Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
f2c8decf
Commit
f2c8decf
authored
Apr 07, 2015
by
Tim Hockin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Clarify network-related flags in the master
Rename and rejigger flags to make it more obvious what is happening. Change the default listen from ChooseHostInterface() to 0.0.0.0.
parent
c50355e3
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
38 additions
and
31 deletions
+38
-31
server.go
cmd/kube-apiserver/app/server.go
+35
-30
master.go
pkg/master/master.go
+3
-1
No files found.
cmd/kube-apiserver/app/server.go
View file @
f2c8decf
...
@@ -46,14 +46,14 @@ import (
...
@@ -46,14 +46,14 @@ import (
// APIServer runs a kubernetes api server.
// APIServer runs a kubernetes api server.
type
APIServer
struct
{
type
APIServer
struct
{
WideOpenPort
int
InsecureBindAddress
util
.
IP
ExternalHost
string
InsecurePort
int
Address
util
.
IP
BindAddress
util
.
IP
PublicAddressOverride
util
.
IP
ReadOnlyPort
int
ReadOnlyPort
int
SecurePort
int
ExternalHost
string
APIRate
float32
APIRate
float32
APIBurst
int
APIBurst
int
SecurePort
int
TLSCertFile
string
TLSCertFile
string
TLSPrivateKeyFile
string
TLSPrivateKeyFile
string
APIPrefix
string
APIPrefix
string
...
@@ -85,13 +85,13 @@ type APIServer struct {
...
@@ -85,13 +85,13 @@ type APIServer struct {
// NewAPIServer creates a new APIServer object with default parameters
// NewAPIServer creates a new APIServer object with default parameters
func
NewAPIServer
()
*
APIServer
{
func
NewAPIServer
()
*
APIServer
{
s
:=
APIServer
{
s
:=
APIServer
{
WideOpen
Port
:
8080
,
Insecure
Port
:
8080
,
Address
:
util
.
IP
(
net
.
ParseIP
(
"127.0.0.1"
)),
InsecureBindAddress
:
util
.
IP
(
net
.
ParseIP
(
"127.0.0.1"
)),
PublicAddressOverride
:
util
.
IP
(
net
.
ParseIP
(
"
"
)),
BindAddress
:
util
.
IP
(
net
.
ParseIP
(
"0.0.0.0
"
)),
ReadOnlyPort
:
7080
,
ReadOnlyPort
:
7080
,
SecurePort
:
6443
,
APIRate
:
10.0
,
APIRate
:
10.0
,
APIBurst
:
200
,
APIBurst
:
200
,
SecurePort
:
6443
,
APIPrefix
:
"/api"
,
APIPrefix
:
"/api"
,
EventTTL
:
1
*
time
.
Hour
,
EventTTL
:
1
*
time
.
Hour
,
AuthorizationMode
:
"AlwaysAllow"
,
AuthorizationMode
:
"AlwaysAllow"
,
...
@@ -115,24 +115,29 @@ func NewAPIServer() *APIServer {
...
@@ -115,24 +115,29 @@ func NewAPIServer() *APIServer {
func
(
s
*
APIServer
)
AddFlags
(
fs
*
pflag
.
FlagSet
)
{
func
(
s
*
APIServer
)
AddFlags
(
fs
*
pflag
.
FlagSet
)
{
// Note: the weird ""+ in below lines seems to be the only way to get gofmt to
// Note: the weird ""+ in below lines seems to be the only way to get gofmt to
// arrange these text blocks sensibly. Grrr.
// arrange these text blocks sensibly. Grrr.
fs
.
IntVar
(
&
s
.
WideOpenPort
,
"port"
,
s
.
WideOpen
Port
,
""
+
fs
.
IntVar
(
&
s
.
InsecurePort
,
"insecure_port"
,
s
.
Insecure
Port
,
""
+
"The port
to listen on. Default 8080. It is assumed that firewall rules are
"
+
"The port
on which to serve unsecured, unauthenticated access. Default 8080. It is assumed
"
+
"
set up such that this port is not reachable from outside of the cluster. It is
"
+
"
that firewall rules are set up such that this port is not reachable from outside of
"
+
"
further assume
d that port 443 on the cluster's public address is proxied to this "
+
"
the cluster an
d that port 443 on the cluster's public address is proxied to this "
+
"port. This is performed by nginx in the default setup."
)
"port. This is performed by nginx in the default setup."
)
fs
.
Var
(
&
s
.
Address
,
"address"
,
"The IP address on to serve on (set to 0.0.0.0 for all interfaces)"
)
fs
.
IntVar
(
&
s
.
InsecurePort
,
"port"
,
s
.
InsecurePort
,
"DEPRECATED: see --insecure_port instead"
)
fs
.
Var
(
&
s
.
PublicAddressOverride
,
"public_address_override"
,
"Public serving address."
+
fs
.
Var
(
&
s
.
InsecureBindAddress
,
"insecure_bind_address"
,
""
+
"Read only port will be opened on this address, and it is assumed that port "
+
"The IP address on which to serve the --insecure_port (set to 0.0.0.0 for all interfaces). "
+
"443 at this address will be proxied/redirected to '-address':'-port'. If "
+
"Defaults to localhost."
)
"blank, the address in the first listed interface will be used."
)
fs
.
Var
(
&
s
.
InsecureBindAddress
,
"address"
,
"DEPRECATED: see --insecure_bind_address instead"
)
fs
.
Var
(
&
s
.
BindAddress
,
"bind_address"
,
""
+
"The IP address on which to serve the --read_only_port and --secure_port ports. This "
+
"address must be reachable by the rest of the cluster. If blank, all interfaces will be used."
)
fs
.
Var
(
&
s
.
BindAddress
,
"public_address_override"
,
"DEPRECATED: see --bind_address instead"
)
fs
.
IntVar
(
&
s
.
ReadOnlyPort
,
"read_only_port"
,
s
.
ReadOnlyPort
,
""
+
fs
.
IntVar
(
&
s
.
ReadOnlyPort
,
"read_only_port"
,
s
.
ReadOnlyPort
,
""
+
"The port from which to serve read-only resources. If 0, don't serve on a "
+
"The port on which to serve read-only resources. If 0, don't serve read-only "
+
"read-only address. It is assumed that firewall rules are set up such that "
+
"at all. It is assumed that firewall rules are set up such that this port is "
+
"this port is not reachable from outside of the cluster."
)
"not reachable from outside of the cluster."
)
fs
.
IntVar
(
&
s
.
SecurePort
,
"secure_port"
,
s
.
SecurePort
,
""
+
"The port on which to serve HTTPS with authentication and authorization. If 0, "
+
"don't serve HTTPS at all."
)
fs
.
Float32Var
(
&
s
.
APIRate
,
"api_rate"
,
s
.
APIRate
,
"API rate limit as QPS for the read only port"
)
fs
.
Float32Var
(
&
s
.
APIRate
,
"api_rate"
,
s
.
APIRate
,
"API rate limit as QPS for the read only port"
)
fs
.
IntVar
(
&
s
.
APIBurst
,
"api_burst"
,
s
.
APIBurst
,
"API burst amount for the read only port"
)
fs
.
IntVar
(
&
s
.
APIBurst
,
"api_burst"
,
s
.
APIBurst
,
"API burst amount for the read only port"
)
fs
.
IntVar
(
&
s
.
SecurePort
,
"secure_port"
,
s
.
SecurePort
,
"The port from which to serve HTTPS with authentication and authorization. If 0, don't serve HTTPS "
)
fs
.
StringVar
(
&
s
.
TLSCertFile
,
"tls_cert_file"
,
s
.
TLSCertFile
,
""
+
fs
.
StringVar
(
&
s
.
TLSCertFile
,
"tls_cert_file"
,
s
.
TLSCertFile
,
""
+
"File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). "
+
"File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). "
+
"If HTTPS serving is enabled, and --tls_cert_file and --tls_private_key_file are not provided, "
+
"If HTTPS serving is enabled, and --tls_cert_file and --tls_private_key_file are not provided, "
+
...
@@ -214,7 +219,7 @@ func (s *APIServer) Run(_ []string) error {
...
@@ -214,7 +219,7 @@ func (s *APIServer) Run(_ []string) error {
// TODO: expose same flags as client.BindClientConfigFlags but for a server
// TODO: expose same flags as client.BindClientConfigFlags but for a server
clientConfig
:=
&
client
.
Config
{
clientConfig
:=
&
client
.
Config
{
Host
:
net
.
JoinHostPort
(
s
.
Address
.
String
(),
strconv
.
Itoa
(
s
.
WideOpen
Port
)),
Host
:
net
.
JoinHostPort
(
s
.
InsecureBindAddress
.
String
(),
strconv
.
Itoa
(
s
.
Insecure
Port
)),
Version
:
s
.
StorageVersion
,
Version
:
s
.
StorageVersion
,
}
}
client
,
err
:=
client
.
New
(
clientConfig
)
client
,
err
:=
client
.
New
(
clientConfig
)
...
@@ -281,7 +286,7 @@ func (s *APIServer) Run(_ []string) error {
...
@@ -281,7 +286,7 @@ func (s *APIServer) Run(_ []string) error {
CorsAllowedOriginList
:
s
.
CorsAllowedOriginList
,
CorsAllowedOriginList
:
s
.
CorsAllowedOriginList
,
ReadOnlyPort
:
s
.
ReadOnlyPort
,
ReadOnlyPort
:
s
.
ReadOnlyPort
,
ReadWritePort
:
s
.
SecurePort
,
ReadWritePort
:
s
.
SecurePort
,
PublicAddress
:
net
.
IP
(
s
.
PublicAddressOverride
),
PublicAddress
:
net
.
IP
(
s
.
BindAddress
),
Authenticator
:
authenticator
,
Authenticator
:
authenticator
,
Authorizer
:
authorizer
,
Authorizer
:
authorizer
,
AdmissionControl
:
admissionController
,
AdmissionControl
:
admissionController
,
...
@@ -295,13 +300,13 @@ func (s *APIServer) Run(_ []string) error {
...
@@ -295,13 +300,13 @@ func (s *APIServer) Run(_ []string) error {
// We serve on 3 ports. See docs/accessing_the_api.md
// We serve on 3 ports. See docs/accessing_the_api.md
roLocation
:=
""
roLocation
:=
""
if
s
.
ReadOnlyPort
!=
0
{
if
s
.
ReadOnlyPort
!=
0
{
roLocation
=
net
.
JoinHostPort
(
config
.
Public
Address
.
String
(),
strconv
.
Itoa
(
s
.
ReadOnlyPort
))
roLocation
=
net
.
JoinHostPort
(
s
.
Bind
Address
.
String
(),
strconv
.
Itoa
(
s
.
ReadOnlyPort
))
}
}
secureLocation
:=
""
secureLocation
:=
""
if
s
.
SecurePort
!=
0
{
if
s
.
SecurePort
!=
0
{
secureLocation
=
net
.
JoinHostPort
(
config
.
Public
Address
.
String
(),
strconv
.
Itoa
(
s
.
SecurePort
))
secureLocation
=
net
.
JoinHostPort
(
s
.
Bind
Address
.
String
(),
strconv
.
Itoa
(
s
.
SecurePort
))
}
}
wideOpenLocation
:=
net
.
JoinHostPort
(
s
.
Address
.
String
(),
strconv
.
Itoa
(
s
.
WideOpen
Port
))
insecureLocation
:=
net
.
JoinHostPort
(
s
.
InsecureBindAddress
.
String
(),
strconv
.
Itoa
(
s
.
Insecure
Port
))
// See the flag commentary to understand our assumptions when opening the read-only and read-write ports.
// See the flag commentary to understand our assumptions when opening the read-only and read-write ports.
...
@@ -381,13 +386,13 @@ func (s *APIServer) Run(_ []string) error {
...
@@ -381,13 +386,13 @@ func (s *APIServer) Run(_ []string) error {
}
}
http
:=
&
http
.
Server
{
http
:=
&
http
.
Server
{
Addr
:
wideOpen
Location
,
Addr
:
insecure
Location
,
Handler
:
apiserver
.
RecoverPanics
(
m
.
InsecureHandler
),
Handler
:
apiserver
.
RecoverPanics
(
m
.
InsecureHandler
),
ReadTimeout
:
5
*
time
.
Minute
,
ReadTimeout
:
5
*
time
.
Minute
,
WriteTimeout
:
5
*
time
.
Minute
,
WriteTimeout
:
5
*
time
.
Minute
,
MaxHeaderBytes
:
1
<<
20
,
MaxHeaderBytes
:
1
<<
20
,
}
}
glog
.
Infof
(
"Serving insecurely on %s"
,
wideOpen
Location
)
glog
.
Infof
(
"Serving insecurely on %s"
,
insecure
Location
)
glog
.
Fatal
(
http
.
ListenAndServe
())
glog
.
Fatal
(
http
.
ListenAndServe
())
return
nil
return
nil
}
}
pkg/master/master.go
View file @
f2c8decf
...
@@ -211,7 +211,9 @@ func setDefaults(c *Config) {
...
@@ -211,7 +211,9 @@ func setDefaults(c *Config) {
if
c
.
CacheTimeout
==
0
{
if
c
.
CacheTimeout
==
0
{
c
.
CacheTimeout
=
5
*
time
.
Second
c
.
CacheTimeout
=
5
*
time
.
Second
}
}
for
c
.
PublicAddress
==
nil
{
for
c
.
PublicAddress
==
nil
||
c
.
PublicAddress
.
IsUnspecified
()
{
// TODO: This should be done in the caller and just require a
// valid value to be passed in.
hostIP
,
err
:=
util
.
ChooseHostInterface
()
hostIP
,
err
:=
util
.
ChooseHostInterface
()
if
err
!=
nil
{
if
err
!=
nil
{
glog
.
Fatalf
(
"Unable to find suitable network address.error='%v' . "
+
glog
.
Fatalf
(
"Unable to find suitable network address.error='%v' . "
+
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment