...

Source file src/github.com/GoogleCloudPlatform/k8s-config-connector/cmd/deletiondefender/main.go

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/cmd/deletiondefender

     1  // Copyright 2022 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package main
    16  
    17  import (
    18  	goflag "flag"
    19  	"fmt"
    20  	"log"
    21  	"net/http"
    22  	_ "net/http/pprof" // Needed to allow pprof server to accept requests
    23  
    24  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis"
    25  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/kccmanager/nocache"
    26  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/registration"
    27  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/gcp/profiler"
    28  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/logging"
    29  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/ready"
    30  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/webhook"
    31  
    32  	flag "github.com/spf13/pflag"
    33  	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
    34  	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
    35  	"sigs.k8s.io/controller-runtime/pkg/client"
    36  	"sigs.k8s.io/controller-runtime/pkg/client/config"
    37  	klog "sigs.k8s.io/controller-runtime/pkg/log"
    38  	"sigs.k8s.io/controller-runtime/pkg/manager"
    39  	"sigs.k8s.io/controller-runtime/pkg/manager/signals"
    40  )
    41  
    42  var logger = klog.Log.WithName("setup")
    43  
    44  func main() {
    45  	stop := signals.SetupSignalHandler()
    46  
    47  	var enablePprof bool
    48  	var pprofPort int
    49  
    50  	profiler.AddFlag(flag.CommandLine)
    51  	flag.CommandLine.AddGoFlagSet(goflag.CommandLine)
    52  	flag.BoolVar(&enablePprof, "enable-pprof", false, "Enable the pprof server.")
    53  	flag.IntVar(&pprofPort, "pprof-port", 6060, "The port that the pprof server binds to if enabled.")
    54  	flag.Parse()
    55  
    56  	// this enables packages using the kubernetes controller-runtime logging package to log
    57  	logging.SetupLogger()
    58  
    59  	// Start pprof server if enabled
    60  	if enablePprof {
    61  		go func() {
    62  			if err := http.ListenAndServe(fmt.Sprintf(":%d", pprofPort), nil); err != nil {
    63  				logger.Error(err, "error while running pprof server")
    64  			}
    65  		}()
    66  	}
    67  
    68  	// Start Cloud Profiler agent if enabled
    69  	if err := profiler.StartIfEnabled(); err != nil {
    70  		logging.Fatal(err, "error starting Cloud Profiler agent")
    71  	}
    72  
    73  	// Get a config to talk to the apiserver
    74  	cfg, err := config.GetConfig()
    75  	if err != nil {
    76  		log.Fatal(err)
    77  	}
    78  
    79  	// Create a new Manager to provide shared dependencies and start components
    80  	mgr, err := manager.New(cfg, manager.Options{
    81  		// WARNING: It is CRITICAL that we do not use a cache for the client for the deletion defender.
    82  		// Doing so could give us stale reads when checking the deletion timestamp of CRDs, negating
    83  		// the Kubernetes API Server's strong consistency guarantees.
    84  		NewClient: nocache.NoCacheClientFunc,
    85  	})
    86  	if err != nil {
    87  		log.Fatal(err)
    88  	}
    89  
    90  	// Setup Scheme for all resources
    91  	apis.AddToSchemes = append(apis.AddToSchemes, apiextensions.SchemeBuilder.AddToScheme)
    92  	if err := apis.AddToScheme(mgr.GetScheme()); err != nil {
    93  		log.Fatal(err)
    94  	}
    95  
    96  	// Register the registration controller, which will dynamically create controllers for
    97  	// all our resources.
    98  	if err := registration.Add(mgr, nil, nil, nil, nil, registration.RegisterDeletionDefenderController); err != nil {
    99  		log.Fatal(err, "error adding registration controller")
   100  	}
   101  
   102  	// Create a client that reads and writes directly from the server without object caches.
   103  	// We want to use a no-cache client for creating/updating the cert secret. With a cached client,
   104  	// it requires list privilege for the secret type.
   105  	nocacheClient, err := client.New(cfg, client.Options{})
   106  	if err != nil {
   107  		log.Fatal(err)
   108  	}
   109  	if err := webhook.RegisterAbandonOnUninstallWebhook(mgr, nocacheClient); err != nil {
   110  		log.Fatal(err, "error adding the abandon on uninstall webhook")
   111  	}
   112  
   113  	// Set up the HTTP server for the readiness probe
   114  	log.Println("Setting container as ready...")
   115  	ready.SetContainerAsReady()
   116  	log.Println("Container is ready.")
   117  
   118  	log.Println("Starting the Cmd.")
   119  
   120  	// Start the Cmd
   121  	log.Fatal(mgr.Start(stop))
   122  }
   123  

View as plain text