in cmd/webhook/main.go [69:161]
func mainErr() error {
defer mlog.Setup()()
flag.StringVar(&audience, "audience", "", "Audience for service account token")
flag.StringVar(&webhookCertDir, "webhook-cert-dir", "/certs", "Webhook certificates dir to use. Defaults to /certs")
flag.BoolVar(&disableCertRotation, "disable-cert-rotation", false, "disable automatic generation and rotation of webhook TLS certificates/keys")
flag.StringVar(&tlsMinVersion, "tls-min-version", "1.3", "Minimum TLS version")
flag.StringVar(&healthAddr, "health-addr", ":9440", "The address the health endpoint binds to")
flag.StringVar(&metricsAddr, "metrics-addr", ":8095", "The address the metrics endpoint binds to")
flag.StringVar(&metricsBackend, "metrics-backend", "prometheus", "Backend used for metrics")
flag.StringVar(&logLevel, "log-level", "",
"In order of increasing verbosity: unset (empty string), info, debug, trace and all.")
flag.Parse()
ctx := signals.SetupSignalHandler()
if err := mlog.ValidateAndSetLogLevelAndFormatGlobally(ctx, mlog.LogSpec{
Level: mlog.LogLevel(logLevel),
Format: mlog.FormatJSON,
}); err != nil {
return fmt.Errorf("invalid --log-level set: %w", err)
}
// nolint:staticcheck
// controller-runtime forces use to use the deprecated logr.Logger returned by mlog.Logr here
log.SetLogger(mlog.Logr())
config := ctrl.GetConfigOrDie()
config.UserAgent = version.GetUserAgent("webhook")
// initialize metrics exporter before creating measurements
entryLog.Info("initializing metrics backend", "backend", metricsBackend)
if err := metrics.InitMetricsExporter(metricsBackend); err != nil {
return fmt.Errorf("entrypoint: failed to initialize metrics exporter: %w", err)
}
// log the user agent as it makes it easier to debug issues
entryLog.Info("setting up manager", "userAgent", config.UserAgent)
tlsVersion, err := parseTLSVersion(tlsMinVersion)
if err != nil {
return fmt.Errorf("entrypoint: unable to parse TLS version: %w", err)
}
serverOpts := webhook.Options{
CertDir: webhookCertDir,
TLSOpts: []func(c *tls.Config){func(c *tls.Config) { c.MinVersion = tlsVersion }},
}
mgr, err := ctrl.NewManager(config, ctrl.Options{
Scheme: scheme,
LeaderElection: false,
HealthProbeBindAddress: healthAddr,
Metrics: metricsserver.Options{
BindAddress: metricsAddr,
},
WebhookServer: webhook.NewServer(serverOpts),
MapperProvider: apiutil.NewDynamicRESTMapper,
})
if err != nil {
return fmt.Errorf("entrypoint: unable to set up controller manager: %w", err)
}
// Make sure certs are generated and valid if cert rotation is enabled.
setupFinished := make(chan struct{})
if !disableCertRotation {
entryLog.Info("setting up cert rotation")
if err := rotator.AddRotator(mgr, &rotator.CertRotator{
SecretKey: types.NamespacedName{
Namespace: util.GetNamespace(),
Name: secretName,
},
CertDir: webhookCertDir,
CAName: caName,
CAOrganization: caOrganization,
DNSName: dnsName,
IsReady: setupFinished,
Webhooks: webhooks,
}); err != nil {
return fmt.Errorf("entrypoint: unable to set up cert rotation: %w", err)
}
} else {
close(setupFinished)
}
setupProbeEndpoints(mgr, setupFinished)
go setupWebhook(mgr, setupFinished)
entryLog.Info("starting manager")
if err := mgr.Start(ctx); err != nil {
return fmt.Errorf("entrypoint: unable to run manager: %w", err)
}
return nil
}