github/intel-device-plugins-for-kubernetes
7
0
Fork 0
mirror of https://github.com/intel/intel-device-plugins-for-kubernetes.git synced 2025-06-03 03:59:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
2df9443fda
intel-device-plugins-for-ku.../cmd/sgx_admissionwebhook/main.go
Tuomas Katila 42c34a74a4 tls: drop additional ciphers 
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
2024-08-21 12:28:02 +03:00

77 lines
2.1 KiB
Go
Raw Blame History

// Copyright 2021-2022 Intel Corporation. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package main
import (
"crypto/tls"
"flag"
"os"
sgxwebhook "github.com/intel/intel-device-plugins-for-kubernetes/pkg/webhooks/sgx"
"k8s.io/klog/v2/textlogger"
ctrl "sigs.k8s.io/controller-runtime"
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
"sigs.k8s.io/controller-runtime/pkg/webhook"
)
var (
setupLog = ctrl.Log.WithName("setup")
)
func main() {
tlConf := textlogger.NewConfig()
tlConf.AddFlags(flag.CommandLine)
flag.Parse()
ctrl.SetLogger(textlogger.NewLogger(tlConf))
tlsCfgFunc := func(cfg *tls.Config) {
cfg.MinVersion = tls.VersionTLS12
cfg.MaxVersion = tls.VersionTLS12
cfg.CipherSuites = []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
}
}
webhookOptions := webhook.Options{
Port: 9443,
TLSOpts: []func(*tls.Config){
tlsCfgFunc,
},
}
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Metrics: metricsserver.Options{BindAddress: "0"},
Logger: ctrl.Log.WithName("SgxAdmissionWebhook"),
WebhookServer: webhook.NewServer(webhookOptions),
})
if err != nil {
setupLog.Error(err, "unable to start manager")
os.Exit(1)
}
if err := (&sgxwebhook.Mutator{}).SetupWebhookWithManager(mgr); err != nil {
setupLog.Error(err, "unable to create webhook", "webhook", "Pod")
os.Exit(1)
}
setupLog.Info("starting manager")
if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
setupLog.Error(err, "problem running manager")
os.Exit(1)
}
}
Reference in New Issue View Git Blame Copy Permalink