-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathmain.go
More file actions
81 lines (66 loc) · 2.5 KB
/
Copy pathmain.go
File metadata and controls
81 lines (66 loc) · 2.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
// Package main is the cocoon-webhook entry point. The webhook handles
// admission review for cocoon pods, workloads, and CocoonSet CRs.
package main
import (
"context"
"crypto/tls"
"net/http"
"os/signal"
"syscall"
"time"
"github.com/projecteru2/core/log"
"github.com/prometheus/client_golang/prometheus"
commonhttpx "github.com/cocoonstack/cocoon-common/httpx"
commonk8s "github.com/cocoonstack/cocoon-common/k8s"
commonlog "github.com/cocoonstack/cocoon-common/log"
"github.com/cocoonstack/cocoon-webhook/admission"
"github.com/cocoonstack/cocoon-webhook/certs"
"github.com/cocoonstack/cocoon-webhook/metrics"
"github.com/cocoonstack/cocoon-webhook/version"
)
const (
defaultCertFile = "/etc/cocoon/webhook/certs/tls.crt"
defaultKeyFile = "/etc/cocoon/webhook/certs/tls.key"
defaultListen = ":8443"
defaultMetricsListen = ":9090"
shutdownTimeout = 15 * time.Second
)
func main() {
ctx := context.Background()
logger := log.WithFunc("main")
if err := commonlog.Setup(ctx, "WEBHOOK_LOG_LEVEL"); err != nil {
logger.Fatalf(ctx, err, "setup log: %v", err)
}
metrics.Register(prometheus.DefaultRegisterer)
certFile := commonk8s.EnvOrDefault("TLS_CERT", defaultCertFile)
keyFile := commonk8s.EnvOrDefault("TLS_KEY", defaultKeyFile)
listen := commonk8s.EnvOrDefault("LISTEN_ADDR", defaultListen)
metricsListen := commonk8s.EnvOrDefault("METRICS_ADDR", defaultMetricsListen)
reloader, err := certs.NewReloader(ctx, certFile, keyFile)
if err != nil {
logger.Fatalf(ctx, err, "load TLS keypair: %v", err)
}
clientset, err := commonk8s.NewClientset()
if err != nil {
logger.Fatalf(ctx, err, "build clientset: %v", err)
}
webhookServer := commonhttpx.NewServer(listen, admission.NewServer(clientset).Routes())
webhookServer.TLSConfig = &tls.Config{
GetCertificate: reloader.GetCertificate,
MinVersion: tls.VersionTLS12,
}
metricsMux := http.NewServeMux()
metricsMux.Handle("/metrics", metrics.Handler())
metricsServer := commonhttpx.NewServer(metricsListen, metricsMux)
ctx, cancel := signal.NotifyContext(ctx, syscall.SIGINT, syscall.SIGTERM)
defer cancel()
logger.Infof(ctx, "cocoon-webhook %s started (rev=%s built=%s) on %s (metrics on %s)",
version.VERSION, version.REVISION, version.BUILTAT, listen, metricsListen)
specs := []commonhttpx.ServerSpec{
commonhttpx.HTTPSServerSpec(webhookServer, "", ""),
commonhttpx.HTTPServerSpec(metricsServer),
}
if err := commonhttpx.Run(ctx, shutdownTimeout, specs...); err != nil {
logger.Error(ctx, err, "run servers")
}
}