func()

in pkg/authority/security/server.go [74:135]

• 50 lines of code
• 7 McCabe index (conditional complexity)

func (s *Server) Init() {
	// TODO bypass k8s work
	if s.KubeClient == nil {
		s.KubeClient = k8s.NewClient()
	}
	if !s.KubeClient.Init(s.Options) {
		logger.Sugar().Warnf("Failed to connect to Kubernetes cluster. Will ignore OpenID Connect check.")
		s.Options.IsKubernetesConnected = false
	} else {
		s.Options.IsKubernetesConnected = true
	}

	if s.CertStorage == nil {
		s.CertStorage = cert2.NewStorage(s.Options)
	}
	if s.Elec == nil {
		s.Elec = election.NewleaderElection()
	}
	go s.CertStorage.RefreshServerCert()

	s.LoadRootCert()
	s.LoadAuthorityCert()

	s.PlainServer = grpc.NewServer()
	reflection.Register(s.PlainServer)

	pool := x509.NewCertPool()
	tlsConfig := &tls.Config{
		GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
			for _, cert := range s.CertStorage.GetTrustedCerts() {
				pool.AddCert(cert.Cert)
			}
			return s.CertStorage.GetServerCert(info.ServerName), nil
		},
		ClientCAs:  pool,
		ClientAuth: tls.VerifyClientCertIfGiven,
	}

	s.CertStorage.GetServerCert("localhost")
	s.CertStorage.GetServerCert("dubbo-ca." + s.Options.Namespace + ".svc")
	s.CertStorage.GetServerCert("dubbo-ca." + s.Options.Namespace + ".svc.cluster.local")

	s.SecureServer = grpc.NewServer(grpc.Creds(credentials.NewTLS(tlsConfig)))

	s.initRuleHandler()

	s.registerCertificateService()
	s.registerObserveService()

	reflection.Register(s.SecureServer)

	if s.Options.InPodEnv {
		s.WebhookServer = webhook.NewWebhook(
			func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
				return s.CertStorage.GetServerCert(info.ServerName), nil
			})
		s.WebhookServer.Init(s.Options)

		s.JavaInjector = patch.NewJavaSdk(s.Options, s.KubeClient)
		s.WebhookServer.Patches = append(s.WebhookServer.Patches, s.JavaInjector.NewPod)
	}
}