Update tappers via websocket instead of by env var. This way the DaemonSet doesn't have to be applied just to notify the tappers that the tap targets changed. The number of tapper restarts is reduced. The DaemonSet still gets applied when there is a need to add/remove a tapper from a node.
* initial tls tapper commit
* add tls flag to mizu cli
* support ssl_read_ex/ssl_write_ex
* use hostproc to find libssl
* auto discover tls processes
* support libssl1.0
* recompile ebpf with old clang/llvm
* Update tap/passive_tapper.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* Update tap/tlstapper/tls_poller.go
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
* upgrade ebpf go lib
* handling big tls messages
* fixing max buffer size in ebpf
* remove unused import
* fix linter issues
* minor pr fixes
* compile with old clang
* fix cgroup file format
* pr fixes + cgroup extract enhance
* fix linter
* adding indirect ebpf dep to agent go.mod
* adding ebpf docker builder
* minor pr fixes
* add req resp matcher to dissect
* rename ssl hooks to ssl hooks structs
* move to alpine, use local copy of mizu instead of git, add readme
* use global req resp mather for tls
Co-authored-by: M. Mert Yıldıran <mehmet@up9.com>
Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
* TRA-4235 Revert "Move Basenine binary into a separate container"
* Deploy the same agent image as a separate container for Basenine
Co-authored-by: Igor Gov <iggvrv@gmail.com>
* Enable acceptance tests
* Fix the acceptance tests and a typo in `CONFIGURATION.md`
* Include the container name into the log fetching function
* Duplicate the fix for the logs test
* Revert "Enable acceptance tests"
This reverts commit c10a67c293.
- Rename --istio flag to the more general --service-mesh
- Rename internal variables, consts and structures to reflect this conceptual change
- Update the docs accordingly
* Move Basenine binary into a separate container
* Set `WorkingDir` to `shared.DataDirPath` in the `basenine` container
* Use `consts.go` to set the Basenine image and port
* Bring back the `net-wait-go` usage to prevent startup failures
Motivation: Allow users to change the default RBAC resources (ServiceAccount, ClusterRole, ClusterRoleBinding, Role and RoleBinding) without having Mizu delete them every run.
Adds app.kubernetes.io/created-by and app.kubernetes.io/managed-by labels to all resources.
The value of app.kubernetes.io/created-by is either mizu-cli or mizu-agent.
The value of app.kubernetes.io/managed-by is mizu.
When Mizu cleans resources (ctrl-c in tap cmd or mizu clean cmd) it removes all RBAC resources that have managed-by=mizu, and only those.
A user may have a ClusterRole named mizu-clusterrole. If it doesn't have the label app.kubernetes.io/managed-by=mizu, then Mizu won't overwrite it and won't delete it.
Other resources (deployments, services etc.) are always removed, regardless of their labels.
* discover envoy pids using cluster ips
* add istio flag to cli + rename mtls flag to istio
* add istio.md to docs
* Fixing typos
* Fix minor typos and grammer in docs
Co-authored-by: Nimrod Gilboa Markevich <nimrod@up9.com>
Currently shared/kubernetes/watch.go:FilteredWatch only watches pods.
This PR makes it reusable for other types of resources.
This is done in preparation for watching k8s events.
* multiple netns listen - initial commit
* multiple netns listen - actual work
* remove redundant log line
* map /proc of host to tapper
* changing kubernetes provider again after big conflict
* revert node-sass version back to 5.0.0
* Rename host_source to hostSource
Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
* PR fixes - adding comment + typos + naming conventions
* go fmt + making procfs read only
* setns back to the original value after packet source initialized
Co-authored-by: gadotroee <55343099+gadotroee@users.noreply.github.com>
* WIP
* WIP
* WIP
* WIP
* WIP
* Update tapRunner.go and k8sTapManager.go
* Update cleanRunner.go, common.go, and 8 more files...
* Update common.go, tapConfig.go, and 2 more files...
* Update config.go, config.go, and 5 more files...
* Update tapRunner.go, config.go, and 7 more files...
* Update cleanRunner.go, logs.go, and 2 more files...
* Update k8sTapManager.go, provider.go, and watch.go
* Update go.sum, go.mod, and go.sum
* Update go.mod and go.sum
* Update go.mod, go.sum, and 2 more files...
* Revert "Update go.mod, go.sum, and 2 more files..."
This reverts commit 8140311349.
* Update funcWrappers.go, tapRunner.go, and 4 more files...
* Update main.go, tapRunner.go, and mizuTapperSyncer.go
