wip

Signed-off-by: Daichi Sakaue <[email protected]>

Makefile

@@ -1,20 +1,39 @@
 BIN_DIR := $(shell pwd)/bin
-
-# Tool versions
-MDBOOK_VERSION = 0.4.35
-MDBOOK := $(BIN_DIR)/mdbook
+HELM_VERSION := 3.14.3
+KIND_VERSION := 0.22.0
 
 # Test tools
-STATICCHECK = $(BIN_DIR)/staticcheck
+HELM := $(BIN_DIR)/helm
+STATICCHECK := $(BIN_DIR)/staticcheck
 
 .PHONY: all
-all: test
+all: help
+
+##@ Basic
 
-.PHONY: book
-book: $(MDBOOK)
-	rm -rf docs/book
-	cd docs; $(MDBOOK) build
+.PHONY: help
+help: ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
+.PHONY: setup
+setup: $(HELM) ## Install necessary tools
+	GOBIN=$(BIN_DIR) go install sigs.k8s.io/kind@v$(KIND_VERSION)
+	$(HELM) repo add cilium https://helm.cilium.io/
+	$(HELM) repo update cilium
+
+$(HELM):
+	mkdir -p $(BIN_DIR)
+	wget -qO - https://get.helm.sh/helm-v$(HELM_VERSION)-linux-amd64.tar.gz | tar zx -O linux-amd64/helm > $@
+	chmod +x $@
+
+.PHONY: build
+build:
+	mkdir -p $(BIN_DIR)
+	go build -o $(BIN_DIR)/cilium-policy main.go
+
+.PHONY: clean
+clean:
+	rm -rf $(BIN_DIR)
 
 .PHONY: test
 test:
@@ -30,13 +49,8 @@ test-go: test-tools
 	go test -race -v ./...
 	go vet ./...
 
-
 ##@ Tools
 
-$(MDBOOK):
-	mkdir -p bin
-	curl -fsL https://github.com/rust-lang/mdBook/releases/download/v$(MDBOOK_VERSION)/mdbook-v$(MDBOOK_VERSION)-x86_64-unknown-linux-gnu.tar.gz | tar -C bin -xzf -
-
 .PHONY: test-tools
 test-tools: $(STATICCHECK)
 

README.md

@@ -3,8 +3,8 @@
 [![PkgGoDev](https://pkg.go.dev/badge/github.com/cybozu-go/cilium-policy-viewer?tab=overview)](https://pkg.go.dev/github.com/cybozu-go/cilium-policy-viewer?tab=overview)
 [![Go Report Card](https://goreportcard.com/badge/github.com/cybozu-go/cilium-policy-viewer)](https://goreportcard.com/report/github.com/cybozu-go/cilium-policy-viewer)
 
-Template repository for Neco
-============================
+Cilium Policy Viewer
+====================
 
 **Project Status**: Initial development
 

cmd/dump.go

@@ -0,0 +1,23 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+)
+
+var dumpCmd = &cobra.Command{
+	Use:   "dump",
+	Short: "dump endpoint status",
+	Long:  `Dump endpoint status`,
+
+	Args: cobra.ExactArgs(1),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		fmt.Println("Hello")
+		return nil
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(dumpCmd)
+}

cmd/root.go

@@ -0,0 +1,17 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var rootCmd = &cobra.Command{}
+
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}

e2e/Makefile

@@ -0,0 +1,27 @@
+CILIUM_VERSION := 1.15.3
+
+BIN_DIR := $(shell pwd)/../bin
+HELM := $(BIN_DIR)/helm
+KIND := $(BIN_DIR)/kind
+
+##@ Basic
+
+.PHONY: help
+help: ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Environment
+
+.PHONY: start
+start:
+	docker pull quay.io/cilium/cilium:v$(CILIUM_VERSION)
+	$(KIND) create cluster --config cluster.yaml
+	$(KIND) load docker-image quay.io/cilium/cilium:v$(CILIUM_VERSION)
+	$(HELM) install cilium cilium/cilium --version $(CILIUM_VERSION) \
+		--namespace kube-system \
+		--set image.pullPolicy=IfNotPresent \
+		--set ipam.mode=kubernetes
+
+.PHONY: stop
+stop:
+	$(KIND) delete cluster

e2e/cilium-agent-proxy.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  namespace: kube-system
+  name: cilium-agent-proxy
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: cilium-agent-proxy
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: cilium-agent-proxy
+    spec:
+      securityContext:
+        fsGroup: 0
+      containers:
+        - image: ghcr.io/cybozu/envoy
+          name: envoy
+          command: ["envoy", "-c", "/etc/envoy/envoy-config.yaml"]
+          args: []
+          volumeMounts:
+            - name: cilium-socket
+              mountPath: /var/run/cilium
+            - name: envoy-config
+              mountPath: /etc/envoy
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+      volumes:
+        - name: cilium-socket
+          hostPath:
+            path: /var/run/cilium
+        - name: envoy-config
+          configMap:
+            name: cilium-agent-proxy

e2e/cluster.yaml

@@ -0,0 +1,9 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+  - role: worker
+  - role: worker
+  - role: worker
+networking:
+  disableDefaultCNI: true

e2e/envoy-config.yaml

@@ -0,0 +1,49 @@
+static_resources:
+  listeners:
+    - name: cilium-agent-proxy
+      address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 8080
+      filter_chains:
+        - filters:
+          - name: envoy.http_connection_manager
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+              stat_prefix: ingress_http
+              http_filters:
+                - name: envoy.filters.http.router
+                  typed_config:
+                    "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+              route_config:
+                name: cilium-agent-proxy
+                virtual_hosts:
+                  - name: cilium-agent-proxy
+                    domains: ["*"]
+                    routes:
+                      - match:
+                          prefix: "/v1/endpoint/"
+                          headers:
+                            - name: ":method"
+                              string_match:
+                                exact: "GET"
+                        route:
+                          cluster: cilium-agent-proxy
+                      - match:
+                          prefix: "/v1/identity/"
+                          headers:
+                            - name: ":method"
+                              string_match:
+                                exact: "GET"
+                        route:
+                          cluster: cilium-agent-proxy
+  clusters:
+    - name: cilium-agent-proxy
+      load_assignment:
+        cluster_name: cilium-agent-proxy
+        endpoints:
+          - lb_endpoints:
+            - endpoint:
+                address:
+                  pipe:
+                    path: /var/run/cilium/cilium.sock

e2e/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+  - cilium-agent-proxy.yaml
+  - ubuntu.yaml
+configMapGenerator:
+  - namespace: kube-system
+    name: cilium-agent-proxy
+    files:
+      - envoy-config.yaml
+images:
+  - name: ghcr.io/cybozu/envoy
+    newTag: 1.28.1.1

e2e/ubuntu.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ubuntu
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: ubuntu
+  template:
+    metadata:
+      labels:
+        app: ubuntu
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+      containers:
+        - name: ubuntu
+          args:
+            - pause
+          image: ghcr.io/cybozu/ubuntu-debug:22.04

go.mod

@@ -0,0 +1,10 @@
+module github.com/cybozu-go/cilium-policy-viewer
+
+go 1.22.1
+
+require github.com/spf13/cobra v1.8.0
+
+require (
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+)

go.sum

@@ -0,0 +1,10 @@
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -0,0 +1,9 @@
+package main
+
+import (
+	"github.com/cybozu-go/cilium-policy-viewer/cmd"
+)
+
+func main() {
+	cmd.Execute()
+}