-
Notifications
You must be signed in to change notification settings - Fork 343
/
main.go
106 lines (88 loc) · 2.82 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package main
import (
"context"
"flag"
"net/http"
"os"
"os/signal"
"syscall"
"time"
"github.com/prometheus/client_golang/prometheus/promhttp"
log "github.com/sirupsen/logrus"
"github.com/zalando/skipper/cmd/webhook/admission"
"github.com/zalando/skipper/dataclients/kubernetes/definitions"
)
const (
defaultHTTPSAddress = ":9443"
defaultHTTPAddress = ":9080"
)
type config struct {
debug bool
certFile string
keyFile string
address string
}
func (c *config) parse() {
flag.BoolVar(&c.debug, "debug", false, "Enable debug logging")
flag.StringVar(&c.certFile, "tls-cert-file", os.Getenv("CERT_FILE"), "File containing the certificate for HTTPS")
flag.StringVar(&c.keyFile, "tls-key-file", os.Getenv("KEY_FILE"), "File containing the private key for HTTPS")
flag.StringVar(&c.address, "address", defaultHTTPSAddress, "The address to listen on")
flag.Parse()
if (c.certFile != "" || c.keyFile != "") && !(c.certFile != "" && c.keyFile != "") {
log.Fatal("Config parse error: both of TLS cert & key must be provided or neither (for testing )")
return
}
// support non-HTTPS for local testing
if (c.certFile == "" && c.keyFile == "") && c.address == defaultHTTPSAddress {
c.address = defaultHTTPAddress
}
if c.debug {
log.SetLevel(log.DebugLevel)
}
}
func main() {
var cfg = &config{}
cfg.parse()
rgAdmitter := &admission.RouteGroupAdmitter{RouteGroupValidator: &definitions.RouteGroupValidator{}}
ingressAdmitter := &admission.IngressAdmitter{IngressValidator: &definitions.IngressV1Validator{}}
handler := http.NewServeMux()
handler.Handle("/routegroups", admission.Handler(rgAdmitter))
handler.Handle("/ingresses", admission.Handler(ingressAdmitter))
handler.Handle("/metrics", promhttp.Handler())
handler.HandleFunc("/healthz", healthCheck)
// One can use generate_cert.go in https://golang.org/pkg/crypto/tls
// to generate cert.pem and key.pem.
serve(cfg, handler)
}
func healthCheck(writer http.ResponseWriter, _ *http.Request) {
writer.WriteHeader(http.StatusOK)
if _, err := writer.Write([]byte("ok")); err != nil {
log.Errorf("Failed to write health check: %v", err)
}
}
func serve(cfg *config, handler http.Handler) {
server := &http.Server{
Addr: cfg.address,
Handler: handler,
ReadTimeout: 1 * time.Minute,
ReadHeaderTimeout: 1 * time.Minute,
}
log.Infof("Starting server on %s", cfg.address)
sig := make(chan os.Signal, 1)
signal.Notify(sig, syscall.SIGTERM)
go func() {
<-sig
log.Info("Shutting down...")
server.Shutdown(context.Background())
}()
var err error
if cfg.certFile != "" && cfg.keyFile != "" {
err = server.ListenAndServeTLS(cfg.certFile, cfg.keyFile)
} else {
// support non-HTTPS for local testing
err = server.ListenAndServe()
}
if err != nil && err != http.ErrServerClosed {
log.Fatalf("Listener error: %v.", err)
}
}