package main import ( "context" "flag" "os" // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. _ "k8s.io/client-go/plugin/pkg/client/auth" "edge-infra.dev/pkg/lib/fog" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/metrics/server" "sigs.k8s.io/controller-runtime/pkg/webhook" edgeissuerv1alpha1 "edge-infra.dev/pkg/edge/edge-issuer/api/v1alpha1" "edge-infra.dev/pkg/edge/edge-issuer/controllers" "edge-infra.dev/pkg/edge/edge-issuer/signer" //+kubebuilder:scaffold:imports ) // const inClusterNamespacePath = "/var/run/secrets/kubernetes.io/serviceaccount/namespace" func main() { var metricsAddr string var probeAddr string var enableLeaderElection bool var disableApprovedCheck bool flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8082", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") flag.BoolVar(&disableApprovedCheck, "disable-approved-check", false, "Disables waiting for CertificateRequests to have an approved condition before signing.") // Options for configuring logging log := fog.New() ctrl.SetLogger(log) setupLog := log.WithName("setup") scheme := runtime.NewScheme() utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(cmapi.AddToScheme(scheme)) utilruntime.Must(edgeissuerv1alpha1.AddToScheme(scheme)) // +kubebuilder:scaffold:scheme setupLog.Info( "starting", "enable-leader-election", enableLeaderElection, "metrics-addr", metricsAddr, ) mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, Metrics: server.Options{ BindAddress: metricsAddr, }, WebhookServer: webhook.NewServer(webhook.Options{ Port: 9443, }), HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "54c549fd.edge-issuer.edge.ncr.com", // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily // when the Manager ends. This requires the binary to immediately end when the // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly // speeds up voluntary leader transitions as the new leader don't have to wait // LeaseDuration time first. // // In the default scaffold provided, the program ends immediately after // the manager stops, so would be fine to enable this option. However, // if you are doing or is intended to do any operation such as perform cleanups // after the manager stops then its usage might be unsafe. LeaderElectionReleaseOnCancel: true, }) if err != nil { setupLog.Error(err, "unable to start manager") os.Exit(1) } ctx, cancel := context.WithCancel(ctrl.SetupSignalHandler()) defer cancel() cfg, err := controllers.NewConfig(os.Args) if err != nil { setupLog.Error(err, "an error occurred parsing config values") os.Exit(1) } err = cfg.AfterParse() if err != nil { log.Error(err, "an error occurred processing the parsed config values") os.Exit(1) } if err = (&controllers.Issuer{ SignerBuilder: signer.FromEdgeCAStore, Config: cfg, }).SetupWithManager(ctx, mgr); err != nil { setupLog.Error(err, "unable to create Signer controllers") os.Exit(1) } // +kubebuilder:scaffold:builder if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { setupLog.Error(err, "unable to set up health check") os.Exit(1) } if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { setupLog.Error(err, "unable to set up ready check") os.Exit(1) } setupLog.Info("starting manager") if err := mgr.Start(ctx); err != nil { setupLog.Error(err, "problem running manager") os.Exit(1) } }