Skip to content

Commit

Permalink
Merge pull request #27 from metalmatze/fix-server-errors
Browse files Browse the repository at this point in the history 
Check errors and log them
  • Loading branch information
@brancz
brancz committed Jan 22, 2019
2 parents 39a4c93 + 0de3d34 commit dd0f13f
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 22 deletions.
4 changes: 2 additions & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ FROM golang:1.11-alpine AS build
RUN apk add --update make
WORKDIR /go/src/github.com/brancz/kube-rbac-proxy
COPY . .
RUN make build
RUN make build && cp /go/src/github.com/brancz/kube-rbac-proxy/_output/linux/$(go env GOARCH)/kube-rbac-proxy /usr/local/bin

FROM alpine:3.8
RUN apk add -U --no-cache ca-certificates && rm -rf /var/cache/apk/*
COPY --from=build /go/src/github.com/brancz/kube-rbac-proxy/_output/linux/$(go env GOARCH)/kube-rbac-proxy .
COPY --from=build /usr/local/bin/kube-rbac-proxy .
ENTRYPOINT ["./kube-rbac-proxy"]
EXPOSE 8080
50 changes: 30 additions & 20 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ func main() {
}))

if cfg.secureListenAddress != "" {
srv := &http.Server{Handler: mux}
srv := &http.Server{Handler: mux, TLSConfig: &tls.Config{}}

if cfg.tls.certFile == "" && cfg.tls.keyFile == "" {
glog.Info("Generating self signed cert as no cert is provided")
Expand All @@ -216,31 +216,36 @@ func main() {
glog.Fatalf("Failed to load generated self signed cert and key: %v", err)
}

version, err := tlsVersion(cfg.tls.minVersion)
if err != nil {
glog.Fatalf("TLS version invalid: %v", err)
}
srv.TLSConfig.Certificates = []tls.Certificate{cert}
}

cipherSuiteIDs, err := k8sapiflag.TLSCipherSuites(cfg.tls.cipherSuites)
if err != nil {
glog.Fatalf("Failed to convert TLS cipher suite name to ID: %v", err)
}
srv.TLSConfig = &tls.Config{
CipherSuites: cipherSuiteIDs,
Certificates: []tls.Certificate{cert},
MinVersion: version,
// To enable http/2
// See net/http.Server.shouldConfigureHTTP2ForServe for more context
NextProtos: []string{"h2"},
}
version, err := tlsVersion(cfg.tls.minVersion)
if err != nil {
glog.Fatalf("TLS version invalid: %v", err)
}

cipherSuiteIDs, err := k8sapiflag.TLSCipherSuites(cfg.tls.cipherSuites)
if err != nil {
glog.Fatalf("Failed to convert TLS cipher suite name to ID: %v", err)
}

srv.TLSConfig.CipherSuites = cipherSuiteIDs
srv.TLSConfig.MinVersion = version
srv.TLSConfig.NextProtos = []string{"h2"}

glog.Infof("Starting TCP socket on %v", cfg.secureListenAddress)

l, err := net.Listen("tcp", cfg.secureListenAddress)
if err != nil {
glog.Fatalf("Failed to listen on secure address: %v", err)
}
glog.Infof("Listening securely on %v", cfg.secureListenAddress)
go srv.ServeTLS(l, cfg.tls.certFile, cfg.tls.keyFile)
go func() {
err := srv.ServeTLS(l, cfg.tls.certFile, cfg.tls.keyFile)
if err != nil {
glog.Fatalf("failed to serve TLS server: %v", err)
}
}()
}

if cfg.insecureListenAddress != "" {
Expand Down Expand Up @@ -298,10 +303,15 @@ func main() {
glog.Fatalf("Failed to listen on insecure address: %v", err)
}
glog.Infof("Listening insecurely on %v", cfg.insecureListenAddress)
go srv.Serve(l)
go func() {
err := srv.Serve(l)
if err != nil {
glog.Fatalf("failed to serve server: %v", err)
}
}()
}

term := make(chan os.Signal)
term := make(chan os.Signal, 1)
signal.Notify(term, os.Interrupt, syscall.SIGTERM)

select {
Expand Down

0 comments on commit dd0f13f

Please sign in to comment.