-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathmain.go
193 lines (164 loc) · 7.71 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
/*
Copyright 2019-2020 InfluxData.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"flag"
"os"
"k8s.io/apimachinery/pkg/runtime"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
ctrl "sigs.k8s.io/controller-runtime"
// +kubebuilder:scaffold:imports
_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
"sigs.k8s.io/controller-runtime/pkg/webhook"
)
var (
scheme = runtime.NewScheme()
setupLog = ctrl.Log.WithName("setup")
)
const (
defaultTelegrafImage = "docker.io/library/telegraf:1.22"
defaultRequestsCPU = "10m"
defaultRequestsMemory = "10Mi"
defaultLimitsCPU = "200m"
defaultLimitsMemory = "200Mi"
)
func init() {
_ = clientgoscheme.AddToScheme(scheme)
// +kubebuilder:scaffold:scheme
}
func main() {
var metricsAddr string
var enableLeaderElection bool
var telegrafClassesDirectory string
var certDir string
var defaultTelegrafClass string
var telegrafImage string
var telegrafWatchConfig string
var enableDefaultInternalPlugin bool
var telegrafRequestsCPU string
var telegrafRequestsMemory string
var telegrafLimitsCPU string
var telegrafLimitsMemory string
var enableIstioInjection bool
var istioOutputClass string
var istioTelegrafImage string
var istioTelegrafWatchConfig string
var requireAnnotationsForSecret bool
var istioTelegrafRequestsCPU string
var istioTelegrafRequestsMemory string
var istioTelegrafLimitsCPU string
var istioTelegrafLimitsMemory string
flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
flag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
flag.BoolVar(&enableDefaultInternalPlugin, "enable-default-internal-plugin", false,
"Enable internal plugin in telegraf for all sidecar. If disabled, can be set explicitly via appropriate annotation")
flag.BoolVar(&requireAnnotationsForSecret, "require-annotations-for-secret", false,
"Require the annotations to be present when updating a secret")
flag.StringVar(&telegrafClassesDirectory, "telegraf-classes-directory", "/config/classes", "The name of the directory in which the telegraf classes are configured")
flag.StringVar(&certDir, "cert-dir", "/etc/certs", "The name of the directory where certificates for webhook are stored")
flag.StringVar(&defaultTelegrafClass, "telegraf-default-class", "default", "Default telegraf class to use")
flag.StringVar(&telegrafImage, "telegraf-image", defaultTelegrafImage, "Telegraf image to inject")
flag.StringVar(&telegrafWatchConfig, "telegraf-watch-config", "", "Optional setting to use for telegraf to watch for changes in configuration")
flag.StringVar(&telegrafRequestsCPU, "telegraf-requests-cpu", defaultRequestsCPU, "Default requests for CPU")
flag.StringVar(&telegrafRequestsMemory, "telegraf-requests-memory", defaultRequestsMemory, "Default requests for memory")
flag.StringVar(&telegrafLimitsCPU, "telegraf-limits-cpu", defaultLimitsCPU, "Default limits for CPU")
flag.StringVar(&telegrafLimitsMemory, "telegraf-limits-memory", defaultLimitsMemory, "Default limits for memory")
flag.BoolVar(&enableIstioInjection, "enable-istio-injection", false,
"Enable injecting additional sidecar for monitoring istio sidecar container. If enabled, additional sidecar telegraf-istio will be added for pods with the Istio annotation enabled")
flag.StringVar(&istioOutputClass, "istio-output-class", "istio", "Class to use for adding telegraf-istio sidecar to monitor its sidecar")
flag.StringVar(&istioTelegrafImage, "istio-telegraf-image", "", "If specified, use a custom image for telegraf-istio sidecar")
flag.StringVar(&istioTelegrafWatchConfig, "istio-telegraf-watch-config", "", "Optional setting to use for telegraf to watch for changes in configuration")
flag.StringVar(&istioTelegrafRequestsCPU, "istio-telegraf-requests-cpu", defaultRequestsCPU, "Default requests for CPU for istio sidecar")
flag.StringVar(&istioTelegrafRequestsMemory, "istio-ttelegraf-requests-memory", defaultRequestsMemory, "Default requests for memory for istio sidecar")
flag.StringVar(&istioTelegrafLimitsCPU, "istio-ttelegraf-limits-cpu", defaultLimitsCPU, "Default limits for CPU for istio sidecar")
flag.StringVar(&istioTelegrafLimitsMemory, "istio-ttelegraf-limits-memory", defaultLimitsMemory, "Default limits for memory for istio sidecar")
zopts := zap.Options{
Development: true,
}
zopts.BindFlags(flag.CommandLine)
flag.Parse()
ctrl.SetLogger(zap.New(zap.UseFlagOptions(&zopts)))
entryLog := setupLog.WithName("entrypoint")
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Scheme: scheme,
MetricsBindAddress: metricsAddr,
LeaderElection: enableLeaderElection,
Port: 9443,
CertDir: certDir,
})
if err != nil {
setupLog.Error(err, "unable to start manager")
os.Exit(1)
}
// +kubebuilder:scaffold:builder
// Setup webhooks
entryLog.Info("setting up webhook server")
hookServer := mgr.GetWebhookServer()
entryLog.Info("registering webhooks to the webhook server")
logger := setupLog.WithName("podInjector")
classData := newDirectoryClassDataHandler(logger, telegrafClassesDirectory)
err = classData.validateClassData()
if err != nil {
setupLog.Error(err, "class data validation failed")
os.Exit(1)
}
sidecar := &sidecarHandler{
ClassDataHandler: classData,
Logger: logger,
TelegrafDefaultClass: defaultTelegrafClass,
TelegrafImage: telegrafImage,
TelegrafWatchConfig: telegrafWatchConfig,
EnableDefaultInternalPlugin: enableDefaultInternalPlugin,
EnableIstioInjection: enableIstioInjection,
IstioOutputClass: istioOutputClass,
IstioTelegrafImage: istioTelegrafImage,
IstioTelegrafWatchConfig: istioTelegrafWatchConfig,
RequestsCPU: telegrafRequestsCPU,
RequestsMemory: telegrafRequestsMemory,
LimitsCPU: telegrafLimitsCPU,
LimitsMemory: telegrafLimitsMemory,
IstioRequestsCPU: istioTelegrafRequestsCPU,
IstioRequestsMemory: istioTelegrafRequestsMemory,
IstioLimitsCPU: istioTelegrafLimitsCPU,
IstioLimitsMemory: istioTelegrafLimitsMemory,
}
err = sidecar.validateRequestsAndLimits()
if err != nil {
setupLog.Error(err, "default resources validation failed")
os.Exit(1)
}
updater, err := newSecretsUpdater(ctrl.Log.WithName("updater"), sidecar)
if err != nil {
setupLog.Error(err, "setting up secrets updater failed")
os.Exit(1)
}
_, err = newTelegrafClassesWatcher(ctrl.Log.WithName("watcher"), telegrafClassesDirectory, updater.onChange)
if err != nil {
setupLog.Error(err, "setting up watcher failed")
os.Exit(1)
}
hookServer.Register("/mutate-v1-pod", &webhook.Admission{Handler: &podInjector{
Logger: logger,
SidecarHandler: sidecar,
ClassDataHandler: classData,
RequireAnnotationsForSecret: requireAnnotationsForSecret,
}})
setupLog.Info("starting manager")
if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
setupLog.Error(err, "problem running manager")
os.Exit(1)
}
}