/
main.go
106 lines (89 loc) 路 2.61 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package main
import (
"context"
"crypto/tls"
"flag"
"fmt"
"net/http"
"os"
"os/signal"
"syscall"
"time"
admissioncontrol "github.com/elithrar/admission-control"
log "github.com/go-kit/kit/log"
"github.com/gorilla/mux"
)
type conf struct {
TLSCertPath string
TLSKeyPath string
Port string
Host string
}
func main() {
ctx := context.Background()
// Get config
conf := &conf{}
flag.StringVar(&conf.TLSCertPath, "cert-path", "./cert.crt", "The path to the PEM-encoded TLS certificate")
flag.StringVar(&conf.TLSKeyPath, "key-path", "./key.key", "The path to the unencrypted TLS key.")
flag.StringVar(&conf.Port, "port", "8443", "The port to listen on (HTTPS).")
flag.StringVar(&conf.Host, "host", "admissiond.questionable.services", "The hostname for the service.")
flag.Parse()
// Set up logging
var logger log.Logger
logger = log.NewLogfmtLogger(log.NewSyncWriter(os.Stderr))
logger = log.With(logger, "ts", log.DefaultTimestampUTC, "loc", log.DefaultCaller)
// Set up which
// Set up the routes & logging middleware.
r := mux.NewRouter().StrictSlash(true)
r.HandleFunc("/healthz",
func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) },
).Methods(http.MethodGet)
admissions := r.PathPrefix("/admission-control").Subrouter()
admissions.Handle("/deny-public-services", &admissioncontrol.AdmissionHandler{
AdmitFunc: admissioncontrol.DenyPublicServices,
Logger: logger,
}).Methods(http.MethodPost)
// TLS & HTTP server setup
keyPair, err := tls.LoadX509KeyPair(conf.TLSCertPath, conf.TLSKeyPath)
if err != nil {
fatal(logger, err)
}
tlsConf := &tls.Config{
Certificates: []tls.Certificate{keyPair},
ServerName: conf.Host,
}
srv := &http.Server{
Handler: admissioncontrol.LoggingMiddleware(logger)(r),
TLSConfig: tlsConf,
Addr: ":" + conf.Port,
IdleTimeout: time.Second * 15,
ReadTimeout: time.Second * 15,
ReadHeaderTimeout: time.Second * 15,
WriteTimeout: time.Second * 15,
}
go func() {
logger.Log(
"msg", fmt.Sprintf("admissiond listening on '%s:%s'", conf.Host, conf.Port),
)
if err := srv.ListenAndServeTLS("", ""); err != nil {
fatal(logger, err)
}
}()
// Graceful shutdown: block until we receive a signal.
signalChan := make(chan os.Signal, 1)
signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM)
sig := <-signalChan
logger.Log(
"msg", "shutting down server",
"err", fmt.Sprintf("received signal: %s", sig.String()),
)
srv.Shutdown(ctx)
}
func fatal(logger log.Logger, err error) {
logger.Log(
"status", "fatal",
"err", err,
)
os.Exit(1)
return
}