mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-15 12:17:56 +00:00
Code Activity

NK-8: Implemented basic HTTPS server with stub for mutation webhook. Implemented script for generating TLS key and certificate. Created MutatingWebhookConfiguration.yaml with declaration of future service.

Browse source
This commit is contained in:
belyshevdenis 2019-02-12 16:30:40 +02:00
parent ed86223f3e
commit 88c90eaa4d
3 changed files with 35 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
crd/crd.yaml
View file

@ -1,9 +1,9 @@
apiVersion: apiextensions.k8s.io/v1beta1 apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
name: policies.policy.nirmata.io name: policies.nirmata.io
spec: spec:
group: policy.nirmata.io group: nirmata.io
names: names:
kind: Policy kind: Policy
plural: policies plural: policies

26
main.go
View file

@ -2,23 +2,31 @@
package main package main
import ( import (
"fmt" "flag"
"log"
"os"
"time" "time"
"github.com/nirmata/kube-policy/server" "github.com/nirmata/kube-policy/server"
) )
var (
kubeConfigFile string
)
func main() { func main() {
server := server.NewWebhookServer() var cert = flag.String("cert", "", "TLS certificate")
fmt.Println("WebHook server is running!") var key = flag.String("key", "", "TLS key in PEM format")
flag.Parse()
if *cert == "" || *key == "" {
log.Fatal("TLS certificate or/and key is not set")
}
logger := log.New(os.Stdout, "http: ", log.LstdFlags|log.Lshortfile)
logger.Printf("! Server is starting...")
server := server.NewWebhookServer(*cert, *key, logger)
logger.Printf("! WebHook server is running!")
server.RunAsync() server.RunAsync()
time.Sleep(5 * time.Second) time.Sleep(500500 * time.Second)
server.Stop() server.Stop()
fmt.Println("WebHook server is stopped.") logger.Printf("! WebHook server is stopped.")
} }

24
server/server.go
View file

@ -2,28 +2,26 @@ package server
import ( import (
"context" "context"
"crypto/tls"
"fmt" "fmt"
"log" "log"
"net/http" "net/http"
"net/http/httputil"
"time" "time"
) )
const ( // TODO: read these files from ~/.kube/config
clientCertFile = "/home/quest/.minikube/client.crt"
clientKeyFile = "/home/quest/.minikube/client.key"
)
type WebhookServer struct { type WebhookServer struct {
server http.Server server http.Server
} }
func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) { func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) {
fmt.Println("/mutate is called!") fmt.Println("/mutate is called!")
httputil.DumpRequest(r, true)
} }
func (ws *WebhookServer) RunAsync() { func (ws *WebhookServer) RunAsync() {
go func(server http.Server) { go func(server http.Server) {
err := server.ListenAndServeTLS(clientCertFile, clientKeyFile) err := server.ListenAndServeTLS("", "")
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
@ -39,13 +37,23 @@ func (ws *WebhookServer) Stop() {
} }
} }
func NewWebhookServer() WebhookServer { func NewWebhookServer(certFile string, keyFile string, logger *log.Logger) WebhookServer {
var ws WebhookServer var ws WebhookServer
mux := http.NewServeMux() mux := http.NewServeMux()
mux.HandleFunc("/mutate", ws.serve) mux.HandleFunc("/mutate", ws.serve)
var config tls.Config
pair, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
log.Fatal("Unable to load certificate and key: ", err)
}
config.Certificates = []tls.Certificate{pair}
ws.server = http.Server{ ws.server = http.Server{
Addr: ":443", Addr: ":443", // Listen on port for HTTPS requests
TLSConfig: &config,
Handler: mux, Handler: mux,
ErrorLog: logger,
ReadTimeout: 5 * time.Second, ReadTimeout: 5 * time.Second,
WriteTimeout: 5 * time.Second} WriteTimeout: 5 * time.Second}
return ws return ws