TRA-3188 name resolving integration improvements

2025-06-21 05:53:29 +00:00 · 2021-05-11 16:30:04 +03:00 · 2021-05-11 16:30:04 +03:00 · 06a25876b9
commit 06a25876b9
parent ff937e8160 9bd4fb0619
8 changed files with 90 additions and 18 deletions
--- a/api/README.md
+++ b/api/README.md
@ -4,3 +4,17 @@ Basic APIs:
 * /fetch - retrieve traffic data
 * /stats - retrieve statistics of collected data
 * /viewer - web ui
 ## Remote Debugging
 ### Setup remote debugging
 1. Run `go get github.com/go-delve/delve/cmd/dlv`
 2. Create a "Go Remote" run/debug configuration in Intellij, set to localhost:2345
 3. Build and push a debug image using
   `docker build . -t  gcr.io/up9-docker-hub/mizu/debug:latest -f debug.Dockerfile && docker push gcr.io/up9-docker-hub/mizu/debug:latest`
 ### Connecting
 1. Start mizu using the cli with the debug image `mizu tap --mizu-image gcr.io/up9-docker-hub/mizu/debug:latest {tapped_pod_name}`
 2. Forward the debug port using `kubectl port-forward -n default mizu-collector 2345:2345`
 3. Run the run/debug configuration you've created earlier in Intellij.
 <small>Do note that dlv won't start the api until a debugger connects to it.</small>
--- a/api/pkg/resolver/resolver.go
+++ b/api/pkg/resolver/resolver.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -151,6 +152,14 @@ func (resolver *Resolver) infiniteErrorHandleRetryFunc(ctx context.Context, fun
 		err := fun(ctx)
 		if err != nil {
 			resolver.errOut <- err
 			var statusError *k8serrors.StatusError
 			if errors.As(err, &statusError) {
 				if statusError.ErrStatus.Reason == metav1.StatusReasonForbidden {
 					fmt.Printf("Resolver loop encountered permission error, aborting event listening - %v\n", err)
 					return
 				}
 			}
 		}
 		if ctx.Err() != nil { // context was cancelled or errored
 			return
--- a/cli/Makefile
+++ b/cli/Makefile
@ -1,4 +1,5 @@
 FOLDER=$(GOOS).$(GOARCH)
 COMMIT_HASH=$(shell git rev-parse HEAD)
 .PHONY: help
 .DEFAULT_GOAL := help
@ -10,7 +11,7 @@ install:
 	go install mizu.go
 build:	## build mizu CLI binary (select platform via GOOS / GOARCH env variables)
-	go build -o bin/$(FOLDER)/mizu mizu.go
+	go build -ldflags="-X 'github.com/up9inc/mizu/cli/mizu.GitCommitHash=$(COMMIT_HASH)'" -o bin/$(FOLDER)/mizu mizu.go
 build-all:  ## build for all supported platforms
 	@echo "Compiling for every OS and Platform"
--- a/cli/cmd/version.go
+++ b/cli/cmd/version.go
@ -11,7 +11,7 @@ var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Print version info",
 	RunE: func(cmd *cobra.Command, args []string) error {
-		fmt.Printf("mizu version %s\n", mizu.Version)
+		fmt.Printf("%s %s\n", mizu.Version, mizu.GitCommitHash)
 		return nil
 	},
 }
--- a/cli/kubernetes/provider.go
+++ b/cli/kubernetes/provider.go
@ -77,7 +77,7 @@ func (provider *Provider) GetPods(ctx context.Context, namespace string) {
 	fmt.Printf("There are %d pods in Namespace %s\n", len(pods.Items), namespace)
 }
-func (provider *Provider) CreateMizuPod(ctx context.Context, namespace string, podName string, podImage string, tappedPodNamespace string, tappedPodName string) (*core.Pod, error) {
+func (provider *Provider) CreateMizuPod(ctx context.Context, namespace string, podName string, podImage string, tappedPodNamespace string, tappedPodName string, linkServiceAccount bool) (*core.Pod, error) {
 	tappedPod, err := provider.clientSet.CoreV1().Pods(tappedPodNamespace).Get(ctx, tappedPodName, metav1.GetOptions{})
 	if err != nil {
 		panic(err.Error())
@ -117,11 +117,14 @@ func (provider *Provider) CreateMizuPod(ctx context.Context, namespace string, p
 					},
 				},
 			},
 			ServiceAccountName: serviceAccountName,
 			TerminationGracePeriodSeconds: new(int64),
 			NodeSelector: map[string]string{"kubernetes.io/hostname": tappedPod.Spec.NodeName},
 		},
 	}
 	//define the service account only when it exists to prevent pod crash
 	if linkServiceAccount {
 		pod.Spec.ServiceAccountName = serviceAccountName
 	}
 	return provider.clientSet.CoreV1().Pods(namespace).Create(ctx, pod, metav1.CreateOptions{})
 }
--- a/cli/mizu/consts.go
+++ b/cli/mizu/consts.go
@ -1,6 +1,10 @@
 package mizu
 var (
 	Version = "v0.0.1"
 	GitCommitHash = "" // this var is overridden using ldflags in makefile when building
 )
 const (
 	Version = "0.1.0"
 	MizuResourcesNamespace = "default"
 )
--- a/cli/mizu/mizuRunner.go
+++ b/cli/mizu/mizuRunner.go
@ -19,8 +19,8 @@ func Run(tappedPodName string) {
 	podName := "mizu-collector"
-	createRBACIfNecessary(ctx, kubernetesProvider, cancel)
+	mizuServiceAccountExists := createRBACIfNecessary(ctx, kubernetesProvider)
-	go createPodAndPortForward(ctx, kubernetesProvider, cancel, podName, MizuResourcesNamespace, tappedPodName) //TODO convert this to job for built in pod ttl or have the running app handle this
+	go createPodAndPortForward(ctx, kubernetesProvider, cancel, podName, MizuResourcesNamespace, tappedPodName, mizuServiceAccountExists) //TODO convert this to job for built in pod ttl or have the running app handle this
 	waitForFinish(ctx, cancel) //block until exit signal or error
 	// TODO handle incoming traffic from tapper using a channel
@ -53,8 +53,8 @@ func watchPodsForTapping(ctx context.Context, kubernetesProvider *kubernetes.Pro
 	}
 }
-func createPodAndPortForward(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc, podName string, namespace string, tappedPodName string) {
+func createPodAndPortForward(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc, podName string, namespace string, tappedPodName string, linkServiceAccount bool) {
-	pod, err := kubernetesProvider.CreateMizuPod(ctx, MizuResourcesNamespace, podName, config.Configuration.MizuImage, kubernetesProvider.Namespace, tappedPodName)
+	pod, err := kubernetesProvider.CreateMizuPod(ctx, MizuResourcesNamespace, podName, config.Configuration.MizuImage, kubernetesProvider.Namespace, tappedPodName, linkServiceAccount)
 	if err != nil {
 		fmt.Printf("error creating pod %s", err)
 		cancel()
@ -102,21 +102,20 @@ func createPodAndPortForward(ctx context.Context, kubernetesProvider *kubernetes
 	}
 }
-func createRBACIfNecessary(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
+func createRBACIfNecessary(ctx context.Context, kubernetesProvider *kubernetes.Provider) bool {
 	mizuRBACExists, err := kubernetesProvider.DoesMizuRBACExist(ctx, MizuResourcesNamespace)
 	if err != nil {
-		fmt.Printf("error checking rbac %v", err)
+		fmt.Printf("warning: could not ensure mizu rbac resources exist %v\n", err)
-		cancel()
+		return false
 		return
 	}
 	if !mizuRBACExists {
-		err := kubernetesProvider.CreateMizuRBAC(ctx, MizuResourcesNamespace, Version)
+		err := kubernetesProvider.CreateMizuRBAC(ctx, MizuResourcesNamespace, fmt.Sprintf("%s::%s", Version, GitCommitHash))
 		if err != nil {
-			fmt.Printf("error creating rbac %v", err)
+			fmt.Printf("warning: could not create mizu rbac resources %v\n", err)
-			cancel()
+			return false
 			return
 		}
 	}
 	return true
 }
 func waitForFinish(ctx context.Context, cancel context.CancelFunc) {
--- a/debug.Dockerfile
+++ b/debug.Dockerfile
@ -0,0 +1,42 @@
 # creates image in which mizu api is remotely debuggable using delve
 FROM node:14-slim AS site-build
 WORKDIR /ui-build
 COPY ui .
 RUN npm i
 RUN npm run build
 FROM golang:1.16-alpine AS builder
 # Set necessary environment variables needed for our image.
 ENV CGO_ENABLED=1 GOOS=linux GOARCH=amd64
 RUN apk add libpcap-dev gcc g++ make
 # Move to api working directory (/api-build).
 WORKDIR /api-build
 COPY api/go.mod api/go.sum ./
 RUN go mod download
 # cheap trick to make the build faster (As long as go.mod wasn't changes)
 RUN go list -f '{{.Path}}@{{.Version}}' -m all | sed 1d | grep -e 'go-cache' -e 'sqlite' | xargs go get
 # Copy and build api code
 COPY api .
 RUN go build -gcflags="all=-N -l" -o mizuagent .
 FROM golang:1.16-alpine
 RUN apk add bash libpcap-dev tcpdump
 WORKDIR /app
 # Copy binary and config files from /build to root folder of scratch container.
 COPY --from=builder ["/api-build/mizuagent", "."]
 COPY --from=site-build ["/ui-build/build", "site"]
 # install remote debugging tool
 RUN go get github.com/go-delve/delve/cmd/dlv
 CMD ["sh", "-c", "dlv --headless=true --listen=:2345 --log --api-version=2 --accept-multiclient exec ./mizuagent -- -i any -hardump -targets ${TAPPED_ADDRESSES}"]