From ff0d6066c1cd19ffe55102b0beb916b2811bdd63 Mon Sep 17 00:00:00 2001 From: Catherine Chan-Tse Date: Mon, 22 Jan 2024 15:54:24 -0500 Subject: [PATCH] Rapid reset scaffold remediation Signed-off-by: Catherine Chan-Tse --- internal/ansible/flags/flag.go | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/internal/ansible/flags/flag.go b/internal/ansible/flags/flag.go index 9c19b1c..f05ed1d 100644 --- a/internal/ansible/flags/flag.go +++ b/internal/ansible/flags/flag.go @@ -15,12 +15,14 @@ package flags import ( + "crypto/tls" "runtime" "time" "github.com/spf13/pflag" "k8s.io/client-go/tools/leaderelection/resourcelock" "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/webhook" ) // Flags - Options to be used by an ansible operator @@ -44,6 +46,8 @@ type Flags struct { AnsibleArgs string AnsibleLogEvents string ProxyPort int + EnableHTTP2 bool + SecureMetrics bool // Path to a controller-runtime componentconfig file. // If this is empty, use default values. @@ -197,6 +201,17 @@ func (f *Flags) AddTo(flagSet *pflag.FlagSet) { 8888, "Ansible proxy server port. Defaults to 8888.", ) + flagSet.BoolVar(&f.EnableHTTP2, + "enable-http2", + false, + "enables HTTP/2 on the webhook and metrics servers", + ) + + flagSet.BoolVar(&f.SecureMetrics, + "metrics-secure", + false, + "enables secure serving of the metrics endpoint", + ) } // ToManagerOptions uses the flag set in f to configure options. @@ -241,5 +256,15 @@ func (f *Flags) ToManagerOptions(options manager.Options) manager.Options { options.GracefulShutdownTimeout = &f.GracefulShutdownTimeout } + disableHTTP2 := func(c *tls.Config) { + c.NextProtos = []string{"http/1.1"} + } + if !f.EnableHTTP2 { + options.WebhookServer = webhook.NewServer(webhook.Options{ + TLSOpts: []func(*tls.Config){disableHTTP2}, + }) + options.Metrics.TLSOpts = append(options.Metrics.TLSOpts, disableHTTP2) + } + options.Metrics.SecureServing = f.SecureMetrics return options }