-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.go
93 lines (78 loc) · 2.38 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package main
import (
"crypto/tls"
"crypto/x509"
"flag"
"fmt"
"github.com/Peripli/service-manager-istio-mcp-server/pkg/config"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"io/ioutil"
"istio.io/api/mcp/v1alpha1"
"istio.io/istio/galley/pkg/metadata"
"istio.io/istio/pkg/mcp/monitoring"
"istio.io/istio/pkg/mcp/server"
"istio.io/istio/pkg/mcp/source"
"log"
"net"
)
func main() {
var configDir string
var tlsMode string
flag.StringVar(&configDir, "configDir", "", "istio config directory")
flag.StringVar(&tlsMode, "tlsMode", "MUTUAL", "tls mode. Possible values: NONE, MUTUAL.")
flag.Parse()
watcher, err := config.NewConfigWatcher(configDir)
if err != nil {
panic(err)
}
options := &source.Options{
Watcher: watcher,
Reporter: monitoring.NewStatsContext("mcp"),
CollectionOptions: source.CollectionOptionsFromSlice(metadata.Types.Collections())}
mcpServer := server.New(options,&server.AllowAllChecker{})
var grpcOptions []grpc.ServerOption
switch tlsMode {
case "MUTUAL":
grpcOptions = append(grpcOptions, grpc.Creds(credentials.NewTLS(tlsConfig())))
case "NONE":
default:
log.Panic(fmt.Sprintf("Invalid TLS mode %s", tlsMode))
}
grpcOptions = append(grpcOptions, grpc.MaxConcurrentStreams(1024))
grpcOptions = append(grpcOptions, grpc.MaxRecvMsgSize(1024*1024))
grpcServer := grpc.NewServer(grpcOptions...)
log.Println("Setting up tls config")
v1alpha1.RegisterAggregatedMeshConfigServiceServer(grpcServer, mcpServer)
serverOptions := &source.ServerOptions{AuthChecker: server.NewAllowAllChecker()}
mcpSource := source.NewServer(options, serverOptions)
v1alpha1.RegisterResourceSourceServer(grpcServer, mcpSource)
grpcListener, err := net.Listen("tcp", ":18000")
if err != nil {
panic(err)
}
err = grpcServer.Serve(grpcListener)
if err != nil {
panic(err)
}
}
func tlsConfig() *tls.Config {
serverCert, err := tls.LoadX509KeyPair("config/certs/mcp.crt", "config/certs/mcp.key")
if err != nil {
panic(err)
}
certPool := x509.NewCertPool()
ca, err := ioutil.ReadFile("config/certs/ca.crt")
if err != nil {
panic(fmt.Errorf("could not read ca-file: %s", err))
}
ok := certPool.AppendCertsFromPEM(ca)
if !ok {
panic("Could not append ca cert to cert pool.")
}
return &tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: certPool,
Certificates: []tls.Certificate{serverCert},
}
}