-
Notifications
You must be signed in to change notification settings - Fork 3.2k
/
server.go
155 lines (142 loc) · 6.25 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
package commands
import (
"crypto/tls"
"fmt"
"os"
"reflect"
"time"
eventsource "github.com/argoproj/argo-events/pkg/client/eventsource/clientset/versioned"
sensor "github.com/argoproj/argo-events/pkg/client/sensor/clientset/versioned"
"github.com/argoproj/pkg/errors"
"github.com/argoproj/pkg/stats"
log "github.com/sirupsen/logrus"
"github.com/skratchdot/open-golang/open"
"github.com/spf13/cobra"
"golang.org/x/net/context"
"k8s.io/client-go/kubernetes"
_ "k8s.io/client-go/plugin/pkg/client/auth"
"github.com/argoproj/argo-workflows/v3/cmd/argo/commands/client"
wfclientset "github.com/argoproj/argo-workflows/v3/pkg/client/clientset/versioned"
"github.com/argoproj/argo-workflows/v3/server/apiserver"
"github.com/argoproj/argo-workflows/v3/server/auth"
"github.com/argoproj/argo-workflows/v3/server/types"
"github.com/argoproj/argo-workflows/v3/util/help"
)
func NewServerCommand() *cobra.Command {
var (
authModes []string
configMap string
port int
baseHRef string
secure bool
htst bool
namespaced bool // --namespaced
managedNamespace string // --managed-namespace
enableOpenBrowser bool
eventOperationQueueSize int
eventWorkerCount int
frameOptions string
accessControlAllowOrigin string
)
command := cobra.Command{
Use: "server",
Short: "start the Argo Server",
Example: fmt.Sprintf(`
See %s`, help.ArgoSever),
Run: func(c *cobra.Command, args []string) {
stats.RegisterStackDumper()
stats.StartStatsTicker(5 * time.Minute)
config, err := client.GetConfig().ClientConfig()
errors.CheckError(err)
config.Burst = 30
config.QPS = 20.0
namespace := client.Namespace()
clients := &types.Clients{
Workflow: wfclientset.NewForConfigOrDie(config),
EventSource: eventsource.NewForConfigOrDie(config),
Sensor: sensor.NewForConfigOrDie(config),
Kubernetes: kubernetes.NewForConfigOrDie(config),
}
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
if !namespaced && managedNamespace != "" {
log.Warn("ignoring --managed-namespace because --namespaced is false")
managedNamespace = ""
}
if namespaced && managedNamespace == "" {
managedNamespace = namespace
}
log.WithFields(log.Fields{
"authModes": authModes,
"namespace": namespace,
"managedNamespace": managedNamespace,
"baseHRef": baseHRef,
"secure": secure,
}).Info()
var tlsConfig *tls.Config
if secure {
cer, err := tls.LoadX509KeyPair("argo-server.crt", "argo-server.key")
errors.CheckError(err)
// InsecureSkipVerify will not impact the TLS listener. It is needed for the server to speak to itself for GRPC.
tlsConfig = &tls.Config{Certificates: []tls.Certificate{cer}, InsecureSkipVerify: true}
} else {
log.Warn("You are running in insecure mode. Learn how to enable transport layer security: https://argoproj.github.io/argo-workflows/tls/")
}
modes := auth.Modes{}
for _, mode := range authModes {
err := modes.Add(mode)
errors.CheckError(err)
}
if reflect.DeepEqual(modes, auth.Modes{auth.Server: true}) {
log.Warn("You are running without client authentication. Learn how to enable client authentication: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/")
}
opts := apiserver.ArgoServerOpts{
BaseHRef: baseHRef,
TLSConfig: tlsConfig,
HSTS: htst,
Namespace: namespace,
Clients: clients,
RestConfig: config,
AuthModes: modes,
ManagedNamespace: managedNamespace,
ConfigName: configMap,
EventOperationQueueSize: eventOperationQueueSize,
EventWorkerCount: eventWorkerCount,
XFrameOptions: frameOptions,
AccessControlAllowOrigin: accessControlAllowOrigin,
}
browserOpenFunc := func(url string) {}
if enableOpenBrowser {
browserOpenFunc = func(url string) {
log.Infof("Argo UI is available at %s", url)
err := open.Run(url)
if err != nil {
log.Warnf("Unable to open the browser. %v", err)
}
}
}
server, err := apiserver.NewArgoServer(ctx, opts)
errors.CheckError(err)
server.Run(ctx, port, browserOpenFunc)
},
}
command.Flags().IntVarP(&port, "port", "p", 2746, "Port to listen on")
defaultBaseHRef := os.Getenv("BASE_HREF")
if defaultBaseHRef == "" {
defaultBaseHRef = "/"
}
command.Flags().StringVar(&baseHRef, "basehref", defaultBaseHRef, "Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /. Defaults to the environment variable BASE_HREF.")
// "-e" for encrypt, like zip
command.Flags().BoolVarP(&secure, "secure", "e", false, "Whether or not we should listen on TLS.")
command.Flags().BoolVar(&htst, "hsts", true, "Whether or not we should add a HTTP Secure Transport Security header. This only has effect if secure is enabled.")
command.Flags().StringArrayVar(&authModes, "auth-mode", []string{"server"}, "API server authentication mode. Any 1 or more length permutation of: client,server,sso")
command.Flags().StringVar(&configMap, "configmap", "workflow-controller-configmap", "Name of K8s configmap to retrieve workflow controller configuration")
command.Flags().BoolVar(&namespaced, "namespaced", false, "run as namespaced mode")
command.Flags().StringVar(&managedNamespace, "managed-namespace", "", "namespace that watches, default to the installation namespace")
command.Flags().BoolVarP(&enableOpenBrowser, "browser", "b", false, "enable automatic launching of the browser [local mode]")
command.Flags().IntVar(&eventOperationQueueSize, "event-operation-queue-size", 16, "how many events operations that can be queued at once")
command.Flags().IntVar(&eventWorkerCount, "event-worker-count", 4, "how many event workers to run")
command.Flags().StringVar(&frameOptions, "x-frame-options", "DENY", "Set X-Frame-Options header in HTTP responses.")
command.Flags().StringVar(&accessControlAllowOrigin, "access-control-allow-origin", "", "Set Access-Control-Allow-Origin header in HTTP responses.")
return &command
}