jg/json endpoint

deploy/all.yaml

@@ -106,8 +106,9 @@ spec:
     spec:
       serviceAccountName: fairwinds
       containers:
-      - name: fairwinds
+      - name: webhook
         image: quay.io/reactiveops/fairwinds
+        command: ["fairwinds", "--webhook"]
         imagePullPolicy: Always
         resources:
           limits:
@@ -123,6 +124,24 @@ spec:
           mountPath: /opt/app/config.yml
           subPath: config.yml
           readOnly: true
+      - name: dashboard
+        image: quay.io/reactiveops/fairwinds
+        command: ["fairwinds", "--dashboard"]
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+        resources:
+          limits:
+            cpu: 100m
+            memory: 128Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi
+        volumeMounts:
+        - name: fairwinds
+          mountPath: /opt/app/config.yml
+          subPath: config.yml
+          readOnly: true
       volumes:
       - name: fairwinds
         configMap:

main.go

@@ -15,13 +15,18 @@
 package main
 
 import (
+	"encoding/json"
 	"flag"
+	glog "log"
+	"net/http"
 	"os"
 
 	conf "github.com/reactiveops/fairwinds/pkg/config"
+	"github.com/reactiveops/fairwinds/pkg/kube"
 	"github.com/reactiveops/fairwinds/pkg/validator"
 	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	apitypes "k8s.io/apimachinery/pkg/types"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
@@ -37,18 +42,54 @@ var FairwindsName = "fairwinds"
 var log = logf.Log.WithName(FairwindsName)
 
 func main() {
+	dashboard := flag.Bool("dashboard", false, "Runs the webserver for Fairwinds dashboard.")
+	webhook := flag.Bool("webhook", false, "Runs the webhook webserver.")
+
 	var disableWebhookConfigInstaller bool
 	flag.BoolVar(&disableWebhookConfigInstaller, "disable-webhook-config-installer", false,
 		"disable the installer in the webhook server, so it won't install webhook configuration resources during bootstrapping")
 
 	flag.Parse()
-	logf.SetLogger(logf.ZapLogger(false))
-	entryLog := log.WithName("entrypoint")
 
 	c, err := conf.ParseFile("config.yml")
 	if err != nil {
-		entryLog.Error(err, "parse config err")
+		return
+	}
+
+	if *webhook {
+		startWebhookServer(c, disableWebhookConfigInstaller)
+	}
+
+	if *dashboard {
+		startDashboardServer(c)
+	}
+}
+
+func startDashboardServer(c conf.Configuration) {
+	http.HandleFunc("/validate", func(w http.ResponseWriter, r *http.Request) { validateHandler(w, r, c) })
+	glog.Println("Starting Fairwinds dashboard webserver on port 8080.")
+	glog.Fatal(http.ListenAndServe(":8080", nil))
+}
+
+func validateHandler(w http.ResponseWriter, r *http.Request, c conf.Configuration) {
+	var results []validator.Results
+	pods, err := kube.CoreV1API.Pods("").List(metav1.ListOptions{})
+	if err != nil {
+		return
+	}
+	glog.Println("pods count:", len(pods.Items))
+	for _, pod := range pods.Items {
+		result := validator.ValidatePods(c, &pod, validator.Results{})
+		results = append(results, result)
 	}
+	w.WriteHeader(http.StatusOK)
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(results)
+}
+
+func startWebhookServer(c conf.Configuration, disableWebhookConfigInstaller bool) {
+	logf.SetLogger(logf.ZapLogger(false))
+	entryLog := log.WithName("entrypoint")
 
 	// Setup a Manager
 	entryLog.Info("setting up manager")

pkg/kube/clientset.go

@@ -0,0 +1,61 @@
+package kube
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	homedir "github.com/mitchellh/go-homedir"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+)
+
+func createClientset() *kubernetes.Clientset {
+	var err error
+	var config *rest.Config
+	kubeconfig := getKubeConfig()
+
+	switch kubeconfig {
+	case "":
+		config, err = rest.InClusterConfig()
+	default:
+		config, err = clientcmd.BuildConfigFromFlags("", kubeconfig)
+	}
+	if err != nil {
+		fmt.Println("Error:", err)
+	}
+
+	clientset, err := kubernetes.NewForConfig(config)
+	if err != nil {
+		fmt.Println("Error:", err)
+	}
+	return clientset
+}
+
+func getKubeConfig() string {
+	var path string
+
+	if os.Getenv("KUBECONFIG") != "" {
+		path = os.Getenv("KUBECONFIG")
+		return path
+	}
+
+	if home, err := homedir.Dir(); err == nil {
+		path = filepath.Join(home, ".kube", "config")
+	}
+
+	if _, err := os.Stat(path); err != nil {
+		// No kubeconfig exists, therefor return an emtpy string to
+		// indicate that this web server is running inside the cluster.
+		return ""
+	}
+	return path
+}
+
+var clientset = createClientset()
+
+// Kubernetes version 1.11 APIs
+
+// CoreV1API exports the v1 Core API client.
+var CoreV1API = clientset.CoreV1()

pkg/validator/pod.go

@@ -48,13 +48,14 @@ func (v *PodValidator) Handle(ctx context.Context, req types.Request) types.Resp
 		return admission.ErrorResponse(http.StatusBadRequest, err)
 	}
 
-	results := validatePods(v.Config, pod, Results{})
+	results := ValidatePods(v.Config, pod, Results{})
 	allowed, reason := results.Format()
 
 	return admission.ValidationResponse(allowed, reason)
 }
 
-func validatePods(conf conf.Configuration, pod *corev1.Pod, results Results) Results {
+// ValidatePods does validates that each pod conforms to the Fairwinds config.
+func ValidatePods(conf conf.Configuration, pod *corev1.Pod, results Results) Results {
 	for _, container := range pod.Spec.InitContainers {
 		results.InitContainerValidations = append(
 			results.InitContainerValidations,