-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.go
125 lines (107 loc) · 3.4 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
package main
import (
"fmt"
"log"
"net/http"
"os"
"os/signal"
"syscall"
"github.com/marmotherder/mimir/clients"
"github.com/gorilla/mux"
"github.com/jessevdk/go-flags"
)
var opts Options
var sOpts ServerOptions
var release string
var re bool
func main() {
parseArgs(&opts)
if opts.IsPod {
log.Println("Running mimir as a pod in k8s")
}
if opts.ServerMode {
release, re = os.LookupEnv("RELEASE")
if !re {
release = "mimir"
}
r := mux.NewRouter()
r.HandleFunc("/hook", hook).Methods(http.MethodPost)
parseArgs(&sOpts)
log.Printf("Running server on port: %d\n", sOpts.ServerPort)
srv := &http.Server{
Addr: fmt.Sprintf(":%d", sOpts.ServerPort),
Handler: r,
}
c := make(chan os.Signal, 1)
// The init container for the application when running as webhook will create a csr and
// a mutatingwebhookconfiguration. This loop keeps the server alive, and tries to run
// shutdown login when we detect that the core container is being shutdown
go func() {
err := srv.ListenAndServeTLS(sOpts.TLSCertPath, sOpts.TLSKeyPath)
log.Println(err.Error())
c <- os.Interrupt
}()
signal.Notify(c, syscall.SIGINT, syscall.SIGTERM)
<-c
shutdownServer(srv)
} else {
smc, mgr, err := loadClient()
if err != nil {
log.Fatalln(err.Error())
}
run(opts, smc, mgr)
}
}
// parseArgs parses the cli flags, allowing a common point to parse later downstream options when
// building config from multiple structs
func parseArgs(opts interface{}) {
parser := flags.NewParser(opts, flags.IgnoreUnknown)
_, err := parser.ParseArgs(os.Args[1:])
if err != nil {
log.Fatalln(err.Error())
}
}
// loadHashiCorpVaultClient loads a valid client for loading secrets from Hashicorp Vault
func loadHashiCorpVaultClient(opts Options, hvOpts HashiCorpVaultOptions, auth clients.HashicorpVaultAuth) (smc clients.SecretsManagerClient, mgr clients.SecretsManager) {
client, err := clients.NewHashicorpVaultClient(hvOpts.Path, hvOpts.URL, hvOpts.Mount, hvOpts.SkipTLSVerify, auth)
if err != nil {
log.Fatalln(err.Error())
}
return client, clients.HashicorpVault
}
// loadAWSClient loads a valid client for loading secrets from AWS Secrets Manager
func loadAWSClient(opts Options, awsOpts AWSOptions, auth clients.AWSSecretsAuth) (smc clients.SecretsManagerClient, mgr clients.SecretsManager) {
auth.SetRegion(awsOpts.Region)
client, err := clients.NewAWSSecretsClient(auth)
if err != nil {
log.Fatalln(err.Error())
}
return client, clients.AWS
}
// loadAzureKeyVaultClient loads a valid client for loading secrets from Azure Key Vaults
func loadAzureKeyVaultClient(opts Options, azOpts AzureKeyVaultOptions, auth clients.AzureKeyVaultAuth) (smc clients.SecretsManagerClient, mgr clients.SecretsManager) {
client, err := clients.NewAzureKeyVaultClient(auth, azOpts.SubscriptionID)
if err != nil {
log.Fatalln(err.Error())
}
return client, clients.AWS
}
// run performs a run of mimir secret syncing for the given backend
func run(opts Options, smc clients.SecretsManagerClient, mgr clients.SecretsManager) {
kc, err := clients.NewK8SClient(opts.IsPod, opts.KubeconfigPath)
if err != nil {
log.Fatalln(err.Error())
}
namespaces, err := clients.GetNamespaces(kc)
if err != nil {
log.Fatalln(err.Error())
}
secrets, err := smc.GetSecrets(namespaces...)
if err != nil {
log.Fatalln(err.Error())
}
err = clients.ManageSecrets(kc, mgr, secrets...)
if err != nil {
log.Fatalln(err.Error())
}
}