| /* |
| Copyright 2018 The Kubernetes Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| package config |
| |
| import ( |
| apimachineryconfig "k8s.io/apimachinery/pkg/apis/config" |
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" |
| apiserverconfig "k8s.io/apiserver/pkg/apis/config" |
| ) |
| |
| // GroupResource describes an group resource. |
| type GroupResource struct { |
| // group is the group portion of the GroupResource. |
| Group string |
| // resource is the resource portion of the GroupResource. |
| Resource string |
| } |
| |
| // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object |
| |
| // KubeControllerManagerConfiguration contains elements describing kube-controller manager. |
| type KubeControllerManagerConfiguration struct { |
| metav1.TypeMeta |
| |
| // Generic holds configuration for a generic controller-manager |
| Generic GenericControllerManagerConfiguration |
| // KubeCloudSharedConfiguration holds configuration for shared related features |
| // both in cloud controller manager and kube-controller manager. |
| KubeCloudShared KubeCloudSharedConfiguration |
| |
| // AttachDetachControllerConfiguration holds configuration for |
| // AttachDetachController related features. |
| AttachDetachController AttachDetachControllerConfiguration |
| // CSRSigningControllerConfiguration holds configuration for |
| // CSRSigningController related features. |
| CSRSigningController CSRSigningControllerConfiguration |
| // DaemonSetControllerConfiguration holds configuration for DaemonSetController |
| // related features. |
| DaemonSetController DaemonSetControllerConfiguration |
| // DeploymentControllerConfiguration holds configuration for |
| // DeploymentController related features. |
| DeploymentController DeploymentControllerConfiguration |
| // DeprecatedControllerConfiguration holds configuration for some deprecated |
| // features. |
| DeprecatedController DeprecatedControllerConfiguration |
| // EndpointControllerConfiguration holds configuration for EndpointController |
| // related features. |
| EndpointController EndpointControllerConfiguration |
| // GarbageCollectorControllerConfiguration holds configuration for |
| // GarbageCollectorController related features. |
| GarbageCollectorController GarbageCollectorControllerConfiguration |
| // HPAControllerConfiguration holds configuration for HPAController related features. |
| HPAController HPAControllerConfiguration |
| // JobControllerConfiguration holds configuration for JobController related features. |
| JobController JobControllerConfiguration |
| // NamespaceControllerConfiguration holds configuration for NamespaceController |
| // related features. |
| NamespaceController NamespaceControllerConfiguration |
| // NodeIPAMControllerConfiguration holds configuration for NodeIPAMController |
| // related features. |
| NodeIPAMController NodeIPAMControllerConfiguration |
| // NodeLifecycleControllerConfiguration holds configuration for |
| // NodeLifecycleController related features. |
| NodeLifecycleController NodeLifecycleControllerConfiguration |
| // PersistentVolumeBinderControllerConfiguration holds configuration for |
| // PersistentVolumeBinderController related features. |
| PersistentVolumeBinderController PersistentVolumeBinderControllerConfiguration |
| // PodGCControllerConfiguration holds configuration for PodGCController |
| // related features. |
| PodGCController PodGCControllerConfiguration |
| // ReplicaSetControllerConfiguration holds configuration for ReplicaSet related features. |
| ReplicaSetController ReplicaSetControllerConfiguration |
| // ReplicationControllerConfiguration holds configuration for |
| // ReplicationController related features. |
| ReplicationController ReplicationControllerConfiguration |
| // ResourceQuotaControllerConfiguration holds configuration for |
| // ResourceQuotaController related features. |
| ResourceQuotaController ResourceQuotaControllerConfiguration |
| // SAControllerConfiguration holds configuration for ServiceAccountController |
| // related features. |
| SAController SAControllerConfiguration |
| // ServiceControllerConfiguration holds configuration for ServiceController |
| // related features. |
| ServiceController ServiceControllerConfiguration |
| // TTLAfterFinishedControllerConfiguration holds configuration for |
| // TTLAfterFinishedController related features. |
| TTLAfterFinishedController TTLAfterFinishedControllerConfiguration |
| } |
| |
| // GenericControllerManagerConfiguration holds configuration for a generic controller-manager |
| type GenericControllerManagerConfiguration struct { |
| // port is the port that the controller-manager's http service runs on. |
| Port int32 |
| // address is the IP address to serve on (set to 0.0.0.0 for all interfaces). |
| Address string |
| // minResyncPeriod is the resync period in reflectors; will be random between |
| // minResyncPeriod and 2*minResyncPeriod. |
| MinResyncPeriod metav1.Duration |
| // ClientConnection specifies the kubeconfig file and client connection |
| // settings for the proxy server to use when communicating with the apiserver. |
| ClientConnection apimachineryconfig.ClientConnectionConfiguration |
| // How long to wait between starting controller managers |
| ControllerStartInterval metav1.Duration |
| // leaderElection defines the configuration of leader election client. |
| LeaderElection apiserverconfig.LeaderElectionConfiguration |
| // Controllers is the list of controllers to enable or disable |
| // '*' means "all enabled by default controllers" |
| // 'foo' means "enable 'foo'" |
| // '-foo' means "disable 'foo'" |
| // first item for a particular name wins |
| Controllers []string |
| // DebuggingConfiguration holds configuration for Debugging related features. |
| Debugging apiserverconfig.DebuggingConfiguration |
| } |
| |
| // KubeCloudSharedConfiguration contains elements shared by both kube-controller manager |
| // and cloud-controller manager, but not genericconfig. |
| type KubeCloudSharedConfiguration struct { |
| // CloudProviderConfiguration holds configuration for CloudProvider related features. |
| CloudProvider CloudProviderConfiguration |
| // externalCloudVolumePlugin specifies the plugin to use when cloudProvider is "external". |
| // It is currently used by the in repo cloud providers to handle node and volume control in the KCM. |
| ExternalCloudVolumePlugin string |
| // useServiceAccountCredentials indicates whether controllers should be run with |
| // individual service account credentials. |
| UseServiceAccountCredentials bool |
| // run with untagged cloud instances |
| AllowUntaggedCloud bool |
| // routeReconciliationPeriod is the period for reconciling routes created for Nodes by cloud provider.. |
| RouteReconciliationPeriod metav1.Duration |
| // nodeMonitorPeriod is the period for syncing NodeStatus in NodeController. |
| NodeMonitorPeriod metav1.Duration |
| // clusterName is the instance prefix for the cluster. |
| ClusterName string |
| // clusterCIDR is CIDR Range for Pods in cluster. |
| ClusterCIDR string |
| // AllocateNodeCIDRs enables CIDRs for Pods to be allocated and, if |
| // ConfigureCloudRoutes is true, to be set on the cloud provider. |
| AllocateNodeCIDRs bool |
| // CIDRAllocatorType determines what kind of pod CIDR allocator will be used. |
| CIDRAllocatorType string |
| // configureCloudRoutes enables CIDRs allocated with allocateNodeCIDRs |
| // to be configured on the cloud provider. |
| ConfigureCloudRoutes bool |
| // nodeSyncPeriod is the period for syncing nodes from cloudprovider. Longer |
| // periods will result in fewer calls to cloud provider, but may delay addition |
| // of new nodes to cluster. |
| NodeSyncPeriod metav1.Duration |
| } |
| |
| // AttachDetachControllerConfiguration contains elements describing AttachDetachController. |
| type AttachDetachControllerConfiguration struct { |
| // Reconciler runs a periodic loop to reconcile the desired state of the with |
| // the actual state of the world by triggering attach detach operations. |
| // This flag enables or disables reconcile. Is false by default, and thus enabled. |
| DisableAttachDetachReconcilerSync bool |
| // ReconcilerSyncLoopPeriod is the amount of time the reconciler sync states loop |
| // wait between successive executions. Is set to 5 sec by default. |
| ReconcilerSyncLoopPeriod metav1.Duration |
| } |
| |
| // CloudProviderConfiguration contains basically elements about cloud provider. |
| type CloudProviderConfiguration struct { |
| // Name is the provider for cloud services. |
| Name string |
| // cloudConfigFile is the path to the cloud provider configuration file. |
| CloudConfigFile string |
| } |
| |
| // CSRSigningControllerConfiguration contains elements describing CSRSigningController. |
| type CSRSigningControllerConfiguration struct { |
| // clusterSigningCertFile is the filename containing a PEM-encoded |
| // X509 CA certificate used to issue cluster-scoped certificates |
| ClusterSigningCertFile string |
| // clusterSigningCertFile is the filename containing a PEM-encoded |
| // RSA or ECDSA private key used to issue cluster-scoped certificates |
| ClusterSigningKeyFile string |
| // clusterSigningDuration is the length of duration signed certificates |
| // will be given. |
| ClusterSigningDuration metav1.Duration |
| } |
| |
| // DaemonSetControllerConfiguration contains elements describing DaemonSetController. |
| type DaemonSetControllerConfiguration struct { |
| // concurrentDaemonSetSyncs is the number of daemonset objects that are |
| // allowed to sync concurrently. Larger number = more responsive daemonset, |
| // but more CPU (and network) load. |
| ConcurrentDaemonSetSyncs int32 |
| } |
| |
| // DeploymentControllerConfiguration contains elements describing DeploymentController. |
| type DeploymentControllerConfiguration struct { |
| // concurrentDeploymentSyncs is the number of deployment objects that are |
| // allowed to sync concurrently. Larger number = more responsive deployments, |
| // but more CPU (and network) load. |
| ConcurrentDeploymentSyncs int32 |
| // deploymentControllerSyncPeriod is the period for syncing the deployments. |
| DeploymentControllerSyncPeriod metav1.Duration |
| } |
| |
| // DeprecatedControllerConfiguration contains elements be deprecated. |
| type DeprecatedControllerConfiguration struct { |
| // DEPRECATED: deletingPodsQps is the number of nodes per second on which pods are deleted in |
| // case of node failure. |
| DeletingPodsQPS float32 |
| // DEPRECATED: deletingPodsBurst is the number of nodes on which pods are bursty deleted in |
| // case of node failure. For more details look into RateLimiter. |
| DeletingPodsBurst int32 |
| // registerRetryCount is the number of retries for initial node registration. |
| // Retry interval equals node-sync-period. |
| RegisterRetryCount int32 |
| } |
| |
| // EndpointControllerConfiguration contains elements describing EndpointController. |
| type EndpointControllerConfiguration struct { |
| // concurrentEndpointSyncs is the number of endpoint syncing operations |
| // that will be done concurrently. Larger number = faster endpoint updating, |
| // but more CPU (and network) load. |
| ConcurrentEndpointSyncs int32 |
| } |
| |
| // GarbageCollectorControllerConfiguration contains elements describing GarbageCollectorController. |
| type GarbageCollectorControllerConfiguration struct { |
| // enables the generic garbage collector. MUST be synced with the |
| // corresponding flag of the kube-apiserver. WARNING: the generic garbage |
| // collector is an alpha feature. |
| EnableGarbageCollector bool |
| // concurrentGCSyncs is the number of garbage collector workers that are |
| // allowed to sync concurrently. |
| ConcurrentGCSyncs int32 |
| // gcIgnoredResources is the list of GroupResources that garbage collection should ignore. |
| GCIgnoredResources []GroupResource |
| } |
| |
| // HPAControllerConfiguration contains elements describing HPAController. |
| type HPAControllerConfiguration struct { |
| // horizontalPodAutoscalerSyncPeriod is the period for syncing the number of |
| // pods in horizontal pod autoscaler. |
| HorizontalPodAutoscalerSyncPeriod metav1.Duration |
| // horizontalPodAutoscalerUpscaleForbiddenWindow is a period after which next upscale allowed. |
| HorizontalPodAutoscalerUpscaleForbiddenWindow metav1.Duration |
| // horizontalPodAutoscalerDownscaleForbiddenWindow is a period after which next downscale allowed. |
| HorizontalPodAutoscalerDownscaleForbiddenWindow metav1.Duration |
| // HorizontalPodAutoscalerDowncaleStabilizationWindow is a period for which autoscaler will look |
| // backwards and not scale down below any recommendation it made during that period. |
| HorizontalPodAutoscalerDownscaleStabilizationWindow metav1.Duration |
| // horizontalPodAutoscalerTolerance is the tolerance for when |
| // resource usage suggests upscaling/downscaling |
| HorizontalPodAutoscalerTolerance float64 |
| // HorizontalPodAutoscalerUseRESTClients causes the HPA controller to use REST clients |
| // through the kube-aggregator when enabled, instead of using the legacy metrics client |
| // through the API server proxy. |
| HorizontalPodAutoscalerUseRESTClients bool |
| // HorizontalPodAutoscalerCPUInitializationPeriod is the period after pod start when CPU samples |
| // might be skipped. |
| HorizontalPodAutoscalerCPUInitializationPeriod metav1.Duration |
| // HorizontalPodAutoscalerInitialReadinessDelay is period after pod start during which readiness |
| // changes are treated as readiness being set for the first time. The only effect of this is that |
| // HPA will disregard CPU samples from unready pods that had last readiness change during that |
| // period. |
| HorizontalPodAutoscalerInitialReadinessDelay metav1.Duration |
| } |
| |
| // JobControllerConfiguration contains elements describing JobController. |
| type JobControllerConfiguration struct { |
| // concurrentJobSyncs is the number of job objects that are |
| // allowed to sync concurrently. Larger number = more responsive jobs, |
| // but more CPU (and network) load. |
| ConcurrentJobSyncs int32 |
| } |
| |
| // NamespaceControllerConfiguration contains elements describing NamespaceController. |
| type NamespaceControllerConfiguration struct { |
| // namespaceSyncPeriod is the period for syncing namespace life-cycle |
| // updates. |
| NamespaceSyncPeriod metav1.Duration |
| // concurrentNamespaceSyncs is the number of namespace objects that are |
| // allowed to sync concurrently. |
| ConcurrentNamespaceSyncs int32 |
| } |
| |
| // NodeIPAMControllerConfiguration contains elements describing NodeIPAMController. |
| type NodeIPAMControllerConfiguration struct { |
| // serviceCIDR is CIDR Range for Services in cluster. |
| ServiceCIDR string |
| // NodeCIDRMaskSize is the mask size for node cidr in cluster. |
| NodeCIDRMaskSize int32 |
| } |
| |
| // NodeLifecycleControllerConfiguration contains elements describing NodeLifecycleController. |
| type NodeLifecycleControllerConfiguration struct { |
| // If set to true enables NoExecute Taints and will evict all not-tolerating |
| // Pod running on Nodes tainted with this kind of Taints. |
| EnableTaintManager bool |
| // nodeEvictionRate is the number of nodes per second on which pods are deleted in case of node failure when a zone is healthy |
| NodeEvictionRate float32 |
| // secondaryNodeEvictionRate is the number of nodes per second on which pods are deleted in case of node failure when a zone is unhealthy |
| SecondaryNodeEvictionRate float32 |
| // nodeStartupGracePeriod is the amount of time which we allow starting a node to |
| // be unresponsive before marking it unhealthy. |
| NodeStartupGracePeriod metav1.Duration |
| // nodeMontiorGracePeriod is the amount of time which we allow a running node to be |
| // unresponsive before marking it unhealthy. Must be N times more than kubelet's |
| // nodeStatusUpdateFrequency, where N means number of retries allowed for kubelet |
| // to post node status. |
| NodeMonitorGracePeriod metav1.Duration |
| // podEvictionTimeout is the grace period for deleting pods on failed nodes. |
| PodEvictionTimeout metav1.Duration |
| // secondaryNodeEvictionRate is implicitly overridden to 0 for clusters smaller than or equal to largeClusterSizeThreshold |
| LargeClusterSizeThreshold int32 |
| // Zone is treated as unhealthy in nodeEvictionRate and secondaryNodeEvictionRate when at least |
| // unhealthyZoneThreshold (no less than 3) of Nodes in the zone are NotReady |
| UnhealthyZoneThreshold float32 |
| } |
| |
| // PersistentVolumeBinderControllerConfiguration contains elements describing |
| // PersistentVolumeBinderController. |
| type PersistentVolumeBinderControllerConfiguration struct { |
| // pvClaimBinderSyncPeriod is the period for syncing persistent volumes |
| // and persistent volume claims. |
| PVClaimBinderSyncPeriod metav1.Duration |
| // volumeConfiguration holds configuration for volume related features. |
| VolumeConfiguration VolumeConfiguration |
| } |
| |
| // PodGCControllerConfiguration contains elements describing PodGCController. |
| type PodGCControllerConfiguration struct { |
| // terminatedPodGCThreshold is the number of terminated pods that can exist |
| // before the terminated pod garbage collector starts deleting terminated pods. |
| // If <= 0, the terminated pod garbage collector is disabled. |
| TerminatedPodGCThreshold int32 |
| } |
| |
| // ReplicaSetControllerConfiguration contains elements describing ReplicaSetController. |
| type ReplicaSetControllerConfiguration struct { |
| // concurrentRSSyncs is the number of replica sets that are allowed to sync |
| // concurrently. Larger number = more responsive replica management, but more |
| // CPU (and network) load. |
| ConcurrentRSSyncs int32 |
| } |
| |
| // ReplicationControllerConfiguration contains elements describing ReplicationController. |
| type ReplicationControllerConfiguration struct { |
| // concurrentRCSyncs is the number of replication controllers that are |
| // allowed to sync concurrently. Larger number = more responsive replica |
| // management, but more CPU (and network) load. |
| ConcurrentRCSyncs int32 |
| } |
| |
| // ResourceQuotaControllerConfiguration contains elements describing ResourceQuotaController. |
| type ResourceQuotaControllerConfiguration struct { |
| // resourceQuotaSyncPeriod is the period for syncing quota usage status |
| // in the system. |
| ResourceQuotaSyncPeriod metav1.Duration |
| // concurrentResourceQuotaSyncs is the number of resource quotas that are |
| // allowed to sync concurrently. Larger number = more responsive quota |
| // management, but more CPU (and network) load. |
| ConcurrentResourceQuotaSyncs int32 |
| } |
| |
| // SAControllerConfiguration contains elements describing ServiceAccountController. |
| type SAControllerConfiguration struct { |
| // serviceAccountKeyFile is the filename containing a PEM-encoded private RSA key |
| // used to sign service account tokens. |
| ServiceAccountKeyFile string |
| // concurrentSATokenSyncs is the number of service account token syncing operations |
| // that will be done concurrently. |
| ConcurrentSATokenSyncs int32 |
| // rootCAFile is the root certificate authority will be included in service |
| // account's token secret. This must be a valid PEM-encoded CA bundle. |
| RootCAFile string |
| } |
| |
| // ServiceControllerConfiguration contains elements describing ServiceController. |
| type ServiceControllerConfiguration struct { |
| // concurrentServiceSyncs is the number of services that are |
| // allowed to sync concurrently. Larger number = more responsive service |
| // management, but more CPU (and network) load. |
| ConcurrentServiceSyncs int32 |
| } |
| |
| // VolumeConfiguration contains *all* enumerated flags meant to configure all volume |
| // plugins. From this config, the controller-manager binary will create many instances of |
| // volume.VolumeConfig, each containing only the configuration needed for that plugin which |
| // are then passed to the appropriate plugin. The ControllerManager binary is the only part |
| // of the code which knows what plugins are supported and which flags correspond to each plugin. |
| type VolumeConfiguration struct { |
| // enableHostPathProvisioning enables HostPath PV provisioning when running without a |
| // cloud provider. This allows testing and development of provisioning features. HostPath |
| // provisioning is not supported in any way, won't work in a multi-node cluster, and |
| // should not be used for anything other than testing or development. |
| EnableHostPathProvisioning bool |
| // enableDynamicProvisioning enables the provisioning of volumes when running within an environment |
| // that supports dynamic provisioning. Defaults to true. |
| EnableDynamicProvisioning bool |
| // persistentVolumeRecyclerConfiguration holds configuration for persistent volume plugins. |
| PersistentVolumeRecyclerConfiguration PersistentVolumeRecyclerConfiguration |
| // volumePluginDir is the full path of the directory in which the flex |
| // volume plugin should search for additional third party volume plugins |
| FlexVolumePluginDir string |
| } |
| |
| // PersistentVolumeRecyclerConfiguration contains elements describing persistent volume plugins. |
| type PersistentVolumeRecyclerConfiguration struct { |
| // maximumRetry is number of retries the PV recycler will execute on failure to recycle |
| // PV. |
| MaximumRetry int32 |
| // minimumTimeoutNFS is the minimum ActiveDeadlineSeconds to use for an NFS Recycler |
| // pod. |
| MinimumTimeoutNFS int32 |
| // podTemplateFilePathNFS is the file path to a pod definition used as a template for |
| // NFS persistent volume recycling |
| PodTemplateFilePathNFS string |
| // incrementTimeoutNFS is the increment of time added per Gi to ActiveDeadlineSeconds |
| // for an NFS scrubber pod. |
| IncrementTimeoutNFS int32 |
| // podTemplateFilePathHostPath is the file path to a pod definition used as a template for |
| // HostPath persistent volume recycling. This is for development and testing only and |
| // will not work in a multi-node cluster. |
| PodTemplateFilePathHostPath string |
| // minimumTimeoutHostPath is the minimum ActiveDeadlineSeconds to use for a HostPath |
| // Recycler pod. This is for development and testing only and will not work in a multi-node |
| // cluster. |
| MinimumTimeoutHostPath int32 |
| // incrementTimeoutHostPath is the increment of time added per Gi to ActiveDeadlineSeconds |
| // for a HostPath scrubber pod. This is for development and testing only and will not work |
| // in a multi-node cluster. |
| IncrementTimeoutHostPath int32 |
| } |
| |
| // TTLAfterFinishedControllerConfiguration contains elements describing TTLAfterFinishedController. |
| type TTLAfterFinishedControllerConfiguration struct { |
| // concurrentTTLSyncs is the number of TTL-after-finished collector workers that are |
| // allowed to sync concurrently. |
| ConcurrentTTLSyncs int32 |
| } |