-
Mengxin Liu authored2215c05f
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package main
import (
"flag"
"github.com/alauda/kube-ovn/versions"
_ "net/http/pprof" // #nosec
"os"
"time"
ovnv1 "github.com/alauda/kube-ovn/pkg/apis/kubeovn/v1"
"github.com/alauda/kube-ovn/pkg/ovs"
ovnwebhook "github.com/alauda/kube-ovn/pkg/webhook"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/klog"
"k8s.io/klog/klogr"
ctrl "sigs.k8s.io/controller-runtime"
ctrlwebhook "sigs.k8s.io/controller-runtime/pkg/webhook"
)
const (
hookServerCertDir = "/tmp/k8s-webhook-server/serving-certs"
)
var (
scheme = runtime.NewScheme()
)
func init() {
if err := corev1.AddToScheme(scheme); err != nil {
klog.Fatalf("failed to add scheme, %v", err)
}
if err := appsv1.AddToScheme(scheme); err != nil {
klog.Fatalf("failed to add scheme, %v", err)
}
if err := ovnv1.AddToScheme(scheme); err != nil {
klog.Fatalf("failed to add scheme, %v", err)
}
}
func main() {
var (
port int
ovnNbHost string
ovnNbPort int
ovnNbTimeout int
defaultLS string
)
klog.Infof(versions.String())
flag.IntVar(&port, "port", 8443, "The port webhook listen on.")
flag.IntVar(&ovnNbPort, "ovn-nb-port", 6641, "OVN nb port")
flag.IntVar(&ovnNbTimeout, "ovn-nb-timeout", 30, "OVN nb timeout")
flag.StringVar(&ovnNbHost, "ovn-nb-host", "0.0.0.0", "OVN nb host")
flag.StringVar(&defaultLS, "default-ls", "ovn-default", "The default logical switch name, default: ovn-default")
klog.InitFlags(nil)
flag.Parse()
// set logger for controller-runtime framework
ctrl.SetLogger(klogr.New())
// Create a webhook server.
hookServer := &ctrlwebhook.Server{
Port: port,
CertDir: hookServerCertDir,
}
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Scheme: scheme,
// disable metrics to avoid port conflict
MetricsBindAddress: "0",
})
if err != nil {
panic(err)
}
opt := &ovnwebhook.WebhookOptions{
OvnNbHost: ovnNbHost,
OvnNbPort: ovnNbPort,
OvnNbTimeout: ovnNbTimeout,
DefaultLS: defaultLS,
}
validatingHook, err := ovnwebhook.NewValidatingHook(mgr.GetCache(), opt)
if err != nil {
panic(err)
}
// Register the webhooks in the server.
hookServer.Register("/validate-ip", &ctrlwebhook.Admission{Handler: validatingHook})
if err := mgr.Add(hookServer); err != nil {
panic(err)
}
go loopOvnNbctlDaemon(ovnNbHost, ovnNbPort)
// Start the server by starting a previously-set-up manager
if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
panic(err)
}
}
func loopOvnNbctlDaemon(ovnNbHost string, ovnNbPort int) {
for {
daemonSocket := os.Getenv("OVN_NB_DAEMON")
time.Sleep(5 * time.Second)
if _, err := os.Stat(daemonSocket); os.IsNotExist(err) || daemonSocket == "" {
if err := ovs.StartOvnNbctlDaemon(ovnNbHost); err != nil {
klog.Errorf("failed to start ovn-nbctl daemon, %v", err)
}
}
if err := ovs.CheckAlive(); err != nil {
klog.Warningf("ovn-nbctl daemon doesn't return, start a new daemon")
if err := ovs.StartOvnNbctlDaemon(ovnNbHost); err != nil {
klog.Errorf("failed to start ovn-nbctl daemon, %v", err)
}
}
}
}