Sida Chen
parent
58022d97e3
commit
0151dbaef8
13
api/api.go
13
api/api.go
@ -20,7 +20,6 @@ import (
|
|||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
@ -35,13 +34,13 @@ const timeoutResponse = `{"Error":{"Message":"Clair failed to respond within the
|
|||||||
|
|
||||||
// Config is the configuration for the API service.
|
// Config is the configuration for the API service.
|
||||||
type Config struct {
|
type Config struct {
|
||||||
GrpcPort int
|
Addr string
|
||||||
HealthPort int
|
HealthAddr string
|
||||||
Timeout time.Duration
|
Timeout time.Duration
|
||||||
CertFile, KeyFile, CAFile string
|
CertFile, KeyFile, CAFile string
|
||||||
}
|
}
|
||||||
|
|
||||||
func RunV2(cfg *Config, store database.Datastore) {
|
func Run(cfg *Config, store database.Datastore) {
|
||||||
tlsConfig, err := tlsClientConfig(cfg.CAFile)
|
tlsConfig, err := tlsClientConfig(cfg.CAFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.WithError(err).Fatal("could not initialize client cert authentication")
|
log.WithError(err).Fatal("could not initialize client cert authentication")
|
||||||
@ -49,7 +48,7 @@ func RunV2(cfg *Config, store database.Datastore) {
|
|||||||
if tlsConfig != nil {
|
if tlsConfig != nil {
|
||||||
log.Info("main API configured with client certificate authentication")
|
log.Info("main API configured with client certificate authentication")
|
||||||
}
|
}
|
||||||
v3.Run(cfg.GrpcPort, tlsConfig, cfg.CertFile, cfg.KeyFile, store)
|
v3.Run(cfg.Addr, tlsConfig, cfg.CertFile, cfg.KeyFile, store)
|
||||||
}
|
}
|
||||||
|
|
||||||
func RunHealth(cfg *Config, store database.Datastore, st *stopper.Stopper) {
|
func RunHealth(cfg *Config, store database.Datastore, st *stopper.Stopper) {
|
||||||
@ -60,13 +59,13 @@ func RunHealth(cfg *Config, store database.Datastore, st *stopper.Stopper) {
|
|||||||
log.Info("health API service is disabled.")
|
log.Info("health API service is disabled.")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
log.WithField("port", cfg.HealthPort).Info("starting health API")
|
log.WithField("addr", cfg.HealthAddr).Info("starting health API")
|
||||||
|
|
||||||
srv := &graceful.Server{
|
srv := &graceful.Server{
|
||||||
Timeout: 10 * time.Second, // Interrupt health checks when stopping
|
Timeout: 10 * time.Second, // Interrupt health checks when stopping
|
||||||
NoSignalHandling: true, // We want to use our own Stopper
|
NoSignalHandling: true, // We want to use our own Stopper
|
||||||
Server: &http.Server{
|
Server: &http.Server{
|
||||||
Addr: ":" + strconv.Itoa(cfg.HealthPort),
|
Addr: cfg.HealthAddr,
|
||||||
Handler: http.TimeoutHandler(newHealthHandler(store), cfg.Timeout, timeoutResponse),
|
Handler: http.TimeoutHandler(newHealthHandler(store), cfg.Timeout, timeoutResponse),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|||||||
@ -17,7 +17,6 @@ package v3
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"fmt"
|
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
@ -147,11 +146,11 @@ func servePrometheus(mux *http.ServeMux) {
|
|||||||
mux.Handle("/metrics", prometheus.Handler())
|
mux.Handle("/metrics", prometheus.Handler())
|
||||||
}
|
}
|
||||||
|
|
||||||
// Run initializes grpc and grpc gateway api services on the same port
|
// Run initializes grpc and grpc gateway api services on the same address
|
||||||
func Run(GrpcPort int, tlsConfig *tls.Config, CertFile, KeyFile string, store database.Datastore) {
|
func Run(Addr string, tlsConfig *tls.Config, CertFile, KeyFile string, store database.Datastore) {
|
||||||
l, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", GrpcPort))
|
l, err := net.Listen("tcp", Addr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.WithError(err).Fatalf("could not bind to port %d", GrpcPort)
|
log.WithError(err).Fatalf("could not listen to address" + Addr)
|
||||||
}
|
}
|
||||||
log.WithField("addr", l.Addr().String()).Info("starting grpc server")
|
log.WithField("addr", l.Addr().String()).Info("starting grpc server")
|
||||||
|
|
||||||
|
|||||||
@ -67,8 +67,8 @@ func DefaultConfig() Config {
|
|||||||
EnabledListers: featurefmt.ListListers(),
|
EnabledListers: featurefmt.ListListers(),
|
||||||
},
|
},
|
||||||
API: &api.Config{
|
API: &api.Config{
|
||||||
HealthPort: 6061,
|
HealthAddr: "0.0.0.0:6061",
|
||||||
GrpcPort: 6060,
|
Addr: "0.0.0.0:6060",
|
||||||
Timeout: 900 * time.Second,
|
Timeout: 900 * time.Second,
|
||||||
},
|
},
|
||||||
Notifier: ¬ification.Config{
|
Notifier: ¬ification.Config{
|
||||||
|
|||||||
@ -143,7 +143,7 @@ func Boot(config *Config) {
|
|||||||
go clair.RunNotifier(config.Notifier, db, st)
|
go clair.RunNotifier(config.Notifier, db, st)
|
||||||
|
|
||||||
// Start API
|
// Start API
|
||||||
go api.RunV2(config.API, db)
|
go api.Run(config.API, db)
|
||||||
|
|
||||||
st.Begin()
|
st.Begin()
|
||||||
go api.RunHealth(config.API, db, st)
|
go api.RunHealth(config.API, db, st)
|
||||||
|
|||||||
@ -25,18 +25,19 @@ clair:
|
|||||||
# Number of elements kept in the cache
|
# Number of elements kept in the cache
|
||||||
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
|
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
|
||||||
cachesize: 16384
|
cachesize: 16384
|
||||||
|
|
||||||
# 32-bit URL-safe base64 key used to encrypt pagination tokens
|
# 32-bit URL-safe base64 key used to encrypt pagination tokens
|
||||||
# If one is not provided, it will be generated.
|
# If one is not provided, it will be generated.
|
||||||
# Multiple clair instances in the same cluster need the same value.
|
# Multiple clair instances in the same cluster need the same value.
|
||||||
paginationkey:
|
paginationkey:
|
||||||
|
|
||||||
api:
|
api:
|
||||||
# v3 grpc/RESTful API server port
|
# v3 grpc/RESTful API server address
|
||||||
grpcport : 6060
|
addr: "127.0.0.1:6060"
|
||||||
|
|
||||||
# Health server port
|
# Health server address
|
||||||
# This is an unencrypted endpoint useful for load balancers to check to healthiness of the clair server.
|
# This is an unencrypted endpoint useful for load balancers to check to healthiness of the clair server.
|
||||||
healthport: 6061
|
healthaddr: "0.0.0.0:6061"
|
||||||
|
|
||||||
# Deadline before an API request will respond with a 503
|
# Deadline before an API request will respond with a 503
|
||||||
timeout: 900s
|
timeout: 900s
|
||||||
@ -26,22 +26,22 @@ clair:
|
|||||||
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
|
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
|
||||||
cachesize: 16384
|
cachesize: 16384
|
||||||
|
|
||||||
api:
|
# 32-bit URL-safe base64 key used to encrypt pagination tokens
|
||||||
# API server port
|
# If one is not provided, it will be generated.
|
||||||
port: 6060
|
# Multiple clair instances in the same cluster need the same value.
|
||||||
|
paginationkey:
|
||||||
|
|
||||||
# Health server port
|
api:
|
||||||
|
# v3 grpc/RESTful API server address
|
||||||
|
addr: "0.0.0.0:6060"
|
||||||
|
|
||||||
|
# Health server address
|
||||||
# This is an unencrypted endpoint useful for load balancers to check to healthiness of the clair server.
|
# This is an unencrypted endpoint useful for load balancers to check to healthiness of the clair server.
|
||||||
healthport: 6061
|
healthaddr: "0.0.0.0:6061"
|
||||||
|
|
||||||
# Deadline before an API request will respond with a 503
|
# Deadline before an API request will respond with a 503
|
||||||
timeout: 900s
|
timeout: 900s
|
||||||
|
|
||||||
# 32-bit URL-safe base64 key used to encrypt pagination tokens
|
|
||||||
# If one is not provided, it will be generated.
|
|
||||||
# Multiple clair instances in the same cluster need the same value.
|
|
||||||
paginationkey:
|
|
||||||
|
|
||||||
# Optional PKI configuration
|
# Optional PKI configuration
|
||||||
# If you want to easily generate client certificates and CAs, try the following projects:
|
# If you want to easily generate client certificates and CAs, try the following projects:
|
||||||
# https://github.com/coreos/etcd-ca
|
# https://github.com/coreos/etcd-ca
|
||||||
@ -51,10 +51,29 @@ clair:
|
|||||||
keyfile:
|
keyfile:
|
||||||
certfile:
|
certfile:
|
||||||
|
|
||||||
|
worker:
|
||||||
|
namespace_detectors:
|
||||||
|
- os-release
|
||||||
|
- lsb-release
|
||||||
|
- apt-sources
|
||||||
|
- alpine-release
|
||||||
|
- redhat-release
|
||||||
|
|
||||||
|
feature_listers:
|
||||||
|
- apk
|
||||||
|
- dpkg
|
||||||
|
- rpm
|
||||||
|
|
||||||
updater:
|
updater:
|
||||||
# Frequency the database will be updated with vulnerabilities from the default data sources
|
# Frequency the database will be updated with vulnerabilities from the default data sources
|
||||||
# The value 0 disables the updater entirely.
|
# The value 0 disables the updater entirely.
|
||||||
interval: 2h
|
interval: 2h
|
||||||
|
enabledupdaters:
|
||||||
|
- debian
|
||||||
|
- ubuntu
|
||||||
|
- rhel
|
||||||
|
- oracle
|
||||||
|
- alpine
|
||||||
|
|
||||||
notifier:
|
notifier:
|
||||||
# Number of attempts before the notification is marked as failed to be sent
|
# Number of attempts before the notification is marked as failed to be sent
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user