Merge b27ebdd into f3337bd

weaveworks · Feb 18, 2022 · 215864c · 215864c
2 parents f3337bd + b27ebdd
commit 215864c
Showing 1 changed file with 22 additions and 1 deletion.
diff --git a/cmd/gitops/ui/run/cmd.go b/cmd/gitops/ui/run/cmd.go
@@ -5,6 +5,7 @@ import (
 	"embed"
 	"fmt"
 	"io/fs"
+	"log"
 	"net"
 	"net/http"
 	"net/url"
@@ -42,6 +43,10 @@ type Options struct {
 	LoggingEnabled                bool
 	OIDC                          OIDCAuthenticationOptions
 	NotificationControllerAddress string
+	Insecure                      bool
+	TlsKey                        string
+	TlsCert                       string
+	NoTLS                         bool
 }
 
 // OIDCAuthenticationOptions contains the OIDC authentication options for the
@@ -78,6 +83,11 @@ func NewCommand() *cobra.Command {
 	cmd.Flags().StringVar(&options.NotificationControllerAddress, "notification-controller-address", "", "the address of the notification-controller running in the cluster")
 	cmd.Flags().IntVar(&options.WatcherPort, "watcher-port", 9443, "the port on which the watcher is running")
 
+	cmd.Flags().BoolVar(&options.Insecure, "insecure", false, "allow insecure TLS requests")
+	cmd.Flags().StringVar(&options.TlsKey, "tls-key", "/etc/gitops/ssl/tls.key", "filename for the TLS key")
+	cmd.Flags().StringVar(&options.TlsCert, "tls-cert", "/etc/gitops/ssl/tls.crt", "filename for the TLS certficate")
+	cmd.Flags().BoolVar(&options.NoTLS, "no-tls", false, "do not attempt to read TLS certificates")
+
 	if server.AuthEnabled() {
 		cmd.Flags().StringVar(&options.OIDC.IssuerURL, "oidc-issuer-url", "", "The URL of the OpenID Connect issuer")
 		cmd.Flags().StringVar(&options.OIDC.ClientID, "oidc-client-id", "", "The client ID for the OpenID Connect client")
@@ -256,7 +266,7 @@ func runCmd(cmd *cobra.Command, args []string) error {
 	go func() {
 		log.Infof("Serving on port %s", options.Port)
 
-		if err := srv.ListenAndServe(); err != nil {
+		if err := listenAndServe(srv, options); err != nil {
 			log.Error(err, "server exited")
 			os.Exit(1)
 		}
@@ -290,6 +300,17 @@ func runCmd(cmd *cobra.Command, args []string) error {
 	return nil
 }
 
+func listenAndServe(srv *http.Server, options Options) error {
+	if options.NoTLS {
+		log.Println("TLS connections disabled")
+		return srv.ListenAndServe()
+	}
+
+	log.Printf("Using TLS from %q and %q", options.TlsCert, options.TlsKey)
+
+	return srv.ListenAndServeTLS(options.TlsCert, options.TlsKey)
+}
+
 //go:embed dist/*
 var static embed.FS