diff --git a/cmd/pro.go b/cmd/pro.go index 9666e0924..89673d753 100644 --- a/cmd/pro.go +++ b/cmd/pro.go @@ -74,13 +74,17 @@ func updateLicense(licenseKey string) { log.Error().Err(err).Send() return } - err = kubernetes.SetSecret(kubernetesProvider, "LICENSE", config.Config.License) + updated, err := kubernetes.SetSecret(kubernetesProvider, kubernetes.SECRET_LICENSE, config.Config.License) if err != nil { log.Error().Err(err).Send() return } - log.Info().Msg("Updated the license. Exiting.") + if updated { + log.Info().Msg("Updated the license, exiting...") + } else { + log.Info().Msg("Exiting...") + } go func() { time.Sleep(2 * time.Second) diff --git a/cmd/tapRunner.go b/cmd/tapRunner.go index da835a581..93899f032 100644 --- a/cmd/tapRunner.go +++ b/cmd/tapRunner.go @@ -2,9 +2,11 @@ package cmd import ( "context" + "encoding/json" "fmt" "os" "regexp" + "strings" "sync" "time" @@ -101,18 +103,24 @@ func tap() { config.Config.Tap.Release.Namespace, ).Install() if err != nil { - log.Error().Err(err).Send() - os.Exit(1) + if err.Error() != "cannot re-use a name that is still in use" { + log.Error().Err(err).Send() + os.Exit(1) + } + log.Info().Msg("Found an existing installation, skipping Helm install...") + + updateConfig(kubernetesProvider) + postFrontStarted(ctx, kubernetesProvider, cancel) } else { log.Info().Msgf("Installed the Helm release: %s", rel.Name) + + go watchHubEvents(ctx, kubernetesProvider, cancel) + go watchHubPod(ctx, kubernetesProvider, cancel) + go watchFrontPod(ctx, kubernetesProvider, cancel) } defer finishTapExecution(kubernetesProvider) - go watchHubEvents(ctx, kubernetesProvider, cancel) - go watchHubPod(ctx, kubernetesProvider, cancel) - go watchFrontPod(ctx, kubernetesProvider, cancel) - // block until exit signal or error utils.WaitForTermination(ctx, cancel) @@ -436,3 +444,25 @@ func postFrontStarted(ctx context.Context, kubernetesProvider *kubernetes.Provid utils.OpenBrowser(url) } } + +func updateConfig(kubernetesProvider *kubernetes.Provider) { + _, _ = kubernetes.SetSecret(kubernetesProvider, kubernetes.SECRET_LICENSE, config.Config.License) + _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_POD_REGEX, config.Config.Tap.PodRegexStr) + _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_NAMESPACES, strings.Join(config.Config.Tap.Namespaces, ",")) + + data, err := json.Marshal(config.Config.Scripting.Env) + if err != nil { + log.Error().Str("config", kubernetes.CONFIG_SCRIPTING_ENV).Err(err).Send() + return + } else { + _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_SCRIPTING_ENV, string(data)) + } + + authEnabled := "" + if config.Config.Tap.Auth.Enabled { + authEnabled = "true" + } + _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_ENABLED, authEnabled) + _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_EMAILS, strings.Join(config.Config.Tap.Auth.ApprovedEmails, ",")) + _, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_DOMAINS, strings.Join(config.Config.Tap.Auth.ApprovedDomains, ",")) +} diff --git a/config/configStructs/scriptingConfig.go b/config/configStructs/scriptingConfig.go index 5e3bc1d8c..93f0ba804 100644 --- a/config/configStructs/scriptingConfig.go +++ b/config/configStructs/scriptingConfig.go @@ -10,7 +10,7 @@ import ( ) type ScriptingConfig struct { - Env map[string]interface{} `yaml:"env" json:"env"` + Env map[string]interface{} `yaml:"env" json:"env" default:"{}"` Source string `yaml:"source" json:"source" default:""` WatchScripts bool `yaml:"watchscripts" json:"watchscripts" default:"true"` } diff --git a/kubernetes/config.go b/kubernetes/config.go index f8d662172..d123cebc2 100644 --- a/kubernetes/config.go +++ b/kubernetes/config.go @@ -4,23 +4,65 @@ import ( "context" "github.com/kubeshark/kubeshark/config" + "github.com/rs/zerolog/log" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) const ( - SUFFIX_SECRET = "secret" + SUFFIX_SECRET = "secret" + SUFFIX_CONFIG_MAP = "config-map" + SECRET_LICENSE = "LICENSE" + CONFIG_POD_REGEX = "POD_REGEX" + CONFIG_NAMESPACES = "NAMESPACES" + CONFIG_SCRIPTING_ENV = "SCRIPTING_ENV" + CONFIG_AUTH_ENABLED = "AUTH_ENABLED" + CONFIG_AUTH_APPROVED_EMAILS = "AUTH_APPROVED_EMAILS" + CONFIG_AUTH_APPROVED_DOMAINS = "AUTH_APPROVED_DOMAINS" ) -func SetSecret(provider *Provider, key string, value string) (err error) { +func SetSecret(provider *Provider, key string, value string) (updated bool, err error) { var secret *v1.Secret - secret, err = provider.clientSet.CoreV1().Secrets(config.Config.Tap.Release.Namespace).Get(context.TODO(), SelfResourcesPrefix+SUFFIX_SECRET, metav1.GetOptions{}) + secret, err = provider.clientSet.CoreV1().Secrets(config.Config.Tap.Release.Namespace).Get(context.TODO(), SELF_RESOURCES_PREFIX+SUFFIX_SECRET, metav1.GetOptions{}) if err != nil { return } - secret.StringData[key] = value + if secret.StringData[key] != value { + updated = true + } + secret.Data[key] = []byte(value) _, err = provider.clientSet.CoreV1().Secrets(config.Config.Tap.Release.Namespace).Update(context.TODO(), secret, metav1.UpdateOptions{}) + if err == nil { + if updated { + log.Info().Str("secret", key).Str("value", value).Msg("Updated:") + } + } else { + log.Error().Str("secret", key).Err(err).Send() + } + return +} + +func SetConfig(provider *Provider, key string, value string) (updated bool, err error) { + var configMap *v1.ConfigMap + configMap, err = provider.clientSet.CoreV1().ConfigMaps(config.Config.Tap.Release.Namespace).Get(context.TODO(), SELF_RESOURCES_PREFIX+SUFFIX_CONFIG_MAP, metav1.GetOptions{}) + if err != nil { + return + } + + if configMap.Data[key] != value { + updated = true + } + configMap.Data[key] = value + + _, err = provider.clientSet.CoreV1().ConfigMaps(config.Config.Tap.Release.Namespace).Update(context.TODO(), configMap, metav1.UpdateOptions{}) + if err == nil { + if updated { + log.Info().Str("config", key).Str("value", value).Msg("Updated:") + } + } else { + log.Error().Str("config", key).Err(err).Send() + } return } diff --git a/kubernetes/consts.go b/kubernetes/consts.go index 8c901303a..91188f9fa 100644 --- a/kubernetes/consts.go +++ b/kubernetes/consts.go @@ -1,10 +1,10 @@ package kubernetes const ( - SelfResourcesPrefix = "kubeshark-" - FrontPodName = SelfResourcesPrefix + "front" + SELF_RESOURCES_PREFIX = "kubeshark-" + FrontPodName = SELF_RESOURCES_PREFIX + "front" FrontServiceName = FrontPodName - HubPodName = SelfResourcesPrefix + "hub" + HubPodName = SELF_RESOURCES_PREFIX + "hub" HubServiceName = HubPodName K8sAllNamespaces = "" MinKubernetesServerVersion = "1.16.0" diff --git a/kubernetes/proxy.go b/kubernetes/proxy.go index 72426bd84..3163009bf 100644 --- a/kubernetes/proxy.go +++ b/kubernetes/proxy.go @@ -106,7 +106,7 @@ func getRerouteHttpHandlerSelfStatic(proxyHandler http.Handler, selfNamespace st } func NewPortForward(kubernetesProvider *Provider, namespace string, podRegex *regexp.Regexp, srcPort uint16, dstPort uint16, ctx context.Context) (*portforward.PortForwarder, error) { - pods, err := kubernetesProvider.ListPodsByAppLabel(ctx, namespace, map[string]string{"app.kubeshark.co/app": "hub"}) + pods, err := kubernetesProvider.ListPodsByAppLabel(ctx, namespace, map[string]string{"app.kubeshark.co/app": "front"}) if err != nil { return nil, err } else if len(pods) == 0 { diff --git a/misc/fsUtils/kubesharkLogsUtils.go b/misc/fsUtils/kubesharkLogsUtils.go index 8368d66f6..1f1035009 100644 --- a/misc/fsUtils/kubesharkLogsUtils.go +++ b/misc/fsUtils/kubesharkLogsUtils.go @@ -14,7 +14,7 @@ import ( ) func DumpLogs(ctx context.Context, provider *kubernetes.Provider, filePath string) error { - podExactRegex := regexp.MustCompile("^" + kubernetes.SelfResourcesPrefix) + podExactRegex := regexp.MustCompile("^" + kubernetes.SELF_RESOURCES_PREFIX) pods, err := provider.ListAllPodsMatchingRegex(ctx, podExactRegex, []string{config.Config.Tap.Release.Namespace}) if err != nil { return err