TRA-3188 name resolving integration improvements

2025-06-20 21:44:42 +00:00 · 2021-05-11 16:30:04 +03:00 · 2021-05-11 16:30:04 +03:00 · 06a25876b9
commit 06a25876b9
parent ff937e8160 9bd4fb0619
8 changed files with 90 additions and 18 deletions
--- a/api/README.md
+++ b/api/README.md
@ -4,3 +4,17 @@ Basic APIs:
 * /fetch - retrieve traffic data
 * /stats - retrieve statistics of collected data
 * /viewer - web ui
+
+## Remote Debugging
+### Setup remote debugging
+1. Run `go get github.com/go-delve/delve/cmd/dlv`
+2. Create a "Go Remote" run/debug configuration in Intellij, set to localhost:2345
+3. Build and push a debug image using
+   `docker build . -t  gcr.io/up9-docker-hub/mizu/debug:latest -f debug.Dockerfile && docker push gcr.io/up9-docker-hub/mizu/debug:latest`
+
+### Connecting
+1. Start mizu using the cli with the debug image `mizu tap --mizu-image gcr.io/up9-docker-hub/mizu/debug:latest {tapped_pod_name}`
+2. Forward the debug port using `kubectl port-forward -n default mizu-collector 2345:2345`
+3. Run the run/debug configuration you've created earlier in Intellij.
+
+<small>Do note that dlv won't start the api until a debugger connects to it.</small>
--- a/api/pkg/resolver/resolver.go
+++ b/api/pkg/resolver/resolver.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"

 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -151,6 +152,14 @@ func (resolver *Resolver) infiniteErrorHandleRetryFunc(ctx context.Context, fun
 		err := fun(ctx)
 		if err != nil {
 			resolver.errOut <- err
+
+			var statusError *k8serrors.StatusError
+			if errors.As(err, &statusError) {
+				if statusError.ErrStatus.Reason == metav1.StatusReasonForbidden {
+					fmt.Printf("Resolver loop encountered permission error, aborting event listening - %v\n", err)
+					return
+				}
+			}
 		}
 		if ctx.Err() != nil { // context was cancelled or errored
 			return
--- a/cli/Makefile
+++ b/cli/Makefile
@ -1,16 +1,17 @@
 FOLDER=$(GOOS).$(GOARCH)
+COMMIT_HASH=$(shell git rev-parse HEAD)

 .PHONY: help
 .DEFAULT_GOAL := help

 help: ## This help.
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
-	
+
 install:
 	go install mizu.go

 build:	## build mizu CLI binary (select platform via GOOS / GOARCH env variables)
-	go build -o bin/$(FOLDER)/mizu mizu.go
+	go build -ldflags="-X 'github.com/up9inc/mizu/cli/mizu.GitCommitHash=$(COMMIT_HASH)'" -o bin/$(FOLDER)/mizu mizu.go

 build-all:  ## build for all supported platforms
 	@echo "Compiling for every OS and Platform"
--- a/cli/cmd/version.go
+++ b/cli/cmd/version.go
@ -11,7 +11,7 @@ var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Print version info",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		fmt.Printf("mizu version %s\n", mizu.Version)
+		fmt.Printf("%s %s\n", mizu.Version, mizu.GitCommitHash)
 		return nil
 	},
 }
--- a/cli/kubernetes/provider.go
+++ b/cli/kubernetes/provider.go
@ -77,7 +77,7 @@ func (provider *Provider) GetPods(ctx context.Context, namespace string) {
 	fmt.Printf("There are %d pods in Namespace %s\n", len(pods.Items), namespace)
 }

-func (provider *Provider) CreateMizuPod(ctx context.Context, namespace string, podName string, podImage string, tappedPodNamespace string, tappedPodName string) (*core.Pod, error) {
+func (provider *Provider) CreateMizuPod(ctx context.Context, namespace string, podName string, podImage string, tappedPodNamespace string, tappedPodName string, linkServiceAccount bool) (*core.Pod, error) {
 	tappedPod, err := provider.clientSet.CoreV1().Pods(tappedPodNamespace).Get(ctx, tappedPodName, metav1.GetOptions{})
 	if err != nil {
 		panic(err.Error())
@ -117,11 +117,14 @@ func (provider *Provider) CreateMizuPod(ctx context.Context, namespace string, p
 					},
 				},
 			},
-			ServiceAccountName: serviceAccountName,
 			TerminationGracePeriodSeconds: new(int64),
 			NodeSelector: map[string]string{"kubernetes.io/hostname": tappedPod.Spec.NodeName},
 		},
 	}
+	//define the service account only when it exists to prevent pod crash
+	if linkServiceAccount {
+		pod.Spec.ServiceAccountName = serviceAccountName
+	}
 	return provider.clientSet.CoreV1().Pods(namespace).Create(ctx, pod, metav1.CreateOptions{})
 }

--- a/cli/mizu/consts.go
+++ b/cli/mizu/consts.go
@ -1,6 +1,10 @@
 package mizu

+var (
+	Version = "v0.0.1"
+	GitCommitHash = "" // this var is overridden using ldflags in makefile when building
+)
+
 const (
-	Version = "0.1.0"
 	MizuResourcesNamespace = "default"
 )
--- a/cli/mizu/mizuRunner.go
+++ b/cli/mizu/mizuRunner.go
@ -19,8 +19,8 @@ func Run(tappedPodName string) {

 	podName := "mizu-collector"

-	createRBACIfNecessary(ctx, kubernetesProvider, cancel)
-	go createPodAndPortForward(ctx, kubernetesProvider, cancel, podName, MizuResourcesNamespace, tappedPodName) //TODO convert this to job for built in pod ttl or have the running app handle this
+	mizuServiceAccountExists := createRBACIfNecessary(ctx, kubernetesProvider)
+	go createPodAndPortForward(ctx, kubernetesProvider, cancel, podName, MizuResourcesNamespace, tappedPodName, mizuServiceAccountExists) //TODO convert this to job for built in pod ttl or have the running app handle this
 	waitForFinish(ctx, cancel) //block until exit signal or error

 	// TODO handle incoming traffic from tapper using a channel
@ -53,8 +53,8 @@ func watchPodsForTapping(ctx context.Context, kubernetesProvider *kubernetes.Pro
 	}
 }

-func createPodAndPortForward(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc, podName string, namespace string, tappedPodName string) {
-	pod, err := kubernetesProvider.CreateMizuPod(ctx, MizuResourcesNamespace, podName, config.Configuration.MizuImage, kubernetesProvider.Namespace, tappedPodName)
+func createPodAndPortForward(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc, podName string, namespace string, tappedPodName string, linkServiceAccount bool) {
+	pod, err := kubernetesProvider.CreateMizuPod(ctx, MizuResourcesNamespace, podName, config.Configuration.MizuImage, kubernetesProvider.Namespace, tappedPodName, linkServiceAccount)
 	if err != nil {
 		fmt.Printf("error creating pod %s", err)
 		cancel()
@ -102,21 +102,20 @@ func createPodAndPortForward(ctx context.Context, kubernetesProvider *kubernetes
 	}
 }

-func createRBACIfNecessary(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
+func createRBACIfNecessary(ctx context.Context, kubernetesProvider *kubernetes.Provider) bool {
 	mizuRBACExists, err := kubernetesProvider.DoesMizuRBACExist(ctx, MizuResourcesNamespace)
 	if err != nil {
-		fmt.Printf("error checking rbac %v", err)
-		cancel()
-		return
+		fmt.Printf("warning: could not ensure mizu rbac resources exist %v\n", err)
+		return false
 	}
 	if !mizuRBACExists {
-		err := kubernetesProvider.CreateMizuRBAC(ctx, MizuResourcesNamespace, Version)
+		err := kubernetesProvider.CreateMizuRBAC(ctx, MizuResourcesNamespace, fmt.Sprintf("%s::%s", Version, GitCommitHash))
 		if err != nil {
-			fmt.Printf("error creating rbac %v", err)
-			cancel()
-			return
+			fmt.Printf("warning: could not create mizu rbac resources %v\n", err)
+			return false
 		}
 	}
+	return true
 }

 func waitForFinish(ctx context.Context, cancel context.CancelFunc) {
--- a/debug.Dockerfile
+++ b/debug.Dockerfile
@ -0,0 +1,42 @@
+# creates image in which mizu api is remotely debuggable using delve
+FROM node:14-slim AS site-build
+
+WORKDIR /ui-build
+
+COPY ui .
+RUN npm i
+RUN npm run build
+
+
+FROM golang:1.16-alpine AS builder
+# Set necessary environment variables needed for our image.
+ENV CGO_ENABLED=1 GOOS=linux GOARCH=amd64
+
+RUN apk add libpcap-dev gcc g++ make
+
+# Move to api working directory (/api-build).
+WORKDIR /api-build
+
+COPY api/go.mod api/go.sum ./
+RUN go mod download
+# cheap trick to make the build faster (As long as go.mod wasn't changes)
+RUN go list -f '{{.Path}}@{{.Version}}' -m all | sed 1d | grep -e 'go-cache' -e 'sqlite' | xargs go get
+
+# Copy and build api code
+COPY api .
+RUN go build -gcflags="all=-N -l" -o mizuagent .
+
+
+FROM golang:1.16-alpine
+
+RUN apk add bash libpcap-dev tcpdump
+WORKDIR /app
+
+# Copy binary and config files from /build to root folder of scratch container.
+COPY --from=builder ["/api-build/mizuagent", "."]
+COPY --from=site-build ["/ui-build/build", "site"]
+
+# install remote debugging tool
+RUN go get github.com/go-delve/delve/cmd/dlv
+
+CMD ["sh", "-c", "dlv --headless=true --listen=:2345 --log --api-version=2 --accept-multiclient exec ./mizuagent -- -i any -hardump -targets ${TAPPED_ADDRESSES}"]