-
Notifications
You must be signed in to change notification settings - Fork 23
/
controller.php
107 lines (86 loc) · 3.63 KB
/
controller.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<?php
// prevent double logging
ini_set('log_errors', 1);
ini_set('display_errors', 0);
// include autoloader
require_once 'vendor/autoload.php';
// environment variable processing
if (file_exists(__DIR__.DIRECTORY_SEPARATOR.'.env')) {
$dotenv = new Dotenv\Dotenv(__DIR__);
} else {
$file = tempnam(sys_get_temp_dir(), 'pfsense-controller');
register_shutdown_function(function () use ($file) {
if (file_exists($file)) {
unlink($file);
}
});
$dotenv = new Dotenv\Dotenv(dirname($file), basename($file));
}
$dotenv->load();
$dotenv->required(['PFSENSE_URL', 'PFSENSE_PASSWORD'])->notEmpty();
$pfSenseUsername = (getenv('PFSENSE_USERNAME')) ? getenv('PFSENSE_USERNAME') : 'admin';
$pfSenseInsecure = (strtolower(getenv('PFSENSE_INSECURE')) == 'true') ? true : false;
// kubernetes client
if (getenv('KUBERNETES_SERVICE_HOST')) {
$config = KubernetesClient\Config::InClusterConfig();
} else {
$config = KubernetesClient\Config::BuildConfigFromFile();
}
$kubernetesClient = new KubernetesClient\Client($config);
// pfSense client
$pfSenseClient = new \KubernetesPfSenseController\XmlRpc\Client(getenv('PFSENSE_URL').'/xmlrpc.php');
$pfSenseClient->getHttpClient()->setAuth($pfSenseUsername, getenv('PFSENSE_PASSWORD'));
$httpOptions = [];
if ($pfSenseInsecure) {
$httpOptions = array_merge($httpOptions, ['sslverifypeer' => false, 'sslallowselfsigned' => true, 'sslverifypeername' => false]);
}
if (getenv('PFSENSE_SSLCAPATH')) {
$httpOptions = array_merge($httpOptions, ['sslcapath' => getenv('PFSENSE_SSLCAPATH')]);
}
if (getenv('PFSENSE_SSLCAFILE')) {
$httpOptions = array_merge($httpOptions, ['sslcafile' => getenv('PFSENSE_SSLCAFILE')]);
}
if (getenv('PFSENSE_HTTPKEEPALIVE')) {
$httpOptions = array_merge($httpOptions, ['keepalive' => true]);
}
// https://docs.laminas.dev/laminas-http/client/intro/#configuration
// https://docs.laminas.dev/laminas-http/client/adapters/
if (count($httpOptions) > 0) {
echo 'setting http client options: ' . json_encode($httpOptions)."\n";
$pfSenseClient->getHttpClient()->setOptions($httpOptions);
}
// setup controller
if (getenv('CONTROLLER_NAME')) {
$controllerName = getenv('CONTROLLER_NAME');
} else {
$controllerName = 'kubernetes-pfsense-controller';
}
if (getenv('CONTROLLER_NAMESPACE')) {
$controllerNamespace = getenv('CONTROLLER_NAMESPACE');
} else {
$controllerNamespace = 'kube-system';
}
$options = [
'configMapNamespace' => $controllerNamespace,
//'configMapName' => $controllerName.'-controller-config',
//'storeEnabled' => true,
'storeNamespace' => $controllerNamespace,
//'storeName' => $controllerName.'-controller-store',
];
// expose the above
$controller = new KubernetesPfSenseController\Controller($controllerName, $kubernetesClient, $options);
$kubernetesClient = $controller->getKubernetesClient();
// register pfSenseClient
$controller->setRegistryItem('pfSenseClient', $pfSenseClient);
// register kubernetes version info
$kubernetesVersionInfo = $kubernetesClient->request("/version");
$controller->setRegistryItem('kubernetesVersionInfo', $kubernetesVersionInfo);
// plugins
$controller->registerPlugin('\KubernetesPfSenseController\Plugin\MetalLB');
$controller->registerPlugin('\KubernetesPfSenseController\Plugin\HAProxyDeclarative');
$controller->registerPlugin('\KubernetesPfSenseController\Plugin\HAProxyIngressProxy');
$controller->registerPlugin('\KubernetesPfSenseController\Plugin\DNSHAProxyIngressProxy');
$controller->registerPlugin('\KubernetesPfSenseController\Plugin\DNSServices');
$controller->registerPlugin('\KubernetesPfSenseController\Plugin\DNSIngresses');
// start
$controller->main();