mirror of
https://github.com/kyverno/kyverno.git
synced 2025-01-20 18:52:16 +00:00
9983e82770
* feat: add tracing middleware Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add middleware Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add tracing to middlewares Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
96 lines
2.4 KiB
Go
96 lines
2.4 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/go-logr/logr"
|
|
"github.com/julienschmidt/httprouter"
|
|
"github.com/kyverno/kyverno/cmd/cleanup-controller/logger"
|
|
"github.com/kyverno/kyverno/pkg/logging"
|
|
"github.com/kyverno/kyverno/pkg/webhooks/handlers"
|
|
admissionv1 "k8s.io/api/admission/v1"
|
|
)
|
|
|
|
// ValidatingWebhookServicePath is the path for validation webhook
|
|
const ValidatingWebhookServicePath = "/validate"
|
|
|
|
type Server interface {
|
|
// Run TLS server in separate thread and returns control immediately
|
|
Run(<-chan struct{})
|
|
// Stop TLS server and returns control after the server is shut down
|
|
Stop(context.Context)
|
|
}
|
|
|
|
type CleanupPolicyHandlers interface {
|
|
// Validate performs the validation check on policy resources
|
|
Validate(context.Context, logr.Logger, *admissionv1.AdmissionRequest, time.Time) *admissionv1.AdmissionResponse
|
|
}
|
|
|
|
type server struct {
|
|
server *http.Server
|
|
}
|
|
|
|
type TlsProvider func() ([]byte, []byte, error)
|
|
|
|
// NewServer creates new instance of server accordingly to given configuration
|
|
func NewServer(
|
|
policyHandlers CleanupPolicyHandlers,
|
|
tlsProvider TlsProvider,
|
|
) Server {
|
|
mux := httprouter.New()
|
|
mux.HandlerFunc(
|
|
"POST",
|
|
ValidatingWebhookServicePath,
|
|
http.HandlerFunc(
|
|
handlers.AdmissionHandler(policyHandlers.Validate).
|
|
WithAdmission(logger.Logger.WithName("validate")).
|
|
WithTrace(),
|
|
),
|
|
)
|
|
return &server{
|
|
server: &http.Server{
|
|
Addr: ":9443",
|
|
TLSConfig: &tls.Config{
|
|
GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
|
|
certPem, keyPem, err := tlsProvider()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
pair, err := tls.X509KeyPair(certPem, keyPem)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &pair, nil
|
|
},
|
|
MinVersion: tls.VersionTLS12,
|
|
},
|
|
Handler: mux,
|
|
ReadTimeout: 30 * time.Second,
|
|
WriteTimeout: 30 * time.Second,
|
|
ReadHeaderTimeout: 30 * time.Second,
|
|
IdleTimeout: 5 * time.Minute,
|
|
// ErrorLog: logging.StdLogger(logger.WithName("server"), ""),
|
|
},
|
|
}
|
|
}
|
|
|
|
func (s *server) Run(stopCh <-chan struct{}) {
|
|
go func() {
|
|
if err := s.server.ListenAndServeTLS("", ""); err != nil {
|
|
logging.Error(err, "failed to start server")
|
|
}
|
|
}()
|
|
}
|
|
|
|
func (s *server) Stop(ctx context.Context) {
|
|
err := s.server.Shutdown(ctx)
|
|
if err != nil {
|
|
err = s.server.Close()
|
|
if err != nil {
|
|
logging.Error(err, "failed to start server")
|
|
}
|
|
}
|
|
}
|