MCPcopy
hub / github.com/operator-framework/operator-sdk / main

Function main

testdata/go/v4/memcached-operator/cmd/main.go:59–255  ·  view source on GitHub ↗

nolint:gocyclo

()

Source from the content-addressed store, hash-verified

57
58// nolint:gocyclo
59func main() {
60 var metricsAddr string
61 var metricsCertPath, metricsCertName, metricsCertKey string
62 var webhookCertPath, webhookCertName, webhookCertKey string
63 var enableLeaderElection bool
64 var probeAddr string
65 var secureMetrics bool
66 var enableHTTP2 bool
67 var tlsOpts []func(*tls.Config)
68 flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+
69 "Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.")
70 flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
71 flag.BoolVar(&enableLeaderElection, "leader-elect", false,
72 "Enable leader election for controller manager. "+
73 "Enabling this will ensure there is only one active controller manager.")
74 flag.BoolVar(&secureMetrics, "metrics-secure", true,
75 "If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.")
76 flag.StringVar(&webhookCertPath, "webhook-cert-path", "", "The directory that contains the webhook certificate.")
77 flag.StringVar(&webhookCertName, "webhook-cert-name", "tls.crt", "The name of the webhook certificate file.")
78 flag.StringVar(&webhookCertKey, "webhook-cert-key", "tls.key", "The name of the webhook key file.")
79 flag.StringVar(&metricsCertPath, "metrics-cert-path", "",
80 "The directory that contains the metrics server certificate.")
81 flag.StringVar(&metricsCertName, "metrics-cert-name", "tls.crt", "The name of the metrics server certificate file.")
82 flag.StringVar(&metricsCertKey, "metrics-cert-key", "tls.key", "The name of the metrics server key file.")
83 flag.BoolVar(&enableHTTP2, "enable-http2", false,
84 "If set, HTTP/2 will be enabled for the metrics and webhook servers")
85 opts := zap.Options{
86 Development: true,
87 }
88 opts.BindFlags(flag.CommandLine)
89 flag.Parse()
90
91 ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
92
93 // if the enable-http2 flag is false (the default), http/2 should be disabled
94 // due to its vulnerabilities. More specifically, disabling http/2 will
95 // prevent from being vulnerable to the HTTP/2 Stream Cancellation and
96 // Rapid Reset CVEs. For more information see:
97 // - https://github.com/advisories/GHSA-qppj-fm5r-hxr3
98 // - https://github.com/advisories/GHSA-4374-p667-p6c8
99 disableHTTP2 := func(c *tls.Config) {
100 setupLog.Info("disabling http/2")
101 c.NextProtos = []string{"http/1.1"}
102 }
103
104 if !enableHTTP2 {
105 tlsOpts = append(tlsOpts, disableHTTP2)
106 }
107
108 // Create watchers for metrics and webhooks certificates
109 var metricsCertWatcher, webhookCertWatcher *certwatcher.CertWatcher
110
111 // Initial webhook TLS options
112 webhookTLSOpts := tlsOpts
113
114 if len(webhookCertPath) > 0 {
115 setupLog.Info("Initializing webhook certificate watcher using provided certificates",
116 "webhook-cert-path", webhookCertPath, "webhook-cert-name", webhookCertName, "webhook-cert-key", webhookCertKey)

Callers

nothing calls this directly

Calls 4

NewManagerMethod · 0.65
BindFlagsMethod · 0.45
ErrorMethod · 0.45
SetupWithManagerMethod · 0.45

Tested by

no test coverage detected