vendor updates

2025-06-13 10:33:35 +00:00 · 2018-03-06 17:33:18 -05:00
parent 4b3ebc171b
commit e9033989a0
5854 changed files with 248382 additions and 119809 deletions
--- a/vendor/k8s.io/kubernetes/cmd/controller-manager/OWNERS
+++ b/vendor/k8s.io/kubernetes/cmd/controller-manager/OWNERS
@ -0,0 +1,11 @@
+approvers:
+- deads2k
+- cheftako
+- sttts
+reviewers:
+- caesarxuchao
+- cheftako
+- deads2k
+- lavalamp
+- liggitt
+- sttts
--- a/vendor/k8s.io/kubernetes/cmd/controller-manager/app/BUILD
+++ b/vendor/k8s.io/kubernetes/cmd/controller-manager/app/BUILD
@ -0,0 +1,48 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "config.go",
+        "helper.go",
+        "insecure_serving.go",
+        "serve.go",
+    ],
+    importpath = "k8s.io/kubernetes/cmd/controller-manager/app",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//pkg/api/legacyscheme:go_default_library",
+        "//pkg/apis/componentconfig:go_default_library",
+        "//pkg/util/configz:go_default_library",
+        "//vendor/github.com/golang/glog:go_default_library",
+        "//vendor/github.com/prometheus/client_golang/prometheus:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/endpoints/filters:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/server:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/server/filters:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/server/healthz:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/server/mux:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/server/routes:go_default_library",
+        "//vendor/k8s.io/client-go/kubernetes:go_default_library",
+        "//vendor/k8s.io/client-go/rest:go_default_library",
+        "//vendor/k8s.io/client-go/tools/record:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [
+        ":package-srcs",
+        "//cmd/controller-manager/app/options:all-srcs",
+    ],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/vendor/k8s.io/kubernetes/cmd/controller-manager/app/config.go
+++ b/vendor/k8s.io/kubernetes/cmd/controller-manager/app/config.go
@ -0,0 +1,65 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package app
+
+import (
+	apiserver "k8s.io/apiserver/pkg/server"
+	clientset "k8s.io/client-go/kubernetes"
+	restclient "k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/record"
+	"k8s.io/kubernetes/pkg/apis/componentconfig"
+)
+
+// Config is the main context object for the controller manager.
+type Config struct {
+	// TODO: split up the component config. This is not generic.
+	ComponentConfig componentconfig.KubeControllerManagerConfiguration
+
+	SecureServing *apiserver.SecureServingInfo
+	// TODO: remove deprecated insecure serving
+	InsecureServing *InsecureServingInfo
+	Authentication  apiserver.AuthenticationInfo
+	Authorization   apiserver.AuthorizationInfo
+
+	// the general kube client
+	Client *clientset.Clientset
+
+	// the client only used for leader election
+	LeaderElectionClient *clientset.Clientset
+
+	// the rest config for the master
+	Kubeconfig *restclient.Config
+
+	// the event sink
+	EventRecorder record.EventRecorder
+}
+
+type completedConfig struct {
+	*Config
+}
+
+// CompletedConfig same as Config, just to swap private object.
+type CompletedConfig struct {
+	// Embed a private pointer that cannot be instantiated outside of this package.
+	*completedConfig
+}
+
+// Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
+func (c *Config) Complete() CompletedConfig {
+	cc := completedConfig{c}
+	return CompletedConfig{&cc}
+}
--- a/vendor/k8s.io/kubernetes/cmd/controller-manager/app/helper.go
+++ b/vendor/k8s.io/kubernetes/cmd/controller-manager/app/helper.go
@ -0,0 +1,55 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package app
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/golang/glog"
+	"k8s.io/apimachinery/pkg/util/wait"
+	clientset "k8s.io/client-go/kubernetes"
+)
+
+// WaitForAPIServer waits for the API Server's /healthz endpoint to report "ok" with timeout.
+func WaitForAPIServer(client clientset.Interface, timeout time.Duration) error {
+	var lastErr error
+
+	err := wait.PollImmediate(time.Second, timeout, func() (bool, error) {
+		healthStatus := 0
+		result := client.Discovery().RESTClient().Get().AbsPath("/healthz").Do().StatusCode(&healthStatus)
+		if result.Error() != nil {
+			lastErr = fmt.Errorf("failed to get apiserver /healthz status: %v", result.Error())
+			return false, nil
+		}
+		if healthStatus != http.StatusOK {
+			content, _ := result.Raw()
+			lastErr = fmt.Errorf("APIServer isn't healthy: %v", string(content))
+			glog.Warningf("APIServer isn't healthy yet: %v. Waiting a little while.", string(content))
+			return false, nil
+		}
+
+		return true, nil
+	})
+
+	if err != nil {
+		return fmt.Errorf("%v: %v", err, lastErr)
+	}
+
+	return nil
+}
--- a/vendor/k8s.io/kubernetes/cmd/controller-manager/app/insecure_serving.go
+++ b/vendor/k8s.io/kubernetes/cmd/controller-manager/app/insecure_serving.go
@ -0,0 +1,46 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package app
+
+import (
+	"net"
+	"net/http"
+	"time"
+
+	"github.com/golang/glog"
+
+	"k8s.io/apiserver/pkg/server"
+)
+
+// InsecureServingInfo is the main context object for the insecure http server.
+type InsecureServingInfo struct {
+	// Listener is the secure server network listener.
+	Listener net.Listener
+}
+
+// Serve starts an insecure http server with the given handler. It fails only if
+// the initial listen call fails. It does not block.
+func (s *InsecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) error {
+	insecureServer := &http.Server{
+		Addr:           s.Listener.Addr().String(),
+		Handler:        handler,
+		MaxHeaderBytes: 1 << 20,
+	}
+
+	glog.Infof("Serving insecurely on %s", s.Listener.Addr())
+	return server.RunServer(insecureServer, s.Listener, shutdownTimeout, stopCh)
+}
--- a/vendor/k8s.io/kubernetes/cmd/controller-manager/app/options/BUILD
+++ b/vendor/k8s.io/kubernetes/cmd/controller-manager/app/options/BUILD
@ -0,0 +1,42 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "insecure_serving.go",
+        "options.go",
+    ],
+    importpath = "k8s.io/kubernetes/cmd/controller-manager/app/options",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//cmd/controller-manager/app:go_default_library",
+        "//pkg/api/legacyscheme:go_default_library",
+        "//pkg/apis/componentconfig:go_default_library",
+        "//pkg/client/leaderelectionconfig:go_default_library",
+        "//vendor/github.com/cloudflare/cfssl/helpers:go_default_library",
+        "//vendor/github.com/golang/glog:go_default_library",
+        "//vendor/github.com/spf13/pflag:go_default_library",
+        "//vendor/k8s.io/api/core/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/server/options:go_default_library",
+        "//vendor/k8s.io/client-go/kubernetes:go_default_library",
+        "//vendor/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",
+        "//vendor/k8s.io/client-go/rest:go_default_library",
+        "//vendor/k8s.io/client-go/tools/clientcmd:go_default_library",
+        "//vendor/k8s.io/client-go/tools/record:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/vendor/k8s.io/kubernetes/cmd/controller-manager/app/options/insecure_serving.go
+++ b/vendor/k8s.io/kubernetes/cmd/controller-manager/app/options/insecure_serving.go
@ -0,0 +1,112 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/spf13/pflag"
+	"k8s.io/apiserver/pkg/server/options"
+	genericcontrollermanager "k8s.io/kubernetes/cmd/controller-manager/app"
+	"k8s.io/kubernetes/pkg/apis/componentconfig"
+)
+
+// InsecureServingOptions are for creating an unauthenticated, unauthorized, insecure port.
+// No one should be using these anymore.
+type InsecureServingOptions struct {
+	BindAddress net.IP
+	BindPort    int
+	// BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp",
+	// "tcp4", and "tcp6".
+	BindNetwork string
+
+	// Listener is the secure server network listener.
+	// either Listener or BindAddress/BindPort/BindNetwork is set,
+	// if Listener is set, use it and omit BindAddress/BindPort/BindNetwork.
+	Listener net.Listener
+}
+
+// Validate ensures that the insecure port values within the range of the port.
+func (s *InsecureServingOptions) Validate() []error {
+	errors := []error{}
+
+	if s == nil {
+		return nil
+	}
+
+	if s.BindPort < 0 || s.BindPort > 32767 {
+		errors = append(errors, fmt.Errorf("--insecure-port %v must be between 0 and 32767, inclusive. 0 for turning off insecure (HTTP) port", s.BindPort))
+	}
+
+	return errors
+}
+
+// AddFlags adds flags related to insecure serving for controller manager to the specified FlagSet.
+func (s *InsecureServingOptions) AddFlags(fs *pflag.FlagSet) {
+	if s == nil {
+		return
+	}
+}
+
+// AddDeprecatedFlags adds deprecated flags related to insecure serving for controller manager to the specified FlagSet.
+// TODO: remove it until kops stop using `--address`
+func (s *InsecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet) {
+	if s == nil {
+		return
+	}
+
+	fs.IPVar(&s.BindAddress, "address", s.BindAddress,
+		"DEPRECATED: the IP address on which to listen for the --port port. See --bind-address instead.")
+	// MarkDeprecated hides the flag from the help. We don't want that:
+	// fs.MarkDeprecated("address", "see --bind-address instead.")
+
+	fs.IntVar(&s.BindPort, "port", s.BindPort, "DEPRECATED: the port on which to serve HTTP insecurely without authentication and authorization. If 0, don't serve HTTPS at all. See --secure-port instead.")
+	// MarkDeprecated hides the flag from the help. We don't want that:
+	// fs.MarkDeprecated("port", "see --secure-port instead.")
+}
+
+// ApplyTo adds InsecureServingOptions to the insecureserverinfo amd kube-controller manager configuration.
+// Note: the double pointer allows to set the *InsecureServingInfo to nil without referencing the struct hosting this pointer.
+func (s *InsecureServingOptions) ApplyTo(c **genericcontrollermanager.InsecureServingInfo, cfg *componentconfig.KubeControllerManagerConfiguration) error {
+	if s == nil {
+		return nil
+	}
+	if s.BindPort <= 0 {
+		return nil
+	}
+
+	if s.Listener == nil {
+		var err error
+		addr := net.JoinHostPort(s.BindAddress.String(), fmt.Sprintf("%d", s.BindPort))
+		s.Listener, s.BindPort, err = options.CreateListener(s.BindNetwork, addr)
+		if err != nil {
+			return fmt.Errorf("failed to create listener: %v", err)
+		}
+	}
+
+	*c = &genericcontrollermanager.InsecureServingInfo{
+		Listener: s.Listener,
+	}
+
+	// sync back to component config
+	// TODO: find more elegant way than synching back the values.
+	cfg.Port = int32(s.BindPort)
+	cfg.Address = s.BindAddress.String()
+
+	return nil
+}
--- a/vendor/k8s.io/kubernetes/cmd/controller-manager/app/options/options.go
+++ b/vendor/k8s.io/kubernetes/cmd/controller-manager/app/options/options.go
@ -0,0 +1,242 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"net"
+	"time"
+
+	"github.com/cloudflare/cfssl/helpers"
+	"github.com/golang/glog"
+
+	"github.com/spf13/pflag"
+	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	apiserveroptions "k8s.io/apiserver/pkg/server/options"
+	"k8s.io/client-go/kubernetes"
+	clientset "k8s.io/client-go/kubernetes"
+	v1core "k8s.io/client-go/kubernetes/typed/core/v1"
+	restclient "k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/tools/record"
+	genericcontrollermanager "k8s.io/kubernetes/cmd/controller-manager/app"
+	"k8s.io/kubernetes/pkg/api/legacyscheme"
+	"k8s.io/kubernetes/pkg/apis/componentconfig"
+	"k8s.io/kubernetes/pkg/client/leaderelectionconfig"
+)
+
+// GenericControllerManagerOptions is the common structure for a controller manager. It works with NewGenericControllerManagerOptions
+// and AddDefaultControllerFlags to create the common components of kube-controller-manager and cloud-controller-manager.
+type GenericControllerManagerOptions struct {
+	// TODO: turn ComponentConfig into modular option structs. This is not generic.
+	ComponentConfig componentconfig.KubeControllerManagerConfiguration
+
+	SecureServing *apiserveroptions.SecureServingOptions
+	// TODO: remove insecure serving mode
+	InsecureServing *InsecureServingOptions
+	Authentication  *apiserveroptions.DelegatingAuthenticationOptions
+	Authorization   *apiserveroptions.DelegatingAuthorizationOptions
+
+	Master     string
+	Kubeconfig string
+}
+
+const (
+	// These defaults are deprecated and exported so that we can warn if
+	// they are being used.
+
+	// DefaultClusterSigningCertFile is deprecated. Do not use.
+	DefaultClusterSigningCertFile = "/etc/kubernetes/ca/ca.pem"
+	// DefaultClusterSigningKeyFile is deprecated. Do not use.
+	DefaultClusterSigningKeyFile = "/etc/kubernetes/ca/ca.key"
+)
+
+// NewGenericControllerManagerOptions returns common/default configuration values for both
+// the kube-controller-manager and the cloud-contoller-manager. Any common changes should
+// be made here. Any individual changes should be made in that controller.
+func NewGenericControllerManagerOptions(componentConfig componentconfig.KubeControllerManagerConfiguration) GenericControllerManagerOptions {
+	o := GenericControllerManagerOptions{
+		ComponentConfig: componentConfig,
+		SecureServing:   apiserveroptions.NewSecureServingOptions(),
+		InsecureServing: &InsecureServingOptions{
+			BindAddress: net.ParseIP(componentConfig.Address),
+			BindPort:    int(componentConfig.Port),
+			BindNetwork: "tcp",
+		},
+		Authentication: nil, // TODO: enable with apiserveroptions.NewDelegatingAuthenticationOptions()
+		Authorization:  nil, // TODO: enable with apiserveroptions.NewDelegatingAuthorizationOptions()
+	}
+
+	// disable secure serving for now
+	// TODO: enable HTTPS by default
+	o.SecureServing.BindPort = 0
+
+	return o
+}
+
+// NewDefaultControllerManagerComponentConfig returns default kube-controller manager configuration object.
+func NewDefaultControllerManagerComponentConfig(insecurePort int32) componentconfig.KubeControllerManagerConfiguration {
+	return componentconfig.KubeControllerManagerConfiguration{
+		Controllers:                                     []string{"*"},
+		Port:                                            insecurePort,
+		Address:                                         "0.0.0.0",
+		ConcurrentEndpointSyncs:                         5,
+		ConcurrentServiceSyncs:                          1,
+		ConcurrentRCSyncs:                               5,
+		ConcurrentRSSyncs:                               5,
+		ConcurrentDaemonSetSyncs:                        2,
+		ConcurrentJobSyncs:                              5,
+		ConcurrentResourceQuotaSyncs:                    5,
+		ConcurrentDeploymentSyncs:                       5,
+		ConcurrentNamespaceSyncs:                        10,
+		ConcurrentSATokenSyncs:                          5,
+		RouteReconciliationPeriod:                       metav1.Duration{Duration: 10 * time.Second},
+		ResourceQuotaSyncPeriod:                         metav1.Duration{Duration: 5 * time.Minute},
+		NamespaceSyncPeriod:                             metav1.Duration{Duration: 5 * time.Minute},
+		PVClaimBinderSyncPeriod:                         metav1.Duration{Duration: 15 * time.Second},
+		HorizontalPodAutoscalerSyncPeriod:               metav1.Duration{Duration: 30 * time.Second},
+		HorizontalPodAutoscalerUpscaleForbiddenWindow:   metav1.Duration{Duration: 3 * time.Minute},
+		HorizontalPodAutoscalerDownscaleForbiddenWindow: metav1.Duration{Duration: 5 * time.Minute},
+		HorizontalPodAutoscalerTolerance:                0.1,
+		DeploymentControllerSyncPeriod:                  metav1.Duration{Duration: 30 * time.Second},
+		MinResyncPeriod:                                 metav1.Duration{Duration: 12 * time.Hour},
+		RegisterRetryCount:                              10,
+		PodEvictionTimeout:                              metav1.Duration{Duration: 5 * time.Minute},
+		NodeMonitorGracePeriod:                          metav1.Duration{Duration: 40 * time.Second},
+		NodeStartupGracePeriod:                          metav1.Duration{Duration: 60 * time.Second},
+		NodeMonitorPeriod:                               metav1.Duration{Duration: 5 * time.Second},
+		ClusterName:                                     "kubernetes",
+		NodeCIDRMaskSize:                                24,
+		ConfigureCloudRoutes:                            true,
+		TerminatedPodGCThreshold:                        12500,
+		VolumeConfiguration: componentconfig.VolumeConfiguration{
+			EnableHostPathProvisioning: false,
+			EnableDynamicProvisioning:  true,
+			PersistentVolumeRecyclerConfiguration: componentconfig.PersistentVolumeRecyclerConfiguration{
+				MaximumRetry:             3,
+				MinimumTimeoutNFS:        300,
+				IncrementTimeoutNFS:      30,
+				MinimumTimeoutHostPath:   60,
+				IncrementTimeoutHostPath: 30,
+			},
+			FlexVolumePluginDir: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/",
+		},
+		ContentType:                           "application/vnd.kubernetes.protobuf",
+		KubeAPIQPS:                            20.0,
+		KubeAPIBurst:                          30,
+		LeaderElection:                        leaderelectionconfig.DefaultLeaderElectionConfiguration(),
+		ControllerStartInterval:               metav1.Duration{Duration: 0 * time.Second},
+		EnableGarbageCollector:                true,
+		ConcurrentGCSyncs:                     20,
+		ClusterSigningCertFile:                DefaultClusterSigningCertFile,
+		ClusterSigningKeyFile:                 DefaultClusterSigningKeyFile,
+		ClusterSigningDuration:                metav1.Duration{Duration: helpers.OneYear},
+		ReconcilerSyncLoopPeriod:              metav1.Duration{Duration: 60 * time.Second},
+		EnableTaintManager:                    true,
+		HorizontalPodAutoscalerUseRESTClients: true,
+	}
+}
+
+// AddFlags adds common/default flags for both the kube and cloud Controller Manager Server to the
+// specified FlagSet. Any common changes should be made here. Any individual changes should be made in that controller.
+func (o *GenericControllerManagerOptions) AddFlags(fs *pflag.FlagSet) {
+	fs.BoolVar(&o.ComponentConfig.UseServiceAccountCredentials, "use-service-account-credentials", o.ComponentConfig.UseServiceAccountCredentials, "If true, use individual service account credentials for each controller.")
+	fs.StringVar(&o.ComponentConfig.CloudConfigFile, "cloud-config", o.ComponentConfig.CloudConfigFile, "The path to the cloud provider configuration file. Empty string for no configuration file.")
+	fs.BoolVar(&o.ComponentConfig.AllowUntaggedCloud, "allow-untagged-cloud", false, "Allow the cluster to run without the cluster-id on cloud instances. This is a legacy mode of operation and a cluster-id will be required in the future.")
+	fs.MarkDeprecated("allow-untagged-cloud", "This flag is deprecated and will be removed in a future release. A cluster-id will be required on cloud instances.")
+	fs.DurationVar(&o.ComponentConfig.RouteReconciliationPeriod.Duration, "route-reconciliation-period", o.ComponentConfig.RouteReconciliationPeriod.Duration, "The period for reconciling routes created for Nodes by cloud provider.")
+	fs.DurationVar(&o.ComponentConfig.MinResyncPeriod.Duration, "min-resync-period", o.ComponentConfig.MinResyncPeriod.Duration, "The resync period in reflectors will be random between MinResyncPeriod and 2*MinResyncPeriod.")
+	fs.DurationVar(&o.ComponentConfig.NodeMonitorPeriod.Duration, "node-monitor-period", o.ComponentConfig.NodeMonitorPeriod.Duration,
+		"The period for syncing NodeStatus in NodeController.")
+	fs.BoolVar(&o.ComponentConfig.EnableProfiling, "profiling", true, "Enable profiling via web interface host:port/debug/pprof/")
+	fs.BoolVar(&o.ComponentConfig.EnableContentionProfiling, "contention-profiling", false, "Enable lock contention profiling, if profiling is enabled.")
+	fs.StringVar(&o.ComponentConfig.ClusterName, "cluster-name", o.ComponentConfig.ClusterName, "The instance prefix for the cluster.")
+	fs.StringVar(&o.ComponentConfig.ClusterCIDR, "cluster-cidr", o.ComponentConfig.ClusterCIDR, "CIDR Range for Pods in cluster. Requires --allocate-node-cidrs to be true")
+	fs.BoolVar(&o.ComponentConfig.AllocateNodeCIDRs, "allocate-node-cidrs", false, "Should CIDRs for Pods be allocated and set on the cloud provider.")
+	fs.StringVar(&o.ComponentConfig.CIDRAllocatorType, "cidr-allocator-type", "RangeAllocator", "Type of CIDR allocator to use")
+	fs.BoolVar(&o.ComponentConfig.ConfigureCloudRoutes, "configure-cloud-routes", true, "Should CIDRs allocated by allocate-node-cidrs be configured on the cloud provider.")
+	fs.StringVar(&o.Master, "master", o.Master, "The address of the Kubernetes API server (overrides any value in kubeconfig).")
+	fs.StringVar(&o.Kubeconfig, "kubeconfig", o.Kubeconfig, "Path to kubeconfig file with authorization and master location information.")
+	fs.StringVar(&o.ComponentConfig.ContentType, "kube-api-content-type", o.ComponentConfig.ContentType, "Content type of requests sent to apiserver.")
+	fs.Float32Var(&o.ComponentConfig.KubeAPIQPS, "kube-api-qps", o.ComponentConfig.KubeAPIQPS, "QPS to use while talking with kubernetes apiserver.")
+	fs.Int32Var(&o.ComponentConfig.KubeAPIBurst, "kube-api-burst", o.ComponentConfig.KubeAPIBurst, "Burst to use while talking with kubernetes apiserver.")
+	fs.DurationVar(&o.ComponentConfig.ControllerStartInterval.Duration, "controller-start-interval", o.ComponentConfig.ControllerStartInterval.Duration, "Interval between starting controller managers.")
+
+	o.SecureServing.AddFlags(fs)
+	o.InsecureServing.AddFlags(fs)
+	o.InsecureServing.AddDeprecatedFlags(fs)
+	o.Authentication.AddFlags(fs)
+	o.Authorization.AddFlags(fs)
+}
+
+// ApplyTo fills up controller manager config with options and userAgent
+func (o *GenericControllerManagerOptions) ApplyTo(c *genericcontrollermanager.Config, userAgent string) error {
+	c.ComponentConfig = o.ComponentConfig
+
+	if err := o.SecureServing.ApplyTo(&c.SecureServing); err != nil {
+		return err
+	}
+	if err := o.InsecureServing.ApplyTo(&c.InsecureServing, &c.ComponentConfig); err != nil {
+		return err
+	}
+	if err := o.Authentication.ApplyTo(&c.Authentication, c.SecureServing, nil); err != nil {
+		return err
+	}
+	if err := o.Authorization.ApplyTo(&c.Authorization); err != nil {
+		return err
+	}
+
+	var err error
+	c.Kubeconfig, err = clientcmd.BuildConfigFromFlags(o.Master, o.Kubeconfig)
+	if err != nil {
+		return err
+	}
+	c.Kubeconfig.ContentConfig.ContentType = o.ComponentConfig.ContentType
+	c.Kubeconfig.QPS = o.ComponentConfig.KubeAPIQPS
+	c.Kubeconfig.Burst = int(o.ComponentConfig.KubeAPIBurst)
+
+	c.Client, err = clientset.NewForConfig(restclient.AddUserAgent(c.Kubeconfig, userAgent))
+	if err != nil {
+		return err
+	}
+
+	c.LeaderElectionClient = clientset.NewForConfigOrDie(restclient.AddUserAgent(c.Kubeconfig, "leader-election"))
+
+	c.EventRecorder = createRecorder(c.Client, userAgent)
+
+	return nil
+}
+
+// Validate checks GenericControllerManagerOptions and return a slice of found errors.
+func (o *GenericControllerManagerOptions) Validate() []error {
+	errors := []error{}
+	errors = append(errors, o.SecureServing.Validate()...)
+	errors = append(errors, o.InsecureServing.Validate()...)
+	errors = append(errors, o.Authentication.Validate()...)
+	errors = append(errors, o.Authorization.Validate()...)
+
+	// TODO: validate component config, master and kubeconfig
+
+	return errors
+}
+
+func createRecorder(kubeClient *kubernetes.Clientset, userAgent string) record.EventRecorder {
+	eventBroadcaster := record.NewBroadcaster()
+	eventBroadcaster.StartLogging(glog.Infof)
+	eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: v1core.New(kubeClient.CoreV1().RESTClient()).Events("")})
+	return eventBroadcaster.NewRecorder(legacyscheme.Scheme, v1.EventSource{Component: userAgent})
+}
--- a/vendor/k8s.io/kubernetes/cmd/controller-manager/app/serve.go
+++ b/vendor/k8s.io/kubernetes/cmd/controller-manager/app/serve.go
@ -0,0 +1,63 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package app
+
+import (
+	"net/http"
+	goruntime "runtime"
+	"time"
+
+	"github.com/prometheus/client_golang/prometheus"
+
+	genericapifilters "k8s.io/apiserver/pkg/endpoints/filters"
+	apirequest "k8s.io/apiserver/pkg/endpoints/request"
+	genericfilters "k8s.io/apiserver/pkg/server/filters"
+	"k8s.io/apiserver/pkg/server/healthz"
+	"k8s.io/apiserver/pkg/server/mux"
+	"k8s.io/apiserver/pkg/server/routes"
+	"k8s.io/kubernetes/pkg/api/legacyscheme"
+	"k8s.io/kubernetes/pkg/util/configz"
+)
+
+type serveFunc func(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) error
+
+// Serve creates a base handler chain for a controller manager. It runs the
+// the chain with the given serveFunc.
+func Serve(c *CompletedConfig, serveFunc serveFunc, stopCh <-chan struct{}) error {
+	mux := mux.NewPathRecorderMux("controller-manager")
+	healthz.InstallHandler(mux)
+	if c.ComponentConfig.EnableProfiling {
+		routes.Profiling{}.Install(mux)
+		if c.ComponentConfig.EnableContentionProfiling {
+			goruntime.SetBlockProfileRate(1)
+		}
+	}
+	configz.InstallHandler(mux)
+	mux.Handle("/metrics", prometheus.Handler())
+
+	requestContextMapper := apirequest.NewRequestContextMapper()
+	requestInfoResolver := &apirequest.RequestInfoFactory{}
+	failedHandler := genericapifilters.Unauthorized(requestContextMapper, legacyscheme.Codecs, false)
+
+	handler := genericapifilters.WithAuthorization(mux, requestContextMapper, c.Authorization.Authorizer, legacyscheme.Codecs)
+	handler = genericapifilters.WithAuthentication(handler, requestContextMapper, c.Authentication.Authenticator, failedHandler)
+	handler = genericapifilters.WithRequestInfo(handler, requestInfoResolver, requestContextMapper)
+	handler = apirequest.WithRequestContext(handler, requestContextMapper)
+	handler = genericfilters.WithPanicRecovery(handler)
+
+	return serveFunc(handler, 0, stopCh)
+}