kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #31786 from tengqm/update-configapis 

Update config API reference
pull/31907/head
Kubernetes Prow Robot 2022-02-27 17:38:55 -08:00 committed by GitHub
parent d2a2af28ea 5dfea11d6f
commit 189100f5aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 3511 additions and 4025 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

365
content/en/docs/reference/config-api/apiserver-audit.v1.md
View File

@ -19,13 +19,13 @@ auto_generated: true
## `Event` {#audit-k8s-io-v1-Event}
**Appears in:**
- [EventList](#audit-k8s-io-v1-EventList)
Event captures all the information that can be included in an API audit log.
<p>Event captures all the information that can be included in an API audit log.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -34,152 +34,134 @@ Event captures all the information that can be included in an API audit log.
<tr><td><code>apiVersion</code><br/>string</td><td><code>audit.k8s.io/v1</code></td></tr>
<tr><td><code>kind</code><br/>string</td><td><code>Event</code></td></tr>
<tr><td><code>level</code> <B>[Required]</B><br/>
<a href="#audit-k8s-io-v1-Level"><code>Level</code></a>
</td>
<td>
AuditLevel at which event was generated</td>
<p>AuditLevel at which event was generated</p>
</td>
</tr>
<tr><td><code>auditID</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/types#UID"><code>k8s.io/apimachinery/pkg/types.UID</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/types#UID"><code>k8s.io/apimachinery/pkg/types.UID</code></a>
</td>
<td>
Unique audit ID, generated for each request.</td>
<p>Unique audit ID, generated for each request.</p>
</td>
</tr>
<tr><td><code>stage</code> <B>[Required]</B><br/>
<a href="#audit-k8s-io-v1-Stage"><code>Stage</code></a>
</td>
<td>
Stage of the request handling when this event instance was generated.</td>
<p>Stage of the request handling when this event instance was generated.</p>
</td>
</tr>
<tr><td><code>requestURI</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
RequestURI is the request URI as sent by the client to a server.</td>
<p>RequestURI is the request URI as sent by the client to a server.</p>
</td>
</tr>
<tr><td><code>verb</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
Verb is the kubernetes verb associated with the request.
For non-resource requests, this is the lower-cased HTTP method.</td>
<p>Verb is the kubernetes verb associated with the request.
For non-resource requests, this is the lower-cased HTTP method.</p>
</td>
</tr>
<tr><td><code>user</code> <B>[Required]</B><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#userinfo-v1-authentication"><code>authentication/v1.UserInfo</code></a>
</td>
<td>
Authenticated user information.</td>
<p>Authenticated user information.</p>
</td>
</tr>
<tr><td><code>impersonatedUser</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#userinfo-v1-authentication"><code>authentication/v1.UserInfo</code></a>
</td>
<td>
Impersonated user information.</td>
<p>Impersonated user information.</p>
</td>
</tr>
<tr><td><code>sourceIPs</code><br/>
<code>[]string</code>
</td>
<td>
Source IPs, from where the request originated and intermediate proxies.</td>
<p>Source IPs, from where the request originated and intermediate proxies.</p>
</td>
</tr>
<tr><td><code>userAgent</code><br/>
<code>string</code>
</td>
<td>
UserAgent records the user agent string reported by the client.
Note that the UserAgent is provided by the client, and must not be trusted.</td>
<p>UserAgent records the user agent string reported by the client.
Note that the UserAgent is provided by the client, and must not be trusted.</p>
</td>
</tr>
<tr><td><code>objectRef</code><br/>
<a href="#audit-k8s-io-v1-ObjectReference"><code>ObjectReference</code></a>
</td>
<td>
Object reference this request is targeted at.
Does not apply for List-type requests, or non-resource requests.</td>
<p>Object reference this request is targeted at.
Does not apply for List-type requests, or non-resource requests.</p>
</td>
</tr>
<tr><td><code>responseStatus</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#status-v1-meta"><code>meta/v1.Status</code></a>
</td>
<td>
The response status, populated even when the ResponseObject is not a Status type.
<p>The response status, populated even when the ResponseObject is not a Status type.
For successful responses, this will only include the Code and StatusSuccess.
For non-status type error responses, this will be auto-populated with the error Message.</td>
For non-status type error responses, this will be auto-populated with the error Message.</p>
</td>
</tr>
<tr><td><code>requestObject</code><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/runtime#Unknown"><code>k8s.io/apimachinery/pkg/runtime.Unknown</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime#Unknown"><code>k8s.io/apimachinery/pkg/runtime.Unknown</code></a>
</td>
<td>
API object from the request, in JSON format. The RequestObject is recorded as-is in the request
<p>API object from the request, in JSON format. The RequestObject is recorded as-is in the request
(possibly re-encoded as JSON), prior to version conversion, defaulting, admission or
merging. It is an external versioned object type, and may not be a valid object on its own.
Omitted for non-resource requests. Only logged at Request Level and higher.</td>
Omitted for non-resource requests. Only logged at Request Level and higher.</p>
</td>
</tr>
<tr><td><code>responseObject</code><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/runtime#Unknown"><code>k8s.io/apimachinery/pkg/runtime.Unknown</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime#Unknown"><code>k8s.io/apimachinery/pkg/runtime.Unknown</code></a>
</td>
<td>
API object returned in the response, in JSON. The ResponseObject is recorded after conversion
<p>API object returned in the response, in JSON. The ResponseObject is recorded after conversion
to the external type, and serialized as JSON. Omitted for non-resource requests. Only logged
at Response Level.</td>
at Response Level.</p>
</td>
</tr>
<tr><td><code>requestReceivedTimestamp</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#microtime-v1-meta"><code>meta/v1.MicroTime</code></a>
</td>
<td>
Time the request reached the apiserver.</td>
<p>Time the request reached the apiserver.</p>
</td>
</tr>
<tr><td><code>stageTimestamp</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#microtime-v1-meta"><code>meta/v1.MicroTime</code></a>
</td>
<td>
Time the request reached current audit stage.</td>
<p>Time the request reached current audit stage.</p>
</td>
</tr>
<tr><td><code>annotations</code><br/>
<code>map[string]string</code>
</td>
<td>
Annotations is an unstructured key value map stored with an audit event that may be set by
<p>Annotations is an unstructured key value map stored with an audit event that may be set by
plugins invoked in the request serving chain, including authentication, authorization and
admission plugins. Note that these annotations are for the audit event, and do not correspond
to the metadata.annotations of the submitted object. Keys should uniquely identify the informing
component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values
should be short. Annotations are included in the Metadata level.</td>
should be short. Annotations are included in the Metadata level.</p>
</td>
</tr>
</tbody>
</table>
@ -187,10 +169,9 @@ should be short. Annotations are included in the Metadata level.</td>
<p>EventList is a list of audit Events.</p>
EventList is a list of audit Events.
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
@ -198,41 +179,33 @@ EventList is a list of audit Events.
<tr><td><code>apiVersion</code><br/>string</td><td><code>audit.k8s.io/v1</code></td></tr>
<tr><td><code>kind</code><br/>string</td><td><code>EventList</code></td></tr>
<tr><td><code>metadata</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#listmeta-v1-meta"><code>meta/v1.ListMeta</code></a>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
<tr><td><code>items</code> <B>[Required]</B><br/>
<a href="#audit-k8s-io-v1-Event"><code>[]Event</code></a>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
</tbody>
</table>
## `Policy` {#audit-k8s-io-v1-Policy}
**Appears in:**
- [PolicyList](#audit-k8s-io-v1-PolicyList)
Policy defines the configuration of audit logging, and the rules for how different request
categories are logged.
<p>Policy defines the configuration of audit logging, and the rules for how different request
categories are logged.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -241,50 +214,44 @@ categories are logged.
<tr><td><code>apiVersion</code><br/>string</td><td><code>audit.k8s.io/v1</code></td></tr>
<tr><td><code>kind</code><br/>string</td><td><code>Policy</code></td></tr>
<tr><td><code>metadata</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta"><code>meta/v1.ObjectMeta</code></a>
</td>
<td>
ObjectMeta is included for interoperability with API infrastructure.Refer to the Kubernetes API documentation for the fields of the <code>metadata</code> field.</td>
<p>ObjectMeta is included for interoperability with API infrastructure.</p>
Refer to the Kubernetes API documentation for the fields of the <code>metadata</code> field.</td>
</tr>
<tr><td><code>rules</code> <B>[Required]</B><br/>
<a href="#audit-k8s-io-v1-PolicyRule"><code>[]PolicyRule</code></a>
</td>
<td>
Rules specify the audit Level a request should be recorded at.
<p>Rules specify the audit Level a request should be recorded at.
A request may match multiple rules, in which case the FIRST matching rule is used.
The default audit level is None, but can be overridden by a catch-all rule at the end of the list.
PolicyRules are strictly ordered.</td>
PolicyRules are strictly ordered.</p>
</td>
</tr>
<tr><td><code>omitStages</code><br/>
<a href="#audit-k8s-io-v1-Stage"><code>[]Stage</code></a>
</td>
<td>
OmitStages is a list of stages for which no events are created. Note that this can also
be specified per rule in which case the union of both are omitted.</td>
<p>OmitStages is a list of stages for which no events are created. Note that this can also
be specified per rule in which case the union of both are omitted.</p>
</td>
</tr>
<tr><td><code>omitManagedFields</code><br/>
<code>bool</code>
</td>
<td>
OmitManagedFields indicates whether to omit the managed fields of the request
<p>OmitManagedFields indicates whether to omit the managed fields of the request
and response bodies from being written to the API audit log.
This is used as a global default - a value of 'true' will omit the managed fileds,
otherwise the managed fields will be included in the API audit log.
Note that this can also be specified per rule in which case the value specified
in a rule will override the global default.</td>
in a rule will override the global default.</p>
</td>
</tr>
</tbody>
</table>
@ -292,10 +259,9 @@ in a rule will override the global default.</td>
<p>PolicyList is a list of audit Policies.</p>
PolicyList is a list of audit Policies.
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
@ -303,86 +269,71 @@ PolicyList is a list of audit Policies.
<tr><td><code>apiVersion</code><br/>string</td><td><code>audit.k8s.io/v1</code></td></tr>
<tr><td><code>kind</code><br/>string</td><td><code>PolicyList</code></td></tr>
<tr><td><code>metadata</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#listmeta-v1-meta"><code>meta/v1.ListMeta</code></a>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
<tr><td><code>items</code> <B>[Required]</B><br/>
<a href="#audit-k8s-io-v1-Policy"><code>[]Policy</code></a>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
</tbody>
</table>
## `GroupResources` {#audit-k8s-io-v1-GroupResources}
**Appears in:**
- [PolicyRule](#audit-k8s-io-v1-PolicyRule)
GroupResources represents resource kinds in an API group.
<p>GroupResources represents resource kinds in an API group.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>group</code><br/>
<code>string</code>
</td>
<td>
Group is the name of the API group that contains the resources.
The empty string represents the core API group.</td>
<p>Group is the name of the API group that contains the resources.
The empty string represents the core API group.</p>
</td>
</tr>
<tr><td><code>resources</code><br/>
<code>[]string</code>
</td>
<td>
Resources is a list of resources this rule applies to.
For example:
<p>Resources is a list of resources this rule applies to.</p>
<p>For example:
'pods' matches pods.
'pods/log' matches the log subresource of pods.
'&lowast;' matches all resources and their subresources.
'pods/&lowast;' matches all subresources of pods.
'&lowast;/scale' matches all scale subresources.
If wildcard is present, the validation rule will ensure resources do not
overlap with each other.
An empty list implies all resources and subresources in this API groups apply.</td>
'<em>' matches all resources and their subresources.
'pods/</em>' matches all subresources of pods.
'*/scale' matches all scale subresources.</p>
<p>If wildcard is present, the validation rule will ensure resources do not
overlap with each other.</p>
<p>An empty list implies all resources and subresources in this API groups apply.</p>
</td>
</tr>
<tr><td><code>resourceNames</code><br/>
<code>[]string</code>
</td>
<td>
ResourceNames is a list of resource instance names that the policy matches.
<p>ResourceNames is a list of resource instance names that the policy matches.
Using this field requires Resources to be specified.
An empty list implies that every instance of the resource is matched.</td>
An empty list implies that every instance of the resource is matched.</p>
</td>
</tr>
</tbody>
</table>
@ -390,216 +341,189 @@ An empty list implies that every instance of the resource is matched.</td>
(Alias of `string`)
**Appears in:**
- [Event](#audit-k8s-io-v1-Event)
- [PolicyRule](#audit-k8s-io-v1-PolicyRule)
Level defines the amount of information logged during auditing
<p>Level defines the amount of information logged during auditing</p>
## `ObjectReference` {#audit-k8s-io-v1-ObjectReference}
**Appears in:**
- [Event](#audit-k8s-io-v1-Event)
ObjectReference contains enough information to let you inspect or modify the referred object.
<p>ObjectReference contains enough information to let you inspect or modify the referred object.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>resource</code><br/>
<code>string</code>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
<tr><td><code>namespace</code><br/>
<code>string</code>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
<tr><td><code>name</code><br/>
<code>string</code>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
<tr><td><code>uid</code><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/types#UID"><code>k8s.io/apimachinery/pkg/types.UID</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/types#UID"><code>k8s.io/apimachinery/pkg/types.UID</code></a>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
<tr><td><code>apiGroup</code><br/>
<code>string</code>
</td>
<td>
APIGroup is the name of the API group that contains the referred object.
The empty string represents the core API group.</td>
<p>APIGroup is the name of the API group that contains the referred object.
The empty string represents the core API group.</p>
</td>
</tr>
<tr><td><code>apiVersion</code><br/>
<code>string</code>
</td>
<td>
APIVersion is the version of the API group that contains the referred object.</td>
<p>APIVersion is the version of the API group that contains the referred object.</p>
</td>
</tr>
<tr><td><code>resourceVersion</code><br/>
<code>string</code>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
<tr><td><code>subresource</code><br/>
<code>string</code>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
</tbody>
</table>
## `PolicyRule` {#audit-k8s-io-v1-PolicyRule}
**Appears in:**
- [Policy](#audit-k8s-io-v1-Policy)
PolicyRule maps requests based off metadata to an audit Level.
Requests must match the rules of every field (an intersection of rules).
<p>PolicyRule maps requests based off metadata to an audit Level.
Requests must match the rules of every field (an intersection of rules).</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>level</code> <B>[Required]</B><br/>
<a href="#audit-k8s-io-v1-Level"><code>Level</code></a>
</td>
<td>
The Level that requests matching this rule are recorded at.</td>
<p>The Level that requests matching this rule are recorded at.</p>
</td>
</tr>
<tr><td><code>users</code><br/>
<code>[]string</code>
</td>
<td>
The users (by authenticated user name) this rule applies to.
An empty list implies every user.</td>
<p>The users (by authenticated user name) this rule applies to.
An empty list implies every user.</p>
</td>
</tr>
<tr><td><code>userGroups</code><br/>
<code>[]string</code>
</td>
<td>
The user groups this rule applies to. A user is considered matching
<p>The user groups this rule applies to. A user is considered matching
if it is a member of any of the UserGroups.
An empty list implies every user group.</td>
An empty list implies every user group.</p>
</td>
</tr>
<tr><td><code>verbs</code><br/>
<code>[]string</code>
</td>
<td>
The verbs that match this rule.
An empty list implies every verb.</td>
<p>The verbs that match this rule.
An empty list implies every verb.</p>
</td>
</tr>
<tr><td><code>resources</code><br/>
<a href="#audit-k8s-io-v1-GroupResources"><code>[]GroupResources</code></a>
</td>
<td>
Resources that this rule matches. An empty list implies all kinds in all API groups.</td>
<p>Resources that this rule matches. An empty list implies all kinds in all API groups.</p>
</td>
</tr>
<tr><td><code>namespaces</code><br/>
<code>[]string</code>
</td>
<td>
Namespaces that this rule matches.
The empty string "" matches non-namespaced resources.
An empty list implies every namespace.</td>
<p>Namespaces that this rule matches.
The empty string &quot;&quot; matches non-namespaced resources.
An empty list implies every namespace.</p>
</td>
</tr>
<tr><td><code>nonResourceURLs</code><br/>
<code>[]string</code>
</td>
<td>
NonResourceURLs is a set of URL paths that should be audited.
&lowast;s are allowed, but only as the full, final step in the path.
<p>NonResourceURLs is a set of URL paths that should be audited.
<em>s are allowed, but only as the full, final step in the path.
Examples:
"/metrics" - Log requests for apiserver metrics
"/healthz&lowast;" - Log all health checks</td>
&quot;/metrics&quot; - Log requests for apiserver metrics
&quot;/healthz</em>&quot; - Log all health checks</p>
</td>
</tr>
<tr><td><code>omitStages</code><br/>
<a href="#audit-k8s-io-v1-Stage"><code>[]Stage</code></a>
</td>
<td>
OmitStages is a list of stages for which no events are created. Note that this can also
<p>OmitStages is a list of stages for which no events are created. Note that this can also
be specified policy wide in which case the union of both are omitted.
An empty list means no restrictions will apply.</td>
An empty list means no restrictions will apply.</p>
</td>
</tr>
<tr><td><code>omitManagedFields</code><br/>
<code>bool</code>
</td>
<td>
OmitManagedFields indicates whether to omit the managed fields of the request
and response bodies from being written to the API audit log.
- a value of 'true' will drop the managed fields from the API audit log
- a value of 'false' indicates that the managed fileds should be included
in the API audit log
<p>OmitManagedFields indicates whether to omit the managed fields of the request
and response bodies from being written to the API audit log.</p>
<ul>
<li>a value of 'true' will drop the managed fields from the API audit log</li>
<li>a value of 'false' indicates that the managed fileds should be included
in the API audit log
Note that the value, if specified, in this rule will override the global default
If a value is not specified then the global default specified in
Policy.OmitManagedFields will stand.</td>
Policy.OmitManagedFields will stand.</li>
</ul>
</td>
</tr>
</tbody>
</table>
@ -607,14 +531,17 @@ Policy.OmitManagedFields will stand.</td>
(Alias of `string`)
**Appears in:**
- [Event](#audit-k8s-io-v1-Event)
- [Policy](#audit-k8s-io-v1-Policy)
- [PolicyRule](#audit-k8s-io-v1-PolicyRule)
Stage defines the stages in request handling that audit events may be generated.
<p>Stage defines the stages in request handling that audit events may be generated.</p>

43
content/en/docs/reference/config-api/apiserver-config.v1.md
View File

@ -4,7 +4,8 @@ content_type: tool-reference
package: apiserver.config.k8s.io/v1
auto_generated: true
---
Package v1 is the v1 version of the API.
<p>Package v1 is the v1 version of the API.</p>
## Resource Types
@ -17,10 +18,9 @@ Package v1 is the v1 version of the API.
<p>AdmissionConfiguration provides versioned configuration for admission controllers.</p>
AdmissionConfiguration provides versioned configuration for admission controllers.
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
@ -28,64 +28,57 @@ AdmissionConfiguration provides versioned configuration for admission controller
<tr><td><code>apiVersion</code><br/>string</td><td><code>apiserver.config.k8s.io/v1</code></td></tr>
<tr><td><code>kind</code><br/>string</td><td><code>AdmissionConfiguration</code></td></tr>
<tr><td><code>plugins</code><br/>
<a href="#apiserver-config-k8s-io-v1-AdmissionPluginConfiguration"><code>[]AdmissionPluginConfiguration</code></a>
</td>
<td>
Plugins allows specifying a configuration per admission control plugin.</td>
<p>Plugins allows specifying a configuration per admission control plugin.</p>
</td>
</tr>
</tbody>
</table>
## `AdmissionPluginConfiguration` {#apiserver-config-k8s-io-v1-AdmissionPluginConfiguration}
**Appears in:**
- [AdmissionConfiguration](#apiserver-config-k8s-io-v1-AdmissionConfiguration)
AdmissionPluginConfiguration provides the configuration for a single plug-in.
<p>AdmissionPluginConfiguration provides the configuration for a single plug-in.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>name</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
Name is the name of the admission controller.
It must match the registered admission plugin name.</td>
<p>Name is the name of the admission controller.
It must match the registered admission plugin name.</p>
</td>
</tr>
<tr><td><code>path</code><br/>
<code>string</code>
</td>
<td>
Path is the path to a configuration file that contains the plugin's
configuration</td>
<p>Path is the path to a configuration file that contains the plugin's
configuration</p>
</td>
</tr>
<tr><td><code>configuration</code><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/runtime#Unknown"><code>k8s.io/apimachinery/pkg/runtime.Unknown</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime#Unknown"><code>k8s.io/apimachinery/pkg/runtime.Unknown</code></a>
</td>
<td>
Configuration is an embedded configuration object to be used as the plugin's
configuration. If present, it will be used instead of the path to the configuration file.</td>
<p>Configuration is an embedded configuration object to be used as the plugin's
configuration. If present, it will be used instead of the path to the configuration file.</p>
</td>
</tr>
</tbody>
</table>

13
content/en/docs/reference/config-api/apiserver-webhookadmission.v1.md
View File

@ -4,7 +4,8 @@ content_type: tool-reference
package: apiserver.config.k8s.io/v1
auto_generated: true
---
Package v1 is the v1 version of the API.
<p>Package v1 is the v1 version of the API.</p>
## Resource Types
@ -17,10 +18,9 @@ Package v1 is the v1 version of the API.
<p>WebhookAdmission provides configuration for the webhook admission controller.</p>
WebhookAdmission provides configuration for the webhook admission controller.
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
@ -28,17 +28,14 @@ WebhookAdmission provides configuration for the webhook admission controller.
<tr><td><code>apiVersion</code><br/>string</td><td><code>apiserver.config.k8s.io/v1</code></td></tr>
<tr><td><code>kind</code><br/>string</td><td><code>WebhookAdmission</code></td></tr>
<tr><td><code>kubeConfigFile</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
KubeConfigFile is the path to the kubeconfig file.</td>
<p>KubeConfigFile is the path to the kubeconfig file.</p>
</td>
</tr>
</tbody>
</table>

162
content/en/docs/reference/config-api/client-authentication.v1.md
View File

@ -17,11 +17,10 @@ auto_generated: true
<p>ExecCredential is used by exec-based plugins to communicate credentials to
HTTP transports.</p>
ExecCredential is used by exec-based plugins to communicate credentials to
HTTP transports.
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
@ -29,221 +28,202 @@ HTTP transports.
<tr><td><code>apiVersion</code><br/>string</td><td><code>client.authentication.k8s.io/v1</code></td></tr>
<tr><td><code>kind</code><br/>string</td><td><code>ExecCredential</code></td></tr>
<tr><td><code>spec</code> <B>[Required]</B><br/>
<a href="#client-authentication-k8s-io-v1-ExecCredentialSpec"><code>ExecCredentialSpec</code></a>
</td>
<td>
Spec holds information passed to the plugin by the transport.</td>
<p>Spec holds information passed to the plugin by the transport.</p>
</td>
</tr>
<tr><td><code>status</code><br/>
<a href="#client-authentication-k8s-io-v1-ExecCredentialStatus"><code>ExecCredentialStatus</code></a>
</td>
<td>
Status is filled in by the plugin and holds the credentials that the transport
should use to contact the API.</td>
<p>Status is filled in by the plugin and holds the credentials that the transport
should use to contact the API.</p>
</td>
</tr>
</tbody>
</table>
## `Cluster` {#client-authentication-k8s-io-v1-Cluster}
**Appears in:**
- [ExecCredentialSpec](#client-authentication-k8s-io-v1-ExecCredentialSpec)
Cluster contains information to allow an exec plugin to communicate
with the kubernetes cluster being authenticated to.
To ensure that this struct contains everything someone would need to communicate
<p>Cluster contains information to allow an exec plugin to communicate
with the kubernetes cluster being authenticated to.</p>
<p>To ensure that this struct contains everything someone would need to communicate
with a kubernetes cluster (just like they would via a kubeconfig), the fields
should shadow "k8s.io/client-go/tools/clientcmd/api/v1".Cluster, with the exception
of CertificateAuthority, since CA data will always be passed to the plugin as bytes.
should shadow &quot;k8s.io/client-go/tools/clientcmd/api/v1&quot;.Cluster, with the exception
of CertificateAuthority, since CA data will always be passed to the plugin as bytes.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>server</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
Server is the address of the kubernetes cluster (https://hostname:port).</td>
<p>Server is the address of the kubernetes cluster (https://hostname:port).</p>
</td>
</tr>
<tr><td><code>tls-server-name</code><br/>
<code>string</code>
</td>
<td>
TLSServerName is passed to the server for SNI and is used in the client to
<p>TLSServerName is passed to the server for SNI and is used in the client to
check server certificates against. If ServerName is empty, the hostname
used to contact the server is used.</td>
used to contact the server is used.</p>
</td>
</tr>
<tr><td><code>insecure-skip-tls-verify</code><br/>
<code>bool</code>
</td>
<td>
InsecureSkipTLSVerify skips the validity check for the server's certificate.
This will make your HTTPS connections insecure.</td>
<p>InsecureSkipTLSVerify skips the validity check for the server's certificate.
This will make your HTTPS connections insecure.</p>
</td>
</tr>
<tr><td><code>certificate-authority-data</code><br/>
<code>[]byte</code>
</td>
<td>
CAData contains PEM-encoded certificate authority certificates.
If empty, system roots should be used.</td>
<p>CAData contains PEM-encoded certificate authority certificates.
If empty, system roots should be used.</p>
</td>
</tr>
<tr><td><code>proxy-url</code><br/>
<code>string</code>
</td>
<td>
ProxyURL is the URL to the proxy to be used for all requests to this
cluster.</td>
<p>ProxyURL is the URL to the proxy to be used for all requests to this
cluster.</p>
</td>
</tr>
<tr><td><code>config</code><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/runtime/#RawExtension"><code>k8s.io/apimachinery/pkg/runtime.RawExtension</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime/#RawExtension"><code>k8s.io/apimachinery/pkg/runtime.RawExtension</code></a>
</td>
<td>
Config holds additional config data that is specific to the exec
plugin with regards to the cluster being authenticated to.
This data is sourced from the clientcmd Cluster object's
extensions[client.authentication.k8s.io/exec] field:
clusters:
- name: my-cluster
cluster:
...
extensions:
- name: client.authentication.k8s.io/exec # reserved extension name for per cluster exec config
extension:
audience: 06e3fbd18de8 # arbitrary config
In some environments, the user config may be exactly the same across many clusters
<p>Config holds additional config data that is specific to the exec
plugin with regards to the cluster being authenticated to.</p>
<p>This data is sourced from the clientcmd Cluster object's
extensions[client.authentication.k8s.io/exec] field:</p>
<p>clusters:</p>
<ul>
<li>name: my-cluster
cluster:
...
extensions:
<ul>
<li>name: client.authentication.k8s.io/exec # reserved extension name for per cluster exec config
extension:
audience: 06e3fbd18de8 # arbitrary config</li>
</ul>
</li>
</ul>
<p>In some environments, the user config may be exactly the same across many clusters
(i.e. call this exec plugin) minus some details that are specific to each cluster
such as the audience. This field allows the per cluster config to be directly
specified with the cluster info. Using this field to store secret data is not
recommended as one of the prime benefits of exec plugins is that no secrets need
to be stored directly in the kubeconfig.</td>
to be stored directly in the kubeconfig.</p>
</td>
</tr>
</tbody>
</table>
## `ExecCredentialSpec` {#client-authentication-k8s-io-v1-ExecCredentialSpec}
**Appears in:**
- [ExecCredential](#client-authentication-k8s-io-v1-ExecCredential)
ExecCredentialSpec holds request and runtime specific information provided by
the transport.
<p>ExecCredentialSpec holds request and runtime specific information provided by
the transport.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>cluster</code><br/>
<a href="#client-authentication-k8s-io-v1-Cluster"><code>Cluster</code></a>
</td>
<td>
Cluster contains information to allow an exec plugin to communicate with the
<p>Cluster contains information to allow an exec plugin to communicate with the
kubernetes cluster being authenticated to. Note that Cluster is non-nil only
when provideClusterInfo is set to true in the exec provider config (i.e.,
ExecConfig.ProvideClusterInfo).</td>
ExecConfig.ProvideClusterInfo).</p>
</td>
</tr>
<tr><td><code>interactive</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
Interactive declares whether stdin has been passed to this exec plugin.</td>
<p>Interactive declares whether stdin has been passed to this exec plugin.</p>
</td>
</tr>
</tbody>
</table>
## `ExecCredentialStatus` {#client-authentication-k8s-io-v1-ExecCredentialStatus}
**Appears in:**
- [ExecCredential](#client-authentication-k8s-io-v1-ExecCredential)
ExecCredentialStatus holds credentials for the transport to use.
Token and ClientKeyData are sensitive fields. This data should only be
<p>ExecCredentialStatus holds credentials for the transport to use.</p>
<p>Token and ClientKeyData are sensitive fields. This data should only be
transmitted in-memory between client and exec plugin process. Exec plugin
itself should at least be protected via file permissions.
itself should at least be protected via file permissions.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>expirationTimestamp</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#time-v1-meta"><code>meta/v1.Time</code></a>
</td>
<td>
ExpirationTimestamp indicates a time when the provided credentials expire.</td>
<p>ExpirationTimestamp indicates a time when the provided credentials expire.</p>
</td>
</tr>
<tr><td><code>token</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
Token is a bearer token used by the client for request authentication.</td>
<p>Token is a bearer token used by the client for request authentication.</p>
</td>
</tr>
<tr><td><code>clientCertificateData</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
PEM-encoded client TLS certificates (including intermediates, if any).</td>
<p>PEM-encoded client TLS certificates (including intermediates, if any).</p>
</td>
</tr>
<tr><td><code>clientKeyData</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
PEM-encoded private key for the above certificate.</td>
<p>PEM-encoded private key for the above certificate.</p>
</td>
</tr>
</tbody>
</table>

105
content/en/docs/reference/config-api/client-authentication.v1beta1.md
View File

@ -17,8 +17,9 @@ auto_generated: true
ExecCredential is used by exec-based plugins to communicate credentials to
HTTP transports.
<p>ExecCredential is used by exec-based plugins to communicate credentials to
HTTP transports.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -32,15 +33,15 @@ HTTP transports.
<a href="#client-authentication-k8s-io-v1beta1-ExecCredentialSpec"><code>ExecCredentialSpec</code></a>
</td>
<td>
Spec holds information passed to the plugin by the transport.
<p>Spec holds information passed to the plugin by the transport.</p>
</td>
</tr>
<tr><td><code>status</code><br/>
<a href="#client-authentication-k8s-io-v1beta1-ExecCredentialStatus"><code>ExecCredentialStatus</code></a>
</td>
<td>
Status is filled in by the plugin and holds the credentials that the transport
should use to contact the API.
<p>Status is filled in by the plugin and holds the credentials that the transport
should use to contact the API.</p>
</td>
</tr>
</tbody>
@ -53,13 +54,14 @@ should use to contact the API.
- [ExecCredentialSpec](#client-authentication-k8s-io-v1beta1-ExecCredentialSpec)
Cluster contains information to allow an exec plugin to communicate
with the kubernetes cluster being authenticated to.
To ensure that this struct contains everything someone would need to communicate
<p>Cluster contains information to allow an exec plugin to communicate
with the kubernetes cluster being authenticated to.</p>
<p>To ensure that this struct contains everything someone would need to communicate
with a kubernetes cluster (just like they would via a kubeconfig), the fields
should shadow "k8s.io/client-go/tools/clientcmd/api/v1".Cluster, with the exception
of CertificateAuthority, since CA data will always be passed to the plugin as bytes.
should shadow &quot;k8s.io/client-go/tools/clientcmd/api/v1&quot;.Cluster, with the exception
of CertificateAuthority, since CA data will always be passed to the plugin as bytes.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -70,67 +72,69 @@ of CertificateAuthority, since CA data will always be passed to the plugin as by
<code>string</code>
</td>
<td>
Server is the address of the kubernetes cluster (https://hostname:port).
<p>Server is the address of the kubernetes cluster (https://hostname:port).</p>
</td>
</tr>
<tr><td><code>tls-server-name</code><br/>
<code>string</code>
</td>
<td>
TLSServerName is passed to the server for SNI and is used in the client to
<p>TLSServerName is passed to the server for SNI and is used in the client to
check server certificates against. If ServerName is empty, the hostname
used to contact the server is used.
used to contact the server is used.</p>
</td>
</tr>
<tr><td><code>insecure-skip-tls-verify</code><br/>
<code>bool</code>
</td>
<td>
InsecureSkipTLSVerify skips the validity check for the server's certificate.
This will make your HTTPS connections insecure.
<p>InsecureSkipTLSVerify skips the validity check for the server's certificate.
This will make your HTTPS connections insecure.</p>
</td>
</tr>
<tr><td><code>certificate-authority-data</code><br/>
<code>[]byte</code>
</td>
<td>
CAData contains PEM-encoded certificate authority certificates.
If empty, system roots should be used.
<p>CAData contains PEM-encoded certificate authority certificates.
If empty, system roots should be used.</p>
</td>
</tr>
<tr><td><code>proxy-url</code><br/>
<code>string</code>
</td>
<td>
ProxyURL is the URL to the proxy to be used for all requests to this
cluster.
<p>ProxyURL is the URL to the proxy to be used for all requests to this
cluster.</p>
</td>
</tr>
<tr><td><code>config</code><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/runtime/#RawExtension"><code>k8s.io/apimachinery/pkg/runtime.RawExtension</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime/#RawExtension"><code>k8s.io/apimachinery/pkg/runtime.RawExtension</code></a>
</td>
<td>
Config holds additional config data that is specific to the exec
plugin with regards to the cluster being authenticated to.
This data is sourced from the clientcmd Cluster object's
extensions[client.authentication.k8s.io/exec] field:
clusters:
- name: my-cluster
cluster:
...
extensions:
- name: client.authentication.k8s.io/exec # reserved extension name for per cluster exec config
extension:
audience: 06e3fbd18de8 # arbitrary config
In some environments, the user config may be exactly the same across many clusters
<p>Config holds additional config data that is specific to the exec
plugin with regards to the cluster being authenticated to.</p>
<p>This data is sourced from the clientcmd Cluster object's
extensions[client.authentication.k8s.io/exec] field:</p>
<p>clusters:</p>
<ul>
<li>name: my-cluster
cluster:
...
extensions:
<ul>
<li>name: client.authentication.k8s.io/exec # reserved extension name for per cluster exec config
extension:
audience: 06e3fbd18de8 # arbitrary config</li>
</ul>
</li>
</ul>
<p>In some environments, the user config may be exactly the same across many clusters
(i.e. call this exec plugin) minus some details that are specific to each cluster
such as the audience. This field allows the per cluster config to be directly
specified with the cluster info. Using this field to store secret data is not
recommended as one of the prime benefits of exec plugins is that no secrets need
to be stored directly in the kubeconfig.
to be stored directly in the kubeconfig.</p>
</td>
</tr>
</tbody>
@ -143,8 +147,10 @@ to be stored directly in the kubeconfig.
- [ExecCredential](#client-authentication-k8s-io-v1beta1-ExecCredential)
ExecCredentialSpec holds request and runtime specific information provided by
the transport.
<p>ExecCredentialSpec holds request and runtime specific information provided by
the transport.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -155,17 +161,17 @@ the transport.
<a href="#client-authentication-k8s-io-v1beta1-Cluster"><code>Cluster</code></a>
</td>
<td>
Cluster contains information to allow an exec plugin to communicate with the
<p>Cluster contains information to allow an exec plugin to communicate with the
kubernetes cluster being authenticated to. Note that Cluster is non-nil only
when provideClusterInfo is set to true in the exec provider config (i.e.,
ExecConfig.ProvideClusterInfo).
ExecConfig.ProvideClusterInfo).</p>
</td>
</tr>
<tr><td><code>interactive</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
Interactive declares whether stdin has been passed to this exec plugin.
<p>Interactive declares whether stdin has been passed to this exec plugin.</p>
</td>
</tr>
</tbody>
@ -178,11 +184,12 @@ ExecConfig.ProvideClusterInfo).
- [ExecCredential](#client-authentication-k8s-io-v1beta1-ExecCredential)
ExecCredentialStatus holds credentials for the transport to use.
Token and ClientKeyData are sensitive fields. This data should only be
<p>ExecCredentialStatus holds credentials for the transport to use.</p>
<p>Token and ClientKeyData are sensitive fields. This data should only be
transmitted in-memory between client and exec plugin process. Exec plugin
itself should at least be protected via file permissions.
itself should at least be protected via file permissions.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -193,28 +200,28 @@ itself should at least be protected via file permissions.
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#time-v1-meta"><code>meta/v1.Time</code></a>
</td>
<td>
ExpirationTimestamp indicates a time when the provided credentials expire.
<p>ExpirationTimestamp indicates a time when the provided credentials expire.</p>
</td>
</tr>
<tr><td><code>token</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
Token is a bearer token used by the client for request authentication.
<p>Token is a bearer token used by the client for request authentication.</p>
</td>
</tr>
<tr><td><code>clientCertificateData</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
PEM-encoded client TLS certificates (including intermediates, if any).
<p>PEM-encoded client TLS certificates (including intermediates, if any).</p>
</td>
</tr>
<tr><td><code>clientKeyData</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
PEM-encoded private key for the above certificate.
<p>PEM-encoded private key for the above certificate.</p>
</td>
</tr>
</tbody>

459
content/en/docs/reference/config-api/kube-proxy-config.v1alpha1.md
View File

@ -17,8 +17,9 @@ auto_generated: true
KubeProxyConfiguration contains everything necessary to configure the
Kubernetes proxy server.
<p>KubeProxyConfiguration contains everything necessary to configure the
Kubernetes proxy server.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -32,164 +33,164 @@ Kubernetes proxy server.
<code>map[string]bool</code>
</td>
<td>
featureGates is a map of feature names to bools that enable or disable alpha/experimental features.
<p>featureGates is a map of feature names to bools that enable or disable alpha/experimental features.</p>
</td>
</tr>
<tr><td><code>bindAddress</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
bindAddress is the IP address for the proxy server to serve on (set to 0.0.0.0
for all interfaces)
<p>bindAddress is the IP address for the proxy server to serve on (set to 0.0.0.0
for all interfaces)</p>
</td>
</tr>
<tr><td><code>healthzBindAddress</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
healthzBindAddress is the IP address and port for the health check server to serve on,
defaulting to 0.0.0.0:10256
<p>healthzBindAddress is the IP address and port for the health check server to serve on,
defaulting to 0.0.0.0:10256</p>
</td>
</tr>
<tr><td><code>metricsBindAddress</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
metricsBindAddress is the IP address and port for the metrics server to serve on,
defaulting to 127.0.0.1:10249 (set to 0.0.0.0 for all interfaces)
<p>metricsBindAddress is the IP address and port for the metrics server to serve on,
defaulting to 127.0.0.1:10249 (set to 0.0.0.0 for all interfaces)</p>
</td>
</tr>
<tr><td><code>bindAddressHardFail</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
bindAddressHardFail, if true, kube-proxy will treat failure to bind to a port as fatal and exit
<p>bindAddressHardFail, if true, kube-proxy will treat failure to bind to a port as fatal and exit</p>
</td>
</tr>
<tr><td><code>enableProfiling</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
enableProfiling enables profiling via web interface on /debug/pprof handler.
Profiling handlers will be handled by metrics server.
<p>enableProfiling enables profiling via web interface on /debug/pprof handler.
Profiling handlers will be handled by metrics server.</p>
</td>
</tr>
<tr><td><code>clusterCIDR</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
clusterCIDR is the CIDR range of the pods in the cluster. It is used to
<p>clusterCIDR is the CIDR range of the pods in the cluster. It is used to
bridge traffic coming from outside of the cluster. If not provided,
no off-cluster bridging will be performed.
no off-cluster bridging will be performed.</p>
</td>
</tr>
<tr><td><code>hostnameOverride</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
hostnameOverride, if non-empty, will be used as the identity instead of the actual hostname.
<p>hostnameOverride, if non-empty, will be used as the identity instead of the actual hostname.</p>
</td>
</tr>
<tr><td><code>clientConnection</code> <B>[Required]</B><br/>
<a href="#ClientConnectionConfiguration"><code>ClientConnectionConfiguration</code></a>
</td>
<td>
clientConnection specifies the kubeconfig file and client connection settings for the proxy
server to use when communicating with the apiserver.
<p>clientConnection specifies the kubeconfig file and client connection settings for the proxy
server to use when communicating with the apiserver.</p>
</td>
</tr>
<tr><td><code>iptables</code> <B>[Required]</B><br/>
<a href="#kubeproxy-config-k8s-io-v1alpha1-KubeProxyIPTablesConfiguration"><code>KubeProxyIPTablesConfiguration</code></a>
</td>
<td>
iptables contains iptables-related configuration options.
<p>iptables contains iptables-related configuration options.</p>
</td>
</tr>
<tr><td><code>ipvs</code> <B>[Required]</B><br/>
<a href="#kubeproxy-config-k8s-io-v1alpha1-KubeProxyIPVSConfiguration"><code>KubeProxyIPVSConfiguration</code></a>
</td>
<td>
ipvs contains ipvs-related configuration options.
<p>ipvs contains ipvs-related configuration options.</p>
</td>
</tr>
<tr><td><code>oomScoreAdj</code> <B>[Required]</B><br/>
<code>int32</code>
</td>
<td>
oomScoreAdj is the oom-score-adj value for kube-proxy process. Values must be within
the range [-1000, 1000]
<p>oomScoreAdj is the oom-score-adj value for kube-proxy process. Values must be within
the range [-1000, 1000]</p>
</td>
</tr>
<tr><td><code>mode</code> <B>[Required]</B><br/>
<a href="#kubeproxy-config-k8s-io-v1alpha1-ProxyMode"><code>ProxyMode</code></a>
</td>
<td>
mode specifies which proxy mode to use.
<p>mode specifies which proxy mode to use.</p>
</td>
</tr>
<tr><td><code>portRange</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed
in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.
<p>portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed
in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.</p>
</td>
</tr>
<tr><td><code>udpIdleTimeout</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
udpIdleTimeout is how long an idle UDP connection will be kept open (e.g. '250ms', '2s').
Must be greater than 0. Only applicable for proxyMode=userspace.
<p>udpIdleTimeout is how long an idle UDP connection will be kept open (e.g. '250ms', '2s').
Must be greater than 0. Only applicable for proxyMode=userspace.</p>
</td>
</tr>
<tr><td><code>conntrack</code> <B>[Required]</B><br/>
<a href="#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConntrackConfiguration"><code>KubeProxyConntrackConfiguration</code></a>
</td>
<td>
conntrack contains conntrack-related configuration options.
<p>conntrack contains conntrack-related configuration options.</p>
</td>
</tr>
<tr><td><code>configSyncPeriod</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater
than 0.
<p>configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater
than 0.</p>
</td>
</tr>
<tr><td><code>nodePortAddresses</code> <B>[Required]</B><br/>
<code>[]string</code>
</td>
<td>
nodePortAddresses is the --nodeport-addresses value for kube-proxy process. Values must be valid
<p>nodePortAddresses is the --nodeport-addresses value for kube-proxy process. Values must be valid
IP blocks. These values are as a parameter to select the interfaces where nodeport works.
In case someone would like to expose a service on localhost for local visit and some other interfaces for
particular purpose, a list of IP blocks would do that.
If set it to "127.0.0.0/8", kube-proxy will only select the loopback interface for NodePort.
If set it to &quot;127.0.0.0/8&quot;, kube-proxy will only select the loopback interface for NodePort.
If set it to a non-zero IP block, kube-proxy will filter that down to just the IPs that applied to the node.
An empty string slice is meant to select all network interfaces.
An empty string slice is meant to select all network interfaces.</p>
</td>
</tr>
<tr><td><code>winkernel</code> <B>[Required]</B><br/>
<a href="#kubeproxy-config-k8s-io-v1alpha1-KubeProxyWinkernelConfiguration"><code>KubeProxyWinkernelConfiguration</code></a>
</td>
<td>
winkernel contains winkernel-related configuration options.
<p>winkernel contains winkernel-related configuration options.</p>
</td>
</tr>
<tr><td><code>showHiddenMetricsForVersion</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
ShowHiddenMetricsForVersion is the version for which you want to show hidden metrics.
<p>ShowHiddenMetricsForVersion is the version for which you want to show hidden metrics.</p>
</td>
</tr>
<tr><td><code>detectLocalMode</code> <B>[Required]</B><br/>
<a href="#kubeproxy-config-k8s-io-v1alpha1-LocalMode"><code>LocalMode</code></a>
</td>
<td>
DetectLocalMode determines mode to use for detecting local traffic, defaults to LocalModeClusterCIDR
<p>DetectLocalMode determines mode to use for detecting local traffic, defaults to LocalModeClusterCIDR</p>
</td>
</tr>
</tbody>
@ -202,8 +203,10 @@ An empty string slice is meant to select all network interfaces.
- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration)
KubeProxyConntrackConfiguration contains conntrack settings for
the Kubernetes proxy server.
<p>KubeProxyConntrackConfiguration contains conntrack settings for
the Kubernetes proxy server.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -214,33 +217,33 @@ the Kubernetes proxy server.
<code>int32</code>
</td>
<td>
maxPerCore is the maximum number of NAT connections to track
per CPU core (0 to leave the limit as-is and ignore min).
<p>maxPerCore is the maximum number of NAT connections to track
per CPU core (0 to leave the limit as-is and ignore min).</p>
</td>
</tr>
<tr><td><code>min</code> <B>[Required]</B><br/>
<code>int32</code>
</td>
<td>
min is the minimum value of connect-tracking records to allocate,
regardless of conntrackMaxPerCore (set maxPerCore=0 to leave the limit as-is).
<p>min is the minimum value of connect-tracking records to allocate,
regardless of conntrackMaxPerCore (set maxPerCore=0 to leave the limit as-is).</p>
</td>
</tr>
<tr><td><code>tcpEstablishedTimeout</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
tcpEstablishedTimeout is how long an idle TCP connection will be kept open
(e.g. '2s'). Must be greater than 0 to set.
<p>tcpEstablishedTimeout is how long an idle TCP connection will be kept open
(e.g. '2s'). Must be greater than 0 to set.</p>
</td>
</tr>
<tr><td><code>tcpCloseWaitTimeout</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
tcpCloseWaitTimeout is how long an idle conntrack entry
<p>tcpCloseWaitTimeout is how long an idle conntrack entry
in CLOSE_WAIT state will remain in the conntrack
table. (e.g. '60s'). Must be greater than 0 to set.
table. (e.g. '60s'). Must be greater than 0 to set.</p>
</td>
</tr>
</tbody>
@ -253,8 +256,10 @@ table. (e.g. '60s'). Must be greater than 0 to set.
- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration)
KubeProxyIPTablesConfiguration contains iptables-related configuration
details for the Kubernetes proxy server.
<p>KubeProxyIPTablesConfiguration contains iptables-related configuration
details for the Kubernetes proxy server.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -265,31 +270,31 @@ details for the Kubernetes proxy server.
<code>int32</code>
</td>
<td>
masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using
the pure iptables proxy mode. Values must be within the range [0, 31].
<p>masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using
the pure iptables proxy mode. Values must be within the range [0, 31].</p>
</td>
</tr>
<tr><td><code>masqueradeAll</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode.
<p>masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode.</p>
</td>
</tr>
<tr><td><code>syncPeriod</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
syncPeriod is the period that iptables rules are refreshed (e.g. '5s', '1m',
'2h22m'). Must be greater than 0.
<p>syncPeriod is the period that iptables rules are refreshed (e.g. '5s', '1m',
'2h22m'). Must be greater than 0.</p>
</td>
</tr>
<tr><td><code>minSyncPeriod</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
minSyncPeriod is the minimum period that iptables rules are refreshed (e.g. '5s', '1m',
'2h22m').
<p>minSyncPeriod is the minimum period that iptables rules are refreshed (e.g. '5s', '1m',
'2h22m').</p>
</td>
</tr>
</tbody>
@ -302,8 +307,10 @@ the pure iptables proxy mode. Values must be within the range [0, 31].
- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration)
KubeProxyIPVSConfiguration contains ipvs-related configuration
details for the Kubernetes proxy server.
<p>KubeProxyIPVSConfiguration contains ipvs-related configuration
details for the Kubernetes proxy server.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -311,66 +318,66 @@ details for the Kubernetes proxy server.
<tr><td><code>syncPeriod</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
syncPeriod is the period that ipvs rules are refreshed (e.g. '5s', '1m',
'2h22m'). Must be greater than 0.
<p>syncPeriod is the period that ipvs rules are refreshed (e.g. '5s', '1m',
'2h22m'). Must be greater than 0.</p>
</td>
</tr>
<tr><td><code>minSyncPeriod</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
minSyncPeriod is the minimum period that ipvs rules are refreshed (e.g. '5s', '1m',
'2h22m').
<p>minSyncPeriod is the minimum period that ipvs rules are refreshed (e.g. '5s', '1m',
'2h22m').</p>
</td>
</tr>
<tr><td><code>scheduler</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
ipvs scheduler
<p>ipvs scheduler</p>
</td>
</tr>
<tr><td><code>excludeCIDRs</code> <B>[Required]</B><br/>
<code>[]string</code>
</td>
<td>
excludeCIDRs is a list of CIDR's which the ipvs proxier should not touch
when cleaning up ipvs services.
<p>excludeCIDRs is a list of CIDR's which the ipvs proxier should not touch
when cleaning up ipvs services.</p>
</td>
</tr>
<tr><td><code>strictARP</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
strict ARP configure arp_ignore and arp_announce to avoid answering ARP queries
from kube-ipvs0 interface
<p>strict ARP configure arp_ignore and arp_announce to avoid answering ARP queries
from kube-ipvs0 interface</p>
</td>
</tr>
<tr><td><code>tcpTimeout</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
tcpTimeout is the timeout value used for idle IPVS TCP sessions.
The default value is 0, which preserves the current timeout value on the system.
<p>tcpTimeout is the timeout value used for idle IPVS TCP sessions.
The default value is 0, which preserves the current timeout value on the system.</p>
</td>
</tr>
<tr><td><code>tcpFinTimeout</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
tcpFinTimeout is the timeout value used for IPVS TCP sessions after receiving a FIN.
The default value is 0, which preserves the current timeout value on the system.
<p>tcpFinTimeout is the timeout value used for IPVS TCP sessions after receiving a FIN.
The default value is 0, which preserves the current timeout value on the system.</p>
</td>
</tr>
<tr><td><code>udpTimeout</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
udpTimeout is the timeout value used for IPVS UDP packets.
The default value is 0, which preserves the current timeout value on the system.
<p>udpTimeout is the timeout value used for IPVS UDP packets.
The default value is 0, which preserves the current timeout value on the system.</p>
</td>
</tr>
</tbody>
@ -383,8 +390,10 @@ The default value is 0, which preserves the current timeout value on the system.
- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration)
KubeProxyWinkernelConfiguration contains Windows/HNS settings for
the Kubernetes proxy server.
<p>KubeProxyWinkernelConfiguration contains Windows/HNS settings for
the Kubernetes proxy server.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -395,24 +404,24 @@ the Kubernetes proxy server.
<code>string</code>
</td>
<td>
networkName is the name of the network kube-proxy will use
to create endpoints and policies
<p>networkName is the name of the network kube-proxy will use
to create endpoints and policies</p>
</td>
</tr>
<tr><td><code>sourceVip</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
sourceVip is the IP address of the source VIP endoint used for
NAT when loadbalancing
<p>sourceVip is the IP address of the source VIP endoint used for
NAT when loadbalancing</p>
</td>
</tr>
<tr><td><code>enableDSR</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
enableDSR tells kube-proxy whether HNS policies should be created
with DSR
<p>enableDSR tells kube-proxy whether HNS policies should be created
with DSR</p>
</td>
</tr>
</tbody>
@ -421,36 +430,38 @@ with DSR
## `LocalMode` {#kubeproxy-config-k8s-io-v1alpha1-LocalMode}
(Alias of `string`)
**Appears in:**
- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration)
LocalMode represents modes to detect local traffic from the node
<p>LocalMode represents modes to detect local traffic from the node</p>
## `ProxyMode` {#kubeproxy-config-k8s-io-v1alpha1-ProxyMode}
(Alias of `string`)
**Appears in:**
- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration)
ProxyMode represents modes used by the Kubernetes proxy server.
Currently, three modes of proxy are available in Linux platform: 'userspace' (older, going to be EOL), 'iptables'
(newer, faster), 'ipvs'(newest, better in performance and scalability).
Two modes of proxy are available in Windows platform: 'userspace'(older, stable) and 'kernelspace' (newer, faster).
In Linux platform, if proxy mode is blank, use the best-available proxy (currently iptables, but may change in the
<p>ProxyMode represents modes used by the Kubernetes proxy server.</p>
<p>Currently, three modes of proxy are available in Linux platform: 'userspace' (older, going to be EOL), 'iptables'
(newer, faster), 'ipvs'(newest, better in performance and scalability).</p>
<p>Two modes of proxy are available in Windows platform: 'userspace'(older, stable) and 'kernelspace' (newer, faster).</p>
<p>In Linux platform, if proxy mode is blank, use the best-available proxy (currently iptables, but may change in the
future). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are
insufficient, this always falls back to the userspace proxy. IPVS mode will be enabled when proxy mode is set to 'ipvs',
and the fall back path is firstly iptables and then userspace.
In Windows platform, if proxy mode is blank, use the best-available proxy (currently userspace, but may change in the
and the fall back path is firstly iptables and then userspace.</p>
<p>In Windows platform, if proxy mode is blank, use the best-available proxy (currently userspace, but may change in the
future). If winkernel proxy is selected, regardless of how, but the Windows kernel can't support this mode of proxy,
this always falls back to the userspace proxy.
this always falls back to the userspace proxy.</p>
@ -464,7 +475,15 @@ this always falls back to the userspace proxy.
- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration)
ClientConnectionConfiguration contains details for constructing a client.
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration)
<p>ClientConnectionConfiguration contains details for constructing a client.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -475,37 +494,75 @@ ClientConnectionConfiguration contains details for constructing a client.
<code>string</code>
</td>
<td>
kubeconfig is the path to a KubeConfig file.
<p>kubeconfig is the path to a KubeConfig file.</p>
</td>
</tr>
<tr><td><code>acceptContentTypes</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
<p>acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
default value of 'application/json'. This field will control all connections to the server used by a particular
client.
client.</p>
</td>
</tr>
<tr><td><code>contentType</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
contentType is the content type used when sending data to the server from this client.
<p>contentType is the content type used when sending data to the server from this client.</p>
</td>
</tr>
<tr><td><code>qps</code> <B>[Required]</B><br/>
<code>float32</code>
</td>
<td>
qps controls the number of queries per second allowed for this connection.
<p>qps controls the number of queries per second allowed for this connection.</p>
</td>
</tr>
<tr><td><code>burst</code> <B>[Required]</B><br/>
<code>int32</code>
</td>
<td>
burst allows extra queries to accumulate when a client is exceeding its rate.
<p>burst allows extra queries to accumulate when a client is exceeding its rate.</p>
</td>
</tr>
</tbody>
</table>
## `DebuggingConfiguration` {#DebuggingConfiguration}
**Appears in:**
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration)
<p>DebuggingConfiguration holds configuration for Debugging related features.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>enableProfiling</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<p>enableProfiling enables profiling via web interface host:port/debug/pprof/</p>
</td>
</tr>
<tr><td><code>enableContentionProfiling</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<p>enableContentionProfiling enables lock contention profiling, if
enableProfiling is true.</p>
</td>
</tr>
</tbody>
@ -516,9 +573,11 @@ client.
**Appears in:**
- [LoggingConfiguration](#LoggingConfiguration)
FormatOptions contains options for the different logging formats.
<p>FormatOptions contains options for the different logging formats.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -529,7 +588,7 @@ FormatOptions contains options for the different logging formats.
<a href="#JSONOptions"><code>JSONOptions</code></a>
</td>
<td>
[Experimental] JSON contains options for logging format "json".
<p>[Experimental] JSON contains options for logging format &quot;json&quot;.</p>
</td>
</tr>
</tbody>
@ -542,7 +601,9 @@ FormatOptions contains options for the different logging formats.
- [FormatOptions](#FormatOptions)
JSONOptions contains options for logging format "json".
<p>JSONOptions contains options for logging format &quot;json&quot;.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -553,17 +614,176 @@ JSONOptions contains options for logging format "json".
<code>bool</code>
</td>
<td>
[Experimental] SplitStream redirects error messages to stderr while
<p>[Experimental] SplitStream redirects error messages to stderr while
info messages go to stdout, with buffering. The default is to write
both to stdout, without buffering.
both to stdout, without buffering.</p>
</td>
</tr>
<tr><td><code>infoBufferSize</code> <B>[Required]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#QuantityValue"><code>k8s.io/apimachinery/pkg/api/resource.QuantityValue</code></a>
</td>
<td>
[Experimental] InfoBufferSize sets the size of the info stream when
using split streams. The default is zero, which disables buffering.
<p>[Experimental] InfoBufferSize sets the size of the info stream when
using split streams. The default is zero, which disables buffering.</p>
</td>
</tr>
</tbody>
</table>
## `LeaderElectionConfiguration` {#LeaderElectionConfiguration}
**Appears in:**
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration)
<p>LeaderElectionConfiguration defines the configuration of leader election
clients for components that can run with leader election enabled.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>leaderElect</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<p>leaderElect enables a leader election client to gain leadership
before executing the main loop. Enable this when running replicated
components for high availability.</p>
</td>
</tr>
<tr><td><code>leaseDuration</code> <B>[Required]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
<p>leaseDuration is the duration that non-leader candidates will wait
after observing a leadership renewal until attempting to acquire
leadership of a led but unrenewed leader slot. This is effectively the
maximum duration that a leader can be stopped before it is replaced
by another candidate. This is only applicable if leader election is
enabled.</p>
</td>
</tr>
<tr><td><code>renewDeadline</code> <B>[Required]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
<p>renewDeadline is the interval between attempts by the acting master to
renew a leadership slot before it stops leading. This must be less
than or equal to the lease duration. This is only applicable if leader
election is enabled.</p>
</td>
</tr>
<tr><td><code>retryPeriod</code> <B>[Required]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
<p>retryPeriod is the duration the clients should wait between attempting
acquisition and renewal of a leadership. This is only applicable if
leader election is enabled.</p>
</td>
</tr>
<tr><td><code>resourceLock</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
<p>resourceLock indicates the resource object type that will be used to lock
during leader election cycles.</p>
</td>
</tr>
<tr><td><code>resourceName</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
<p>resourceName indicates the name of resource object that will be used to lock
during leader election cycles.</p>
</td>
</tr>
<tr><td><code>resourceNamespace</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
<p>resourceName indicates the namespace of resource object that will be used to lock
during leader election cycles.</p>
</td>
</tr>
</tbody>
</table>
## `LoggingConfiguration` {#LoggingConfiguration}
**Appears in:**
- [KubeletConfiguration](#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
<p>LoggingConfiguration contains logging options
Refer <a href="https://github.com/kubernetes/component-base/blob/master/logs/options.go">Logs Options</a> for more information.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>format</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
<p>Format Flag specifies the structure of log messages.
default value of format is <code>text</code></p>
</td>
</tr>
<tr><td><code>flushFrequency</code> <B>[Required]</B><br/>
<a href="https://pkg.go.dev/time#Duration"><code>time.Duration</code></a>
</td>
<td>
<p>Maximum number of seconds between log flushes. Ignored if the
selected logging backend writes log messages without buffering.</p>
</td>
</tr>
<tr><td><code>verbosity</code> <B>[Required]</B><br/>
<code>uint32</code>
</td>
<td>
<p>Verbosity is the threshold that determines which log messages are
logged. Default is zero which logs only the most important
messages. Higher values enable additional messages. Error messages
are always logged.</p>
</td>
</tr>
<tr><td><code>vmodule</code> <B>[Required]</B><br/>
<a href="#VModuleConfiguration"><code>VModuleConfiguration</code></a>
</td>
<td>
<p>VModule overrides the verbosity threshold for individual files.
Only supported for &quot;text&quot; log format.</p>
</td>
</tr>
<tr><td><code>sanitization</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<p>[Experimental] When enabled prevents logging of fields tagged as sensitive (passwords, keys, tokens).
Runtime log sanitization may introduce significant computation overhead and therefore should not be enabled in production.`)</p>
</td>
</tr>
<tr><td><code>options</code> <B>[Required]</B><br/>
<a href="#FormatOptions"><code>FormatOptions</code></a>
</td>
<td>
<p>[Experimental] Options holds additional parameters that are specific
to the different logging formats. Only the options for the selected
format get used, but all of them get validated.</p>
</td>
</tr>
</tbody>
@ -572,11 +792,14 @@ using split streams. The default is zero, which disables buffering.
## `VModuleConfiguration` {#VModuleConfiguration}
(Alias of `[]k8s.io/component-base/config/v1alpha1.VModuleItem`)
**Appears in:**
- [LoggingConfiguration](#LoggingConfiguration)
VModuleConfiguration is a collection of individual file names or patterns
and the corresponding verbosity threshold.
<p>VModuleConfiguration is a collection of individual file names or patterns
and the corresponding verbosity threshold.</p>

1330
content/en/docs/reference/config-api/kube-scheduler-config.v1beta2.md
View File

File diff suppressed because it is too large Load Diff

878
content/en/docs/reference/config-api/kube-scheduler-config.v1beta3.md
View File

File diff suppressed because it is too large Load Diff

1187
content/en/docs/reference/config-api/kubeadm-config.v1beta2.md
View File

File diff suppressed because it is too large Load Diff

1268
content/en/docs/reference/config-api/kubeadm-config.v1beta3.md
View File

File diff suppressed because it is too large Load Diff

290
content/en/docs/reference/config-api/kubelet-config.v1alpha1.md
View File

@ -13,102 +13,14 @@ auto_generated: true
## `FormatOptions` {#FormatOptions}
**Appears in:**
- [LoggingConfiguration](#LoggingConfiguration)
FormatOptions contains options for the different logging formats.
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>json</code> <B>[Required]</B><br/>
<a href="#JSONOptions"><code>JSONOptions</code></a>
</td>
<td>
[Experimental] JSON contains options for logging format "json".</td>
</tr>
</tbody>
</table>
## `JSONOptions` {#JSONOptions}
**Appears in:**
- [FormatOptions](#FormatOptions)
JSONOptions contains options for logging format "json".
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>splitStream</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
[Experimental] SplitStream redirects error messages to stderr while
info messages go to stdout, with buffering. The default is to write
both to stdout, without buffering.</td>
</tr>
<tr><td><code>infoBufferSize</code> <B>[Required]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#QuantityValue"><code>k8s.io/apimachinery/pkg/api/resource.QuantityValue</code></a>
</td>
<td>
[Experimental] InfoBufferSize sets the size of the info stream when
using split streams. The default is zero, which disables buffering.</td>
</tr>
</tbody>
</table>
## `VModuleConfiguration` {#VModuleConfiguration}
(Alias of `[]k8s.io/component-base/config/v1alpha1.VModuleItem`)
**Appears in:**
- [LoggingConfiguration](#LoggingConfiguration)
VModuleConfiguration is a collection of individual file names or patterns
and the corresponding verbosity threshold.
## `CredentialProviderConfig` {#kubelet-config-k8s-io-v1alpha1-CredentialProviderConfig}
CredentialProviderConfig is the configuration containing information about
<p>CredentialProviderConfig is the configuration containing information about
each exec credential provider. Kubelet reads this configuration from disk and enables
each provider as specified by the CredentialProvider type.
each provider as specified by the CredentialProvider type.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
@ -117,165 +29,221 @@ each provider as specified by the CredentialProvider type.
<tr><td><code>apiVersion</code><br/>string</td><td><code>kubelet.config.k8s.io/v1alpha1</code></td></tr>
<tr><td><code>kind</code><br/>string</td><td><code>CredentialProviderConfig</code></td></tr>
<tr><td><code>providers</code> <B>[Required]</B><br/>
<a href="#kubelet-config-k8s-io-v1alpha1-CredentialProvider"><code>[]CredentialProvider</code></a>
</td>
<td>
providers is a list of credential provider plugins that will be enabled by the kubelet.
<p>providers is a list of credential provider plugins that will be enabled by the kubelet.
Multiple providers may match against a single image, in which case credentials
from all providers will be returned to the kubelet. If multiple providers are called
for a single image, the results are combined. If providers return overlapping
auth keys, the value from the provider earlier in this list is used.</td>
auth keys, the value from the provider earlier in this list is used.</p>
</td>
</tr>
</tbody>
</table>
## `CredentialProvider` {#kubelet-config-k8s-io-v1alpha1-CredentialProvider}
**Appears in:**
- [CredentialProviderConfig](#kubelet-config-k8s-io-v1alpha1-CredentialProviderConfig)
CredentialProvider represents an exec plugin to be invoked by the kubelet. The plugin is only
invoked when an image being pulled matches the images handled by the plugin (see matchImages).
<p>CredentialProvider represents an exec plugin to be invoked by the kubelet. The plugin is only
invoked when an image being pulled matches the images handled by the plugin (see matchImages).</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>name</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
name is the required name of the credential provider. It must match the name of the
<p>name is the required name of the credential provider. It must match the name of the
provider executable as seen by the kubelet. The executable must be in the kubelet's
bin directory (set by the --image-credential-provider-bin-dir flag).</td>
bin directory (set by the --image-credential-provider-bin-dir flag).</p>
</td>
</tr>
<tr><td><code>matchImages</code> <B>[Required]</B><br/>
<code>[]string</code>
</td>
<td>
matchImages is a required list of strings used to match against images in order to
<p>matchImages is a required list of strings used to match against images in order to
determine if this provider should be invoked. If one of the strings matches the
requested image from the kubelet, the plugin will be invoked and given a chance
to provide credentials. Images are expected to contain the registry domain
and URL path.
Each entry in matchImages is a pattern which can optionally contain a port and a path.
and URL path.</p>
<p>Each entry in matchImages is a pattern which can optionally contain a port and a path.
Globs can be used in the domain, but not in the port or the path. Globs are supported
as subdomains like '&lowast;.k8s.io' or 'k8s.&lowast;.io', and top-level-domains such as 'k8s.&lowast;'.
Matching partial subdomains like 'app&lowast;.k8s.io' is also supported. Each glob can only match
a single subdomain segment, so &lowast;.io does not match &lowast;.k8s.io.
A match exists between an image and a matchImage when all of the below are true:
- Both contain the same number of domain parts and each part matches.
- The URL path of an imageMatch must be a prefix of the target image URL path.
- If the imageMatch contains a port, then the port must match in the image as well.
Example values of matchImages:
- 123456789.dkr.ecr.us-east-1.amazonaws.com
- &lowast;.azurecr.io
- gcr.io
- &lowast;.&lowast;.registry.io
- registry.io:8080/path</td>
as subdomains like '<em>.k8s.io' or 'k8s.</em>.io', and top-level-domains such as 'k8s.<em>'.
Matching partial subdomains like 'app</em>.k8s.io' is also supported. Each glob can only match
a single subdomain segment, so *.io does not match *.k8s.io.</p>
<p>A match exists between an image and a matchImage when all of the below are true:</p>
<ul>
<li>Both contain the same number of domain parts and each part matches.</li>
<li>The URL path of an imageMatch must be a prefix of the target image URL path.</li>
<li>If the imageMatch contains a port, then the port must match in the image as well.</li>
</ul>
<p>Example values of matchImages:</p>
<ul>
<li>123456789.dkr.ecr.us-east-1.amazonaws.com</li>
<li>*.azurecr.io</li>
<li>gcr.io</li>
<li><em>.</em>.registry.io</li>
<li>registry.io:8080/path</li>
</ul>
</td>
</tr>
<tr><td><code>defaultCacheDuration</code> <B>[Required]</B><br/>
<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
defaultCacheDuration is the default duration the plugin will cache credentials in-memory
if a cache duration is not provided in the plugin response. This field is required.</td>
<p>defaultCacheDuration is the default duration the plugin will cache credentials in-memory
if a cache duration is not provided in the plugin response. This field is required.</p>
</td>
</tr>
<tr><td><code>apiVersion</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
Required input version of the exec CredentialProviderRequest. The returned CredentialProviderResponse
MUST use the same encoding version as the input. Current supported values are:
- credentialprovider.kubelet.k8s.io/v1alpha1</td>
<p>Required input version of the exec CredentialProviderRequest. The returned CredentialProviderResponse
MUST use the same encoding version as the input. Current supported values are:</p>
<ul>
<li>credentialprovider.kubelet.k8s.io/v1alpha1</li>
</ul>
</td>
</tr>
<tr><td><code>args</code><br/>
<code>[]string</code>
</td>
<td>
Arguments to pass to the command when executing it.</td>
<p>Arguments to pass to the command when executing it.</p>
</td>
</tr>
<tr><td><code>env</code><br/>
<a href="#kubelet-config-k8s-io-v1alpha1-ExecEnvVar"><code>[]ExecEnvVar</code></a>
</td>
<td>
Env defines additional environment variables to expose to the process. These
<p>Env defines additional environment variables to expose to the process. These
are unioned with the host's environment, as well as variables client-go uses
to pass argument to the plugin.</td>
to pass argument to the plugin.</p>
</td>
</tr>
</tbody>
</table>
## `ExecEnvVar` {#kubelet-config-k8s-io-v1alpha1-ExecEnvVar}
**Appears in:**
- [CredentialProvider](#kubelet-config-k8s-io-v1alpha1-CredentialProvider)
ExecEnvVar is used for setting environment variables when executing an exec-based
credential plugin.
<p>ExecEnvVar is used for setting environment variables when executing an exec-based
credential plugin.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>name</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
<tr><td><code>value</code> <B>[Required]</B><br/>
<code>string</code>
</td>
<td>
<span class="text-muted">No description provided.</span>
</td>
<span class="text-muted">No description provided.</span></td>
</tr>
</tbody>
</table>
## `FormatOptions` {#FormatOptions}
**Appears in:**
<p>FormatOptions contains options for the different logging formats.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>json</code> <B>[Required]</B><br/>
<a href="#JSONOptions"><code>JSONOptions</code></a>
</td>
<td>
<p>[Experimental] JSON contains options for logging format &quot;json&quot;.</p>
</td>
</tr>
</tbody>
</table>
## `JSONOptions` {#JSONOptions}
**Appears in:**
- [FormatOptions](#FormatOptions)
<p>JSONOptions contains options for logging format &quot;json&quot;.</p>
<table class="table">
<thead><tr><th width="30%">Field</th><th>Description</th></tr></thead>
<tbody>
<tr><td><code>splitStream</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<p>[Experimental] SplitStream redirects error messages to stderr while
info messages go to stdout, with buffering. The default is to write
both to stdout, without buffering.</p>
</td>
</tr>
<tr><td><code>infoBufferSize</code> <B>[Required]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#QuantityValue"><code>k8s.io/apimachinery/pkg/api/resource.QuantityValue</code></a>
</td>
<td>
<p>[Experimental] InfoBufferSize sets the size of the info stream when
using split streams. The default is zero, which disables buffering.</p>
</td>
</tr>
</tbody>
</table>
## `VModuleConfiguration` {#VModuleConfiguration}
(Alias of `[]k8s.io/component-base/config/v1alpha1.VModuleItem`)
**Appears in:**
<p>VModuleConfiguration is a collection of individual file names or patterns
and the corresponding verbosity threshold.</p>

1436
content/en/docs/reference/config-api/kubelet-config.v1beta1.md
View File

File diff suppressed because it is too large Load Diff