/
main.go
155 lines (134 loc) · 4.83 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
package main
import (
"flag"
"fmt"
"net"
"net/http"
_ "net/http/pprof" // #nosec
"net/url"
"os"
"os/signal"
"runtime"
"strconv"
"syscall"
"time"
"github.com/Azure/secrets-store-csi-driver-provider-azure/pkg/metrics"
"github.com/Azure/secrets-store-csi-driver-provider-azure/pkg/server"
"github.com/Azure/secrets-store-csi-driver-provider-azure/pkg/utils"
"github.com/Azure/secrets-store-csi-driver-provider-azure/pkg/version"
"github.com/Azure/go-autorest/autorest/adal"
"google.golang.org/grpc"
"google.golang.org/grpc/health/grpc_health_v1"
logsapi "k8s.io/component-base/logs/api/v1"
json "k8s.io/component-base/logs/json"
"k8s.io/klog/v2"
k8spb "sigs.k8s.io/secrets-store-csi-driver/provider/v1alpha1"
)
const (
readHeaderTimeout = 5 * time.Second
)
var (
versionInfo = flag.Bool("version", false, "prints the version information")
endpoint = flag.String("endpoint", "unix:///tmp/azure.sock", "CSI gRPC endpoint")
logFormatJSON = flag.Bool("log-format-json", false, "set log formatter to json")
enableProfile = flag.Bool("enable-pprof", false, "enable pprof profiling")
profilePort = flag.Int("pprof-port", 6060, "port for pprof profiling")
healthzPort = flag.Int("healthz-port", 8989, "port for health check")
healthzPath = flag.String("healthz-path", "/healthz", "path for health check")
healthzTimeout = flag.Duration("healthz-timeout", 5*time.Second, "RPC timeout for health check")
metricsBackend = flag.String("metrics-backend", "Prometheus", "Backend used for metrics")
prometheusPort = flag.Int("prometheus-port", 8898, "Prometheus port for metrics backend")
constructPEMChain = flag.Bool("construct-pem-chain", true, "explicitly reconstruct the pem chain in the order: SERVER, INTERMEDIATE, ROOT")
writeCertAndKeyInSeparateFiles = flag.Bool("write-cert-and-key-in-separate-files", false,
"Write cert and key in separate files. The individual files will be named as <secret-name>.crt and <secret-name>.key. These files will be created in addition to the single file.")
)
func main() {
klog.InitFlags(nil)
defer klog.Flush()
flag.Parse()
signalChan := make(chan os.Signal, 1)
signal.Notify(signalChan, syscall.SIGTERM, syscall.SIGINT, os.Interrupt)
if *logFormatJSON {
jsonFactory := json.Factory{}
logger, _ := jsonFactory.Create(logsapi.LoggingConfiguration{Format: "json"})
klog.SetLogger(logger)
}
if *versionInfo {
if err := version.PrintVersion(); err != nil {
klog.ErrorS(err, "failed to print version")
os.Exit(1)
}
os.Exit(0)
}
klog.InfoS("Starting Azure Key Vault Provider", "version", version.BuildVersion)
if *enableProfile {
klog.InfoS("Starting profiling", "port", *profilePort)
go func() {
server := &http.Server{
Addr: fmt.Sprintf("%s:%d", "localhost", *profilePort),
ReadHeaderTimeout: readHeaderTimeout,
}
klog.ErrorS(server.ListenAndServe(), "unable to start profiling server")
}()
}
// initialize metrics exporter before creating measurements
err := metrics.InitMetricsExporter(*metricsBackend, *prometheusPort)
if err != nil {
klog.ErrorS(err, "failed to initialize metrics exporter")
os.Exit(1)
}
if *constructPEMChain {
klog.Infof("construct pem chain feature enabled")
}
if *writeCertAndKeyInSeparateFiles {
klog.Infof("write cert and key in separate files feature enabled")
}
// Add csi-secrets-store user agent to adal requests
if err := adal.AddToUserAgent(version.GetUserAgent()); err != nil {
klog.ErrorS(err, "failed to add user agent to adal")
os.Exit(1)
}
// Initialize and run the gRPC server
proto, addr, err := utils.ParseEndpoint(*endpoint)
if err != nil {
klog.ErrorS(err, "failed to parse endpoint")
os.Exit(1)
}
if proto == "unix" {
if runtime.GOOS != "windows" {
addr = "/" + addr
}
if err := os.Remove(addr); err != nil && !os.IsNotExist(err) {
klog.ErrorS(err, "failed to remove socket", "addr", addr)
os.Exit(1)
}
}
listener, err := net.Listen(proto, addr)
if err != nil {
klog.ErrorS(err, "failed to listen", "proto", proto, "addr", addr)
os.Exit(1)
}
opts := []grpc.ServerOption{
grpc.UnaryInterceptor(utils.LogInterceptor()),
}
s := grpc.NewServer(opts...)
csiDriverProviderServer := server.New(*constructPEMChain, *writeCertAndKeyInSeparateFiles)
k8spb.RegisterCSIDriverProviderServer(s, csiDriverProviderServer)
// Register the health service.
grpc_health_v1.RegisterHealthServer(s, csiDriverProviderServer)
klog.InfoS("Listening for connections", "address", listener.Addr())
go s.Serve(listener)
healthz := &server.HealthZ{
HealthCheckURL: &url.URL{
Host: net.JoinHostPort("", strconv.FormatUint(uint64(*healthzPort), 10)),
Path: *healthzPath,
},
UnixSocketPath: listener.Addr().String(),
RPCTimeout: *healthzTimeout,
}
go healthz.Serve()
<-signalChan
// gracefully stop the grpc server
klog.Infof("terminating the server")
s.GracefulStop()
}