github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-09-20 17:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support getting logs in ns restricted mode (#168)

Browse Source
This commit is contained in:
Igor Gov
2021-08-05 12:12:01 +03:00
committed by GitHub
parent 683d199774
commit 90f0f603c7
9 changed files with 102 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cli/cmd/tap.go
View File

@@ -31,6 +31,10 @@ Supported protocols are HTTP and gRPC.`,
return errors.New("unexpected number of arguments") return errors.New("unexpected number of arguments")
} }
if err := mizu.Config.Validate(); err != nil {
return errormessage.FormatError(err)
}
if err := mizu.Config.Tap.Validate(); err != nil { if err := mizu.Config.Tap.Validate(); err != nil {
return errormessage.FormatError(err) return errormessage.FormatError(err)
} }

80
cli/cmd/tapRunner.go
View File

@@ -118,7 +118,7 @@ func readValidationRules(file string) (string, error) {
} }
func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, mizuApiFilteringOptions *shared.TrafficFilteringOptions, mizuValidationRules string) error { func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, mizuApiFilteringOptions *shared.TrafficFilteringOptions, mizuValidationRules string) error {
if mizu.Config.IsOwnNamespace() { if !mizu.Config.IsNsRestrictedMode() {
if err := createMizuNamespace(ctx, kubernetesProvider); err != nil { if err := createMizuNamespace(ctx, kubernetesProvider); err != nil {
return err return err
} }
@@ -143,12 +143,12 @@ func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Pro
} }
func createMizuConfigmap(ctx context.Context, kubernetesProvider *kubernetes.Provider, data string) error { func createMizuConfigmap(ctx context.Context, kubernetesProvider *kubernetes.Provider, data string) error {
err := kubernetesProvider.CreateConfigMap(ctx, mizu.Config.ResourcesNamespace(), mizu.ConfigMapName, data) err := kubernetesProvider.CreateConfigMap(ctx, mizu.Config.MizuResourcesNamespace, mizu.ConfigMapName, data)
return err return err
} }
func createMizuNamespace(ctx context.Context, kubernetesProvider *kubernetes.Provider) error { func createMizuNamespace(ctx context.Context, kubernetesProvider *kubernetes.Provider) error {
_, err := kubernetesProvider.CreateNamespace(ctx, mizu.Config.ResourcesNamespace()) _, err := kubernetesProvider.CreateNamespace(ctx, mizu.Config.MizuResourcesNamespace)
return err return err
} }
@@ -168,11 +168,11 @@ func createMizuApiServer(ctx context.Context, kubernetesProvider *kubernetes.Pro
} }
opts := &kubernetes.ApiServerOptions{ opts := &kubernetes.ApiServerOptions{
Namespace: mizu.Config.ResourcesNamespace(), Namespace: mizu.Config.MizuResourcesNamespace,
PodName: mizu.ApiServerPodName, PodName: mizu.ApiServerPodName,
PodImage: mizu.Config.MizuImage, PodImage: mizu.Config.AgentImage,
ServiceAccountName: serviceAccountName, ServiceAccountName: serviceAccountName,
IsNamespaceRestricted: !mizu.Config.IsOwnNamespace(), IsNamespaceRestricted: mizu.Config.IsNsRestrictedMode(),
MizuApiFilteringOptions: mizuApiFilteringOptions, MizuApiFilteringOptions: mizuApiFilteringOptions,
MaxEntriesDBSizeBytes: mizu.Config.Tap.MaxEntriesDBSizeBytes(), MaxEntriesDBSizeBytes: mizu.Config.Tap.MaxEntriesDBSizeBytes(),
} }
@@ -182,7 +182,7 @@ func createMizuApiServer(ctx context.Context, kubernetesProvider *kubernetes.Pro
} }
mizu.Log.Debugf("Successfully created API server pod: %s", mizu.ApiServerPodName) mizu.Log.Debugf("Successfully created API server pod: %s", mizu.ApiServerPodName)
state.apiServerService, err = kubernetesProvider.CreateService(ctx, mizu.Config.ResourcesNamespace(), mizu.ApiServerPodName, mizu.ApiServerPodName) state.apiServerService, err = kubernetesProvider.CreateService(ctx, mizu.Config.MizuResourcesNamespace, mizu.ApiServerPodName, mizu.ApiServerPodName)
if err != nil { if err != nil {
return err return err
} }
@@ -219,9 +219,9 @@ func updateMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provi
if err := kubernetesProvider.ApplyMizuTapperDaemonSet( if err := kubernetesProvider.ApplyMizuTapperDaemonSet(
ctx, ctx,
mizu.Config.ResourcesNamespace(), mizu.Config.MizuResourcesNamespace,
mizu.TapperDaemonSetName, mizu.TapperDaemonSetName,
mizu.Config.MizuImage, mizu.Config.AgentImage,
mizu.TapperPodName, mizu.TapperPodName,
fmt.Sprintf("%s.%s.svc.cluster.local", state.apiServerService.Name, state.apiServerService.Namespace), fmt.Sprintf("%s.%s.svc.cluster.local", state.apiServerService.Name, state.apiServerService.Namespace),
nodeToTappedPodIPMap, nodeToTappedPodIPMap,
@@ -232,7 +232,7 @@ func updateMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provi
} }
mizu.Log.Debugf("Successfully created %v tappers", len(nodeToTappedPodIPMap)) mizu.Log.Debugf("Successfully created %v tappers", len(nodeToTappedPodIPMap))
} else { } else {
if err := kubernetesProvider.RemoveDaemonSet(ctx, mizu.Config.ResourcesNamespace(), mizu.TapperDaemonSetName); err != nil { if err := kubernetesProvider.RemoveDaemonSet(ctx, mizu.Config.MizuResourcesNamespace, mizu.TapperDaemonSetName); err != nil {
return err return err
} }
} }
@@ -255,55 +255,55 @@ func cleanUpMizuResources(kubernetesProvider *kubernetes.Provider) {
mizu.Log.Infof("\nRemoving mizu resources\n") mizu.Log.Infof("\nRemoving mizu resources\n")
if mizu.Config.IsOwnNamespace() { if !mizu.Config.IsNsRestrictedMode() {
if err := kubernetesProvider.RemoveNamespace(removalCtx, mizu.Config.ResourcesNamespace()); err != nil { if err := kubernetesProvider.RemoveNamespace(removalCtx, mizu.Config.MizuResourcesNamespace); err != nil {
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Namespace %s: %v", mizu.Config.ResourcesNamespace(), errormessage.FormatError(err))) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Namespace %s: %v", mizu.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
return return
} }
} else { } else {
if err := kubernetesProvider.RemovePod(removalCtx, mizu.Config.ResourcesNamespace(), mizu.ApiServerPodName); err != nil { if err := kubernetesProvider.RemovePod(removalCtx, mizu.Config.MizuResourcesNamespace, mizu.ApiServerPodName); err != nil {
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Pod %s in namespace %s: %v", mizu.ApiServerPodName, mizu.Config.ResourcesNamespace(), errormessage.FormatError(err))) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Pod %s in namespace %s: %v", mizu.ApiServerPodName, mizu.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
} }
if err := kubernetesProvider.RemoveService(removalCtx, mizu.Config.ResourcesNamespace(), mizu.ApiServerPodName); err != nil { if err := kubernetesProvider.RemoveService(removalCtx, mizu.Config.MizuResourcesNamespace, mizu.ApiServerPodName); err != nil {
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Service %s in namespace %s: %v", mizu.ApiServerPodName, mizu.Config.ResourcesNamespace(), errormessage.FormatError(err))) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Service %s in namespace %s: %v", mizu.ApiServerPodName, mizu.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
} }
if err := kubernetesProvider.RemoveDaemonSet(removalCtx, mizu.Config.ResourcesNamespace(), mizu.TapperDaemonSetName); err != nil { if err := kubernetesProvider.RemoveDaemonSet(removalCtx, mizu.Config.MizuResourcesNamespace, mizu.TapperDaemonSetName); err != nil {
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing DaemonSet %s in namespace %s: %v", mizu.TapperDaemonSetName, mizu.Config.ResourcesNamespace(), errormessage.FormatError(err))) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing DaemonSet %s in namespace %s: %v", mizu.TapperDaemonSetName, mizu.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
} }
if !state.doNotRemoveConfigMap { if !state.doNotRemoveConfigMap {
if err := kubernetesProvider.RemoveConfigMap(removalCtx, mizu.Config.ResourcesNamespace(), mizu.ConfigMapName); err != nil { if err := kubernetesProvider.RemoveConfigMap(removalCtx, mizu.Config.MizuResourcesNamespace, mizu.ConfigMapName); err != nil {
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing ConfigMap %s in namespace %s: %v", mizu.ConfigMapName, mizu.Config.ResourcesNamespace(), errormessage.FormatError(err))) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing ConfigMap %s in namespace %s: %v", mizu.ConfigMapName, mizu.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
} }
} }
} }
if state.mizuServiceAccountExists { if state.mizuServiceAccountExists {
if mizu.Config.IsOwnNamespace() { if !mizu.Config.IsNsRestrictedMode() {
if err := kubernetesProvider.RemoveNonNamespacedResources(removalCtx, mizu.ClusterRoleName, mizu.ClusterRoleBindingName); err != nil { if err := kubernetesProvider.RemoveNonNamespacedResources(removalCtx, mizu.ClusterRoleName, mizu.ClusterRoleBindingName); err != nil {
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing non-namespaced resources: %v", errormessage.FormatError(err))) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing non-namespaced resources: %v", errormessage.FormatError(err)))
return return
} }
} else { } else {
if err := kubernetesProvider.RemoveServicAccount(removalCtx, mizu.Config.ResourcesNamespace(), mizu.ServiceAccountName); err != nil { if err := kubernetesProvider.RemoveServicAccount(removalCtx, mizu.Config.MizuResourcesNamespace, mizu.ServiceAccountName); err != nil {
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Service Account %s in namespace %s: %v", mizu.ServiceAccountName, mizu.Config.ResourcesNamespace(), errormessage.FormatError(err))) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Service Account %s in namespace %s: %v", mizu.ServiceAccountName, mizu.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
return return
} }
if err := kubernetesProvider.RemoveRole(removalCtx, mizu.Config.ResourcesNamespace(), mizu.RoleName); err != nil { if err := kubernetesProvider.RemoveRole(removalCtx, mizu.Config.MizuResourcesNamespace, mizu.RoleName); err != nil {
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Role %s in namespace %s: %v", mizu.RoleName, mizu.Config.ResourcesNamespace(), errormessage.FormatError(err))) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing Role %s in namespace %s: %v", mizu.RoleName, mizu.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
} }
if err := kubernetesProvider.RemoveRoleBinding(removalCtx, mizu.Config.ResourcesNamespace(), mizu.RoleBindingName); err != nil { if err := kubernetesProvider.RemoveRoleBinding(removalCtx, mizu.Config.MizuResourcesNamespace, mizu.RoleBindingName); err != nil {
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing RoleBinding %s in namespace %s: %v", mizu.RoleBindingName, mizu.Config.ResourcesNamespace(), errormessage.FormatError(err))) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error removing RoleBinding %s in namespace %s: %v", mizu.RoleBindingName, mizu.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
} }
} }
} }
if mizu.Config.IsOwnNamespace() { if !mizu.Config.IsNsRestrictedMode() {
waitUntilNamespaceDeleted(removalCtx, cancel, kubernetesProvider) waitUntilNamespaceDeleted(removalCtx, cancel, kubernetesProvider)
} }
} }
@@ -314,14 +314,14 @@ func waitUntilNamespaceDeleted(ctx context.Context, cancel context.CancelFunc, k
waitForFinish(ctx, cancel) waitForFinish(ctx, cancel)
}() }()
if err := kubernetesProvider.WaitUtilNamespaceDeleted(ctx, mizu.Config.ResourcesNamespace()); err != nil { if err := kubernetesProvider.WaitUtilNamespaceDeleted(ctx, mizu.Config.MizuResourcesNamespace); err != nil {
switch { switch {
case ctx.Err() == context.Canceled: case ctx.Err() == context.Canceled:
// Do nothing. User interrupted the wait. // Do nothing. User interrupted the wait.
case err == wait.ErrWaitTimeout: case err == wait.ErrWaitTimeout:
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Timeout while removing Namespace %s", mizu.Config.ResourcesNamespace())) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Timeout while removing Namespace %s", mizu.Config.MizuResourcesNamespace))
default: default:
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error while waiting for Namespace %s to be deleted: %v", mizu.Config.ResourcesNamespace(), errormessage.FormatError(err))) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error while waiting for Namespace %s to be deleted: %v", mizu.Config.MizuResourcesNamespace, errormessage.FormatError(err)))
} }
} }
} }
@@ -410,7 +410,7 @@ func watchPodsForTapping(ctx context.Context, kubernetesProvider *kubernetes.Pro
func updateCurrentlyTappedPods(kubernetesProvider *kubernetes.Provider, ctx context.Context, targetNamespaces []string) (error, bool) { func updateCurrentlyTappedPods(kubernetesProvider *kubernetes.Provider, ctx context.Context, targetNamespaces []string) (error, bool) {
changeFound := false changeFound := false
if matchingPods, err := kubernetesProvider.GetAllRunningPodsMatchingRegex(ctx, mizu.Config.Tap.PodRegex(), targetNamespaces); err != nil { if matchingPods, err := kubernetesProvider.ListAllRunningPodsMatchingRegex(ctx, mizu.Config.Tap.PodRegex(), targetNamespaces); err != nil {
return err, false return err, false
} else { } else {
addedPods, removedPods := getPodArrayDiff(state.currentlyTappedPods, matchingPods) addedPods, removedPods := getPodArrayDiff(state.currentlyTappedPods, matchingPods)
@@ -455,7 +455,7 @@ func getMissingPods(pods1 []core.Pod, pods2 []core.Pod) []core.Pod {
func createProxyToApiServerPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) { func createProxyToApiServerPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s$", mizu.ApiServerPodName)) podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s$", mizu.ApiServerPodName))
added, modified, removed, errorChan := kubernetes.FilteredWatch(ctx, kubernetesProvider, []string{mizu.Config.ResourcesNamespace()}, podExactRegex) added, modified, removed, errorChan := kubernetes.FilteredWatch(ctx, kubernetesProvider, []string{mizu.Config.MizuResourcesNamespace}, podExactRegex)
isPodReady := false isPodReady := false
timeAfter := time.After(25 * time.Second) timeAfter := time.After(25 * time.Second)
for { for {
@@ -474,7 +474,7 @@ func createProxyToApiServerPod(ctx context.Context, kubernetesProvider *kubernet
if modifiedPod.Status.Phase == core.PodRunning && !isPodReady { if modifiedPod.Status.Phase == core.PodRunning && !isPodReady {
isPodReady = true isPodReady = true
go func() { go func() {
err := kubernetes.StartProxy(kubernetesProvider, mizu.Config.Tap.GuiPort, mizu.Config.ResourcesNamespace(), mizu.ApiServerPodName) err := kubernetes.StartProxy(kubernetesProvider, mizu.Config.Tap.GuiPort, mizu.Config.MizuResourcesNamespace, mizu.ApiServerPodName)
if err != nil { if err != nil {
mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error occured while running k8s proxy %v", errormessage.FormatError(err))) mizu.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error occured while running k8s proxy %v", errormessage.FormatError(err)))
cancel() cancel()
@@ -493,7 +493,7 @@ func createProxyToApiServerPod(ctx context.Context, kubernetesProvider *kubernet
cancel() cancel()
} }
case <-errorChan: case <-errorChan:
mizu.Log.Debugf("[ERROR] Agent creation, watching %v namespace", mizu.Config.ResourcesNamespace()) mizu.Log.Debugf("[ERROR] Agent creation, watching %v namespace", mizu.Config.MizuResourcesNamespace)
cancel() cancel()
} }
} }
@@ -522,18 +522,18 @@ func requestForAnalysis() {
} }
func createRBACIfNecessary(ctx context.Context, kubernetesProvider *kubernetes.Provider) (bool, error) { func createRBACIfNecessary(ctx context.Context, kubernetesProvider *kubernetes.Provider) (bool, error) {
mizuRBACExists, err := kubernetesProvider.DoesServiceAccountExist(ctx, mizu.Config.ResourcesNamespace(), mizu.ServiceAccountName) mizuRBACExists, err := kubernetesProvider.DoesServiceAccountExist(ctx, mizu.Config.MizuResourcesNamespace, mizu.ServiceAccountName)
if err != nil { if err != nil {
return false, err return false, err
} }
if !mizuRBACExists { if !mizuRBACExists {
if mizu.Config.IsOwnNamespace() { if !mizu.Config.IsNsRestrictedMode() {
err := kubernetesProvider.CreateMizuRBAC(ctx, mizu.Config.ResourcesNamespace(), mizu.ServiceAccountName, mizu.ClusterRoleName, mizu.ClusterRoleBindingName, mizu.RBACVersion) err := kubernetesProvider.CreateMizuRBAC(ctx, mizu.Config.MizuResourcesNamespace, mizu.ServiceAccountName, mizu.ClusterRoleName, mizu.ClusterRoleBindingName, mizu.RBACVersion)
if err != nil { if err != nil {
return false, err return false, err
} }
} else { } else {
err := kubernetesProvider.CreateMizuRBACNamespaceRestricted(ctx, mizu.Config.ResourcesNamespace(), mizu.ServiceAccountName, mizu.RoleName, mizu.RoleBindingName, mizu.RBACVersion) err := kubernetesProvider.CreateMizuRBACNamespaceRestricted(ctx, mizu.Config.MizuResourcesNamespace, mizu.ServiceAccountName, mizu.RoleName, mizu.RoleBindingName, mizu.RBACVersion)
if err != nil { if err != nil {
return false, err return false, err
} }

4
cli/cmd/viewRunner.go
View File

@@ -18,7 +18,7 @@ func runMizuView() {
ctx, cancel := context.WithCancel(context.Background()) ctx, cancel := context.WithCancel(context.Background())
defer cancel() defer cancel()
exists, err := kubernetesProvider.DoesServicesExist(ctx, mizu.Config.ResourcesNamespace(), mizu.ApiServerPodName) exists, err := kubernetesProvider.DoesServicesExist(ctx, mizu.Config.MizuResourcesNamespace, mizu.ApiServerPodName)
if err != nil { if err != nil {
panic(err) panic(err)
} }
@@ -36,7 +36,7 @@ func runMizuView() {
mizu.Log.Infof("Found service %s, creating k8s proxy", mizu.ApiServerPodName) mizu.Log.Infof("Found service %s, creating k8s proxy", mizu.ApiServerPodName)
mizu.Log.Infof("Mizu is available at http://%s\n", kubernetes.GetMizuApiServerProxiedHostAndPath(mizu.Config.View.GuiPort)) mizu.Log.Infof("Mizu is available at http://%s\n", kubernetes.GetMizuApiServerProxiedHostAndPath(mizu.Config.View.GuiPort))
err = kubernetes.StartProxy(kubernetesProvider, mizu.Config.View.GuiPort, mizu.Config.ResourcesNamespace(), mizu.ApiServerPodName) err = kubernetes.StartProxy(kubernetesProvider, mizu.Config.View.GuiPort, mizu.Config.MizuResourcesNamespace, mizu.ApiServerPodName)
if err != nil { if err != nil {
mizu.Log.Infof("Error occured while running k8s proxy %v", err) mizu.Log.Infof("Error occured while running k8s proxy %v", err)
} }

4
cli/errormessage/errormessage.go
View File

@@ -13,7 +13,9 @@ import (
func FormatError(err error) error { func FormatError(err error) error {
var errorNew error var errorNew error
if k8serrors.IsForbidden(err) { if k8serrors.IsForbidden(err) {
errorNew = fmt.Errorf("Insufficient permissions: %w. Supply the required permission or control Mizu's access to namespaces by setting MizuNamespace in the config file or setting the tapped namespace with --set mizu-namespace=<NAMEPSACE>.", err) errorNew = fmt.Errorf("Insufficient permissions: %w. "+
"Supply the required permission or control Mizu's access to namespaces by setting MizuResourcesNamespace "+
"in the config file or setting the tapped namespace with --set mizu-resources-namespace=<NAMEPSACE>.", err)
} else if syntaxError, isSyntaxError := asRegexSyntaxError(err); isSyntaxError { } else if syntaxError, isSyntaxError := asRegexSyntaxError(err); isSyntaxError {
errorNew = fmt.Errorf("Regex %s is invalid: %w", syntaxError.Expr, err) errorNew = fmt.Errorf("Regex %s is invalid: %w", syntaxError.Expr, err)
} else { } else {

32
cli/kubernetes/provider.go
View File

@@ -562,19 +562,6 @@ func (provider *Provider) CreateConfigMap(ctx context.Context, namespace string,
return nil return nil
} }
func (provider *Provider) ListPods(ctx context.Context, namespace string) ([]shared.PodInfo, error) {
podInfos := make([]shared.PodInfo, 0)
listOptions := metav1.ListOptions{}
pods, err := provider.clientSet.CoreV1().Pods(namespace).List(ctx, listOptions)
if err != nil {
return podInfos, fmt.Errorf("error getting pods in ns: %s, %w", namespace, err)
}
for _, pod := range pods.Items {
podInfos = append(podInfos, shared.PodInfo{Name: pod.Name, Namespace: pod.Namespace})
}
return podInfos, nil
}
func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespace string, daemonSetName string, podImage string, tapperPodName string, apiServerPodIp string, nodeToTappedPodIPMap map[string][]string, serviceAccountName string, tapOutgoing bool) error { func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespace string, daemonSetName string, podImage string, tapperPodName string, apiServerPodIp string, nodeToTappedPodIPMap map[string][]string, serviceAccountName string, tapOutgoing bool) error {
mizu.Log.Debugf("Applying %d tapper deamonsets, ns: %s, daemonSetName: %s, podImage: %s, tapperPodName: %s", len(nodeToTappedPodIPMap), namespace, daemonSetName, podImage, tapperPodName) mizu.Log.Debugf("Applying %d tapper deamonsets, ns: %s, daemonSetName: %s, podImage: %s, tapperPodName: %s", len(nodeToTappedPodIPMap), namespace, daemonSetName, podImage, tapperPodName)
@@ -691,7 +678,7 @@ func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespac
return err return err
} }
func (provider *Provider) GetAllRunningPodsMatchingRegex(ctx context.Context, regex *regexp.Regexp, namespaces []string) ([]core.Pod, error) { func (provider *Provider) ListAllPodsMatchingRegex(ctx context.Context, regex *regexp.Regexp, namespaces []string) ([]core.Pod, error) {
var pods []core.Pod var pods []core.Pod
for _, namespace := range namespaces { for _, namespace := range namespaces {
namespacePods, err := provider.clientSet.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{}) namespacePods, err := provider.clientSet.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{})
@@ -704,7 +691,22 @@ func (provider *Provider) GetAllRunningPodsMatchingRegex(ctx context.Context, re
matchingPods := make([]core.Pod, 0) matchingPods := make([]core.Pod, 0)
for _, pod := range pods { for _, pod := range pods {
if regex.MatchString(pod.Name) && isPodRunning(&pod) { if regex.MatchString(pod.Name) {
matchingPods = append(matchingPods, pod)
}
}
return matchingPods, nil
}
func (provider *Provider) ListAllRunningPodsMatchingRegex(ctx context.Context, regex *regexp.Regexp, namespaces []string) ([]core.Pod, error) {
pods, err := provider.ListAllPodsMatchingRegex(ctx, regex, namespaces)
if err != nil {
return nil, err
}
matchingPods := make([]core.Pod, 0)
for _, pod := range pods {
if isPodRunning(&pod) {
matchingPods = append(matchingPods, pod) matchingPods = append(matchingPods, pod)
} }
} }

6
cli/logsUtils/mizuLogsUtils.go
View File

@@ -9,16 +9,18 @@ import (
"io" "io"
"os" "os"
"path/filepath" "path/filepath"
"regexp"
) )
func DumpLogs(provider *kubernetes.Provider, ctx context.Context, filePath string) error { func DumpLogs(provider *kubernetes.Provider, ctx context.Context, filePath string) error {
pods, err := provider.ListPods(ctx, mizu.Config.ResourcesNamespace()) podExactRegex := regexp.MustCompile(fmt.Sprintf("^mizu-"))
pods, err := provider.ListAllPodsMatchingRegex(ctx, podExactRegex, []string{mizu.Config.MizuResourcesNamespace})
if err != nil { if err != nil {
return err return err
} }
if len(pods) == 0 { if len(pods) == 0 {
return fmt.Errorf("no pods found in namespace %s", mizu.Config.ResourcesNamespace()) return fmt.Errorf("no pods found in namespace %s", mizu.Config.MizuResourcesNamespace)
} }
newZipFile, err := os.Create(filePath) newZipFile, err := os.Create(filePath)

11
cli/mizu/config.go
View File

@@ -24,6 +24,17 @@ const (
var Config = ConfigStruct{} var Config = ConfigStruct{}
func (config *ConfigStruct) Validate() error {
if config.IsNsRestrictedMode() {
if config.Tap.AllNamespaces || len(config.Tap.Namespaces) != 1 || config.Tap.Namespaces[0] != config.MizuResourcesNamespace {
return fmt.Errorf("Not supported mode. Mizu can't resolve IPs in other namespaces when running in namespace restricted mode.\n" +
"You can use the same namespace for --namespace and --mizu-resources-namespace")
}
}
return nil
}
func InitConfig(cmd *cobra.Command) error { func InitConfig(cmd *cobra.Command) error {
if err := defaults.Set(&Config); err != nil { if err := defaults.Set(&Config); err != nil {
return err return err

34
cli/mizu/configStruct.go
View File

@@ -7,32 +7,20 @@ import (
) )
type ConfigStruct struct { type ConfigStruct struct {
Tap configStructs.TapConfig `yaml:"tap"` Tap configStructs.TapConfig `yaml:"tap"`
Fetch configStructs.FetchConfig `yaml:"fetch"` Fetch configStructs.FetchConfig `yaml:"fetch"`
Version configStructs.VersionConfig `yaml:"version"` Version configStructs.VersionConfig `yaml:"version"`
View configStructs.ViewConfig `yaml:"view"` View configStructs.ViewConfig `yaml:"view"`
MizuImage string `yaml:"mizu-image"` AgentImage string `yaml:"agent-image"`
MizuNamespace string `yaml:"mizu-namespace"` MizuResourcesNamespace string `yaml:"mizu-resources-namespace" default:"mizu"`
Telemetry bool `yaml:"telemetry" default:"true"` Telemetry bool `yaml:"telemetry" default:"true"`
DumpLogs bool `yaml:"dump-logs" default:"false"` DumpLogs bool `yaml:"dump-logs" default:"false"`
} }
func (config *ConfigStruct) SetDefaults() { func (config *ConfigStruct) SetDefaults() {
config.MizuImage = fmt.Sprintf("gcr.io/up9-docker-hub/mizu/%s:%s", Branch, SemVer) config.AgentImage = fmt.Sprintf("gcr.io/up9-docker-hub/mizu/%s:%s", Branch, SemVer)
} }
func (config *ConfigStruct) ResourcesNamespace() string { func (config *ConfigStruct) IsNsRestrictedMode() bool {
if config.MizuNamespace == "" { return config.MizuResourcesNamespace != "mizu" // Notice "mizu" string must match the default MizuResourcesNamespace
return ResourcesDefaultNamespace
}
return config.MizuNamespace
}
func (config *ConfigStruct) IsOwnNamespace() bool {
if config.MizuNamespace == "" {
return true
}
return false
} }

21
cli/mizu/consts.go
View File

@@ -14,17 +14,16 @@ var (
) )
const ( const (
ApiServerPodName = "mizu-api-server" ApiServerPodName = "mizu-api-server"
ClusterRoleBindingName = "mizu-cluster-role-binding" ClusterRoleBindingName = "mizu-cluster-role-binding"
ClusterRoleName = "mizu-cluster-role" ClusterRoleName = "mizu-cluster-role"
K8sAllNamespaces = "" K8sAllNamespaces = ""
ResourcesDefaultNamespace = "mizu" RoleBindingName = "mizu-role-binding"
RoleBindingName = "mizu-role-binding" RoleName = "mizu-role"
RoleName = "mizu-role" ServiceAccountName = "mizu-service-account"
ServiceAccountName = "mizu-service-account" TapperDaemonSetName = "mizu-tapper-daemon-set"
TapperDaemonSetName = "mizu-tapper-daemon-set" TapperPodName = "mizu-tapper"
TapperPodName = "mizu-tapper" ConfigMapName = "mizu-policy"
ConfigMapName = "mizu-policy"
) )
func GetMizuFolderPath() string { func GetMizuFolderPath() string {