forked from kyma-project/kyma
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
166 lines (128 loc) · 5.23 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
package main
import (
"os"
"path/filepath"
"strings"
"time"
istioAuthenticationClient "github.com/kyma-project/kyma/components/api-controller/pkg/clients/authentication.istio.io/clientset/versioned"
kyma "github.com/kyma-project/kyma/components/api-controller/pkg/clients/gateway.kyma-project.io/clientset/versioned"
kymaInformers "github.com/kyma-project/kyma/components/api-controller/pkg/clients/gateway.kyma-project.io/informers/externalversions"
istioNetworkingClient "github.com/kyma-project/kyma/components/api-controller/pkg/clients/networking.istio.io/clientset/versioned"
authenticationV2 "github.com/kyma-project/kyma/components/api-controller/pkg/controller/authentication/v2"
"github.com/kyma-project/kyma/components/api-controller/pkg/controller/crd"
istioNetworkingV1 "github.com/kyma-project/kyma/components/api-controller/pkg/controller/networking/v1"
serviceV1 "github.com/kyma-project/kyma/components/api-controller/pkg/controller/service/v1"
"github.com/kyma-project/kyma/components/api-controller/pkg/controller/v1alpha2"
log "github.com/sirupsen/logrus"
apiExtensionsClient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
k8sClient "k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
)
func main() {
log.SetLevel(getLoggerLevel())
log.Info("Starting API controller application...")
stop := make(chan struct{})
jwtDefaultConfig := initJwtDefaultConfig()
mTLSOptionEnabled := isAuthPolicyMTLSEnabled()
istioGateway := getIstioGateway()
kubeConfig := initKubeConfig()
domainName := initDomainName()
corsConfig := getCORSConfig()
apiExtensionsClientSet := apiExtensionsClient.NewForConfigOrDie(kubeConfig)
registerer := crd.NewRegistrar(apiExtensionsClientSet)
registerer.Register(v1alpha2.Crd(domainName))
k8sClientSet := k8sClient.NewForConfigOrDie(kubeConfig)
serviceV1Interface := serviceV1.New(k8sClientSet)
istioNetworkingClientSet := istioNetworkingClient.NewForConfigOrDie(kubeConfig)
istioNetworkingV1Interface := istioNetworkingV1.New(istioNetworkingClientSet, k8sClientSet, istioGateway, corsConfig)
istioAuthenticationClientSet := istioAuthenticationClient.NewForConfigOrDie(kubeConfig)
authenticationV2Interface := authenticationV2.New(istioAuthenticationClientSet, jwtDefaultConfig, mTLSOptionEnabled)
kymaClientSet := kyma.NewForConfigOrDie(kubeConfig)
internalInformerFactory := kymaInformers.NewSharedInformerFactory(kymaClientSet, time.Second*30)
list := os.Getenv("BLACKLISTED_SERVICES")
v1alpha2Controller := v1alpha2.NewController(kymaClientSet, istioNetworkingV1Interface, serviceV1Interface, authenticationV2Interface, internalInformerFactory, domainName, readBlacklistedServices(list))
internalInformerFactory.Start(stop)
err := v1alpha2Controller.Run(2, stop)
if err != nil {
log.Fatalf("Unable to run controller: %v", err)
}
}
func initKubeConfig() *rest.Config {
kubeConfigLocation := filepath.Join(os.Getenv("HOME"), ".kube", "config")
kubeConfig, err := clientcmd.BuildConfigFromFlags("", kubeConfigLocation)
if err != nil {
log.Warn("unable to build kube config from file. Trying in-cluster configuration")
kubeConfig, err = rest.InClusterConfig()
if err != nil {
log.Fatal("cannot find Service Account in pod to build in-cluster kube config")
}
}
return kubeConfig
}
func getLoggerLevel() log.Level {
logLevel := os.Getenv("API_CONTROLLER_LOG_LEVEL")
if logLevel != "" {
level, err := log.ParseLevel(logLevel)
if err != nil {
println("Error while setting log level: " + logLevel + ". Root cause: " + err.Error())
} else {
return level
}
}
return log.InfoLevel
}
func getIstioGateway() string {
gateway := os.Getenv("GATEWAY_FQDN")
if gateway == "" {
log.Fatal("gateway not provided. Please provide env variables GATEWAY_FQDN")
}
return gateway
}
func initJwtDefaultConfig() authenticationV2.JwtDefaultConfig {
issuer := os.Getenv("DEFAULT_ISSUER")
jwksURI := os.Getenv("DEFAULT_JWKS_URI")
if issuer == "" || jwksURI == "" {
log.Fatal("default issuer or jwksURI not provided. Please provide env variables DEFAULT_ISSUER and DEFAULT_JWKS_URI")
}
return authenticationV2.JwtDefaultConfig{
Issuer: issuer,
JwksUri: jwksURI,
}
}
func initDomainName() string {
domainName := os.Getenv("DOMAIN_NAME")
if domainName == "" {
log.Fatal("domain name not provided. Please provide env variable DOMAIN_NAME")
}
return domainName
}
func isAuthPolicyMTLSEnabled() bool {
return os.Getenv("ENABLE_MTLS") == "true"
}
func getCORSConfig() istioNetworkingV1.CORSConfig {
allowOrigin := os.Getenv("CORS_ALLOW_ORIGIN")
allowMethods := os.Getenv("CORS_ALLOW_METHODS")
allowHeaders := os.Getenv("CORS_ALLOW_HEADERS")
return istioNetworkingV1.CORSConfig{
AllowOrigin: removeEmptyStrings(splitStrings(allowOrigin)),
AllowMethods: removeEmptyStrings(splitStrings(allowMethods)),
AllowHeaders: removeEmptyStrings(splitStrings(allowHeaders)),
}
}
func readBlacklistedServices(list string) []string {
return removeEmptyStrings(splitStrings(list))
}
func splitStrings(list string) []string {
return strings.Split(list, ",")
}
func removeEmptyStrings(list []string) []string {
result := make([]string, 0)
for _, s := range list {
ts := strings.TrimSpace(s)
if ts != "" {
result = append(result, ts)
}
}
return result
}