add suport docker and refresh token

julz · Jun 23, 2021 · b2efa40 · b2efa40
1 parent 6e8a352
commit b2efa40
Show file tree

Hide file tree

Showing 10 changed files with 752 additions and 24 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+
+.idea/
diff --git a/cmd/daemon/main.go b/cmd/daemon/main.go
@@ -4,14 +4,21 @@ import (
 	"context"
 	"log"
 	"net/http"
+	"os"
 
 	"github.com/julz/freeze-proxy/pkg/daemon"
-	"github.com/julz/freeze-proxy/pkg/freezer"
 	authv1 "k8s.io/api/authentication/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
+
+	"github.com/julz/freeze-proxy/pkg/freezer"
 )
 
+var runtimeType string
+
+func init() {
+	runtimeType = os.Getenv("RUNTIME_TYPE")
+}
 func main() {
 	config, err := rest.InClusterConfig()
 	if err != nil {
@@ -23,14 +30,19 @@ func main() {
 		log.Fatal(err)
 	}
 
-	ctrd, err := freezer.Connect()
+	fre, err := freezer.GetFreezer(runtimeType)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	thawer, err := freezer.GetThawer(runtimeType)
 	if err != nil {
 		log.Fatal(err)
 	}
 
 	http.ListenAndServe(":8080", &daemon.Handler{
-		Freezer: ctrd,
-		Thawer:  ctrd,
+		Freezer: fre,
+		Thawer:  thawer,
 		Validator: daemon.TokenValidatorFunc(func(ctx context.Context, token string) (*authv1.TokenReview, error) {
 			return clientset.AuthenticationV1().TokenReviews().CreateContext(ctx, &authv1.TokenReview{
 				Spec: authv1.TokenReviewSpec{

diff --git a/cmd/freezeproxy/main.go b/cmd/freezeproxy/main.go
@@ -8,10 +8,13 @@ import (
 	"net/url"
 	"os"
 	"os/signal"
+	"sync"
 	"syscall"
 	"time"
 
 	"github.com/julz/freeze-proxy/pkg/gate"
+
+	"k8s.io/apimachinery/pkg/util/wait"
 )
 
 var shutdownSignals = []os.Signal{os.Interrupt, syscall.SIGTERM}
@@ -21,21 +24,26 @@ func main() {
 
 	log.Println("Connect to freeze daemon on:", hostIP)
 
-	// todo: reload every few minutes
-	token, err := ioutil.ReadFile("/var/run/projected/token")
-	if err != nil {
-		log.Fatal("could not read token", err)
-	}
+	var tokenCfg Token
+	go wait.PollInfinite(time.Minute, func() (done bool, err error) {
+		token, err := ioutil.ReadFile("/var/run/projected/token")
+		if err != nil {
+			log.Fatal("could not read token", err)
+			return true, err
+		}
+		tokenCfg.Set(string(token))
+		log.Println("refresh token...")
 
-	log.Println("token:", string(token))
+		return false, nil
+	})
 
 	pause := func() {
 		req, err := http.NewRequest("POST", "http://"+hostIP+":9696/freeze", nil)
 		if err != nil {
 			panic(err)
 		}
 
-		req.Header.Add("Token", string(token))
+		req.Header.Add("Token", tokenCfg.Get())
 		resp, err := http.DefaultClient.Do(req)
 		if err != nil {
 			panic(err)
@@ -50,7 +58,7 @@ func main() {
 			panic(err)
 		}
 
-		req.Header.Add("Token", string(token))
+		req.Header.Add("Token", tokenCfg.Get())
 		resp, err := http.DefaultClient.Do(req)
 		if err != nil {
 			panic(err)
@@ -77,3 +85,21 @@ func main() {
 
 	http.ListenAndServe(":9999", gate.New(proxy, pause, resume))
 }
+
+type Token struct {
+	sync.RWMutex
+	token string
+}
+
+func (t *Token) Set(token string) {
+	t.Lock()
+	defer t.Unlock()
+
+	t.token = token
+}
+func (t *Token) Get() string {
+	t.RLock()
+	defer t.RUnlock()
+
+	return t.token
+}
diff --git a/config/daemon.yaml b/config/daemon.yaml
@@ -1,3 +1,9 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: freeze-tokenreview
+  namespace: knative-serving
+---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
@@ -32,14 +38,23 @@ spec:
           securityContext:
             runAsUser: 0
           image: ko://github.com/julz/freeze-proxy/cmd/daemon
+          env:
+            - name: RUNTIME_TYPE
+              value: docker
           ports:
             - containerPort: 8080
               hostPort: 9696
           volumeMounts:
             - name: containerd-socket
               mountPath: /var/run/containerd/containerd.sock
+            - name: docker-socket
+              mountPath: /var/run/docker.sock
       volumes:
         - name: containerd-socket
           hostPath:
             path: /var/run/containerd/containerd.sock
             type: Socket
+        - name: docker-socket
+          hostPath:
+            path: /var/run/docker.sock
+            type: Socket
diff --git a/go.mod b/go.mod
@@ -11,14 +11,13 @@ require (
 	github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b // indirect
 	github.com/containerd/ttrpc v1.0.1 // indirect
 	github.com/containerd/typeurl v1.0.1 // indirect
+	github.com/docker/docker v20.10.5+incompatible
 	github.com/gogo/googleapis v1.4.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/selinux v1.6.0 // indirect
-	github.com/prometheus/common v0.9.1
 	github.com/rogpeppe/go-internal v1.6.0 // indirect
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
 	go.uber.org/atomic v1.6.0
-	go.uber.org/zap v1.15.0
 	golang.org/x/net v0.0.0-20200822124328-c89045814202 // indirect
 	golang.org/x/sys v0.0.0-20200821140526-fda516888d29 // indirect
 	google.golang.org/grpc v1.31.0
@@ -27,6 +26,7 @@ require (
 	k8s.io/apimachinery v0.18.7-rc.0
 	k8s.io/client-go v11.0.1-0.20190805182717-6502b5e7b1b5+incompatible
 	k8s.io/cri-api v0.18.8
+	k8s.io/klog v1.0.0
 	knative.dev/pkg v0.0.0-20200822052046-d5c09d2aef18
 )