webhook support tls setting

pkg/sinks/elasticsearch.go

@@ -3,10 +3,7 @@ package sinks
 import (
 	"bytes"
 	"context"
-	"crypto/tls"
-	"crypto/x509"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"github.com/elastic/go-elasticsearch/v7"
 	"github.com/elastic/go-elasticsearch/v7/esapi"
@@ -28,23 +25,17 @@ type ElasticsearchConfig struct {
 	// Indexing preferences
 	UseEventID bool `yaml:"useEventID"`
 	// DeDot all labels and annotations in the event. For both the event and the involvedObject
-	DeDot       bool   `yaml:"deDot"`
-	Index       string `yaml:"index"`
-	IndexFormat string `yaml:"indexFormat"`
-	Type        string `yaml:"type"`
-	TLS         struct {
-		InsecureSkipVerify bool   `yaml:"insecureSkipVerify"`
-		ServerName         string `yaml:"serverName"`
-		CaFile             string `yaml:"caFile"`
-		KeyFile            string `yaml:"keyFile"`
-		CertFile           string `yaml:"certFile"`
-	} `yaml:"tls"`
-	Layout map[string]interface{} `yaml:"layout"`
+	DeDot       bool                   `yaml:"deDot"`
+	Index       string                 `yaml:"index"`
+	IndexFormat string                 `yaml:"indexFormat"`
+	Type        string                 `yaml:"type"`
+	TLS         TLS                    `yaml:"tls"`
+	Layout      map[string]interface{} `yaml:"layout"`
 }
 
 func NewElasticsearch(cfg *ElasticsearchConfig) (*Elasticsearch, error) {
 
-	tlsClientConfig, err := setupTLS(cfg)
+	tlsClientConfig, err := setupTLS(&cfg.TLS)
 	if err != nil {
 		return nil, fmt.Errorf("failed to setup TLS: %w", err)
 	}
@@ -69,40 +60,6 @@ func NewElasticsearch(cfg *ElasticsearchConfig) (*Elasticsearch, error) {
 	}, nil
 }
 
-func setupTLS(cfg *ElasticsearchConfig) (*tls.Config, error) {
-	var caCert []byte
-
-	if len(cfg.TLS.CaFile) > 0 {
-		readFile, err := ioutil.ReadFile(cfg.TLS.CaFile)
-		if err != nil {
-			return nil, err
-		}
-		caCert = readFile
-	}
-
-	tlsClientConfig := &tls.Config{
-		InsecureSkipVerify: cfg.TLS.InsecureSkipVerify,
-		ServerName:         cfg.TLS.ServerName,
-	}
-	if len(cfg.TLS.KeyFile) > 0 && len(cfg.TLS.CertFile) > 0 {
-		tlsClientConfig.RootCAs = x509.NewCertPool()
-		tlsClientConfig.RootCAs.AppendCertsFromPEM(caCert)
-
-		cert, err := tls.LoadX509KeyPair(cfg.TLS.CertFile, cfg.TLS.KeyFile)
-		if err != nil {
-			return nil, fmt.Errorf("could not read client certificate or key: %w", err)
-		}
-		tlsClientConfig.Certificates = append(tlsClientConfig.Certificates, cert)
-	}
-	if len(cfg.TLS.KeyFile) > 0 && len(cfg.TLS.CertFile) == 0 {
-		return nil, errors.New("configured keyFile but forget certFile for client certificate authentication")
-	}
-	if len(cfg.TLS.KeyFile) == 0 && len(cfg.TLS.CertFile) > 0 {
-		return nil, errors.New("configured certFile but forget keyFile for client certificate authentication")
-	}
-	return tlsClientConfig, nil
-}
-
 type Elasticsearch struct {
 	client *elasticsearch.Client
 	cfg    *ElasticsearchConfig

pkg/sinks/sink.go

@@ -2,6 +2,12 @@ package sinks
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"io/ioutil"
+
 	"github.com/opsgenie/kubernetes-event-exporter/pkg/kube"
 )
 
@@ -19,3 +25,45 @@ type BatchSink interface {
 	Sink
 	SendBatch([]*kube.EnhancedEvent) error
 }
+
+type TLS struct {
+	InsecureSkipVerify bool   `yaml:"insecureSkipVerify"`
+	ServerName         string `yaml:"serverName"`
+	CaFile             string `yaml:"caFile"`
+	KeyFile            string `yaml:"keyFile"`
+	CertFile           string `yaml:"certFile"`
+}
+
+func setupTLS(cfg *TLS) (*tls.Config, error) {
+	var caCert []byte
+
+	if len(cfg.CaFile) > 0 {
+		readFile, err := ioutil.ReadFile(cfg.CaFile)
+		if err != nil {
+			return nil, err
+		}
+		caCert = readFile
+	}
+
+	tlsClientConfig := &tls.Config{
+		InsecureSkipVerify: cfg.InsecureSkipVerify,
+		ServerName:         cfg.ServerName,
+	}
+	if len(cfg.KeyFile) > 0 && len(cfg.CertFile) > 0 {
+		tlsClientConfig.RootCAs = x509.NewCertPool()
+		tlsClientConfig.RootCAs.AppendCertsFromPEM(caCert)
+
+		cert, err := tls.LoadX509KeyPair(cfg.CertFile, cfg.KeyFile)
+		if err != nil {
+			return nil, fmt.Errorf("could not read client certificate or key: %w", err)
+		}
+		tlsClientConfig.Certificates = append(tlsClientConfig.Certificates, cert)
+	}
+	if len(cfg.KeyFile) > 0 && len(cfg.CertFile) == 0 {
+		return nil, errors.New("configured keyFile but forget certFile for client certificate authentication")
+	}
+	if len(cfg.KeyFile) == 0 && len(cfg.CertFile) > 0 {
+		return nil, errors.New("configured certFile but forget keyFile for client certificate authentication")
+	}
+	return tlsClientConfig, nil
+}

pkg/sinks/webhook.go

@@ -4,13 +4,16 @@ import (
 	"bytes"
 	"context"
 	"errors"
-	"github.com/opsgenie/kubernetes-event-exporter/pkg/kube"
+	"fmt"
 	"io/ioutil"
 	"net/http"
+
+	"github.com/opsgenie/kubernetes-event-exporter/pkg/kube"
 )
 
 type WebhookConfig struct {
 	Endpoint string                 `yaml:"endpoint"`
+	TLS      TLS                    `yaml:"tls"`
 	Layout   map[string]interface{} `yaml:"layout"`
 	Headers  map[string]string      `yaml:"headers"`
 }
@@ -41,8 +44,15 @@ func (w *Webhook) Send(ctx context.Context, ev *kube.EnhancedEvent) error {
 	for k, v := range w.cfg.Headers {
 		req.Header.Add(k, v)
 	}
-
-	resp, err := http.DefaultClient.Do(req)
+	tlsClientConfig, err := setupTLS(&w.cfg.TLS)
+	if err != nil {
+		return fmt.Errorf("failed to setup TLS: %w", err)
+	}
+	client := http.DefaultClient
+	client.Transport = &http.Transport{
+		TLSClientConfig: tlsClientConfig,
+	}
+	resp, err := client.Do(req)
 	if err != nil {
 		return err
 	}