Skip to content

Instantly share code, notes, and snippets.

@csantanapr

csantanapr/eks-kube-api-flasgs-1.24.txt

Created November 29, 2022 01:34
Show Gist options
  • Save csantanapr/d6d5e4fd454b98c3e374d7e17c7707f6 to your computer and use it in GitHub Desktop.
Save csantanapr/d6d5e4fd454b98c3e374d7e17c7707f6 to your computer and use it in GitHub Desktop.
Download ZIP
EKS 1.24 kube-api flags
Raw
eks-kube-api-flasgs-1.24.txt
Setting GA feature gate CSIServiceAccountToken=true. It will be removed in a future release. |
Setting GA feature gate TTLAfterFinished=true. It will be removed in a future release. Flag --enable-logs-handler has been deprecated, This flag will be removed in v1.19 Flag --service-account-api-audiences has been deprecated, Use --api-audiences Flag --logtostderr has been deprecated, will be removed in a future release, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components |
--add-dir-header="false" |
--admission-control="[]" |
--admission-control-config-file="" |
--advertise-address="10.2.11.163" |
--aggregator-reject-forwarding-redirect="true" |
--allow-metric-labels="[]" |
--allow-privileged="true" |
--alsologtostderr="false" |
--anonymous-auth="true" |
--api-audiences="[https://kubernetes.default.svc]" |
--apiserver-count="1" |
--audit-log-batch-buffer-size="10000" |
--audit-log-batch-max-size="1" |
--audit-log-batch-max-wait="0s" |
--audit-log-batch-throttle-burst="0" |
--audit-log-batch-throttle-enable="false" |
--audit-log-batch-throttle-qps="0" |
--audit-log-compress="false" |
--audit-log-format="json" |
--audit-log-maxage="0" |
--audit-log-maxbackup="1" |
--audit-log-maxsize="500" |
--audit-log-mode="blocking" |
--audit-log-path="/var/log/kube-audit/kube-apiserver-audit.log" |
--audit-log-truncate-enabled="false" |
--audit-log-truncate-max-batch-size="10485760" |
--audit-log-truncate-max-event-size="102400" |
--audit-log-version="audit.k8s.io/v1" |
--audit-policy-file="/etc/audit_policy.config" |
--audit-webhook-batch-buffer-size="10000" |
--audit-webhook-batch-initial-backoff="10s" |
--audit-webhook-batch-max-size="400" |
--audit-webhook-batch-max-wait="30s" |
--audit-webhook-batch-throttle-burst="15" |
--audit-webhook-batch-throttle-enable="true" |
--audit-webhook-batch-throttle-qps="10" |
--audit-webhook-config-file="" |
--audit-webhook-initial-backoff="10s" |
--audit-webhook-mode="batch" |
--audit-webhook-truncate-enabled="false" |
--audit-webhook-truncate-max-batch-size="10485760" |
--audit-webhook-truncate-max-event-size="102400" |
--audit-webhook-version="audit.k8s.io/v1" |
--authentication-token-webhook-cache-ttl="7m0s" |
--authentication-token-webhook-config-file="/etc/kubernetes/authenticator/apiserver-webhook-kubeconfig.yaml" |
--authentication-token-webhook-version="v1beta1" |
--authorization-mode="[Node,RBAC]" |
--authorization-policy-file="" |
--authorization-webhook-cache-authorized-ttl="5m0s" |
--authorization-webhook-cache-unauthorized-ttl="30s" |
--authorization-webhook-config-file="" |
--authorization-webhook-version="v1beta1" |
--bind-address="0.0.0.0" |
--cert-dir="/var/run/kubernetes" |
--client-ca-file="/etc/kubernetes/pki/internal-auth/ca.crt" |
--cloud-config="" |
--cloud-provider="external" |
--cloud-provider-gce-l7lb-src-cidrs="130.211.0.0/22,35.191.0.0/16" |
--cloud-provider-gce-lb-src-cidrs="130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16" |
--contention-profiling="false" |
--cors-allowed-origins="[]" |
--default-not-ready-toleration-seconds="300" |
--default-unreachable-toleration-seconds="300" |
--default-watch-cache-size="100" |
--delete-collection-workers="1" |
--disable-admission-plugins="[]" |
--disabled-metrics="[]" |
--egress-selector-config-file="" |
--enable-admission-plugins="[NodeRestriction,PodSecurityPolicy,ExtendedResourceToleration]" |
--enable-aggregator-routing="true" |
--enable-bootstrap-token-auth="false" |
--enable-garbage-collector="true" |
--enable-logs-handler="false" |
--enable-priority-and-fairness="true" |
--encryption-provider-config="/etc/kubernetes/aws-encryption-provider/encryption-configuration.yaml" |
--endpoint-reconciler-type="lease" |
--etcd-auto-sync-interval="10s" |
--etcd-cafile="" |
--etcd-certfile="" |
--etcd-compaction-interval="5m0s" |
--etcd-count-metric-poll-period="1m0s" |
--etcd-db-metric-poll-interval="30s" |
--etcd-healthcheck-timeout="2s" |
--etcd-keyfile="" |
--etcd-prefix="/registry" |
--etcd-servers="[http://172.16.160.16:2379,http://172.16.32.16:2379,http://172.16.96.16:2379]" |
--etcd-servers-overrides="[]" |
--event-ttl="1h0m0s" |
--external-hostname="ip-172-16-125-123.ec2.internal" |
--feature-gates="CSIServiceAccountToken=true,ExternalKeyService=true,TTLAfterFinished=true" |
--goaway-chance="0" |
--help="false" |
--http2-max-streams-per-connection="0" |
--identity-lease-duration-seconds="3600" |
--identity-lease-renew-interval-seconds="10" |
--key-service-url="/etc/kubernetes/key-server/pipe.sock" |
--kubelet-certificate-authority="/etc/kubernetes/pki/ca.crt" |
--kubelet-client-certificate="/etc/kubernetes/pki/apiserver-kubelet-client.crt" |
--kubelet-client-key="/etc/kubernetes/pki/apiserver-kubelet-client.key" |
--kubelet-port="10250" |
--kubelet-preferred-address-types="[InternalIP,InternalDNS]" |
--kubelet-read-only-port="10255" |
--kubelet-timeout="5s" |
--kubernetes-service-node-port="0" |
--lease-reuse-duration-seconds="60" |
--livez-grace-period="0s" |
--log-backtrace-at=":0" |
--log-dir="" |
--log-file="" |
--log-file-max-size="1800" |
--log-flush-frequency="5s" |
--log-json-info-buffer-size="0" |
--log-json-split-stream="false" |
--logging-format="text" |
--logtostderr="true" |
--master-service-namespace="default" |
--max-connection-bytes-per-sec="0" |
--max-mutating-requests-inflight="200" |
--max-requests-inflight="400" |
--maximum-page-size-for-etcd-lists="2000" |
--min-request-timeout="1800" |
--oidc-ca-file="" |
--oidc-client-id="" |
--oidc-groups-claim="" |
--oidc-groups-prefix="" |
--oidc-issuer-url="" |
--oidc-required-claim="" |
--oidc-signing-algs="[RS256]" |
--oidc-username-claim="sub" |
--oidc-username-prefix="" |
--one-output="false" |
--permit-address-sharing="false" |
--permit-port-sharing="false" |
--profiling="false" |
--proxy-cidr-allowlist="10.2.0.0/16" |
--proxy-cidr-whitelist="10.2.0.0/16" |
--proxy-client-cert-file="/etc/kubernetes/pki/front-proxy-client.crt" |
--proxy-client-key-file="/etc/kubernetes/pki/front-proxy-client.key" |
--request-timeout="1m0s" |
--requestheader-allowed-names="[front-proxy-client]" |
--requestheader-client-ca-file="/etc/kubernetes/pki/front-proxy-ca.crt" |
--requestheader-extra-headers-prefix="[X-Remote-Extra-]" |
--requestheader-group-headers="[X-Remote-Group]" |
--requestheader-username-headers="[X-Remote-User]" |
--runtime-config="" |
--secure-port="443" |
--service-account-api-audiences="[https://kubernetes.default.svc]" |
--service-account-extend-token-expiration="true" |
--service-account-issuer="[https://oidc.eks.us-east-1.amazonaws.com/id/E3EF6C3A83D6D9D8FF182563FED330DC]" |
--service-account-jwks-uri="" |
--service-account-key-file="[/etc/kubernetes/pki/sa.pub]" |
--service-account-lookup="true" |
--service-account-max-token-expiration="24h0m0s" |
--service-account-signing-key-file="" |
--service-cluster-ip-range="172.20.0.0/16" |
--service-node-port-range="30000-32767" |
--show-hidden-metrics-for-version="" |
--shutdown-delay-duration="5s" |
--shutdown-send-retry-after="false" |
--skip-headers="false" |
--skip-log-headers="false" |
--stderrthreshold="2" |
--storage-backend="" |
--storage-media-type="application/vnd.kubernetes.protobuf" |
--strict-transport-security-directives="[]" |
--tls-cert-file="/etc/kubernetes/pki/apiserver.crt" |
--tls-cipher-suites="[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]" |
--tls-min-version="" |
--tls-private-key-file="/etc/kubernetes/pki/apiserver.key" |
--tls-sni-cert-key="[]" |
--token-auth-file="/dev/null" |
--tracing-config-file="" |
--v="2" |
--version="false" |
--vmodule="" |
--watch-cache="true" |
--watch-cache-sizes="[]" |
Version: v1.24.7-eks-fb459a0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment