-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.go
More file actions
102 lines (87 loc) · 3.03 KB
/
main.go
File metadata and controls
102 lines (87 loc) · 3.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package main
import (
"context"
"crypto/tls"
"errors"
"net/http"
"os/signal"
"syscall"
"time"
"github.com/projecteru2/core/log"
"github.com/prometheus/client_golang/prometheus"
"k8s.io/client-go/kubernetes"
commonk8s "github.com/cocoonstack/cocoon-common/k8s"
commonlog "github.com/cocoonstack/cocoon-common/log"
"github.com/cocoonstack/cocoon-webhook/admission"
"github.com/cocoonstack/cocoon-webhook/metrics"
"github.com/cocoonstack/cocoon-webhook/version"
)
const (
defaultCertFile = "/etc/cocoon/webhook/certs/tls.crt"
defaultKeyFile = "/etc/cocoon/webhook/certs/tls.key"
defaultListen = ":8443"
defaultMetricsListen = ":9090"
)
func main() {
ctx := context.Background()
commonlog.Setup(ctx, "WEBHOOK_LOG_LEVEL")
logger := log.WithFunc("main")
metrics.Register(prometheus.DefaultRegisterer)
certFile := commonk8s.EnvOrDefault("TLS_CERT", defaultCertFile)
keyFile := commonk8s.EnvOrDefault("TLS_KEY", defaultKeyFile)
listen := commonk8s.EnvOrDefault("LISTEN_ADDR", defaultListen)
metricsListen := commonk8s.EnvOrDefault("METRICS_ADDR", defaultMetricsListen)
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
logger.Fatalf(ctx, err, "load TLS keypair: %v", err)
}
kubeConfig, err := commonk8s.LoadConfig()
if err != nil {
logger.Fatalf(ctx, err, "load kubeconfig: %v", err)
}
clientset, err := kubernetes.NewForConfig(kubeConfig)
if err != nil {
logger.Fatalf(ctx, err, "build clientset: %v", err)
}
server := &http.Server{
Addr: listen,
Handler: admission.NewServer(clientset).Routes(),
ReadHeaderTimeout: 10 * time.Second,
TLSConfig: &tls.Config{
Certificates: []tls.Certificate{cert},
MinVersion: tls.VersionTLS12,
},
}
ctx, cancel := signal.NotifyContext(ctx, syscall.SIGINT, syscall.SIGTERM)
defer cancel()
metricsMux := http.NewServeMux()
metricsMux.Handle("/metrics", metrics.Handler())
metricsServer := &http.Server{
Addr: metricsListen,
Handler: metricsMux,
ReadHeaderTimeout: 10 * time.Second,
}
go func() {
logger.Infof(ctx, "cocoon-webhook metrics listening on %s", metricsListen)
if serveErr := metricsServer.ListenAndServe(); serveErr != nil && !errors.Is(serveErr, http.ErrServerClosed) {
logger.Error(ctx, serveErr, "metrics listen and serve")
}
}()
go func() {
logger.Infof(ctx, "cocoon-webhook %s started (rev=%s built=%s) on %s",
version.VERSION, version.REVISION, version.BUILTAT, listen)
if serveErr := server.ListenAndServeTLS("", ""); serveErr != nil && !errors.Is(serveErr, http.ErrServerClosed) {
logger.Fatalf(ctx, serveErr, "listen and serve: %v", serveErr)
}
}()
<-ctx.Done()
// Fresh ctx; parent is already canceled.
shutdownCtx, shutdownCancel := context.WithTimeout(context.Background(), 15*time.Second)
defer shutdownCancel()
if err := server.Shutdown(shutdownCtx); err != nil {
logger.Warnf(shutdownCtx, "shutdown admission: %v", err)
}
if err := metricsServer.Shutdown(shutdownCtx); err != nil {
logger.Warnf(shutdownCtx, "shutdown metrics: %v", err)
}
}