in cmd/manager/main.go [118:375]
func Command() *cobra.Command {
cmd := &cobra.Command{
Use: "manager",
Short: "Start the Elastic Cloud on Kubernetes operator",
PreRunE: func(cmd *cobra.Command, _ []string) error {
// enable using dashed notation in flags and underscores in env
viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
if err := viper.BindPFlags(cmd.Flags()); err != nil {
return fmt.Errorf("failed to bind flags: %w", err)
}
viper.AutomaticEnv()
if configFile != "" {
viper.SetConfigFile(configFile)
if err := viper.ReadInConfig(); err != nil {
return fmt.Errorf("failed to read config file %s: %w", configFile, err)
}
}
logconf.ChangeVerbosity(viper.GetInt(logconf.FlagName))
log = logf.Log.WithName("manager")
return nil
},
RunE: doRun,
}
cmd.Flags().Bool(
operator.AutoPortForwardFlag,
false,
"Enables automatic port-forwarding "+
"(for dev use only as it exposes k8s resources on ephemeral ports to localhost)",
)
cmd.Flags().String(
operator.CADirFlag,
"",
"Path to a directory containing a CA certificate (tls.crt) and its associated private key (tls.key) to be used for all managed resources. Effectively disables the CA rotation and validity options.",
)
cmd.Flags().Duration(
operator.CACertRotateBeforeFlag,
certificates.DefaultRotateBefore,
"Duration representing how long before expiration CA certificates should be reissued",
)
cmd.Flags().Duration(
operator.CACertValidityFlag,
certificates.DefaultCertValidity,
"Duration representing how long before a newly created CA cert expires",
)
cmd.Flags().Duration(
operator.CertRotateBeforeFlag,
certificates.DefaultRotateBefore,
"Duration representing how long before expiration TLS certificates should be reissued",
)
cmd.Flags().Duration(
operator.CertValidityFlag,
certificates.DefaultCertValidity,
"Duration representing how long before a newly created TLS certificate expires",
)
cmd.Flags().StringVar(
&configFile,
operator.ConfigFlag,
"",
"Path to the file containing the operator configuration",
)
cmd.Flags().String(
operator.ContainerRegistryFlag,
container.DefaultContainerRegistry,
"Container registry to use when downloading Elastic Stack container images",
)
cmd.Flags().String(
operator.ContainerRepositoryFlag,
"",
"Container repository to use when downloading Elastic Stack container images",
)
cmd.Flags().String(
operator.ContainerSuffixFlag,
"",
fmt.Sprintf("Suffix to be appended to container images by default. Cannot be combined with %s", operator.UBIOnlyFlag),
)
cmd.Flags().String(
operator.DebugHTTPListenFlag,
"localhost:6060",
"Listen address for debug HTTP server (only available in development mode)",
)
cmd.Flags().Bool(
operator.DisableConfigWatch,
false,
"Disable watching the configuration file for changes",
)
cmd.Flags().Duration(
operator.ElasticsearchClientTimeout,
3*time.Minute,
"Default timeout for requests made by the Elasticsearch client.",
)
cmd.Flags().Duration(
operator.ElasticsearchObservationIntervalFlag,
10*time.Second,
"Interval between observations of Elasticsearch health, non-positive values disable asynchronous observation",
)
cmd.Flags().Bool(
operator.DisableTelemetryFlag,
false,
"Disable periodically updating ECK telemetry data for Kibana to consume.",
)
cmd.Flags().String(
operator.DistributionChannelFlag,
"",
"Set the distribution channel to report through telemetry.",
)
cmd.Flags().Bool(
operator.EnforceRBACOnRefsFlag,
false, // Set to false for backward compatibility
"Restrict cross-namespace resource association through RBAC (eg. referencing Elasticsearch from Kibana)",
)
cmd.Flags().Bool(
operator.EnableLeaderElection,
true,
"Enable leader election. Enabling this will ensure there is only one active operator.",
)
cmd.Flags().Bool(
operator.EnableTracingFlag,
false,
"Enable APM tracing in the operator. Endpoint, token etc are to be configured via environment variables. See https://www.elastic.co/guide/en/apm/agent/go/1.x/configuration.html")
cmd.Flags().Bool(
operator.EnableWebhookFlag,
false,
"Enables a validating webhook server in the operator process.",
)
cmd.Flags().StringSlice(
operator.ExposedNodeLabels,
[]string{},
"Comma separated list of node labels which are allowed to be copied as annotations on Elasticsearch Pods, empty by default",
)
cmd.Flags().Int(
operator.PasswordHashCacheSize,
0,
fmt.Sprintf(
"Sets the size of the password hash cache. Default size is inferred from %s. Caching is disabled if explicitly set to 0 or any negative value.",
operator.MaxConcurrentReconcilesFlag,
),
)
cmd.Flags().String(
operator.IPFamilyFlag,
"",
"Set the IP family to use. Possible values: IPv4, IPv6, \"\" (= auto-detect) ",
)
cmd.Flags().Duration(
operator.KubeClientTimeout,
60*time.Second,
"Timeout for requests made by the Kubernetes API client.",
)
cmd.Flags().Float32(
operator.KubeClientQPS,
0,
"Maximum number of queries per second to the Kubernetes API.",
)
cmd.Flags().Bool(
operator.ManageWebhookCertsFlag,
true,
"Enables automatic certificates management for the webhook. The Secret and the ValidatingWebhookConfiguration must be created before running the operator",
)
cmd.Flags().Int(
operator.MaxConcurrentReconcilesFlag,
3,
"Sets maximum number of concurrent reconciles per controller (Elasticsearch, Kibana, Apm Server etc). Affects the ability of the operator to process changes concurrently.",
)
cmd.Flags().Int(
operator.MetricsPortFlag,
DefaultMetricPort,
"Port to use for exposing metrics in the Prometheus format. (set 0 to disable)",
)
cmd.Flags().String(
operator.MetricsHostFlag,
"0.0.0.0",
fmt.Sprintf("The host to which the operator should bind to serve metrics in the Prometheus format. Will be combined with %s.", operator.MetricsPortFlag),
)
cmd.Flags().Bool(
operator.MetricsSecureFlag,
false,
fmt.Sprintf("Enables TLS for the metrics server. Only effective combined with %s", operator.MetricsPortFlag),
)
cmd.Flags().String(
operator.MetricsCertDirFlag,
// this is controller-runtime's own default, copied here for making the default explicit when using `--help`
filepath.Join(os.TempDir(), "k8s-metrics-server", "serving-certs"),
fmt.Sprintf("Location of TLS certs for the metrics server. Directory needs to contain tls.key and tls.crt. If empty self-signed certificates are used. Only effective when combined with %s and %s", operator.MetricsPortFlag, operator.MetricsSecureFlag),
)
cmd.Flags().StringSlice(
operator.NamespacesFlag,
nil,
"Comma-separated list of namespaces in which this operator should manage resources (defaults to all namespaces)",
)
cmd.Flags().String(
operator.OperatorNamespaceFlag,
"",
"Kubernetes namespace the operator runs in",
)
cmd.Flags().Duration(
operator.TelemetryIntervalFlag,
1*time.Hour,
"Interval between ECK telemetry data updates",
)
cmd.Flags().Bool(
operator.UBIOnlyFlag,
false,
fmt.Sprintf("Use only UBI container images to deploy Elastic Stack applications. UBI images are only available from 7.10.0 onward. Ignored from 9.x as default images are based on UBI. Cannot be combined with %s", operator.ContainerSuffixFlag),
)
cmd.Flags().Bool(
operator.ValidateStorageClassFlag,
true,
"Specifies whether the operator should retrieve storage classes to verify volume expansion support. Can be disabled if cluster-wide storage class RBAC access is not available.",
)
cmd.Flags().String(
operator.WebhookCertDirFlag,
// this is controller-runtime's own default, copied here for making the default explicit when using `--help`
filepath.Join(os.TempDir(), "k8s-webhook-server", "serving-certs"),
"Path to the directory that contains the webhook server key and certificate",
)
cmd.Flags().String(
operator.WebhookSecretFlag,
"",
fmt.Sprintf("Kubernetes secret mounted into the path designated by %s to be used for webhook certificates", operator.WebhookCertDirFlag),
)
cmd.Flags().String(
operator.WebhookNameFlag,
DefaultWebhookName,
"Name of the Kubernetes ValidatingWebhookConfiguration resource. Only used when enable-webhook is true.",
)
cmd.Flags().Int(
operator.WebhookPortFlag,
WebhookPort,
"Port is the port that the webhook server serves at.",
)
cmd.Flags().String(
operator.SetDefaultSecurityContextFlag,
"auto-detect",
"Enables setting the default security context with fsGroup=1000 for Elasticsearch 8.0+ Pods and Kibana 7.10+ Pods. Possible values: true, false, auto-detect",
)
// hide development mode flags from the usage message
_ = cmd.Flags().MarkHidden(operator.AutoPortForwardFlag)
_ = cmd.Flags().MarkHidden(operator.DebugHTTPListenFlag)
// hide flags set by the build process
_ = cmd.Flags().MarkHidden(operator.DistributionChannelFlag)
// hide the flag used for E2E test only
_ = cmd.Flags().MarkHidden(operator.TelemetryIntervalFlag)
// configure filename auto-completion for the config flag
_ = cmd.MarkFlagFilename(operator.ConfigFlag)
logconf.BindFlags(cmd.Flags())
return cmd
}