diff --git a/api/README.md b/api/README.md index 216471aa0..cfa4b4627 100644 --- a/api/README.md +++ b/api/README.md @@ -4,3 +4,17 @@ Basic APIs: * /fetch - retrieve traffic data * /stats - retrieve statistics of collected data * /viewer - web ui + +## Remote Debugging +### Setup remote debugging +1. Run `go get github.com/go-delve/delve/cmd/dlv` +2. Create a "Go Remote" run/debug configuration in Intellij, set to localhost:2345 +3. Build and push a debug image using + `docker build . -t gcr.io/up9-docker-hub/mizu/debug:latest -f debug.Dockerfile && docker push gcr.io/up9-docker-hub/mizu/debug:latest` + +### Connecting +1. Start mizu using the cli with the debug image `mizu tap --mizu-image gcr.io/up9-docker-hub/mizu/debug:latest {tapped_pod_name}` +2. Forward the debug port using `kubectl port-forward -n default mizu-collector 2345:2345` +3. Run the run/debug configuration you've created earlier in Intellij. + +Do note that dlv won't start the api until a debugger connects to it. diff --git a/api/pkg/resolver/resolver.go b/api/pkg/resolver/resolver.go index 7033d394e..e45ce490a 100644 --- a/api/pkg/resolver/resolver.go +++ b/api/pkg/resolver/resolver.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + k8serrors "k8s.io/apimachinery/pkg/api/errors" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -151,6 +152,14 @@ func (resolver *Resolver) infiniteErrorHandleRetryFunc(ctx context.Context, fun err := fun(ctx) if err != nil { resolver.errOut <- err + + var statusError *k8serrors.StatusError + if errors.As(err, &statusError) { + if statusError.ErrStatus.Reason == metav1.StatusReasonForbidden { + fmt.Printf("Resolver loop encountered permission error, aborting event listening - %v\n", err) + return + } + } } if ctx.Err() != nil { // context was cancelled or errored return diff --git a/cli/mizu/mizuRunner.go b/cli/mizu/mizuRunner.go index d19943462..c8ade116e 100644 --- a/cli/mizu/mizuRunner.go +++ b/cli/mizu/mizuRunner.go @@ -109,7 +109,7 @@ func createRBACIfNecessary(ctx context.Context, kubernetesProvider *kubernetes.P return false } if !mizuRBACExists { - err := kubernetesProvider.CreateMizuRBAC(ctx, MizuResourcesNamespace, Version) + err := kubernetesProvider.CreateMizuRBAC(ctx, MizuResourcesNamespace, fmt.Sprintf("%s::%s", Version, GitCommitHash)) if err != nil { fmt.Printf("warning: could not create mizu rbac resources %v\n", err) return false diff --git a/debug.Dockerfile b/debug.Dockerfile new file mode 100644 index 000000000..2dab3c6f7 --- /dev/null +++ b/debug.Dockerfile @@ -0,0 +1,42 @@ +# creates image in which mizu api is remotely debuggable using delve +FROM node:14-slim AS site-build + +WORKDIR /ui-build + +COPY ui . +RUN npm i +RUN npm run build + + +FROM golang:1.16-alpine AS builder +# Set necessary environment variables needed for our image. +ENV CGO_ENABLED=1 GOOS=linux GOARCH=amd64 + +RUN apk add libpcap-dev gcc g++ make + +# Move to api working directory (/api-build). +WORKDIR /api-build + +COPY api/go.mod api/go.sum ./ +RUN go mod download +# cheap trick to make the build faster (As long as go.mod wasn't changes) +RUN go list -f '{{.Path}}@{{.Version}}' -m all | sed 1d | grep -e 'go-cache' -e 'sqlite' | xargs go get + +# Copy and build api code +COPY api . +RUN go build -gcflags="all=-N -l" -o mizuagent . + + +FROM golang:1.16-alpine + +RUN apk add bash libpcap-dev tcpdump +WORKDIR /app + +# Copy binary and config files from /build to root folder of scratch container. +COPY --from=builder ["/api-build/mizuagent", "."] +COPY --from=site-build ["/ui-build/build", "site"] + +# install remote debugging tool +RUN go get github.com/go-delve/delve/cmd/dlv + +CMD ["sh", "-c", "dlv --headless=true --listen=:2345 --log --api-version=2 --accept-multiclient exec ./mizuagent -- -i any -hardump -targets ${TAPPED_ADDRESSES}"]