kyverno/main.go

package main

import (
	"flag"

	"github.com/golang/glog"
	"github.com/nirmata/kyverno/pkg/annotations"
	"github.com/nirmata/kyverno/pkg/config"
	controller "github.com/nirmata/kyverno/pkg/controller"
	client "github.com/nirmata/kyverno/pkg/dclient"
	event "github.com/nirmata/kyverno/pkg/event"
	gencontroller "github.com/nirmata/kyverno/pkg/gencontroller"
	"github.com/nirmata/kyverno/pkg/sharedinformer"
	"github.com/nirmata/kyverno/pkg/utils"
	"github.com/nirmata/kyverno/pkg/violation"
	"github.com/nirmata/kyverno/pkg/webhooks"
	"k8s.io/sample-controller/pkg/signals"
)

var (
	kubeconfig    string
	serverIP      string
	filterK8Kinds webhooks.ArrayFlags
)

func main() {
	defer glog.Flush()
	printVersionInfo()
	clientConfig, err := createClientConfig(kubeconfig)
	if err != nil {
		glog.Fatalf("Error building kubeconfig: %v\n", err)
	}

	client, err := client.NewClient(clientConfig)
	if err != nil {
		glog.Fatalf("Error creating client: %v\n", err)
	}

	policyInformerFactory, err := sharedinformer.NewSharedInformerFactory(clientConfig)
	if err != nil {
		glog.Fatalf("Error creating policy sharedinformer: %v\n", err)
	}
	kubeInformer := utils.NewKubeInformerFactory(clientConfig)
	eventController := event.NewEventController(client, policyInformerFactory)
	violationBuilder := violation.NewPolicyViolationBuilder(client, policyInformerFactory, eventController)
	annotationsController := annotations.NewAnnotationControler(client)
	policyController := controller.NewPolicyController(
		client,
		policyInformerFactory,
		violationBuilder,
		eventController,
		annotationsController)

	genControler := gencontroller.NewGenController(client, eventController, policyInformerFactory, violationBuilder, kubeInformer.Core().V1().Namespaces())
	tlsPair, err := initTLSPemPair(clientConfig, client)
	if err != nil {
		glog.Fatalf("Failed to initialize TLS key/certificate pair: %v\n", err)
	}
	server, err := webhooks.NewWebhookServer(client, tlsPair, policyInformerFactory, eventController, violationBuilder, annotationsController, filterK8Kinds)
	if err != nil {
		glog.Fatalf("Unable to create webhook server: %v\n", err)
	}

	webhookRegistrationClient, err := webhooks.NewWebhookRegistrationClient(clientConfig, client, serverIP)
	if err != nil {
		glog.Fatalf("Unable to register admission webhooks on cluster: %v\n", err)
	}

	stopCh := signals.SetupSignalHandler()

	if err = webhookRegistrationClient.Register(); err != nil {
		glog.Fatalf("Failed registering Admission Webhooks: %v\n", err)
	}

	policyInformerFactory.Run(stopCh)
	kubeInformer.Start(stopCh)
	eventController.Run(stopCh)
	genControler.Run(stopCh)
	annotationsController.Run(stopCh)
	if err = policyController.Run(stopCh); err != nil {
		glog.Fatalf("Error running PolicyController: %v\n", err)
	}

	server.RunAsync()
	<-stopCh
	server.Stop()
	genControler.Stop()
	eventController.Stop()
	annotationsController.Stop()
	policyController.Stop()
}

func init() {
	flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.")
	flag.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.")
	flag.Var(&filterK8Kinds, "filterKind", "k8 kind where policy is not evaluated by the admission webhook. example --filterKind \"Event\" --filterKind \"TokenReview,ClusterRole\"")
	config.LogDefaultFlags()
	flag.Parse()
}
NK2: Added script for code-generator, YAMLs with CRDs and stub for main.go 2019-02-06 14:52:09 +02:00			`package main`

			`import (`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00			`"flag"`
NK-10: Controller renamed to PolicyController. Created MutationWebhook class in new webhook package. Implemented filtering of incoming objects by Kind. Implemented simple usage of PolicyController in MutationWebhook. 2019-02-21 20:31:18 +02:00
support generation of any resource 2019-05-31 17:59:36 -07:00			`"github.com/golang/glog"`
annotation generation from policy controller 2019-07-17 17:53:13 -07:00			`"github.com/nirmata/kyverno/pkg/annotations"`
support generation of any resource 2019-05-31 17:59:36 -07:00			`"github.com/nirmata/kyverno/pkg/config"`
rename pkg to kyverno 2019-05-21 11:00:09 -07:00			`controller "github.com/nirmata/kyverno/pkg/controller"`
move client to pkg, helper script for self-signed certs & update documentation 2019-05-29 14:12:09 -07:00			`client "github.com/nirmata/kyverno/pkg/dclient"`
rename pkg to kyverno 2019-05-21 11:00:09 -07:00			`event "github.com/nirmata/kyverno/pkg/event"`
initial commit 2019-07-03 10:25:00 -07:00			`gencontroller "github.com/nirmata/kyverno/pkg/gencontroller"`
rename pkg to kyverno 2019-05-21 11:00:09 -07:00			`"github.com/nirmata/kyverno/pkg/sharedinformer"`
initial commit 2019-07-03 10:25:00 -07:00			`"github.com/nirmata/kyverno/pkg/utils"`
rename pkg to kyverno 2019-05-21 11:00:09 -07:00			`"github.com/nirmata/kyverno/pkg/violation"`
			`"github.com/nirmata/kyverno/pkg/webhooks"`
initial feature proposal 2019-05-10 00:05:21 -07:00			`"k8s.io/sample-controller/pkg/signals"`
NK9: Added controller module. Added main loop for controller. Added informer for Policies. Fixed apis definitions to fit the Policy 2019-02-11 19:49:27 +02:00			`)`

			`var (`
initial prototype commit 2019-06-17 23:41:18 -07:00			`kubeconfig string`
			`serverIP string`
support comma seperated kinds 2019-06-18 11:47:45 -07:00			`filterK8Kinds webhooks.ArrayFlags`
NK2: Added script for code-generator, YAMLs with CRDs and stub for main.go 2019-02-06 14:52:09 +02:00			`)`

NK-31: Implemented creation TLS certificate Implemented storing the certificates in secret within the cluster. Implemented the cheking certificate's expiration date. Implemented initialization of server with certs data instead of files. 2019-03-15 19:03:55 +02:00			`func main() {`
support generation of any resource 2019-05-31 17:59:36 -07:00			`defer glog.Flush()`
			`printVersionInfo()`
NK-31: Implemented creation TLS certificate Implemented storing the certificates in secret within the cluster. Implemented the cheking certificate's expiration date. Implemented initialization of server with certs data instead of files. 2019-03-15 19:03:55 +02:00			`clientConfig, err := createClientConfig(kubeconfig)`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00			`if err != nil {`
support generation of any resource 2019-05-31 17:59:36 -07:00			`glog.Fatalf("Error building kubeconfig: %v\n", err)`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00			`}`

support generation of any resource 2019-05-31 17:59:36 -07:00			`client, err := client.NewClient(clientConfig)`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00			`if err != nil {`
support generation of any resource 2019-05-31 17:59:36 -07:00			`glog.Fatalf("Error creating client: %v\n", err)`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00			`}`

sharedinfomer factory + update status 2019-05-15 12:29:09 -07:00			`policyInformerFactory, err := sharedinformer.NewSharedInformerFactory(clientConfig)`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00			`if err != nil {`
support generation of any resource 2019-05-31 17:59:36 -07:00			`glog.Fatalf("Error creating policy sharedinformer: %v\n", err)`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00			`}`
initial commit 2019-07-03 10:25:00 -07:00			`kubeInformer := utils.NewKubeInformerFactory(clientConfig)`
support generation of any resource 2019-05-31 17:59:36 -07:00			`eventController := event.NewEventController(client, policyInformerFactory)`
			`violationBuilder := violation.NewPolicyViolationBuilder(client, policyInformerFactory, eventController)`
annotation generation from policy controller 2019-07-17 17:53:13 -07:00			`annotationsController := annotations.NewAnnotationControler(client)`
rebase with develop 2019-05-15 11:24:27 -07:00			`policyController := controller.NewPolicyController(`
replace kubeclient & add dynamic client 2019-05-15 07:30:22 -07:00			`client,`
sharedinfomer factory + update status 2019-05-15 12:29:09 -07:00			`policyInformerFactory,`
initial feature proposal 2019-05-10 00:05:21 -07:00			`violationBuilder,`
annotation generation from policy controller 2019-07-17 17:53:13 -07:00			`eventController,`
			`annotationsController)`
NK-31: Implemented creation TLS certificate Implemented storing the certificates in secret within the cluster. Implemented the cheking certificate's expiration date. Implemented initialization of server with certs data instead of files. 2019-03-15 19:03:55 +02:00
initial commit 2019-07-03 10:25:00 -07:00			`genControler := gencontroller.NewGenController(client, eventController, policyInformerFactory, violationBuilder, kubeInformer.Core().V1().Namespaces())`
refactor code 2019-06-05 17:43:59 -07:00			`tlsPair, err := initTLSPemPair(clientConfig, client)`
NK-47: Implemented webhook deregistration. TLS pair initialization functionality moved to init.go. Separated server and mutation webhook objects, implemented registration of webhook with the creation of corresponding object. Added comments for webhook configuration definitions, changed name of configuration for debug. 2019-03-22 22:11:55 +02:00			`if err != nil {`
support generation of any resource 2019-05-31 17:59:36 -07:00			`glog.Fatalf("Failed to initialize TLS key/certificate pair: %v\n", err)`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00			`}`
annotation generation from policy controller 2019-07-17 17:53:13 -07:00			`server, err := webhooks.NewWebhookServer(client, tlsPair, policyInformerFactory, eventController, violationBuilder, annotationsController, filterK8Kinds)`
NK-31: Implemented creation TLS certificate Implemented storing the certificates in secret within the cluster. Implemented the cheking certificate's expiration date. Implemented initialization of server with certs data instead of files. 2019-03-15 19:03:55 +02:00			`if err != nil {`
support generation of any resource 2019-05-31 17:59:36 -07:00			`glog.Fatalf("Unable to create webhook server: %v\n", err)`
NK-31: Implemented creation TLS certificate Implemented storing the certificates in secret within the cluster. Implemented the cheking certificate's expiration date. Implemented initialization of server with certs data instead of files. 2019-03-15 19:03:55 +02:00			`}`
Implemented Validation Pattern base. Updated Webhooks registration logic. Updated project for using TLS package 2019-05-14 18:10:25 +03:00
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`webhookRegistrationClient, err := webhooks.NewWebhookRegistrationClient(clientConfig, client, serverIP)`
Implemented Validation Pattern base. Updated Webhooks registration logic. Updated project for using TLS package 2019-05-14 18:10:25 +03:00			`if err != nil {`
support generation of any resource 2019-05-31 17:59:36 -07:00			`glog.Fatalf("Unable to register admission webhooks on cluster: %v\n", err)`
Implemented Validation Pattern base. Updated Webhooks registration logic. Updated project for using TLS package 2019-05-14 18:10:25 +03:00			`}`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00
			`stopCh := signals.SetupSignalHandler()`
Implemented Validation Pattern base. Updated Webhooks registration logic. Updated project for using TLS package 2019-05-14 18:10:25 +03:00
handle retrys events 2019-07-19 16:17:10 -07:00			`if err = webhookRegistrationClient.Register(); err != nil {`
			`glog.Fatalf("Failed registering Admission Webhooks: %v\n", err)`
			`}`

sharedinfomer factory + update status 2019-05-15 12:29:09 -07:00			`policyInformerFactory.Run(stopCh)`
initial commit 2019-07-03 10:25:00 -07:00			`kubeInformer.Start(stopCh)`
Implemented Validation Pattern base. Updated Webhooks registration logic. Updated project for using TLS package 2019-05-14 18:10:25 +03:00			`eventController.Run(stopCh)`
initial commit 2019-07-03 10:25:00 -07:00			`genControler.Run(stopCh)`
annotation generation from policy controller 2019-07-17 17:53:13 -07:00			`annotationsController.Run(stopCh)`
initial feature proposal 2019-05-10 00:05:21 -07:00			`if err = policyController.Run(stopCh); err != nil {`
support generation of any resource 2019-05-31 17:59:36 -07:00			`glog.Fatalf("Error running PolicyController: %v\n", err)`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00			`}`
NK-47: Implemented webhook deregistration. TLS pair initialization functionality moved to init.go. Separated server and mutation webhook objects, implemented registration of webhook with the creation of corresponding object. Added comments for webhook configuration definitions, changed name of configuration for debug. 2019-03-22 22:11:55 +02:00
Implemented Validation Pattern base. Updated Webhooks registration logic. Updated project for using TLS package 2019-05-14 18:10:25 +03:00			`server.RunAsync()`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00			`<-stopCh`
NK-51: Added Deployment as owner of MutatingWebhookConfiguration. This allows kubernetes to delete webhook config, when deployment deletes. 2019-03-25 15:44:53 +02:00			`server.Stop()`
initial commit 2019-07-03 10:25:00 -07:00			`genControler.Stop()`
controller shutdown 2019-06-20 16:50:54 -07:00			`eventController.Stop()`
annotation generation from policy controller 2019-07-17 17:53:13 -07:00			`annotationsController.Stop()`
replace kubeclient & add dynamic client 2019-05-15 07:30:22 -07:00			`policyController.Stop()`
NK9: Added controller module. Added main loop for controller. Added informer for Policies. Fixed apis definitions to fit the Policy 2019-02-11 19:49:27 +02:00			`}`

			`func init() {`
NK-23: Thre creation of default loggers moved to inside classes. Removed fatal termination from object constructors. Implemented new KubeClient class with test method which creates a Secret. Improved comments for the types structures. Added WebhookServerConfig structure instead of the most parameters to NewWebhookServer. 2019-03-04 20:40:02 +02:00			`flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.")`
Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00			`flag.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.")`
support comma seperated kinds 2019-06-18 11:47:45 -07:00			`flag.Var(&filterK8Kinds, "filterKind", "k8 kind where policy is not evaluated by the admission webhook. example --filterKind \"Event\" --filterKind \"TokenReview,ClusterRole\"")`
support generation of any resource 2019-05-31 17:59:36 -07:00			`config.LogDefaultFlags()`
NK-31: Implemented creation TLS certificate Implemented storing the certificates in secret within the cluster. Implemented the cheking certificate's expiration date. Implemented initialization of server with certs data instead of files. 2019-03-15 19:03:55 +02:00			`flag.Parse()`
refactor code 2019-06-05 17:43:59 -07:00			`}`