Roland.Ma
60
vendor/k8s.io/apiserver/pkg/server/options/serving.go
generated
vendored
60
vendor/k8s.io/apiserver/pkg/server/options/serving.go
generated
vendored
@@ -17,14 +17,16 @@ limitations under the License.
|
||||
package options
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"path"
|
||||
"strconv"
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/spf13/pflag"
|
||||
"k8s.io/klog"
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
utilnet "k8s.io/apimachinery/pkg/util/net"
|
||||
"k8s.io/apiserver/pkg/server"
|
||||
@@ -66,6 +68,13 @@ type SecureServingOptions struct {
|
||||
// HTTP2MaxStreamsPerConnection is the limit that the api server imposes on each client.
|
||||
// A value of zero means to use the default provided by golang's HTTP/2 support.
|
||||
HTTP2MaxStreamsPerConnection int
|
||||
|
||||
// PermitPortSharing controls if SO_REUSEPORT is used when binding the port, which allows
|
||||
// more than one instance to bind on the same address and port.
|
||||
PermitPortSharing bool
|
||||
|
||||
// PermitAddressSharing controls if SO_REUSEADDR is used when binding the port.
|
||||
PermitAddressSharing bool
|
||||
}
|
||||
|
||||
type CertKey struct {
|
||||
@@ -166,11 +175,13 @@ func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
fs.StringVar(&s.ServerCert.CertKey.KeyFile, "tls-private-key-file", s.ServerCert.CertKey.KeyFile,
|
||||
"File containing the default x509 private key matching --tls-cert-file.")
|
||||
|
||||
tlsCipherPossibleValues := cliflag.TLSCipherPossibleValues()
|
||||
tlsCipherPreferredValues := cliflag.PreferredTLSCipherNames()
|
||||
tlsCipherInsecureValues := cliflag.InsecureTLSCipherNames()
|
||||
fs.StringSliceVar(&s.CipherSuites, "tls-cipher-suites", s.CipherSuites,
|
||||
"Comma-separated list of cipher suites for the server. "+
|
||||
"If omitted, the default Go cipher suites will be use. "+
|
||||
"Possible values: "+strings.Join(tlsCipherPossibleValues, ","))
|
||||
"If omitted, the default Go cipher suites will be used. \n"+
|
||||
"Preferred values: "+strings.Join(tlsCipherPreferredValues, ", ")+". \n"+
|
||||
"Insecure values: "+strings.Join(tlsCipherInsecureValues, ", ")+".")
|
||||
|
||||
tlsPossibleVersions := cliflag.TLSPossibleVersions()
|
||||
fs.StringVar(&s.MinTLSVersion, "tls-min-version", s.MinTLSVersion,
|
||||
@@ -192,6 +203,15 @@ func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
"The limit that the server gives to clients for "+
|
||||
"the maximum number of streams in an HTTP/2 connection. "+
|
||||
"Zero means to use golang's default.")
|
||||
|
||||
fs.BoolVar(&s.PermitPortSharing, "permit-port-sharing", s.PermitPortSharing,
|
||||
"If true, SO_REUSEPORT will be used when binding the port, which allows "+
|
||||
"more than one instance to bind on the same address and port. [default=false]")
|
||||
|
||||
fs.BoolVar(&s.PermitAddressSharing, "permit-address-sharing", s.PermitAddressSharing,
|
||||
"If true, SO_REUSEADDR will be used when binding the port. This allows binding "+
|
||||
"to wildcard IPs like 0.0.0.0 and specific IPs in parallel, and it avoids waiting "+
|
||||
"for the kernel to release sockets in TIME_WAIT state. [default=false]")
|
||||
}
|
||||
|
||||
// ApplyTo fills up serving information in the server configuration.
|
||||
@@ -206,7 +226,21 @@ func (s *SecureServingOptions) ApplyTo(config **server.SecureServingInfo) error
|
||||
if s.Listener == nil {
|
||||
var err error
|
||||
addr := net.JoinHostPort(s.BindAddress.String(), strconv.Itoa(s.BindPort))
|
||||
s.Listener, s.BindPort, err = CreateListener(s.BindNetwork, addr)
|
||||
|
||||
c := net.ListenConfig{}
|
||||
|
||||
ctls := multipleControls{}
|
||||
if s.PermitPortSharing {
|
||||
ctls = append(ctls, permitPortReuse)
|
||||
}
|
||||
if s.PermitAddressSharing {
|
||||
ctls = append(ctls, permitAddressReuse)
|
||||
}
|
||||
if len(ctls) > 0 {
|
||||
c.Control = ctls.Control
|
||||
}
|
||||
|
||||
s.Listener, s.BindPort, err = CreateListener(s.BindNetwork, addr, c)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create listener: %v", err)
|
||||
}
|
||||
@@ -317,11 +351,12 @@ func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress str
|
||||
return nil
|
||||
}
|
||||
|
||||
func CreateListener(network, addr string) (net.Listener, int, error) {
|
||||
func CreateListener(network, addr string, config net.ListenConfig) (net.Listener, int, error) {
|
||||
if len(network) == 0 {
|
||||
network = "tcp"
|
||||
}
|
||||
ln, err := net.Listen(network, addr)
|
||||
|
||||
ln, err := config.Listen(context.TODO(), network, addr)
|
||||
if err != nil {
|
||||
return nil, 0, fmt.Errorf("failed to listen on %v: %v", addr, err)
|
||||
}
|
||||
@@ -335,3 +370,14 @@ func CreateListener(network, addr string) (net.Listener, int, error) {
|
||||
|
||||
return ln, tcpAddr.Port, nil
|
||||
}
|
||||
|
||||
type multipleControls []func(network, addr string, conn syscall.RawConn) error
|
||||
|
||||
func (mcs multipleControls) Control(network, addr string, conn syscall.RawConn) error {
|
||||
for _, c := range mcs {
|
||||
if err := c(network, addr, conn); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user