From 0597c3ec4aaa66db937d4c0ef443d83d4d15817c Mon Sep 17 00:00:00 2001 From: belyshevdenis Date: Fri, 15 Mar 2019 19:22:06 +0200 Subject: [PATCH] NK-31: Decomposed controller initialization functions. --- init.go | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ main.go | 80 ++++++--------------------------------------------------- 2 files changed, 88 insertions(+), 72 deletions(-) create mode 100644 init.go diff --git a/init.go b/init.go new file mode 100644 index 0000000000..cd729e91dc --- /dev/null +++ b/init.go @@ -0,0 +1,80 @@ +package main + +import ( + "io/ioutil" + "log" + "net/url" + + "github.com/nirmata/kube-policy/kubeclient" + "github.com/nirmata/kube-policy/utils" + + rest "k8s.io/client-go/rest" + clientcmd "k8s.io/client-go/tools/clientcmd" +) + +// These constants MUST be equal to the corresponding names in service definition in definitions/install.yaml +const serviceName string = "kube-policy-svc" +const namespace string = "default" + +func createClientConfig(kubeconfig string) (*rest.Config, error) { + if kubeconfig == "" { + log.Printf("Using in-cluster configuration") + return rest.InClusterConfig() + } else { + log.Printf("Using configuration from '%s'", kubeconfig) + return clientcmd.BuildConfigFromFlags("", kubeconfig) + } +} + +func readTlsPairFromFiles(certFile, keyFile string) *utils.TlsPemPair { + certContent, err := ioutil.ReadFile(certFile) + if err != nil { + log.Printf("Unable to read file with TLS certificate: %v", err) + return nil + } + + keyContent, err := ioutil.ReadFile(keyFile) + if err != nil { + log.Printf("Unable to read file with TLS private key: %v", err) + return nil + } + + return &utils.TlsPemPair{ + Certificate: certContent, + PrivateKey: keyContent, + } +} + +// Loads or creates PEM private key and TLS certificate for webhook server +// Returns struct with key/certificate pair +func initTlsPemsPair(config *rest.Config, client *kubeclient.KubeClient) (*utils.TlsPemPair, error) { + apiServerUrl, err := url.Parse(config.Host) + if err != nil { + return nil, err + } + certProps := utils.TlsCertificateProps{ + Service: serviceName, + Namespace: namespace, + ApiServerHost: apiServerUrl.Hostname(), + } + + tlsPair := client.ReadTlsPair(certProps) + if utils.IsTlsPairShouldBeUpdated(tlsPair) { + log.Printf("Generating new key/certificate pair for TLS") + tlsPair, err = client.GenerateTlsPemPair(certProps) + if err != nil { + return nil, err + } + err = client.WriteTlsPair(certProps, tlsPair) + if err != nil { + log.Printf("Unable to save TLS pair to the cluster: %v", err) + } + } + + return tlsPair, nil +} + +func registerWebhook(client *kubeclient.KubeClient) error { + // TODO + return nil +} diff --git a/main.go b/main.go index 02e0fd31b3..1cf206a68d 100644 --- a/main.go +++ b/main.go @@ -2,17 +2,12 @@ package main import ( "flag" - "io/ioutil" "log" - "net/url" "github.com/nirmata/kube-policy/controller" "github.com/nirmata/kube-policy/kubeclient" "github.com/nirmata/kube-policy/server" - "github.com/nirmata/kube-policy/utils" - rest "k8s.io/client-go/rest" - clientcmd "k8s.io/client-go/tools/clientcmd" signals "k8s.io/sample-controller/pkg/signals" ) @@ -22,70 +17,6 @@ var ( key string ) -func createClientConfig(kubeconfig string) (*rest.Config, error) { - if kubeconfig == "" { - log.Printf("Using in-cluster configuration") - return rest.InClusterConfig() - } else { - log.Printf("Using configuration from '%s'", kubeconfig) - return clientcmd.BuildConfigFromFlags("", kubeconfig) - } -} - -func readTlsPairFromFiles() *utils.TlsPemPair { - certContent, err := ioutil.ReadFile(cert) - if err != nil { - log.Printf("Unable to read file with TLS certificate: %v", err) - return nil - } - - keyContent, err := ioutil.ReadFile(key) - if err != nil { - log.Printf("Unable to read file with TLS private key: %v", err) - return nil - } - - return &utils.TlsPemPair{ - Certificate: certContent, - PrivateKey: keyContent, - } -} - -// Loads or creates PEM private key and TLS certificate for webhook server -// Returns struct with key/certificate pair -func initTlsPemsPair(config *rest.Config, client *kubeclient.KubeClient) (*utils.TlsPemPair, error) { - tlsPair := readTlsPairFromFiles() - if tlsPair != nil { - log.Print("Using given TLS key/certificate pair") - return tlsPair, nil - } - - apiServerUrl, err := url.Parse(config.Host) - if err != nil { - return nil, err - } - certProps := utils.TlsCertificateProps{ - Service: "localhost", - Namespace: "default", - ApiServerHost: apiServerUrl.Hostname(), - } - - tlsPair = client.ReadTlsPair(certProps) - if utils.IsTlsPairShouldBeUpdated(tlsPair) { - log.Printf("Generating new key/certificate pair for TLS") - tlsPair, err = client.GenerateTlsPemPair(certProps) - if err != nil { - return nil, err - } - err = client.WriteTlsPair(certProps, tlsPair) - if err != nil { - log.Printf("Unable to save TLS pair to the cluster: %v", err) - } - } - - return tlsPair, nil -} - func main() { clientConfig, err := createClientConfig(kubeconfig) if err != nil { @@ -102,9 +33,14 @@ func main() { log.Fatalf("Error creating kubeclient: %v\n", err) } - tlsPair, err := initTlsPemsPair(clientConfig, kubeclient) - if err != nil { - log.Fatalf("Failed to initialize TLS key/certificate pair: %v\n", err) + tlsPair := readTlsPairFromFiles(cert, key) + if tlsPair != nil { + log.Print("Using given TLS key/certificate pair") + } else { + tlsPair, err = initTlsPemsPair(clientConfig, kubeclient) + if err != nil { + log.Fatalf("Failed to initialize TLS key/certificate pair: %v\n", err) + } } serverConfig := server.WebhookServerConfig{