diff --git a/README.md b/README.md index ea49b76..eb4d6b5 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,7 @@ docker pull ghcr.io/doodlescheduling/yakmv:v0 | `` | `--namespace` | `` | `NAMESPACE` | Default namespace to apply to resources without a namespace | | `` | `--skip-auto-namespace` | `SKIP_AUTO_NAMESPACE` | `false` | Do not create a namespace if it does not exists yet while validating a resource | | `` | `--table` | `TABLE` | `false` | | +| `` | `--api-server-flags` | `API_SERVER_FLAGS` | `--api-server-flags=--disable-admission-plugins=MutatingAdmissionWebhook,ValidatingAdmissionPolicy,ValidatingAdmissionWebhook` | Set additional kube-apiserver flags. (Note: If set by env the arguments need to be delimited by `;`) | ## Github Action diff --git a/go.mod b/go.mod index f1fdad5..4b066c0 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/go-logr/logr v1.3.0 github.com/go-logr/zapr v1.2.4 github.com/jedib0t/go-pretty/v6 v6.5.4 - github.com/sethvargo/go-envconfig v0.9.0 + github.com/sethvargo/go-envconfig v1.0.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.4 go.uber.org/zap v1.26.0 diff --git a/go.sum b/go.sum index 45840dc..1eea421 100644 --- a/go.sum +++ b/go.sum @@ -125,8 +125,8 @@ github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwa github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/sethvargo/go-envconfig v0.9.0 h1:Q6FQ6hVEeTECULvkJZakq3dZMeBQ3JUpcKMfPQbKMDE= -github.com/sethvargo/go-envconfig v0.9.0/go.mod h1:Iz1Gy1Sf3T64TQlJSvee81qDhf7YIlt8GMUX6yyNFs0= +github.com/sethvargo/go-envconfig v1.0.0 h1:1C66wzy4QrROf5ew4KdVw942CQDa55qmlYmw9FZxZdU= +github.com/sethvargo/go-envconfig v1.0.0/go.mod h1:Lzc75ghUn5ucmcRGIdGQ33DKJrcjk4kihFYgSTBmjIc= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/main.go b/main.go index 2b9b02b..5da793d 100644 --- a/main.go +++ b/main.go @@ -53,17 +53,18 @@ type Config struct { Level string `env:"LOG_LEVEL, default=fatal"` Encoding string `env:"LOG_ENCODING, default=json"` } - File string `env:"FILE, default=/dev/stdin"` - FailFast bool `env:"FAIL_FAST"` - AllowFailure bool `env:"ALLOW_FAILURE"` - SkipAutoNamespace bool `env:"SKIP_AUTO_NAMESPACE"` - Namespace string `env:"NAMESPACE"` - Table bool `env:"TABLE"` - ExcludeValid bool `env:"EXCLUDE_VALID"` - KubeVersion string `env:"KUBE_VERSION, default=1.28.0"` - EtcdVersion string `env:"ETCD_VERSION, default=3.5.11"` - ApiServerRegistry string `env:"API_SERVER_REGISTRY, default=registry.k8s.io/kube-apiserver"` - EtcdRegistry string `env:"ETCD_REGISTRY, default=quay.io/coreos/etcd"` + File string `env:"FILE, default=/dev/stdin"` + FailFast bool `env:"FAIL_FAST"` + AllowFailure bool `env:"ALLOW_FAILURE"` + SkipAutoNamespace bool `env:"SKIP_AUTO_NAMESPACE"` + Namespace string `env:"NAMESPACE"` + Table bool `env:"TABLE"` + ExcludeValid bool `env:"EXCLUDE_VALID"` + KubeVersion string `env:"KUBE_VERSION, default=1.28.0"` + EtcdVersion string `env:"ETCD_VERSION, default=3.5.11"` + ApiServerRegistry string `env:"API_SERVER_REGISTRY, default=registry.k8s.io/kube-apiserver"` + EtcdRegistry string `env:"ETCD_REGISTRY, default=quay.io/coreos/etcd"` + ApiServerFlags []string `env:"API_SERVER_FLAGS, delimiter=;, default=--api-server-flags=--disable-admission-plugins=MutatingAdmissionWebhook,ValidatingAdmissionPolicy,ValidatingAdmissionWebhook"` } var ( @@ -86,6 +87,7 @@ func init() { flag.StringVarP(&config.ApiServerRegistry, "api-server-registry", "", "", "OCI registry for pulling the kube-apiserver image") flag.StringVarP(&config.EtcdRegistry, "etcd-registry", "", "", "OCI registry for pulling the etcd image") flag.StringVarP(&config.EtcdVersion, "etcd-version", "", "", "The version for etcd") + flag.StringSliceVarP(&config.ApiServerFlags, "api-server-flags", "", nil, "Set additional kube-apiserver flags") tbl = table.NewWriter() tbl.SetOutputMirror(output) @@ -518,22 +520,23 @@ func startAPIServer(ctx context.Context, dockerClient *dockerclient.Client, etcd return types.ContainerJSON{}, err } + cmd := append(strslice.StrSlice{ + "/usr/local/bin/kube-apiserver", + fmt.Sprintf("--etcd-servers=%s:2379", etcd.NetworkSettings.DefaultNetworkSettings.IPAddress), + "--anonymous-auth", + "--service-account-issuer=https://validation", + "--service-account-key-file=/certs/service-account-key.pem", + "--service-account-signing-key-file=/certs/service-account-key.pem", + "--token-auth-file=/certs/token", + "--enable-priority-and-fairness=false", + }, config.ApiServerFlags...) + tag, _ := strings.CutPrefix(config.KubeVersion, "v") cont, err := dockerClient.ContainerCreate( ctx, &container.Config{ Image: fmt.Sprintf("%s:v%s", config.ApiServerRegistry, tag), - Cmd: strslice.StrSlice{ - "/usr/local/bin/kube-apiserver", - fmt.Sprintf("--etcd-servers=%s:2379", etcd.NetworkSettings.DefaultNetworkSettings.IPAddress), - "--anonymous-auth", - "--service-account-issuer=https://validation", - "--service-account-key-file=/certs/service-account-key.pem", - "--service-account-signing-key-file=/certs/service-account-key.pem", - "--token-auth-file=/certs/token", - "--disable-admission-plugins=MutatingAdmissionWebhook,ValidatingAdmissionPolicy,ValidatingAdmissionWebhook", - "--enable-priority-and-fairness=false", - }, + Cmd: cmd, }, &container.HostConfig{ Mounts: []mount.Mount{