diff --git a/cmd/check/kubernetesPermissions.go b/cmd/check/kubernetesPermissions.go index ec34c6b5d..e1a280590 100644 --- a/cmd/check/kubernetesPermissions.go +++ b/cmd/check/kubernetesPermissions.go @@ -37,7 +37,7 @@ func KubernetesPermissions(ctx context.Context, embedFS embed.FS, kubernetesProv switch resource := obj.(type) { case *rbac.Role: - return checkRulesPermissions(ctx, kubernetesProvider, resource.Rules, config.Config.SelfNamespace) + return checkRulesPermissions(ctx, kubernetesProvider, resource.Rules, config.Config.Tap.SelfNamespace) case *rbac.ClusterRole: return checkRulesPermissions(ctx, kubernetesProvider, resource.Rules, "") } diff --git a/cmd/check/kubernetesResources.go b/cmd/check/kubernetesResources.go index d73993572..abec60e0d 100644 --- a/cmd/check/kubernetesResources.go +++ b/cmd/check/kubernetesResources.go @@ -12,17 +12,17 @@ import ( func KubernetesResources(ctx context.Context, kubernetesProvider *kubernetes.Provider) bool { log.Info().Str("procedure", "k8s-components").Msg("Checking:") - exist, err := kubernetesProvider.DoesNamespaceExist(ctx, config.Config.SelfNamespace) - allResourcesExist := checkResourceExist(config.Config.SelfNamespace, "namespace", exist, err) + exist, err := kubernetesProvider.DoesNamespaceExist(ctx, config.Config.Tap.SelfNamespace) + allResourcesExist := checkResourceExist(config.Config.Tap.SelfNamespace, "namespace", exist, err) - exist, err = kubernetesProvider.DoesServiceAccountExist(ctx, config.Config.SelfNamespace, kubernetes.ServiceAccountName) + exist, err = kubernetesProvider.DoesServiceAccountExist(ctx, config.Config.Tap.SelfNamespace, kubernetes.ServiceAccountName) allResourcesExist = checkResourceExist(kubernetes.ServiceAccountName, "service account", exist, err) && allResourcesExist if config.Config.IsNsRestrictedMode() { - exist, err = kubernetesProvider.DoesRoleExist(ctx, config.Config.SelfNamespace, kubernetes.RoleName) + exist, err = kubernetesProvider.DoesRoleExist(ctx, config.Config.Tap.SelfNamespace, kubernetes.RoleName) allResourcesExist = checkResourceExist(kubernetes.RoleName, "role", exist, err) && allResourcesExist - exist, err = kubernetesProvider.DoesRoleBindingExist(ctx, config.Config.SelfNamespace, kubernetes.RoleBindingName) + exist, err = kubernetesProvider.DoesRoleBindingExist(ctx, config.Config.Tap.SelfNamespace, kubernetes.RoleBindingName) allResourcesExist = checkResourceExist(kubernetes.RoleBindingName, "role binding", exist, err) && allResourcesExist } else { exist, err = kubernetesProvider.DoesClusterRoleExist(ctx, kubernetes.ClusterRoleName) @@ -32,7 +32,7 @@ func KubernetesResources(ctx context.Context, kubernetesProvider *kubernetes.Pro allResourcesExist = checkResourceExist(kubernetes.ClusterRoleBindingName, "cluster role binding", exist, err) && allResourcesExist } - exist, err = kubernetesProvider.DoesServiceExist(ctx, config.Config.SelfNamespace, kubernetes.HubServiceName) + exist, err = kubernetesProvider.DoesServiceExist(ctx, config.Config.Tap.SelfNamespace, kubernetes.HubServiceName) allResourcesExist = checkResourceExist(kubernetes.HubServiceName, "service", exist, err) && allResourcesExist allResourcesExist = checkPodResourcesExist(ctx, kubernetesProvider) && allResourcesExist @@ -41,7 +41,7 @@ func KubernetesResources(ctx context.Context, kubernetesProvider *kubernetes.Pro } func checkPodResourcesExist(ctx context.Context, kubernetesProvider *kubernetes.Provider) bool { - if pods, err := kubernetesProvider.ListPodsByAppLabel(ctx, config.Config.SelfNamespace, kubernetes.HubPodName); err != nil { + if pods, err := kubernetesProvider.ListPodsByAppLabel(ctx, config.Config.Tap.SelfNamespace, kubernetes.HubPodName); err != nil { log.Error(). Str("name", kubernetes.HubPodName). Err(err). @@ -63,7 +63,7 @@ func checkPodResourcesExist(ctx context.Context, kubernetesProvider *kubernetes. Str("name", kubernetes.HubPodName). Msg("Pod is running.") - if pods, err := kubernetesProvider.ListPodsByAppLabel(ctx, config.Config.SelfNamespace, kubernetes.WorkerPodName); err != nil { + if pods, err := kubernetesProvider.ListPodsByAppLabel(ctx, config.Config.Tap.SelfNamespace, kubernetes.WorkerPodName); err != nil { log.Error(). Str("name", kubernetes.WorkerPodName). Err(err). diff --git a/cmd/clean.go b/cmd/clean.go index ea04490e5..23e935aa8 100644 --- a/cmd/clean.go +++ b/cmd/clean.go @@ -3,7 +3,10 @@ package cmd import ( "fmt" + "github.com/creasty/defaults" + "github.com/kubeshark/kubeshark/config/configStructs" "github.com/kubeshark/kubeshark/misc" + "github.com/rs/zerolog/log" "github.com/spf13/cobra" ) @@ -18,4 +21,11 @@ var cleanCmd = &cobra.Command{ func init() { rootCmd.AddCommand(cleanCmd) + + defaultTapConfig := configStructs.TapConfig{} + if err := defaults.Set(&defaultTapConfig); err != nil { + log.Debug().Err(err).Send() + } + + cleanCmd.Flags().StringP(configStructs.SelfNamespaceLabel, "s", defaultTapConfig.SelfNamespace, "Self-namespace of Kubeshark") } diff --git a/cmd/cleanRunner.go b/cmd/cleanRunner.go index befff79eb..fea6cb846 100644 --- a/cmd/cleanRunner.go +++ b/cmd/cleanRunner.go @@ -10,5 +10,5 @@ func performCleanCommand() { return } - finishSelfExecution(kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.SelfNamespace, false) + finishSelfExecution(kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.Tap.SelfNamespace, false) } diff --git a/cmd/common.go b/cmd/common.go index 52b4c3cc3..ecc9a94b6 100644 --- a/cmd/common.go +++ b/cmd/common.go @@ -19,7 +19,7 @@ import ( ) func startProxyReportErrorIfAny(kubernetesProvider *kubernetes.Provider, ctx context.Context, serviceName string, podName string, proxyPortLabel string, srcPort uint16, dstPort uint16, healthCheck string) { - httpServer, err := kubernetes.StartProxy(kubernetesProvider, config.Config.Tap.Proxy.Host, srcPort, config.Config.SelfNamespace, serviceName) + httpServer, err := kubernetes.StartProxy(kubernetesProvider, config.Config.Tap.Proxy.Host, srcPort, config.Config.Tap.SelfNamespace, serviceName) if err != nil { log.Error(). Err(errormessage.FormatError(err)). @@ -39,7 +39,7 @@ func startProxyReportErrorIfAny(kubernetesProvider *kubernetes.Provider, ctx con } podRegex, _ := regexp.Compile(podName) - if _, err := kubernetes.NewPortForward(kubernetesProvider, config.Config.SelfNamespace, podRegex, srcPort, dstPort, ctx); err != nil { + if _, err := kubernetes.NewPortForward(kubernetesProvider, config.Config.Tap.SelfNamespace, podRegex, srcPort, dstPort, ctx); err != nil { log.Error(). Str("pod-regex", podRegex.String()). Err(errormessage.FormatError(err)). diff --git a/cmd/proxyRunner.go b/cmd/proxyRunner.go index 5d4343ca9..099e2ee23 100644 --- a/cmd/proxyRunner.go +++ b/cmd/proxyRunner.go @@ -23,7 +23,7 @@ func runProxy(block bool, noBrowser bool) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() - exists, err := kubernetesProvider.DoesServiceExist(ctx, config.Config.SelfNamespace, kubernetes.FrontServiceName) + exists, err := kubernetesProvider.DoesServiceExist(ctx, config.Config.Tap.SelfNamespace, kubernetes.FrontServiceName) if err != nil { log.Error(). Str("service", kubernetes.FrontServiceName). @@ -42,7 +42,7 @@ func runProxy(block bool, noBrowser bool) { return } - exists, err = kubernetesProvider.DoesServiceExist(ctx, config.Config.SelfNamespace, kubernetes.HubServiceName) + exists, err = kubernetesProvider.DoesServiceExist(ctx, config.Config.Tap.SelfNamespace, kubernetes.HubServiceName) if err != nil { log.Error(). Str("service", kubernetes.HubServiceName). diff --git a/cmd/tap.go b/cmd/tap.go index 39048cc63..6742a4d7d 100644 --- a/cmd/tap.go +++ b/cmd/tap.go @@ -52,6 +52,7 @@ func init() { tapCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the proxy/port-forward") tapCmd.Flags().StringSliceP(configStructs.NamespacesLabel, "n", defaultTapConfig.Namespaces, "Namespaces selector") tapCmd.Flags().BoolP(configStructs.AllNamespacesLabel, "A", defaultTapConfig.AllNamespaces, "Tap all namespaces") + tapCmd.Flags().StringP(configStructs.SelfNamespaceLabel, "s", defaultTapConfig.SelfNamespace, "Self-namespace of Kubeshark") tapCmd.Flags().String(configStructs.StorageLimitLabel, defaultTapConfig.StorageLimit, "Override the default storage limit. (per node)") tapCmd.Flags().Bool(configStructs.DryRunLabel, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them") tapCmd.Flags().StringP(configStructs.PcapLabel, "p", defaultTapConfig.Pcap, fmt.Sprintf("Capture from a PCAP snapshot of %s (.tar.gz) using your Docker Daemon instead of Kubernetes", misc.Software)) diff --git a/cmd/tapRunner.go b/cmd/tapRunner.go index ce066a293..21118bbd8 100644 --- a/cmd/tapRunner.go +++ b/cmd/tapRunner.go @@ -73,8 +73,8 @@ func tap() { state.targetNamespaces = getNamespaces(kubernetesProvider) if config.Config.IsNsRestrictedMode() { - if len(state.targetNamespaces) != 1 || !utils.Contains(state.targetNamespaces, config.Config.SelfNamespace) { - log.Error().Msg(fmt.Sprintf("%s can't resolve IPs in other namespaces when running in namespace restricted mode. You can use the same namespace for --%s and --%s", misc.Software, configStructs.NamespacesLabel, config.SelfNamespaceConfigName)) + if len(state.targetNamespaces) != 1 || !utils.Contains(state.targetNamespaces, config.Config.Tap.SelfNamespace) { + log.Error().Msg(fmt.Sprintf("%s can't resolve IPs in other namespaces when running in namespace restricted mode. You can use the same namespace for --%s and --%s", misc.Software, configStructs.NamespacesLabel, configStructs.SelfNamespaceLabel)) return } } @@ -90,7 +90,7 @@ func tap() { } log.Info().Msg(fmt.Sprintf("Waiting for the creation of %s resources...", misc.Software)) - if state.selfServiceAccountExists, err = resources.CreateHubResources(ctx, kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.SelfNamespace, config.Config.Tap.Resources.Hub, config.Config.ImagePullPolicy(), config.Config.ImagePullSecrets(), config.Config.Tap.Debug); err != nil { + if state.selfServiceAccountExists, err = resources.CreateHubResources(ctx, kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.Tap.SelfNamespace, config.Config.Tap.Resources.Hub, config.Config.ImagePullPolicy(), config.Config.ImagePullSecrets(), config.Config.Tap.Debug); err != nil { var statusError *k8serrors.StatusError if errors.As(err, &statusError) && (statusError.ErrStatus.Reason == metav1.StatusReasonAlreadyExists) { log.Info().Msg(fmt.Sprintf("%s is already running in this namespace, change the `selfnamespace` configuration or run `%s clean` to remove the currently running %s instance.", misc.Software, misc.Program, misc.Software)) @@ -98,7 +98,7 @@ func tap() { log.Info().Msg("Updated Hub about the changes in the config. Exiting.") printProxyCommandSuggestion() } else { - defer resources.CleanUpSelfResources(ctx, cancel, kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.SelfNamespace) + defer resources.CleanUpSelfResources(ctx, cancel, kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.Tap.SelfNamespace) log.Error().Err(errormessage.FormatError(err)).Msg("Error creating resources!") } @@ -123,7 +123,7 @@ func printProxyCommandSuggestion() { } func finishTapExecution(kubernetesProvider *kubernetes.Provider) { - finishSelfExecution(kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.SelfNamespace, true) + finishSelfExecution(kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.Tap.SelfNamespace, true) } /* @@ -156,7 +156,7 @@ func printNoPodsFoundSuggestion(targetNamespaces []string) { func watchHubPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) { podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s$", kubernetes.HubPodName)) podWatchHelper := kubernetes.NewPodWatchHelper(kubernetesProvider, podExactRegex) - eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.SelfNamespace}, podWatchHelper) + eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.Tap.SelfNamespace}, podWatchHelper) isPodReady := false timeAfter := time.After(120 * time.Second) @@ -223,7 +223,7 @@ func watchHubPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, c log.Error(). Str("pod", kubernetes.HubPodName). - Str("namespace", config.Config.SelfNamespace). + Str("namespace", config.Config.Tap.SelfNamespace). Err(err). Msg("Failed creating pod.") cancel() @@ -247,7 +247,7 @@ func watchHubPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, c func watchFrontPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) { podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s$", kubernetes.FrontPodName)) podWatchHelper := kubernetes.NewPodWatchHelper(kubernetesProvider, podExactRegex) - eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.SelfNamespace}, podWatchHelper) + eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.Tap.SelfNamespace}, podWatchHelper) isPodReady := false timeAfter := time.After(120 * time.Second) @@ -312,7 +312,7 @@ func watchFrontPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, log.Error(). Str("pod", kubernetes.FrontPodName). - Str("namespace", config.Config.SelfNamespace). + Str("namespace", config.Config.Tap.SelfNamespace). Err(err). Msg("Failed creating pod.") cancel() @@ -336,7 +336,7 @@ func watchFrontPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, func watchHubEvents(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) { podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s", kubernetes.HubPodName)) eventWatchHelper := kubernetes.NewEventWatchHelper(kubernetesProvider, podExactRegex, "pod") - eventChan, errorChan := kubernetes.FilteredWatch(ctx, eventWatchHelper, []string{config.Config.SelfNamespace}, eventWatchHelper) + eventChan, errorChan := kubernetes.FilteredWatch(ctx, eventWatchHelper, []string{config.Config.Tap.SelfNamespace}, eventWatchHelper) for { select { case wEvent, ok := <-eventChan: @@ -420,7 +420,7 @@ func postHubStarted(ctx context.Context, kubernetesProvider *kubernetes.Provider kubernetesProvider, state.selfServiceAccountExists, ctx, - config.Config.SelfNamespace, + config.Config.Tap.SelfNamespace, config.Config.Tap.Resources.Worker, config.Config.ImagePullPolicy(), config.Config.ImagePullSecrets(), diff --git a/config/config.go b/config/config.go index b078de11d..1fb2de7a0 100644 --- a/config/config.go +++ b/config/config.go @@ -58,7 +58,7 @@ func InitConfig(cmd *cobra.Command) error { Config = CreateDefaultConfig() cmdName = cmd.Name() - if utils.Contains([]string{"console", "pro", "proxy", "scripts"}, cmdName) { + if utils.Contains([]string{"clean", "console", "pro", "proxy", "scripts"}, cmdName) { cmdName = "tap" } diff --git a/config/configStruct.go b/config/configStruct.go index 95970d52f..af3e13571 100644 --- a/config/configStruct.go +++ b/config/configStruct.go @@ -11,7 +11,6 @@ import ( ) const ( - SelfNamespaceConfigName = "selfnamespace" KubeConfigPathConfigName = "kube-configpath" ) @@ -29,7 +28,6 @@ type ConfigStruct struct { Logs configStructs.LogsConfig `yaml:"logs"` Config configStructs.ConfigConfig `yaml:"config,omitempty"` Kube KubeConfig `yaml:"kube"` - SelfNamespace string `yaml:"selfnamespace" default:"kubeshark"` DumpLogs bool `yaml:"dumplogs" default:"false"` HeadlessMode bool `yaml:"headless" default:"false"` License string `yaml:"license" default:""` @@ -51,7 +49,7 @@ func (config *ConfigStruct) ImagePullSecrets() []v1.LocalObjectReference { } func (config *ConfigStruct) IsNsRestrictedMode() bool { - return config.SelfNamespace != misc.Program // Notice "kubeshark" string must match the default SelfNamespace + return config.Tap.SelfNamespace != misc.Program // Notice "kubeshark" string must match the default SelfNamespace } func (config *ConfigStruct) KubeConfigPath() string { diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 84fa54203..9b3cd85a0 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -18,6 +18,7 @@ const ( ProxyHostLabel = "proxy-host" NamespacesLabel = "namespaces" AllNamespacesLabel = "allnamespaces" + SelfNamespaceLabel = "selfnamespace" StorageLimitLabel = "storagelimit" DryRunLabel = "dryrun" PcapLabel = "pcap" @@ -73,6 +74,7 @@ type TapConfig struct { PodRegexStr string `yaml:"regex" default:".*"` Namespaces []string `yaml:"namespaces"` AllNamespaces bool `yaml:"allnamespaces" default:"false"` + SelfNamespace string `yaml:"selfnamespace" default:"kubeshark"` StorageLimit string `yaml:"storagelimit" default:"200MB"` DryRun bool `yaml:"dryrun" default:"false"` Pcap string `yaml:"pcap" default:""` diff --git a/errormessage/errormessage.go b/errormessage/errormessage.go index d2b4f4230..de4f4650e 100644 --- a/errormessage/errormessage.go +++ b/errormessage/errormessage.go @@ -6,6 +6,7 @@ import ( regexpsyntax "regexp/syntax" "github.com/kubeshark/kubeshark/config" + "github.com/kubeshark/kubeshark/config/configStructs" "github.com/kubeshark/kubeshark/misc" k8serrors "k8s.io/apimachinery/pkg/api/errors" @@ -21,9 +22,9 @@ func FormatError(err error) error { "in the config file or setting the targeted namespace with --%s %s=", err, misc.Software, - config.SelfNamespaceConfigName, + configStructs.SelfNamespaceLabel, config.SetCommandName, - config.SelfNamespaceConfigName) + configStructs.SelfNamespaceLabel) } else if syntaxError, isSyntaxError := asRegexSyntaxError(err); isSyntaxError { errorNew = fmt.Errorf("regex %s is invalid: %w", syntaxError.Expr, err) } else { diff --git a/misc/fsUtils/kubesharkLogsUtils.go b/misc/fsUtils/kubesharkLogsUtils.go index a2ad82d73..ec517ddcf 100644 --- a/misc/fsUtils/kubesharkLogsUtils.go +++ b/misc/fsUtils/kubesharkLogsUtils.go @@ -15,13 +15,13 @@ import ( func DumpLogs(ctx context.Context, provider *kubernetes.Provider, filePath string) error { podExactRegex := regexp.MustCompile("^" + kubernetes.SelfResourcesPrefix) - pods, err := provider.ListAllPodsMatchingRegex(ctx, podExactRegex, []string{config.Config.SelfNamespace}) + pods, err := provider.ListAllPodsMatchingRegex(ctx, podExactRegex, []string{config.Config.Tap.SelfNamespace}) if err != nil { return err } if len(pods) == 0 { - return fmt.Errorf("No %s pods found in namespace %s", misc.Software, config.Config.SelfNamespace) + return fmt.Errorf("No %s pods found in namespace %s", misc.Software, config.Config.Tap.SelfNamespace) } newZipFile, err := os.Create(filePath) @@ -60,17 +60,17 @@ func DumpLogs(ctx context.Context, provider *kubernetes.Provider, filePath strin } } - events, err := provider.GetNamespaceEvents(ctx, config.Config.SelfNamespace) + events, err := provider.GetNamespaceEvents(ctx, config.Config.Tap.SelfNamespace) if err != nil { log.Error().Err(err).Msg("Failed to get k8b events!") } else { - log.Debug().Str("namespace", config.Config.SelfNamespace).Msg("Successfully read events.") + log.Debug().Str("namespace", config.Config.Tap.SelfNamespace).Msg("Successfully read events.") } - if err := AddStrToZip(zipWriter, events, fmt.Sprintf("%s_events.log", config.Config.SelfNamespace)); err != nil { + if err := AddStrToZip(zipWriter, events, fmt.Sprintf("%s_events.log", config.Config.Tap.SelfNamespace)); err != nil { log.Error().Err(err).Msg("Failed write logs!") } else { - log.Debug().Str("namespace", config.Config.SelfNamespace).Msg("Successfully added events.") + log.Debug().Str("namespace", config.Config.Tap.SelfNamespace).Msg("Successfully added events.") } if err := AddFileToZip(zipWriter, config.ConfigFilePath); err != nil {