Skip to content

Commit

Permalink
Merge pull request brancz#285 from novegit/fb_qps
Browse files Browse the repository at this point in the history
add command line args --kube-api-qps/--kube-api-burst
  • Loading branch information
ibihim authored Mar 19, 2024
2 parents 61b92d7 + eaebcdc commit e53dedc
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,8 @@ Kube-rbac-proxy flags:
--http2-max-size uint32 The maximum number of bytes that the server will accept for frame size and buffer per stream in a HTTP/2 request. (default 262144)
--ignore-paths strings Comma-separated list of paths against which kube-rbac-proxy pattern-matches the incoming request. If the requst matches, it will proxy the request without performing an authentication or authorization check. Cannot be used with --allow-paths.
--insecure-listen-address string [DEPRECATED] The address the kube-rbac-proxy HTTP server should listen on.
--kube-api-burst int kube-api burst value; needed when kube-api-qps is set
--kube-api-qps float32 queries per second to the api, kube-client starts client-side throttling, when breached
--kubeconfig string Path to a kubeconfig file, specifying how to connect to the API server. If unset, in-cluster configuration will be used
--oidc-ca-file string If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file, otherwise the host's root CA set will be used.
--oidc-clientID string The client ID for the OpenID Connect client, must be set if oidc-issuer-url is set.
Expand Down
7 changes: 7 additions & 0 deletions cmd/kube-rbac-proxy/app/kube-rbac-proxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,13 @@ func Complete(o *options.ProxyRunOptions) (*completedProxyRunOptions, error) {
return nil, fmt.Errorf("failed to load kubeconfig: %w", err)
}

if o.QPS > 0 {
kubeconfig.QPS = o.QPS
}
if o.Burst > 0 {
kubeconfig.Burst = o.Burst
}

completed.kubeClient, err = kubernetes.NewForConfig(kubeconfig)
if err != nil {
return nil, fmt.Errorf("failed to instantiate Kubernetes client: %w", err)
Expand Down
5 changes: 5 additions & 0 deletions cmd/kube-rbac-proxy/app/options/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,9 @@ type ProxyRunOptions struct {
HTTP2MaxConcurrentStreams uint32
HTTP2MaxSize uint32

QPS float32
Burst int

flagSet *pflag.FlagSet
}

Expand Down Expand Up @@ -137,6 +140,8 @@ func (o *ProxyRunOptions) Flags() k8sapiflag.NamedFlagSets {

//Kubeconfig flag
flagset.StringVar(&o.KubeconfigLocation, "kubeconfig", "", "Path to a kubeconfig file, specifying how to connect to the API server. If unset, in-cluster configuration will be used")
flagset.Float32Var(&o.QPS, "kube-api-qps", 0, "queries per second to the api, kube-client starts client-side throttling, when breached")
flagset.IntVar(&o.Burst, "kube-api-burst", 0, "kube-api burst value; needed when kube-api-qps is set")

// HTTP2 flags
flagset.BoolVar(&o.HTTP2Disable, "http2-disable", false, "Disable HTTP/2 support")
Expand Down

0 comments on commit e53dedc

Please sign in to comment.