2019-02-06 14:52:09 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
2019-03-04 20:40:02 +02:00
|
|
|
"flag"
|
|
|
|
|
"log"
|
2019-02-21 20:31:18 +02:00
|
|
|
|
2019-03-04 20:40:02 +02:00
|
|
|
"github.com/nirmata/kube-policy/kubeclient"
|
2019-05-13 21:34:46 +03:00
|
|
|
"github.com/nirmata/kube-policy/pkg/webhooks"
|
2019-05-10 00:05:21 -07:00
|
|
|
"github.com/nirmata/kube-policy/policycontroller"
|
2019-02-21 20:31:18 +02:00
|
|
|
|
2019-05-10 00:05:21 -07:00
|
|
|
policyclientset "github.com/nirmata/kube-policy/pkg/client/clientset/versioned"
|
|
|
|
|
informers "github.com/nirmata/kube-policy/pkg/client/informers/externalversions"
|
2019-05-10 12:36:55 -07:00
|
|
|
policyengine "github.com/nirmata/kube-policy/pkg/policyengine"
|
2019-05-10 10:38:38 -07:00
|
|
|
policyviolation "github.com/nirmata/kube-policy/pkg/policyviolation"
|
2019-05-10 00:05:21 -07:00
|
|
|
|
|
|
|
|
event "github.com/nirmata/kube-policy/pkg/event"
|
|
|
|
|
"k8s.io/sample-controller/pkg/signals"
|
2019-02-11 19:49:27 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
2019-03-04 20:40:02 +02:00
|
|
|
kubeconfig string
|
|
|
|
|
cert string
|
|
|
|
|
key string
|
2019-02-06 14:52:09 +02:00
|
|
|
)
|
|
|
|
|
|
2019-03-15 19:03:55 +02:00
|
|
|
func main() {
|
|
|
|
|
clientConfig, err := createClientConfig(kubeconfig)
|
2019-03-04 20:40:02 +02:00
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("Error building kubeconfig: %v\n", err)
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-06 09:12:37 -07:00
|
|
|
kubeclient, err := kubeclient.NewKubeClient(clientConfig, nil)
|
2019-03-04 20:40:02 +02:00
|
|
|
if err != nil {
|
2019-05-06 09:12:37 -07:00
|
|
|
log.Fatalf("Error creating kubeclient: %v\n", err)
|
2019-03-04 20:40:02 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-10 00:05:21 -07:00
|
|
|
policyClientset, err := policyclientset.NewForConfig(clientConfig)
|
2019-03-04 20:40:02 +02:00
|
|
|
if err != nil {
|
2019-05-10 00:05:21 -07:00
|
|
|
log.Fatalf("Error creating policyClient: %v\n", err)
|
2019-03-04 20:40:02 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-10 00:05:21 -07:00
|
|
|
//TODO wrap the policyInformer inside a factory
|
|
|
|
|
policyInformerFactory := informers.NewSharedInformerFactory(policyClientset, 0)
|
2019-05-13 21:27:47 +03:00
|
|
|
policyInformer := policyInformerFactory.Kubepolicy().V1alpha1().Policies()
|
2019-05-10 00:05:21 -07:00
|
|
|
|
|
|
|
|
eventController := event.NewEventController(kubeclient, policyInformer.Lister(), nil)
|
2019-05-10 10:38:38 -07:00
|
|
|
violationBuilder := policyviolation.NewPolicyViolationBuilder(kubeclient, policyInformer.Lister(), policyClientset, eventController, nil)
|
2019-05-10 12:36:55 -07:00
|
|
|
policyEngine := policyengine.NewPolicyEngine(kubeclient, nil)
|
2019-05-10 00:05:21 -07:00
|
|
|
|
|
|
|
|
policyController := policycontroller.NewPolicyController(policyClientset,
|
|
|
|
|
policyInformer,
|
2019-05-10 12:36:55 -07:00
|
|
|
policyEngine,
|
2019-05-10 00:05:21 -07:00
|
|
|
violationBuilder,
|
2019-05-10 10:38:38 -07:00
|
|
|
eventController,
|
2019-05-10 00:05:21 -07:00
|
|
|
nil,
|
|
|
|
|
kubeclient)
|
|
|
|
|
|
2019-03-22 22:11:55 +02:00
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("Error creating mutation webhook: %v\n", err)
|
2019-03-15 19:03:55 +02:00
|
|
|
}
|
|
|
|
|
|
2019-03-22 22:11:55 +02:00
|
|
|
tlsPair, err := initTlsPemPair(cert, key, clientConfig, kubeclient)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("Failed to initialize TLS key/certificate pair: %v\n", err)
|
2019-03-04 20:40:02 +02:00
|
|
|
}
|
2019-03-22 22:11:55 +02:00
|
|
|
|
2019-05-13 21:33:01 +03:00
|
|
|
server, err := webhooks.NewWebhookServer(tlsPair, kubeclient, policyInformer.Lister(), nil)
|
2019-03-15 19:03:55 +02:00
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("Unable to create webhook server: %v\n", err)
|
|
|
|
|
}
|
2019-03-04 20:40:02 +02:00
|
|
|
server.RunAsync()
|
|
|
|
|
|
|
|
|
|
stopCh := signals.SetupSignalHandler()
|
2019-05-10 00:05:21 -07:00
|
|
|
policyInformerFactory.Start(stopCh)
|
|
|
|
|
if err = eventController.Run(stopCh); err != nil {
|
|
|
|
|
log.Fatalf("Error running EventController: %v\n", err)
|
|
|
|
|
}
|
2019-03-04 20:40:02 +02:00
|
|
|
|
2019-05-10 00:05:21 -07:00
|
|
|
if err = policyController.Run(stopCh); err != nil {
|
|
|
|
|
log.Fatalf("Error running PolicyController: %v\n", err)
|
2019-03-04 20:40:02 +02:00
|
|
|
}
|
2019-03-22 22:11:55 +02:00
|
|
|
|
2019-03-04 20:40:02 +02:00
|
|
|
<-stopCh
|
2019-03-25 15:44:53 +02:00
|
|
|
server.Stop()
|
2019-02-11 19:49:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func init() {
|
2019-03-04 20:40:02 +02:00
|
|
|
flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.")
|
|
|
|
|
flag.StringVar(&cert, "cert", "", "TLS certificate used in connection with cluster.")
|
|
|
|
|
flag.StringVar(&key, "key", "", "Key, used in TLS connection.")
|
2019-03-15 19:03:55 +02:00
|
|
|
flag.Parse()
|
2019-02-21 20:31:18 +02:00
|
|
|
}
|
