...

Source file src/sigs.k8s.io/gateway-api/cmd/admission/main.go

Documentation: sigs.k8s.io/gateway-api/cmd/admission

     1  /*
     2  Copyright 2021 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package main
    18  
    19  import (
    20  	"context"
    21  	"crypto/tls"
    22  	"errors"
    23  	"flag"
    24  	"fmt"
    25  	"net/http"
    26  	"os"
    27  	"os/signal"
    28  	"sync"
    29  	"syscall"
    30  	"time"
    31  
    32  	"k8s.io/klog/v2"
    33  
    34  	"sigs.k8s.io/gateway-api/pkg/admission"
    35  )
    36  
    37  var (
    38  	tlsCertFilePath, tlsKeyFilePath string
    39  	showVersion, help               bool
    40  )
    41  
    42  var (
    43  	VERSION = "dev"
    44  	COMMIT  = "dev"
    45  )
    46  
    47  func main() {
    48  	flag.StringVar(&tlsCertFilePath, "tlsCertFile", "/etc/certs/tls.crt", "File with x509 certificate")
    49  	flag.StringVar(&tlsKeyFilePath, "tlsKeyFile", "/etc/certs/tls.key", "File with private key to tlsCertFile")
    50  	flag.BoolVar(&showVersion, "version", false, "Show release version and exit")
    51  	flag.BoolVar(&help, "help", false, "Show flag defaults and exit")
    52  	klog.InitFlags(nil)
    53  	flag.Parse()
    54  
    55  	if showVersion {
    56  		printVersion()
    57  		os.Exit(0)
    58  	}
    59  
    60  	if help {
    61  		printVersion()
    62  		flag.PrintDefaults()
    63  		os.Exit(0)
    64  	}
    65  
    66  	printVersion()
    67  
    68  	certs, err := tls.LoadX509KeyPair(tlsCertFilePath, tlsKeyFilePath)
    69  	if err != nil {
    70  		klog.Fatalf("failed to load TLS cert-key for admission-webhook-server: %v", err)
    71  	}
    72  
    73  	server := &http.Server{
    74  		Addr:              ":8443",
    75  		ReadHeaderTimeout: 10 * time.Second, // for Potential Slowloris Attack (G112)
    76  		// Require at least TLS12 to satisfy golint G402.
    77  		TLSConfig: &tls.Config{MinVersion: tls.VersionTLS12, Certificates: []tls.Certificate{certs}},
    78  	}
    79  	mux := http.NewServeMux()
    80  	mux.HandleFunc("/validate", admission.ServeHTTP)
    81  	server.Handler = mux
    82  
    83  	var wg sync.WaitGroup
    84  	wg.Add(1)
    85  	go func() {
    86  		defer wg.Done()
    87  		err := server.ListenAndServeTLS("", "")
    88  		if errors.Is(err, http.ErrServerClosed) {
    89  			klog.Errorf("admission-webhook-server stopped: %v", err)
    90  		}
    91  	}()
    92  	klog.Info("admission webhook server started and listening on :8443")
    93  
    94  	// gracefully shutdown
    95  	signalChan := make(chan os.Signal, 1)
    96  	signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM)
    97  	<-signalChan
    98  
    99  	klog.Info("admission webhook received kill signal")
   100  	if err := server.Shutdown(context.Background()); err != nil {
   101  		klog.Errorf("server shutdown failed:%+v", err)
   102  	}
   103  	wg.Wait()
   104  }
   105  
   106  func printVersion() {
   107  	fmt.Printf("gateway-api-admission-webhook version: %v (%v)\n", VERSION, COMMIT)
   108  }
   109  

View as plain text