Drop admission logic. Use a plain controller instead
This commit is contained in:
@@ -2,6 +2,7 @@ package controller
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
@@ -11,44 +12,78 @@ import (
|
||||
"k8s.io/cli-runtime/pkg/genericclioptions"
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
mksadmission "example.com/monok8s/pkg/controller/admission"
|
||||
mkscontroller "example.com/monok8s/pkg/controller"
|
||||
osupgradectrl "example.com/monok8s/pkg/controller/osupgrade"
|
||||
"example.com/monok8s/pkg/kube"
|
||||
"example.com/monok8s/pkg/templates"
|
||||
)
|
||||
|
||||
type ServerConfig struct {
|
||||
Namespace string `json:"namespace,omitempty"`
|
||||
TLSCertFile string `json:"tlsCertFile,omitempty"`
|
||||
TLSPrivateKeyFile string `json:"tlsPrivateKeyFile,omitempty"`
|
||||
}
|
||||
|
||||
func NewCmdController(flags *genericclioptions.ConfigFlags) *cobra.Command {
|
||||
var namespace string = templates.DefaultNamespace
|
||||
var conf ServerConfig
|
||||
|
||||
cmd := &cobra.Command{
|
||||
Use: "controller",
|
||||
Short: "Admission controller that handles OSUpgrade resources",
|
||||
Short: "Start a controller that handles OSUpgrade resources",
|
||||
RunE: func(cmd *cobra.Command, _ []string) error {
|
||||
|
||||
ctx := cmd.Context()
|
||||
|
||||
klog.InfoS("starting controller",
|
||||
"namespace", namespace,
|
||||
)
|
||||
klog.InfoS("starting controller", "namespace", conf.Namespace)
|
||||
|
||||
clients, err := kube.NewClients(flags)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return httpListen(ctx, clients, conf)
|
||||
ctx, cancel := context.WithCancel(ctx)
|
||||
defer cancel()
|
||||
|
||||
httpErrCh := make(chan error, 1)
|
||||
watchErrCh := make(chan error, 1)
|
||||
|
||||
go func() {
|
||||
klog.InfoS("starting OSUpgrade watch loop", "namespace", conf.Namespace)
|
||||
watchErrCh <- osupgradectrl.Watch(ctx, clients, conf.Namespace)
|
||||
}()
|
||||
|
||||
go func() {
|
||||
httpErrCh <- httpListen(ctx, clients, conf)
|
||||
}()
|
||||
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
klog.InfoS("controller context canceled")
|
||||
return ctx.Err()
|
||||
|
||||
case err := <-watchErrCh:
|
||||
if err != nil && !errors.Is(err, context.Canceled) {
|
||||
cancel()
|
||||
return err
|
||||
}
|
||||
cancel()
|
||||
return nil
|
||||
|
||||
case err := <-httpErrCh:
|
||||
if err != nil && !errors.Is(err, context.Canceled) {
|
||||
cancel()
|
||||
return err
|
||||
}
|
||||
cancel()
|
||||
return nil
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
cmd.Flags().StringVar(&namespace, "namespace", templates.DefaultNamespace, "namespace to watch")
|
||||
cmd.Flags().StringVar(&conf.Namespace, "namespace", templates.DefaultNamespace, "namespace to watch")
|
||||
cmd.Flags().StringVar(&conf.TLSCertFile, "tls-cert-file", conf.TLSCertFile,
|
||||
"File containing x509 Certificate used for serving HTTPS (with intermediate certs, if any, concatenated after server cert).")
|
||||
cmd.Flags().StringVar(&conf.TLSPrivateKeyFile, "tls-private-key-file", conf.TLSPrivateKeyFile, "File containing x509 private key matching --tls-cert-file.")
|
||||
cmd.Flags().StringVar(&conf.TLSPrivateKeyFile, "tls-private-key-file", conf.TLSPrivateKeyFile,
|
||||
"File containing x509 private key matching --tls-cert-file.")
|
||||
|
||||
return cmd
|
||||
}
|
||||
@@ -57,41 +92,59 @@ func httpListen(ctx context.Context, clients *kube.Clients, conf ServerConfig) e
|
||||
address, port := "", "8443"
|
||||
addr := net.JoinHostPort(address, port)
|
||||
|
||||
ns := os.Getenv("POD_NAMESPACE")
|
||||
nodeName := os.Getenv("NODE_NAME")
|
||||
|
||||
server := mksadmission.NewServer(ctx, clients, ns, nodeName)
|
||||
server := mkscontroller.NewServer(ctx, clients, conf.Namespace, nodeName)
|
||||
|
||||
s := &http.Server{
|
||||
Addr: addr,
|
||||
Handler: server,
|
||||
IdleTimeout: 90 * time.Second,
|
||||
ReadTimeout: 4 * 60 * time.Minute,
|
||||
WriteTimeout: 4 * 60 * time.Minute,
|
||||
ReadTimeout: 4 * time.Minute,
|
||||
WriteTimeout: 4 * time.Minute,
|
||||
MaxHeaderBytes: 1 << 20,
|
||||
}
|
||||
|
||||
if conf.TLSCertFile != "" {
|
||||
klog.InfoS("starting HTTPS server",
|
||||
"addr", addr,
|
||||
"certFile", conf.TLSCertFile,
|
||||
"keyFile", conf.TLSPrivateKeyFile,
|
||||
)
|
||||
serverErrCh := make(chan error, 1)
|
||||
|
||||
if err := s.ListenAndServeTLS(conf.TLSCertFile, conf.TLSPrivateKeyFile); err != nil {
|
||||
klog.ErrorS(err, "HTTPS server failed")
|
||||
os.Exit(1)
|
||||
go func() {
|
||||
if conf.TLSCertFile != "" {
|
||||
klog.InfoS("starting HTTPS server",
|
||||
"addr", addr,
|
||||
"certFile", conf.TLSCertFile,
|
||||
"keyFile", conf.TLSPrivateKeyFile,
|
||||
)
|
||||
serverErrCh <- s.ListenAndServeTLS(conf.TLSCertFile, conf.TLSPrivateKeyFile)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
klog.InfoS("starting HTTP server",
|
||||
"addr", addr,
|
||||
)
|
||||
|
||||
if err := s.ListenAndServe(); err != nil {
|
||||
klog.InfoS("starting HTTP server", "addr", addr)
|
||||
serverErrCh <- s.ListenAndServe()
|
||||
}()
|
||||
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
klog.InfoS("shutting down HTTP server", "addr", addr)
|
||||
|
||||
shutdownCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer cancel()
|
||||
|
||||
err := s.Shutdown(shutdownCtx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = <-serverErrCh
|
||||
if err != nil && !errors.Is(err, http.ErrServerClosed) {
|
||||
return err
|
||||
}
|
||||
return context.Canceled
|
||||
|
||||
case err := <-serverErrCh:
|
||||
if err != nil && !errors.Is(err, http.ErrServerClosed) {
|
||||
klog.ErrorS(err, "HTTP server failed")
|
||||
os.Exit(1)
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user