feat(olm,catalog): add TLS support for metrics

Jeff Peeler · Jeff Peeler · commit 3d2317fcf72d · 2019-03-25T14:42:05.000-04:00
Two new command line arguments are added to pass the paths to the certificate
and private key, "tls-cert" and "tls-key".
diff --git a/cmd/catalog/main.go b/cmd/catalog/main.go
@@ -53,6 +53,12 @@ var (
 		"debug", false, "use debug log level")
 
 	version = flag.Bool("version", false, "displays olm version")
+
+	tlsKeyPath = flag.String(
+		"tls-key", "", "Path to use for private key (requires tls-cert)")
+
+	tlsCertPath = flag.String(
+		"tls-cert", "", "Path to use for certificate key (requires tls-key)")
 )
 
 func init() {
@@ -83,17 +89,33 @@ func main() {
 		}
 	}
 
+	logger := log.New()
+	if *debug {
+		logger.SetLevel(log.DebugLevel)
+	}
+	logger.Infof("log level %s", logger.Level)
+
+	var useTLS bool
+	if *tlsCertPath != "" && *tlsKeyPath == "" || *tlsCertPath == "" && *tlsKeyPath != "" {
+		logger.Warn("both --tls-key and --tls-crt must be provided for TLS to be enabled, falling back to non-https")
+	} else if *tlsCertPath == "" && *tlsKeyPath == "" {
+		logger.Info("TLS keys not set, using non-https")
+	} else {
+		useTLS = true
+	}
+
 	// Serve a health check.
 	http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	})
 	go http.ListenAndServe(":8080", nil)
 
-	logger := log.New()
-	if *debug {
-		logger.SetLevel(log.DebugLevel)
+	http.Handle("/metrics", promhttp.Handler())
+	if useTLS {
+		go http.ListenAndServeTLS(":8081", *tlsCertPath, *tlsKeyPath, nil)
+	} else {
+		go http.ListenAndServe(":8081", nil)
 	}
-	logger.Infof("log level %s", logger.Level)
 
 	// create a config client for operator status
 	config, err := clientcmd.BuildConfigFromFlags("", *kubeConfigPath)
@@ -112,9 +134,6 @@ func main() {
 		log.Panicf("error configuring operator: %s", err.Error())
 	}
 
-	http.Handle("/metrics", promhttp.Handler())
-	go http.ListenAndServe(":8081", nil)
-
 	ready, done, sync := catalogOperator.Run(stopCh)
 	<-ready
 
diff --git a/cmd/olm/main.go b/cmd/olm/main.go
@@ -49,6 +49,12 @@ var (
 		"debug", false, "use debug log level")
 
 	version = flag.Bool("version", false, "displays olm version")
+
+	tlsKeyPath = flag.String(
+		"tls-key", "", "Path to use for private key (requires tls-cert)")
+
+	tlsCertPath = flag.String(
+		"tls-cert", "", "Path to use for certificate key (requires tls-key)")
 )
 
 func init() {
@@ -113,14 +119,27 @@ func main() {
 		log.Fatalf("error configuring operator: %s", err.Error())
 	}
 
+	var useTLS bool
+	if *tlsCertPath != "" && *tlsKeyPath == "" || *tlsCertPath == "" && *tlsKeyPath != "" {
+		logger.Warn("both --tls-key and --tls-crt must be provided for TLS to be enabled, falling back to non-https")
+	} else if *tlsCertPath == "" && *tlsKeyPath == "" {
+		logger.Info("TLS keys not set, using non-https")
+	} else {
+		useTLS = true
+	}
+
 	// Serve a health check.
 	http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	})
 	go http.ListenAndServe(":8080", nil)
 
 	http.Handle("/metrics", promhttp.Handler())
-	go http.ListenAndServe(":8081", nil)
+	if useTLS {
+		go http.ListenAndServeTLS(":8081", *tlsCertPath, *tlsKeyPath, nil)
+	} else {
+		go http.ListenAndServe(":8081", nil)
+	}
 
 	ready, done, sync := operator.Run(stopCh)
 	<-ready
