in main.go [60:234]
func main() {
var (
metricsAddr string
enableLeaderElection bool
probeAddr string
secureMetrics bool
enableHTTP2 bool
)
flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
flag.BoolVar(&enableLeaderElection, "leader-elect", false,
"Enable leader election for controller manager. "+
"Enabling this will ensure there is only one active controller manager.")
flag.BoolVar(&secureMetrics, "metrics-secure", false,
"If set the metrics endpoint is served securely")
flag.BoolVar(&enableHTTP2, "enable-http2", false,
"If set, HTTP/2 will be enabled for the metrics and webhook servers")
opts := zap.Options{
Development: true,
}
opts.BindFlags(flag.CommandLine)
flag.Parse()
ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
v := buildInfo.Get()
ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
// if the enable-http2 flag is false (the default), http/2 should be disabled
// due to its vulnerabilities. More specifically, disabling http/2 will
// prevent from being vulnerable to the HTTP/2 Stream Cancelation and
// Rapid Reset CVEs. For more information see:
// - https://github.com/advisories/GHSA-qppj-fm5r-hxr3
// - https://github.com/advisories/GHSA-4374-p667-p6c8
disableHTTP2 := func(c *tls.Config) {
setupLog.Info("disabling http/2")
c.NextProtos = []string{"http/1.1"}
}
var tlsOpts []func(*tls.Config)
if !enableHTTP2 {
tlsOpts = append(tlsOpts, disableHTTP2)
}
setupLog.Info("Starting the Codebase Operator",
"version", v.Version,
"git-commit", v.GitCommit,
"git-tag", v.GitTag,
"build-date", v.BuildDate,
"go-version", v.Go,
"go-client", v.KubectlVersion,
"platform", v.Platform,
)
utilruntime.Must(clientgoscheme.AddToScheme(scheme))
utilruntime.Must(codebaseApiV1.AddToScheme(scheme))
utilruntime.Must(cdPipeApi.AddToScheme(scheme))
utilruntime.Must(networkingV1.AddToScheme(scheme))
utilruntime.Must(routeApi.AddToScheme(scheme))
utilruntime.Must(tektonTriggersApi.AddToScheme(scheme))
utilruntime.Must(tektonpipelineApi.AddToScheme(scheme))
ns, err := util.GetWatchNamespace()
if err != nil {
setupLog.Error(err, "failed to get watch namespace")
os.Exit(1)
}
cfg := ctrl.GetConfigOrDie()
mgr, err := ctrl.NewManager(cfg, ctrl.Options{
Scheme: scheme,
Metrics: metricsserver.Options{
BindAddress: metricsAddr,
SecureServing: secureMetrics,
TLSOpts: tlsOpts,
},
HealthProbeBindAddress: probeAddr,
LeaderElection: enableLeaderElection,
LeaderElectionID: codebaseOperatorLock,
Cache: cache.Options{
DefaultNamespaces: map[string]cache.Config{ns: {}},
},
})
if err != nil {
setupLog.Error(err, "failed to start manager")
os.Exit(1)
}
ctrlLog := ctrl.Log.WithName("controllers")
cdStageDeployCtrl := cdstagedeploy.NewReconcileCDStageDeploy(mgr.GetClient(), ctrlLog, chain.CreateChain)
if err = cdStageDeployCtrl.SetupWithManager(mgr); err != nil {
setupLog.Error(err, "failed to create controller", "controller", "cd-stage-deploy")
os.Exit(1)
}
codebaseCtrl := codebase.NewReconcileCodebase(mgr.GetClient(), mgr.GetScheme(), ctrlLog)
if err = codebaseCtrl.SetupWithManager(mgr); err != nil {
setupLog.Error(err, "failed to create controller", "controller", "codebase")
os.Exit(1)
}
cbCtrl := codebasebranch.NewReconcileCodebaseBranch(mgr.GetClient(), mgr.GetScheme(), ctrlLog)
if err = cbCtrl.SetupWithManager(mgr,
getMaxConcurrentReconciles(codebaseBranchMaxConcurrentReconcilesEnv)); err != nil {
setupLog.Error(err, logFailCtrlCreateMessage, "controller", "codebase-branch")
os.Exit(1)
}
cisCtrl := codebaseimagestream.NewReconcileCodebaseImageStream(mgr.GetClient(), ctrlLog)
if err = cisCtrl.SetupWithManager(mgr); err != nil {
setupLog.Error(err, logFailCtrlCreateMessage, "controller", "codebase-image-stream")
os.Exit(1)
}
if err = gitserver.NewReconcileGitServer(mgr.GetClient()).SetupWithManager(mgr); err != nil {
setupLog.Error(err, logFailCtrlCreateMessage, "controller", "git-server")
os.Exit(1)
}
jimCtrl := jiraissuemetadata.NewReconcileJiraIssueMetadata(mgr.GetClient(), mgr.GetScheme(), ctrlLog)
if err = jimCtrl.SetupWithManager(mgr); err != nil {
setupLog.Error(err, logFailCtrlCreateMessage, "controller", "jira-issue-metadata")
os.Exit(1)
}
jsCtrl := jiraserver.NewReconcileJiraServer(mgr.GetClient(), mgr.GetScheme(), ctrlLog)
if err = jsCtrl.SetupWithManager(mgr); err != nil {
setupLog.Error(err, logFailCtrlCreateMessage, "controller", "jira-server")
os.Exit(1)
}
if err = integrationsecret.NewReconcileIntegrationSecret(mgr.GetClient()).SetupWithManager(mgr); err != nil {
setupLog.Error(err, logFailCtrlCreateMessage, "controller", "integration-secret")
os.Exit(1)
}
if os.Getenv("ENABLE_WEBHOOKS") != "false" {
if err = webhook.RegisterValidationWebHook(context.Background(), mgr, ns); err != nil {
setupLog.Error(err, "failed to create webhook", "webhook", "Codebase")
os.Exit(1)
}
}
//+kubebuilder:scaffold:builder
if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
setupLog.Error(err, "failed to set up health check")
os.Exit(1)
}
if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
setupLog.Error(err, "failed to set up ready check")
os.Exit(1)
}
setupLog.Info("starting manager")
ctx := ctrl.SetupSignalHandler()
telemetryEnabled, _ := strconv.ParseBool(os.Getenv("TELEMETRY_ENABLED"))
if telemetryEnabled {
go telemetry.NewCollector(ns, telemetryUrl, mgr.GetClient()).Start(ctx, getTelemetryDelay(), telemetrySendEvery)
}
if err := mgr.Start(ctx); err != nil {
setupLog.Error(err, "problem running manager")
os.Exit(1)
}
}