func (s *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&s.Mode, "authorization-mode", s.Mode, ""+ "Ordered list of plug-ins to do authorization on secure port. Comma-delimited list of: "+ strings.Join(AuthorizationModeChoices, ",")+".") fs.StringVar(&s.PolicyFile, "authorization-policy-file", s.PolicyFile, ""+ "File with authorization policy in csv format, used with --authorization-mode=ABAC, on the secure port.") fs.StringVar(&s.WebhookConfigFile, "authorization-webhook-config-file", s.WebhookConfigFile, ""+ "File with webhook configuration in kubeconfig format, used with --authorization-mode=Webhook. "+ "The API server will query the remote service to determine access on the API server's secure port.") fs.DurationVar(&s.WebhookCacheAuthorizedTTL, "authorization-webhook-cache-authorized-ttl", s.WebhookCacheAuthorizedTTL, "The duration to cache 'authorized' responses from the webhook authorizer. Default is 5m.") fs.DurationVar(&s.WebhookCacheUnauthorizedTTL, "authorization-webhook-cache-unauthorized-ttl", s.WebhookCacheUnauthorizedTTL, "The duration to cache 'unauthorized' responses from the webhook authorizer. Default is 30s.") fs.String("authorization-rbac-super-user", "", ""+ "If specified, a username which avoids RBAC authorization checks and role binding "+ "privilege escalation checks, to be used with --authorization-mode=RBAC.") fs.MarkDeprecated("authorization-rbac-super-user", "Removed during alpha to beta. The 'system:masters' group has privileged access.") }
func installServiceFlags(flags *pflag.FlagSet) { flServiceName = flags.String("service-name", "docker", "Set the Windows service name") flRegisterService = flags.Bool("register-service", false, "Register the service and exit") flUnregisterService = flags.Bool("unregister-service", false, "Unregister the service and exit") flRunService = flags.Bool("run-service", false, "") flags.MarkHidden("run-service") }
func configure(flags *flag.FlagSet) { flags.String("pkey", "", "Omise API public key, defaults to $OMISE_PUBKEY.") flags.String("skey", "", "Omise API secret key, defaults to $OMISE_KEY.") flags.String("api-endpoint", "", "Omise API endpoint, defaults to api.omise.co or $OMISE_API_ENDPOINT") flags.String("vault-endpoint", "", "Omise Vault endpoint, defaults to vault.omise.co or $OMISE_VAULT_ENDPOINT") flags.Bool("json", false, "Output result as JSON.") flags.Bool("indented-json", false, "Output result as indented JSON.") }
// BindFlags adds any flags that are common to all kubectl sub commands. func (f *Factory) BindFlags(flags *pflag.FlagSet) { // any flags defined by external projects (not part of pflags) util.AddAllFlagsToPFlagSet(flags) if f.flags != nil { f.flags.VisitAll(func(flag *pflag.Flag) { flags.AddFlag(flag) }) } // Globally persistent flags across all subcommands. // TODO Change flag names to consts to allow safer lookup from subcommands. // TODO Add a verbose flag that turns on glog logging. Probably need a way // to do that automatically for every subcommand. flags.BoolVar(&f.clients.matchVersion, FlagMatchBinaryVersion, false, "Require server version to match client version") flags.String("ns-path", os.Getenv("HOME")+"/.kubernetes_ns", "Path to the namespace info file that holds the namespace context to use for CLI requests.") flags.StringP("namespace", "n", "", "If present, the namespace scope for this CLI request.") flags.Bool("validate", false, "If true, use a schema to validate the input before sending it") }
// AddServiceFlags add all supported service flags to the flagset. func AddServiceFlags(flags *pflag.FlagSet) { flags.String("name", "", "service name") flags.StringSlice("label", nil, "service label (key=value)") flags.Uint64("replicas", 1, "number of replicas for the service (only works in replicated service mode)") flags.String("image", "", "container image") flags.StringSlice("command", nil, "override entrypoint") flags.StringSlice("args", nil, "container args") flags.StringSlice("env", nil, "container env") flags.StringSlice("ports", nil, "ports") flags.String("network", "", "network name") flags.String("memory-reservation", "", "amount of reserved memory (e.g. 512m)") flags.String("memory-limit", "", "memory limit (e.g. 512m)") flags.String("cpu-reservation", "", "number of CPU cores reserved (e.g. 0.5)") flags.String("cpu-limit", "", "CPU cores limit (e.g. 0.5)") flags.Uint64("update-parallelism", 0, "task update parallelism (0 = all at once)") flags.String("update-delay", "0s", "delay between task updates (0s = none)") flags.String("restart-condition", "any", "condition to restart the task (any, failure, none)") flags.String("restart-delay", "5s", "delay between task restarts") flags.Uint64("restart-max-attempts", 0, "maximum number of restart attempts (0 = unlimited)") flags.String("restart-window", "0s", "time window to evaluate restart attempts (0 = unbound)") flags.StringSlice("constraint", nil, "Placement constraint (node.labels.key==value)") // TODO(stevvooe): Replace these with a more interesting mount flag. flags.StringSlice("bind", nil, "define a bind mount") flags.StringSlice("volume", nil, "define a volume mount") flags.StringSlice("tmpfs", nil, "define a tmpfs mount") flags.String("log-driver", "", "specify a log driver") flags.StringSlice("log-opt", nil, "log driver options, as key value pairs") }
// AddFlags adds flags for a specific APIServer to the specified FlagSet func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) { // Note: the weird ""+ in below lines seems to be the only way to get gofmt to // arrange these text blocks sensibly. Grrr. fs.StringVar(&s.AdmissionControl, "admission-control", s.AdmissionControl, ""+ "Ordered list of plug-ins to do admission control of resources into cluster. "+ "Comma-delimited list of: "+strings.Join(admission.GetPlugins(), ", ")+".") fs.StringVar(&s.AdmissionControlConfigFile, "admission-control-config-file", s.AdmissionControlConfigFile, "File with admission control configuration.") fs.IPVar(&s.AdvertiseAddress, "advertise-address", s.AdvertiseAddress, ""+ "The IP address on which to advertise the apiserver to members of the cluster. This "+ "address must be reachable by the rest of the cluster. If blank, the --bind-address "+ "will be used. If --bind-address is unspecified, the host's default interface will "+ "be used.") fs.StringSliceVar(&s.CorsAllowedOriginList, "cors-allowed-origins", s.CorsAllowedOriginList, ""+ "List of allowed origins for CORS, comma separated. An allowed origin can be a regular "+ "expression to support subdomain matching. If this list is empty CORS will not be enabled.") fs.StringVar(&s.DefaultStorageMediaType, "storage-media-type", s.DefaultStorageMediaType, ""+ "The media type to use to store objects in storage. Defaults to application/json. "+ "Some resources may only support a specific media type and will ignore this setting.") fs.IntVar(&s.DeleteCollectionWorkers, "delete-collection-workers", s.DeleteCollectionWorkers, "Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.") fs.StringVar(&s.AuditLogPath, "audit-log-path", s.AuditLogPath, "If set, all requests coming to the apiserver will be logged to this file.") fs.IntVar(&s.AuditLogMaxAge, "audit-log-maxage", s.AuditLogMaxBackups, "The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.") fs.IntVar(&s.AuditLogMaxBackups, "audit-log-maxbackup", s.AuditLogMaxBackups, "The maximum number of old audit log files to retain.") fs.IntVar(&s.AuditLogMaxSize, "audit-log-maxsize", s.AuditLogMaxSize, "The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.") fs.BoolVar(&s.EnableGarbageCollection, "enable-garbage-collector", s.EnableGarbageCollection, ""+ "Enables the generic garbage collector. MUST be synced with the corresponding flag "+ "of the kube-controller-manager.") fs.BoolVar(&s.EnableProfiling, "profiling", s.EnableProfiling, "Enable profiling via web interface host:port/debug/pprof/") fs.BoolVar(&s.EnableContentionProfiling, "contention-profiling", s.EnableContentionProfiling, "Enable contention profiling. Requires --profiling to be set to work.") fs.BoolVar(&s.EnableSwaggerUI, "enable-swagger-ui", s.EnableSwaggerUI, "Enables swagger ui on the apiserver at /swagger-ui") // TODO: enable cache in integration tests. fs.BoolVar(&s.EnableWatchCache, "watch-cache", s.EnableWatchCache, "Enable watch caching in the apiserver") fs.IntVar(&s.TargetRAMMB, "target-ram-mb", s.TargetRAMMB, "Memory limit for apiserver in MB (used to configure sizes of caches, etc.)") fs.StringVar(&s.ExternalHost, "external-hostname", s.ExternalHost, "The hostname to use when generating externalized URLs for this master (e.g. Swagger API Docs).") // TODO: remove post-1.6 fs.String("long-running-request-regexp", "", ""+ "A regular expression matching long running requests which should "+ "be excluded from maximum inflight request handling.") fs.MarkDeprecated("long-running-request-regexp", "regular expression matching of long-running requests is no longer supported") deprecatedMasterServiceNamespace := api.NamespaceDefault fs.StringVar(&deprecatedMasterServiceNamespace, "master-service-namespace", deprecatedMasterServiceNamespace, ""+ "DEPRECATED: the namespace from which the kubernetes master services should be injected into pods.") fs.IntVar(&s.MaxRequestsInFlight, "max-requests-inflight", s.MaxRequestsInFlight, ""+ "The maximum number of non-mutating requests in flight at a given time. When the server exceeds this, "+ "it rejects requests. Zero for no limit.") fs.IntVar(&s.MaxMutatingRequestsInFlight, "max-mutating-requests-inflight", s.MaxMutatingRequestsInFlight, ""+ "The maximum number of mutating requests in flight at a given time. When the server exceeds this, "+ "it rejects requests. Zero for no limit.") fs.IntVar(&s.MinRequestTimeout, "min-request-timeout", s.MinRequestTimeout, ""+ "An optional field indicating the minimum number of seconds a handler must keep "+ "a request open before timing it out. Currently only honored by the watch request "+ "handler, which picks a randomized value above this number as the connection timeout, "+ "to spread out load.") fs.Var(&s.RuntimeConfig, "runtime-config", ""+ "A set of key=value pairs that describe runtime configuration that may be passed "+ "to apiserver. apis/<groupVersion> key can be used to turn on/off specific api versions. "+ "apis/<groupVersion>/<resource> can be used to turn on/off specific resources. api/all and "+ "api/legacy are special keys to control all and legacy api versions respectively.") deprecatedStorageVersion := "" fs.StringVar(&deprecatedStorageVersion, "storage-version", deprecatedStorageVersion, "DEPRECATED: the version to store the legacy v1 resources with. Defaults to server preferred.") fs.MarkDeprecated("storage-version", "--storage-version is deprecated and will be removed when the v1 API "+ "is retired. Setting this has no effect. See --storage-versions instead.") fs.StringVar(&s.StorageVersions, "storage-versions", s.StorageVersions, ""+ "The per-group version to store resources in. "+ "Specified in the format \"group1/version1,group2/version2,...\". "+ "In the case where objects are moved from one group to the other, "+ "you may specify the format \"group1=group2/v1beta1,group3/v1beta1,...\". "+ "You only need to pass the groups you wish to change from the defaults. "+ "It defaults to a list of preferred versions of all registered groups, "+ "which is derived from the KUBE_API_VERSIONS environment variable.") fs.StringSliceVar(&s.WatchCacheSizes, "watch-cache-sizes", s.WatchCacheSizes, ""+ "List of watch cache sizes for every resource (pods, nodes, etc.), comma separated. "+ "The individual override format: resource#size, where size is a number. It takes effect "+ "when watch-cache is enabled.") config.DefaultFeatureGate.AddFlag(fs) }
// addStage1ImageFlag adds a flag for specifying custom stage1 image // path func addStage1ImageFlag(flags *pflag.FlagSet) { flags.String(stage1ImageFlagName, defaultStage1Image, stage1ImageFlagHelp()) }
// Adds storage-related flags to a command's flag set. func addStorageFlags(flags *pflag.FlagSet) { flags.String("storage", "memory", "Storage backend. Choices are: boltdb and memory.") flags.String("path", "", "Path to a file or directory filesystem-based storage backends.") }
// AddFlags adds all command line flags that will be used by Parse to the FlagSet func AddFlags(flags *pflag.FlagSet) *ContainerOptions { copts := &ContainerOptions{ flAttach: opts.NewListOpts(ValidateAttach), flVolumes: opts.NewListOpts(nil), flTmpfs: opts.NewListOpts(nil), flBlkioWeightDevice: NewWeightdeviceOpt(ValidateWeightDevice), flDeviceReadBps: NewThrottledeviceOpt(ValidateThrottleBpsDevice), flDeviceWriteBps: NewThrottledeviceOpt(ValidateThrottleBpsDevice), flLinks: opts.NewListOpts(ValidateLink), flAliases: opts.NewListOpts(nil), flDeviceReadIOps: NewThrottledeviceOpt(ValidateThrottleIOpsDevice), flDeviceWriteIOps: NewThrottledeviceOpt(ValidateThrottleIOpsDevice), flEnv: opts.NewListOpts(ValidateEnv), flLabels: opts.NewListOpts(ValidateEnv), flDevices: opts.NewListOpts(ValidateDevice), flUlimits: NewUlimitOpt(nil), flSysctls: opts.NewMapOpts(nil, opts.ValidateSysctl), flPublish: opts.NewListOpts(nil), flExpose: opts.NewListOpts(nil), flDNS: opts.NewListOpts(opts.ValidateIPAddress), flDNSSearch: opts.NewListOpts(opts.ValidateDNSSearch), flDNSOptions: opts.NewListOpts(nil), flExtraHosts: opts.NewListOpts(ValidateExtraHost), flVolumesFrom: opts.NewListOpts(nil), flEnvFile: opts.NewListOpts(nil), flCapAdd: opts.NewListOpts(nil), flCapDrop: opts.NewListOpts(nil), flGroupAdd: opts.NewListOpts(nil), flSecurityOpt: opts.NewListOpts(nil), flStorageOpt: opts.NewListOpts(nil), flLabelsFile: opts.NewListOpts(nil), flLoggingOpts: opts.NewListOpts(nil), flPrivileged: flags.Bool("privileged", false, "Give extended privileges to this container"), flPidMode: flags.String("pid", "", "PID namespace to use"), flUTSMode: flags.String("uts", "", "UTS namespace to use"), flUsernsMode: flags.String("userns", "", "User namespace to use"), flPublishAll: flags.BoolP("publish-all", "P", false, "Publish all exposed ports to random ports"), flStdin: flags.BoolP("interactive", "i", false, "Keep STDIN open even if not attached"), flTty: flags.BoolP("tty", "t", false, "Allocate a pseudo-TTY"), flOomKillDisable: flags.Bool("oom-kill-disable", false, "Disable OOM Killer"), flOomScoreAdj: flags.Int("oom-score-adj", 0, "Tune host's OOM preferences (-1000 to 1000)"), flContainerIDFile: flags.String("cidfile", "", "Write the container ID to the file"), flEntrypoint: flags.String("entrypoint", "", "Overwrite the default ENTRYPOINT of the image"), flHostname: flags.StringP("hostname", "h", "", "Container host name"), flMemoryString: flags.StringP("memory", "m", "", "Memory limit"), flMemoryReservation: flags.String("memory-reservation", "", "Memory soft limit"), flMemorySwap: flags.String("memory-swap", "", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap"), flKernelMemory: flags.String("kernel-memory", "", "Kernel memory limit"), flUser: flags.StringP("user", "u", "", "Username or UID (format: <name|uid>[:<group|gid>])"), flWorkingDir: flags.StringP("workdir", "w", "", "Working directory inside the container"), flCPUShares: flags.Int64P("cpu-shares", "c", 0, "CPU shares (relative weight)"), flCPUPercent: flags.Int64("cpu-percent", 0, "CPU percent (Windows only)"), flCPUPeriod: flags.Int64("cpu-period", 0, "Limit CPU CFS (Completely Fair Scheduler) period"), flCPUQuota: flags.Int64("cpu-quota", 0, "Limit CPU CFS (Completely Fair Scheduler) quota"), flCpusetCpus: flags.String("cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)"), flCpusetMems: flags.String("cpuset-mems", "", "MEMs in which to allow execution (0-3, 0,1)"), flBlkioWeight: flags.Uint16("blkio-weight", 0, "Block IO (relative weight), between 10 and 1000"), flIOMaxBandwidth: flags.String("io-maxbandwidth", "", "Maximum IO bandwidth limit for the system drive (Windows only)"), flIOMaxIOps: flags.Uint64("io-maxiops", 0, "Maximum IOps limit for the system drive (Windows only)"), flSwappiness: flags.Int64("memory-swappiness", -1, "Tune container memory swappiness (0 to 100)"), flNetMode: flags.String("net", "default", "Connect a container to a network"), flMacAddress: flags.String("mac-address", "", "Container MAC address (e.g. 92:d0:c6:0a:29:33)"), flIPv4Address: flags.String("ip", "", "Container IPv4 address (e.g. 172.30.100.104)"), flIPv6Address: flags.String("ip6", "", "Container IPv6 address (e.g. 2001:db8::33)"), flIpcMode: flags.String("ipc", "", "IPC namespace to use"), flPidsLimit: flags.Int64("pids-limit", 0, "Tune container pids limit (set -1 for unlimited)"), flRestartPolicy: flags.String("restart", "no", "Restart policy to apply when a container exits"), flReadonlyRootfs: flags.Bool("read-only", false, "Mount the container's root filesystem as read only"), flLoggingDriver: flags.String("log-driver", "", "Logging driver for container"), flCgroupParent: flags.String("cgroup-parent", "", "Optional parent cgroup for the container"), flVolumeDriver: flags.String("volume-driver", "", "Optional volume driver for the container"), flStopSignal: flags.String("stop-signal", signal.DefaultStopSignal, fmt.Sprintf("Signal to stop a container, %v by default", signal.DefaultStopSignal)), flIsolation: flags.String("isolation", "", "Container isolation technology"), flShmSize: flags.String("shm-size", "", "Size of /dev/shm, default value is 64MB"), flNoHealthcheck: flags.Bool("no-healthcheck", false, "Disable any container-specified HEALTHCHECK"), flHealthCmd: flags.String("health-cmd", "", "Command to run to check health"), flHealthInterval: flags.Duration("health-interval", 0, "Time between running the check"), flHealthTimeout: flags.Duration("health-timeout", 0, "Maximum time to allow one check to run"), flHealthRetries: flags.Int("health-retries", 0, "Consecutive failures needed to report unhealthy"), flRuntime: flags.String("runtime", "", "Runtime to use for this container"), } flags.VarP(&copts.flAttach, "attach", "a", "Attach to STDIN, STDOUT or STDERR") flags.Var(&copts.flBlkioWeightDevice, "blkio-weight-device", "Block IO weight (relative device weight)") flags.Var(&copts.flDeviceReadBps, "device-read-bps", "Limit read rate (bytes per second) from a device") flags.Var(&copts.flDeviceWriteBps, "device-write-bps", "Limit write rate (bytes per second) to a device") flags.Var(&copts.flDeviceReadIOps, "device-read-iops", "Limit read rate (IO per second) from a device") flags.Var(&copts.flDeviceWriteIOps, "device-write-iops", "Limit write rate (IO per second) to a device") flags.VarP(&copts.flVolumes, "volume", "v", "Bind mount a volume") flags.Var(&copts.flTmpfs, "tmpfs", "Mount a tmpfs directory") flags.Var(&copts.flLinks, "link", "Add link to another container") flags.Var(&copts.flAliases, "net-alias", "Add network-scoped alias for the container") flags.Var(&copts.flDevices, "device", "Add a host device to the container") flags.VarP(&copts.flLabels, "label", "l", "Set meta data on a container") flags.Var(&copts.flLabelsFile, "label-file", "Read in a line delimited file of labels") flags.VarP(&copts.flEnv, "env", "e", "Set environment variables") flags.Var(&copts.flEnvFile, "env-file", "Read in a file of environment variables") flags.VarP(&copts.flPublish, "publish", "p", "Publish a container's port(s) to the host") flags.Var(&copts.flExpose, "expose", "Expose a port or a range of ports") flags.Var(&copts.flDNS, "dns", "Set custom DNS servers") flags.Var(&copts.flDNSSearch, "dns-search", "Set custom DNS search domains") flags.Var(&copts.flDNSOptions, "dns-opt", "Set DNS options") flags.Var(&copts.flExtraHosts, "add-host", "Add a custom host-to-IP mapping (host:ip)") flags.Var(&copts.flVolumesFrom, "volumes-from", "Mount volumes from the specified container(s)") flags.Var(&copts.flCapAdd, "cap-add", "Add Linux capabilities") flags.Var(&copts.flCapDrop, "cap-drop", "Drop Linux capabilities") flags.Var(&copts.flGroupAdd, "group-add", "Add additional groups to join") flags.Var(&copts.flSecurityOpt, "security-opt", "Security Options") flags.Var(&copts.flStorageOpt, "storage-opt", "Set storage driver options per container") flags.Var(copts.flUlimits, "ulimit", "Ulimit options") flags.Var(copts.flSysctls, "sysctl", "Sysctl options") flags.Var(&copts.flLoggingOpts, "log-opt", "Log driver options") return copts }
func configure(flags *flag.FlagSet) { flags.String("pkey", "", "Omise API public key, defaults to $OMISE_PUBKEY.") flags.String("skey", "", "Omise API secret key, defaults to $OMISE_KEY.") flags.String("api-endpoint", "", "Omise API endpoint, defaults to api.omise.co or $OMISE_API_ENDPOINT") flags.String("vault-endpoint", "", "Omise Vault endpoint, defaults to vault.omise.co or $OMISE_VAULT_ENDPOINT") }
func registerCreateFlags(flagset *pflag.FlagSet) { flagset.String("type", "standalone", "type of the stack - there are primary, secondary and standalone stacks that form a cluster") flagset.String("tags", "", "tags that should be added to fleetd of the swarm (eg --tags=cluster=core,disk=ssd)") flagset.Int("cluster-size", 3, "number of nodes a cluster should have") flagset.String("etcd-peers", "", "etcd peers a secondary swarm is connecting to") flagset.String("etcd-discovery-url", "", "etcd discovery url for a secondary swarm is connecting to") flagset.String("template-dir", "templates", "directory to use for reading templates (see template-init command)") flagset.String("image", awsEuWest1CoreOS, "image version that should be used to create a swarm") flagset.String("certificate", "", "certificate ARN to use to create aws cluster") flagset.String("machine-type", "m3.large", "machine type to use, e.g. m3.large for AWS") // Yochu flagset.String("yochu", "", "version of Yochu to provision cluster nodes") flagset.String("yochu-docker-version", "1.6.2", "version to use when provisioning docker binaries") flagset.String("yochu-fleet-version", "v0.11.3-gs-2", "version to use when provisioning fleetd/fleetctl binaries") flagset.String("yochu-etcd-version", "v2.1.2-gs-1", "version to use when provisioning etcd/etcdctl binaries") flagset.String("yochu-k8s-version", "v1.1.8", "version to use when provisioning k8s binaries") flagset.String("yochu-rkt-version", "v1.1.0", "version to use when provisioning rkt binaries") flagset.Bool("use-ignition", false, "use ignition configuration templates") // AWS Provider specific flagset.String("aws-keypair", "", "Keypair to use for AWS machines") flagset.String("aws-vpc", "", "VPC to use for new AWS machines") flagset.String("aws-vpc-cidr", "", "VPC CIDR to use for security configuration") flagset.String("aws-subnet", "", "Subnet to use for new AWS machines") flagset.String("aws-az", "", "AZ to use for new AWS machines") }
func newUpdateCommand(dockerCli *client.DockerCli) *cobra.Command { opts := newServiceOptions() var flags *pflag.FlagSet cmd := &cobra.Command{ Use: "update [OPTIONS] SERVICE", Short: "Update a service", Args: cli.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { return runUpdate(dockerCli, flags, args[0]) }, } flags = cmd.Flags() flags.String("image", "", "Service image tag") flags.StringSlice("command", []string{}, "Service command") flags.StringSlice("arg", []string{}, "Service command args") addServiceFlags(cmd, opts) return cmd }