourceAttributes,`exactly one of nonResourceAttributes or resourceAttributes must be specified`))
}
iflen(spec.User)==0&&len(spec.Groups)==0{
allErrs=append(allErrs,field.Invalid(fldPath.Child("user"),spec.User,`at least one of user or group must be specified`))
allErrs=append(allErrs,field.Invalid(fldPath.Child("nonResourceAttributes"),spec.NonResourceAttributes,`cannot be specified in combination with resourceAttributes`))
allErrs=append(allErrs,field.Invalid(fldPath.Child("resourceAttributes"),spec.NonResourceAttributes,`exactly one of nonResourceAttributes or resourceAttributes must be specified`))