fs.StringVar(&s.CertDirectory,"cert-dir",s.CertDirectory,"The directory where the TLS certs are located (by default /var/run/kubernetes). "+
"If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.")
fs.StringVar(&s.APIPrefix,"api-prefix",s.APIPrefix,"The prefix for API requests on the server. Default '/api'.")
fs.MarkDeprecated("api-prefix","--api-prefix is deprecated and will be removed when the v1 API is retired.")
fs.StringVar(&s.DeprecatedStorageVersion,"storage-version",s.DeprecatedStorageVersion,"The version to store the legacy v1 resources with. Defaults to server preferred")
...
...
@@ -206,7 +184,6 @@ func (s *APIServer) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(&s.CloudConfigFile,"cloud-config",s.CloudConfigFile,"The path to the cloud provider configuration file. Empty string for no configuration file.")
fs.DurationVar(&s.EventTTL,"event-ttl",s.EventTTL,"Amount of time to retain events. Default 1 hour.")
fs.StringVar(&s.BasicAuthFile,"basic-auth-file",s.BasicAuthFile,"If set, the file that will be used to admit requests to the secure port of the API server via http basic authentication.")
fs.StringVar(&s.ClientCAFile,"client-ca-file",s.ClientCAFile,"If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.")
fs.StringVar(&s.TokenAuthFile,"token-auth-file",s.TokenAuthFile,"If set, the file that will be used to secure the secure port of the API server via token authentication.")
fs.StringVar(&s.OIDCIssuerURL,"oidc-issuer-url",s.OIDCIssuerURL,"The URL of the OpenID issuer, only HTTPS scheme will be accepted. If set, it will be used to verify the OIDC JSON Web Token (JWT)")
fs.StringVar(&s.OIDCClientID,"oidc-client-id",s.OIDCClientID,"The client ID for the OpenID Connect client, must be set if oidc-issuer-url is set")
...
...
@@ -247,9 +224,7 @@ func (s *APIServer) AddFlags(fs *pflag.FlagSet) {
fs.BoolVar(&s.EnableWatchCache,"watch-cache",true,"Enable watch caching in the apiserver")
fs.BoolVar(&s.EnableSwaggerUI,"enable-swagger-ui",false,"Enables swagger ui on the apiserver at /swagger-ui")
fs.StringVar(&s.ExternalHost,"external-hostname","","The hostname to use when generating externalized URLs for this master (e.g. Swagger API Docs.)")
fs.IntVar(&s.MaxRequestsInFlight,"max-requests-inflight",400,"The maximum number of requests in flight at a given time. When the server exceeds this, it rejects requests. Zero for no limit.")
fs.IntVar(&s.MinRequestTimeout,"min-request-timeout",1800,"An optional field indicating the minimum number of seconds a handler must keep a request open before timing it out. Currently only honored by the watch request handler, which picks a randomized value above this number as the connection timeout, to spread out load.")
fs.StringVar(&s.LongRunningRequestRE,"long-running-request-regexp",s.LongRunningRequestRE,"A regular expression matching long running requests which should be excluded from maximum inflight request handling.")
fs.StringVar(&s.SSHUser,"ssh-user","","If non-empty, use secure SSH proxy to the nodes, using this user name")
fs.StringVar(&s.SSHKeyfile,"ssh-keyfile","","If non-empty, use secure SSH proxy to the nodes, using this user keyfile")
fs.Int64Var(&s.MaxConnectionBytesPerSec,"max-connection-bytes-per-sec",0,"If non-zero, throttle each user connection to this number of bytes/sec. Currently only applies to long-running requests")
"The IP address on which to listen for the --secure-port port. The "+
"associated interface(s) must be reachable by the rest of the cluster, and by CLI/web "+
"clients. If blank, all interfaces will be used (0.0.0.0).")
fs.StringVar(&s.CertDirectory,"cert-dir",s.CertDirectory,"The directory where the TLS certs are located (by default /var/run/kubernetes). "+
"If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.")
fs.StringVar(&s.ClientCAFile,"client-ca-file",s.ClientCAFile,"If set, any request presenting a client certificate signed by one of the authorities in the client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.")
"The port on which to serve unsecured, unauthenticated access. Default 8080. It is assumed "+
"that firewall rules are set up such that this port is not reachable from outside of "+
"the cluster and that port 443 on the cluster's public address is proxied to this "+
"port. This is performed by nginx in the default setup.")
fs.IntVar(&s.InsecurePort,"port",s.InsecurePort,"DEPRECATED: see --insecure-port instead")
fs.StringVar(&s.LongRunningRequestRE,"long-running-request-regexp",s.LongRunningRequestRE,"A regular expression matching long running requests which should be excluded from maximum inflight request handling.")
fs.IntVar(&s.MaxRequestsInFlight,"max-requests-inflight",400,"The maximum number of requests in flight at a given time. When the server exceeds this, it rejects requests. Zero for no limit.")