forked from open-policy-agent/gatekeeper
/
main.go
104 lines (89 loc) · 3.11 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"flag"
opa "github.com/open-policy-agent/frameworks/constraint/pkg/client"
"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local"
"github.com/open-policy-agent/gatekeeper/pkg/apis"
"github.com/open-policy-agent/gatekeeper/pkg/audit"
"github.com/open-policy-agent/gatekeeper/pkg/controller"
"github.com/open-policy-agent/gatekeeper/pkg/target"
"github.com/open-policy-agent/gatekeeper/pkg/webhook"
_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
"os"
"sigs.k8s.io/controller-runtime/pkg/client/config"
"sigs.k8s.io/controller-runtime/pkg/manager"
logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
"sigs.k8s.io/controller-runtime/pkg/runtime/signals"
)
func main() {
flag.Parse()
// TODO make development logging mode toggleable
logf.SetLogger(logf.ZapLogger(true))
log := logf.Log.WithName("entrypoint")
// Get a config to talk to the apiserver
log.Info("setting up client for manager")
cfg, err := config.GetConfig()
if err != nil {
log.Error(err, "unable to set up client config")
os.Exit(1)
}
// Create a new Cmd to provide shared dependencies and start components
log.Info("setting up manager")
mgr, err := manager.New(cfg, manager.Options{})
if err != nil {
log.Error(err, "unable to set up overall controller manager")
os.Exit(1)
}
log.Info("Registering Components.")
// Setup Scheme for all resources
log.Info("setting up scheme")
if err := apis.AddToScheme(mgr.GetScheme()); err != nil {
log.Error(err, "unable add APIs to scheme")
os.Exit(1)
}
// initialize OPA
// TODO: make tracing toggle-able
driver := local.New(local.Tracing(true))
backend, err := opa.NewBackend(opa.Driver(driver))
if err != nil {
log.Error(err, "unable to set up OPA backend")
os.Exit(1)
}
client, err := backend.NewClient(opa.Targets(&target.K8sValidationTarget{}))
if err != nil {
log.Error(err, "unable to set up OPA client")
}
// Setup all Controllers
log.Info("Setting up controller")
if err := controller.AddToManager(mgr, client); err != nil {
log.Error(err, "unable to register controllers to the manager")
os.Exit(1)
}
log.Info("setting up webhooks")
if err := webhook.AddToManager(mgr, client); err != nil {
log.Error(err, "unable to register webhooks to the manager")
os.Exit(1)
}
log.Info("setting up audit")
if err := audit.AddToManager(mgr, client); err != nil {
log.Error(err, "unable to register audit to the manager")
os.Exit(1)
}
// Start the Cmd
log.Info("Starting the Cmd.")
if err := mgr.Start(signals.SetupSignalHandler()); err != nil {
log.Error(err, "unable to run the manager")
os.Exit(1)
}
}