- renames for consistency

- Checkpoint
- DEMO
- DEMO
- Implements Certificates
- Certificates fleshed out and tests underway
- Refactoring of authorization tests required due to changes in the shape of the Certificates module.
- FRT (Fix Red Tests)
- minor cleanup
- Base implementation of Certificate and informer
- authentication factory implemented
- rename, and doc start
- CHECKPOINT: File creation

Author: ciroque

.gitignore

@@ -18,3 +18,7 @@ Thumbs.db
 ########
 *.log
 /misc-dev/
+
+cover*
+tmp/
+docs/tls/DESIGN.md

ca-secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUekNDQWpjQ0ZGNGlKWWxnWFYrNksxclE0L1JacXEyTWxRTWZNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1HUXgKQ3pBSkJnTlZCQVlUQWxWVE1STXdFUVlEVlFRSURBcFhZWE5vYVc1bmRHOXVNUkF3RGdZRFZRUUhEQWRUWldGMApkR3hsTVE0d0RBWURWUVFLREFWT1IwbE9XREVlTUJ3R0ExVUVDd3dWUTI5dGJYVnVhWFI1SUNZZ1FXeHNhV0Z1ClkyVnpNQjRYRFRJek1UQXdNakl6TURReU9Wb1hEVEl6TVRFd01USXpNRFF5T1Zvd1pERUxNQWtHQTFVRUJoTUMKVlZNeEV6QVJCZ05WQkFnTUNsZGhjMmhwYm1kMGIyNHhFREFPQmdOVkJBY01CMU5sWVhSMGJHVXhEakFNQmdOVgpCQW9NQlU1SFNVNVlNUjR3SEFZRFZRUUxEQlZEYjIxdGRXNXBkSGtnSmlCQmJHeHBZVzVqWlhNd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEc0xteW9vc2NKNXZQbmFER3FCZkozYmQxT2F0NXYKYjQwSjcrc0ROamxhUFNGRjdNZGJyN2JFOFhkRUNGOHZCYkE2MkUwTVJRYXJHMFl5aWJBOG05OFV5TVJ1R0VRTApSZkltZ2pHVWtXdkRmU0ViSkJLZ1RXay83ckJPeDVRY1lFVnlCZ2Z2SDZMWk5hampic0VFaUFjalVObkp3WkNpCjdIWjJDSVZ5NVhpUmlKWVZLbGZwN3QvYlIwTXRtWVNEMlh6L0RoZXBRMnpkQ25zNnpFK3Q5aGxINnorcThydUUKam45ZTJaUGNBeTlHc1lNVi9WSTdIK0ZyMVBaREJJNUhtb1pZeUo4MTVqcWhiQUxGeU00Z0x3V1JlSVJuek9aZApNeVV0QW8rM1Vic1ZwQ0NOTE9XSk1WeXVUUVV1U3QwOFlXNTFDeGtESlBUMDY0bFAyZXBLQ2RQcEFnTUJBQUV3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFMUStGRzVxNDVSV0JFK1JwNkpwUlZWakphMFF6ZE44V1ljcWUwTDkKVlJPbG5aSkxva2JGNzJrOEdrZ0t3YzNVZ21IRzFMbmMvdzlTbFJ1Ti9uRkMySEtZbWxqWHkwaHpWaFZLbDRjRgozc1NKV0c2dzBkcXFNVmk0bDBybFVDQlk3cDBTQXA4eFdLd2ZoanE0NU1YSGlwNERRUzVTUXUrWjJiSCtTN3pzCjNxcGhDaEpkNkpGZUNnL0pGQ1VIWjZGRXk0ZitJcGl1bU01SENKakJUcHdEVUdLcHB3a2pPeWp6Ym1Vc1hEcUYKRkIvYzZ4MnluYjlROGQ4MG1oREV5V0dFWDhtbE1ycXNrblFZd2JTenkyUitudnFLOFp3NTFGbDRSUU96K1lPZAphMUlTemZKWkYwdEtqcittS0ZSODZXWm05VWNOT1JnWjQ1WjVRNWI1V1AvMVF6dz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRRHNMbXlvb3NjSjV2UG4KYURHcUJmSjNiZDFPYXQ1dmI0MEo3K3NETmpsYVBTRkY3TWRicjdiRThYZEVDRjh2QmJBNjJFME1SUWFyRzBZeQppYkE4bTk4VXlNUnVHRVFMUmZJbWdqR1VrV3ZEZlNFYkpCS2dUV2svN3JCT3g1UWNZRVZ5Qmdmdkg2TFpOYWpqCmJzRUVpQWNqVU5uSndaQ2k3SFoyQ0lWeTVYaVJpSllWS2xmcDd0L2JSME10bVlTRDJYei9EaGVwUTJ6ZENuczYKekUrdDlobEg2eitxOHJ1RWpuOWUyWlBjQXk5R3NZTVYvVkk3SCtGcjFQWkRCSTVIbW9aWXlKODE1anFoYkFMRgp5TTRnTHdXUmVJUm56T1pkTXlVdEFvKzNVYnNWcENDTkxPV0pNVnl1VFFVdVN0MDhZVzUxQ3hrREpQVDA2NGxQCjJlcEtDZFBwQWdNQkFBRUNnZ0VBWWV3Tm1RMkVRSkxFNVZqSjNwaUFvd3VtQ2ZFOU1DNnI1MGJWeFlzaDFFd3MKRTNYTVlqTkVML3Q5VzNPdEl5M1VsMUUvQUt0TnpIdU9hejJ6R0MzNEhBSHhqMFA0VWtRNTFjVjlFUUFLRWc4NwpQcW1DSDN4NCtzelh4Skh5MHFFSHFmTGVMMEtLbmt3bExjYXB1RnM5dW1LM0tYTmJxSEVwM0Y1RUZoTVdIaUFiClV4cWpYZXJKWXBZMXU3RVhwUHFWaSt3dFhkWDNuT092bStZMzNLemRGNTErTXBpOHVkMGpTY0p2VEtIYXpKV1oKZE40aFF4SEpEOGpMZm8zNDRNWEFYQndkWFVuN1V4NW9qU0dVemtnU1pKTnBkQVNaUU5lN2E1Qk4xalREZ29LaQp0My9kS0NFTmFsMGdUQVI1MFArYWJxeWhSOFUxbVVuT1dsWDN1ekJsa1FLQmdRRDNFS09tWm16Z293Nk5mOWp2CmpkdzJOUUQ1Q2NlWEk4cWlxRjlMNWZoVWV0b29PajA2WlZpYjBEejNWcWlqVnRITFBQV2pRQ2ZwWC9DVHdkUTkKajNHTVBDOEhIZWJkeEZqTHpRSWlDUXAvaGFlc2RGTUhHRzFBak92VDRNdkxOaklWM29JOCszZjhIWk81Q0pYQgpJdW1xcG82YWJhV094VEhDS2pYY2YxNTI0d0tCZ1FEMHVRWGNJWlJrNjdrYU5PZWhjLzFuU2QyTVJSVG1zV3JYClFjTEtQczdWVFkwWlA1T2hsU1pRVkM2MW9PUWtuZnFScGhVbnJVVDF1NXFRbzJUSGhGcmN4a3Qrd1hCenhDWDgKUXZXY1RTTmkvZ0Y2Rkx1OEsyYXlOVlBQTDFNQjJ4ZGxTL0Z0SDRLSG5RWHM1NFM5MVZHRTR5OUd6aDIwWEcwOQp4K0FiQzlPM3d3S0JnSGNuWURXbFdrY3dmSmxEbW1WV0htbEtRTkRhcFphLzNUOTdRcEtCTTdYU2xob21sRmJ3CmY3Nk52SWx4RXQzTHhseGxadlkzdjhmdXpFRUdqd3l0Zkk2c2krVzd4eGNYVmRmY1pIWHp0RXR5TXo2WnoxMHgKcTZjaEQ2OWMwQXlPYzdOV1g2dDNnQk5vVkZFOTBiT1cyZWpDY1M0TFNYaEVwRTNITzdpKytOa1BBb0dBZW9CYgo1Sk9TbXVvOG9GZTNVMlNpaHArOUhVZy9iRE9IamZWSE1zSTUreUIwN3h5YUpCcHJNVzdTYXV6OUJ5OWxqSjhjCm05M3FWUy94OFZFNVUzNTNsV2hWeGovQ3NOQ1JTek9oaXZvNktvV0g2N3FSTjJKcVorNjE0MUtITkxpZGY0R0MKZXVONURiV1dqNzVjL2tIWUtyTW1xVVRvTGE3T3FFeHpiRmFCUnMwQ2dZQUN6UlBiQTBqK0JyOWpxenFKYU56VQpPZzJ4aUFhZlNuTzBxTkREZWZNdXhZSnFMZ0llMG9HRUExb1JlcDhvTDNDeWZYd2h3U2xqMlRjeGZZTFR5MENKCmZBejF4QjY3SUF3cGlvZnI0K1ZXekF4SC9BbnlhVGNZVGdtakdKdlhtZ3l1RGU3ZGJsa3lJU1M5ZTBLc1JzeTYKQ2hPdVZoQy96bjErbm9BMkNsdzFJdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+kind: Secret
+metadata:
+  creationTimestamp: null
+  name: nlk-tls-ca-secret
+  namespace: nlk
+type: kubernetes.io/tls

client-secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVIRENDQXdTZ0F3SUJBZ0lVUFRrVExlS3FNQlRlNFZhQXpiL1hXcSt6THM4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2xkaGMyaHBibWQwYjI0eEVEQU9CZ05WQkFjTQpCMU5sWVhSMGJHVXhEakFNQmdOVkJBb01CVTVIU1U1WU1SNHdIQVlEVlFRTERCVkRiMjF0ZFc1cGRIa2dKaUJCCmJHeHBZVzVqWlhNd0hoY05Nak14TURBeU1qTXdOak0zV2hjTk1qUXhNREF4TWpNd05qTTNXakJrTVFzd0NRWUQKVlFRR0V3SlZVekVUTUJFR0ExVUVDQXdLVjJGemFHbHVaM1J2YmpFUU1BNEdBMVVFQnd3SFUyVmhkSFJzWlRFTwpNQXdHQTFVRUNnd0ZUa2RKVGxneEhqQWNCZ05WQkFzTUZVTnZiVzExYm1sMGVTQW1JRUZzYkdsaGJtTmxjekNDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSzRPY1h4YWVrNkVQbTBDZUo5Z21iRlEKbFg1THlHNlUybEZIOFBFY3UvUlVTenJRQW1Rckh5di9mMlFBb3Q5VzhGNVlpaVVlQi85TkVGY1M2ZUVEK00xbwpVMy9ubEdHS21qTlQ5amNpbnBDZ0lYVUZ5UVQvWkd3QjFVWEdZYUViMHFWOFVVUlpTS1AxWXI5SzJBTzRxWE95CkFGTjZyUkdrdzBZTEErd3FEcDQxdFBNZEZZWWcrRit4OFZ5S1hLckZScUZRTFNPa2hzQXNwT3RZcjNOMkIzUlMKVGozeXFyNUZkc2w0VklSYWZCMWlhbGhSRWdnbDZjekZZaHZmci9kNjdNcHJvVlhudUZ5cS9OUDAvbXRnWXhvRwpKRVFoQmhnOFR4eUhiZ1lsTTFXZkxQTDh0SG5WUTZZVTVzamwrcG8vRU1yR24wNiszNnRwdksyT0RmNkJ6SDhDCkF3RUFBYU9CeFRDQndqQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFkQmdOVkhRNEVGZ1FVMkdrWmcxakUKYlcyN0lJSjV5cTB3ekJXa1FzY3dnWXNHQTFVZEl3U0JnekNCZ0tGb3BHWXdaREVMTUFrR0ExVUVCaE1DVlZNeApFekFSQmdOVkJBZ01DbGRoYzJocGJtZDBiMjR4RURBT0JnTlZCQWNNQjFObFlYUjBiR1V4RGpBTUJnTlZCQW9NCkJVNUhTVTVZTVI0d0hBWURWUVFMREJWRGIyMXRkVzVwZEhrZ0ppQkJiR3hwWVc1alpYT0NGRjRpSllsZ1hWKzYKSzFyUTQvUlpxcTJNbFFNZk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQWkwais2eDMrZjJ4ZXJlQlg2OFNmWAozM0tmc0tOaGJIOXJKeU9ROXViV1RrdHdaQnVOUmFKNEptWUtFa0IxUnVnOTFVVmdMdmZzWm5VY1FTOHRQUU8rCnNEcHFEamdwdnlZbU1LSm1HVHZ0M0tmK3JpV0dtU3g3ZDZUb0R5bGpNZ2dUdmJ4dFZhQTNtak9UcGFzb0ZWTzMKcXlVU29sUCtoZzI5M2Z2Q1JaeWhNTTd0ejdEdUIzRmFjR1JHNmNoaE55N0UzaGRpd2JjVUdIQ0VGN0ZwbWNLTgpOTlhyUVMwOW9GeUVmZEd3TkFHOUtPVHZkVDNZUzFqcmo3QnROOGlMSGxQUFFNaFk3aWhTUnlVUmN1S05vSC9BCnRTQm83eFJWV3BZMTIrMEJhaERjQ1lndzJ0RjMvd2Q1ekhwb1RuZi9YZFJiMm4vUzBKbTZueE54NUdlbDhMK2EKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ3VEbkY4V25wT2hENXQKQW5pZllKbXhVSlYrUzhodWxOcFJSL0R4SEx2MFZFczYwQUprS3g4ci8zOWtBS0xmVnZCZVdJb2xIZ2YvVFJCWApFdW5oQS9qTmFGTi81NVJoaXBvelUvWTNJcDZRb0NGMUJja0UvMlJzQWRWRnhtR2hHOUtsZkZGRVdVaWo5V0svClN0Z0R1S2x6c2dCVGVxMFJwTU5HQ3dQc0tnNmVOYlR6SFJXR0lQaGZzZkZjaWx5cXhVYWhVQzBqcEliQUxLVHIKV0s5emRnZDBVazQ5OHFxK1JYYkplRlNFV253ZFltcFlVUklJSmVuTXhXSWIzNi8zZXV6S2E2RlY1N2hjcXZ6VAo5UDVyWUdNYUJpUkVJUVlZUEU4Y2gyNEdKVE5Wbnl6eS9MUjUxVU9tRk9iSTVmcWFQeERLeHA5T3Z0K3JhYnl0CmpnMytnY3gvQWdNQkFBRUNnZ0VBSXo2VWQwaEE1TjQ5WDhoMDBWejNzaUp0cXYzQWI3ZmZmejd3aUhvM2l2RjQKckVlTGZHb0k3VmxXbTlMUEtDZE1FK2Fjem9oR3VVa0xDbjZ2Y2h0aVNZR2JDdGJEUW44VTIxamdqZWlLTUNIawp0SFAvOE8yZ0VZakxmVTMrM2VjcTM4eU5EaWlBSDRja1FEVHhDY3ZlTUNtMmpERFdrN0NIeEFxZCtEZko3dm45Cnp2enY2TkkzQWhWZktwYmszV0RONmlRajdhelNxN2dPV0JnaS81d3hmcnJqYnpRbGU0YWRvRHZXUFcxbXg4TEcKbFNQekUyWUVIbHRGN2lFbTFTTW9SMFRtQ28xOVYrTUFjQTRLek4yUk05WXNGRER0b1hSMjRodm1wS0ZiazdIQwpITm01ZTd6dUdYK1NFOW1sbDBST1RuMXhTQUw1bjMvaFI5MzFINzdGeVFLQmdRRHhoWWhiNkN2Wm5Nb3krejVWCnR4VFh6dFR4UG0yOVpYaHdVTEZVYUphVUR3Rk13MlVhMld5ZGlscDMzUkZwWlFPNnZwZXl4NE55RjVBTmh6TzMKZE11VktmMTNWekR4NkxROXpRNng3R0NmekRkdDllWTc2aUwxRzBJV3NUZUZaTWduSDE2WUNVaVFlMVRhNVNPOQphWXN5eGErTkFIaU4yVDZydGNuZ0FKMjNPUUtCZ1FDNGZaR0JaZmtQRFlQaEpKM0RmSUcyM1hua1UrM29rUElSCitWcHBmSkhjVnZ4TDFYREd4Zk5tVGZpcmFJZUYvK0ZUdGJsb0Q4eEZTeU9zZGwwNTJsVlhtV0svV3hRSGl2c2IKL1I2WHJLNjRjZXdtMVFQY3dtek1Lc24vOW02UlVsdlF3VmUyVGYzYWxHYzRVWFBCVGtJZDlESTFaWlV5a2ZmUQppQXhPL0NXcGR3S0JnQzEySlNTbm54bG5HZWhld216LytUeG1Bazhtb1NGMWFDWThDaVVKU3M2enhGcmVyTGxSCkU5RFRxaFBGMlBFdHduWDBTam1zdEdGVmJoZ2R5dTVOWGNUR0VwL1VHYkp2U3Y0WEN4MFNrVjJDNHl3ZmpTYloKKzVxSGR2a3VnblRwYzROcHREU0tDczZuYUdHTG9CNlhMMHh2U1l3UStxQTR0RU0rQkxIVmE5cUJBb0dCQUk1NApXYzlsb2lvZnM4SS85cDBxSHpuS1d3RWFWMVVMNmdRN1hiaXNmQzk5OVNQUzFsNktLMmJMdThjUzErV0JMczdvClBSL0JZMnYzbExyd1JSb1NJMm1jaUFkaUhGdWUxa0JNL2p6L0c0WlFZNSt4VEdSRXVLUUtQeWd0ZEVGQktxcFIKUkowQ0taR01uUkYreFRkNGFkS2I2OUlVZWwwdElBU25xMm1yaXFJTkFvR0FKcmtDS2Rxejg5blRYd3FnbmZrWgpSbVB5Tk1sMjlidDNIT1ZsR3ZoTjJib3lBeHFaYk4xLzdaWE5OSlFKR3J0TUx0QzFXY3o1bXE0czY1QW5KSFhaCkhQWVRyWGdmdjc2SHROMG95TDcxbFBUOTZpU3RHc0tWSmx1R1MvT3I2TXh2Nm5XTEY0aG1mUURqaGpSNVgvdEsKTW1XV0J5Q2JRTU9mRm5hRjB2azJuTXM9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+kind: Secret
+metadata:
+  creationTimestamp: null
+  name: nlk-tls-client-secret
+  namespace: nlk
+type: kubernetes.io/tls

cmd/certificates-test-harness/doc.go

@@ -0,0 +1,10 @@
+/*
+ * Copyright 2023 F5 Inc. All rights reserved.
+ * Use of this source code is governed by the Apache License that can be found in the LICENSE file.
+ */
+
+/*
+Package certificates_test_harness includes functionality boostrap and test the certification.Certificates implplementation.
+*/
+
+package main

cmd/certificates-test-harness/main.go

@@ -0,0 +1,79 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"github.com/nginxinc/kubernetes-nginx-ingress/internal/certification"
+	"github.com/sirupsen/logrus"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/util/homedir"
+	"path/filepath"
+)
+
+func main() {
+	logrus.SetLevel(logrus.DebugLevel)
+	err := run()
+	if err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+func run() error {
+	logrus.Info("certificates-test-harness::run")
+
+	ctx := context.Background()
+	var err error
+
+	k8sClient, err := buildKubernetesClient()
+	if err != nil {
+		return fmt.Errorf(`error building a Kubernetes client: %w`, err)
+	}
+
+	certificates, err := certification.NewCertificates(ctx, k8sClient)
+	if err != nil {
+		return fmt.Errorf(`error occurred creating certificates: %w`, err)
+	}
+
+	err = certificates.Initialize()
+	if err != nil {
+		return fmt.Errorf(`error occurred initializing certificates: %w`, err)
+	}
+
+	go certificates.Run()
+
+	<-ctx.Done()
+	return nil
+}
+
+func buildKubernetesClient() (*kubernetes.Clientset, error) {
+	logrus.Debug("Watcher::buildKubernetesClient")
+
+	var kubeconfig *string
+	var k8sConfig *rest.Config
+
+	k8sConfig, err := rest.InClusterConfig()
+	if errors.Is(err, rest.ErrNotInCluster) {
+		if home := homedir.HomeDir(); home != "" {
+			path := filepath.Join(home, ".kube", "config")
+			kubeconfig = &path
+
+			k8sConfig, err = clientcmd.BuildConfigFromFlags("", *kubeconfig)
+			if err != nil {
+				return nil, fmt.Errorf(`error occurred building the kubeconfig: %w`, err)
+			}
+		} else {
+			return nil, fmt.Errorf(`not running in a Cluster: %w`, err)
+		}
+	} else if err != nil {
+		return nil, fmt.Errorf(`error occurred getting the Cluster config: %w`, err)
+	}
+
+	client, err := kubernetes.NewForConfig(k8sConfig)
+	if err != nil {
+		return nil, fmt.Errorf(`error occurred creating a client: %w`, err)
+	}
+	return client, nil
+}

cmd/configuration-test-harness/doc.go

@@ -0,0 +1 @@
+package main

cmd/configuration-test-harness/main.go

@@ -0,0 +1,80 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	configuration2 "github.com/nginxinc/kubernetes-nginx-ingress/internal/configuration"
+	"github.com/sirupsen/logrus"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/util/homedir"
+	"path/filepath"
+)
+
+func main() {
+	logrus.SetLevel(logrus.DebugLevel)
+	err := run()
+	if err != nil {
+		logrus.Fatal(err)
+	}
+}
+
+func run() error {
+	logrus.Info("configuration-test-harness::run")
+
+	ctx := context.Background()
+	var err error
+
+	k8sClient, err := buildKubernetesClient()
+	if err != nil {
+		return fmt.Errorf(`error building a Kubernetes client: %w`, err)
+	}
+
+	configuration, err := configuration2.NewSettings(ctx, k8sClient)
+	if err != nil {
+		return fmt.Errorf(`error occurred creating configuration: %w`, err)
+	}
+
+	err = configuration.Initialize()
+	if err != nil {
+		return fmt.Errorf(`error occurred initializing configuration: %w`, err)
+	}
+
+	go configuration.Run()
+
+	<-ctx.Done()
+
+	return err
+}
+
+func buildKubernetesClient() (*kubernetes.Clientset, error) {
+	logrus.Debug("Watcher::buildKubernetesClient")
+
+	var kubeconfig *string
+	var k8sConfig *rest.Config
+
+	k8sConfig, err := rest.InClusterConfig()
+	if errors.Is(err, rest.ErrNotInCluster) {
+		if home := homedir.HomeDir(); home != "" {
+			path := filepath.Join(home, ".kube", "config")
+			kubeconfig = &path
+
+			k8sConfig, err = clientcmd.BuildConfigFromFlags("", *kubeconfig)
+			if err != nil {
+				return nil, fmt.Errorf(`error occurred building the kubeconfig: %w`, err)
+			}
+		} else {
+			return nil, fmt.Errorf(`not running in a Cluster: %w`, err)
+		}
+	} else if err != nil {
+		return nil, fmt.Errorf(`error occurred getting the Cluster config: %w`, err)
+	}
+
+	client, err := kubernetes.NewForConfig(k8sConfig)
+	if err != nil {
+		return nil, fmt.Errorf(`error occurred creating a client: %w`, err)
+	}
+	return client, nil
+}

cmd/nginx-loadbalancer-kubernetes/main.go

@@ -19,6 +19,7 @@ import (
 )
 
 func main() {
+	logrus.SetLevel(logrus.DebugLevel)
 	err := run()
 	if err != nil {
 		logrus.Fatal(err)
@@ -44,6 +45,8 @@ func run() error {
 		return fmt.Errorf(`error occurred initializing settings: %w`, err)
 	}
 
+	go settings.Run()
+
 	synchronizerWorkqueue, err := buildWorkQueue(settings.Synchronizer.WorkQueueSettings)
 	if err != nil {
 		return fmt.Errorf(`error occurred building a workqueue: %w`, err)
@@ -71,7 +74,6 @@ func run() error {
 		return fmt.Errorf(`error occurred initializing the watcher: %w`, err)
 	}
 
-	go settings.Run()
 	go handler.Run(ctx.Done())
 	go synchronizer.Run(ctx.Done())
 

cmd/tls-config-factory-test-harness/doc.go

@@ -0,0 +1 @@
+package main