From cdc821270da231359ec9b24a320e59d5f99156bf Mon Sep 17 00:00:00 2001 From: Daichi Sakaue Date: Mon, 1 Apr 2024 16:49:06 +0900 Subject: [PATCH] wip Signed-off-by: Daichi Sakaue --- Makefile | 44 +++++++++++++++++++++------------ README.md | 4 +-- cmd/dump.go | 23 +++++++++++++++++ cmd/root.go | 17 +++++++++++++ e2e/Makefile | 27 ++++++++++++++++++++ e2e/cilium-agent-proxy.yaml | 37 ++++++++++++++++++++++++++++ e2e/cluster.yaml | 9 +++++++ e2e/envoy-config.yaml | 49 +++++++++++++++++++++++++++++++++++++ e2e/kustomization.yaml | 14 +++++++++++ e2e/ubuntu.yaml | 22 +++++++++++++++++ go.mod | 10 ++++++++ go.sum | 10 ++++++++ main.go | 9 +++++++ 13 files changed, 258 insertions(+), 17 deletions(-) create mode 100644 cmd/dump.go create mode 100644 cmd/root.go create mode 100644 e2e/Makefile create mode 100644 e2e/cilium-agent-proxy.yaml create mode 100644 e2e/cluster.yaml create mode 100644 e2e/envoy-config.yaml create mode 100644 e2e/kustomization.yaml create mode 100644 e2e/ubuntu.yaml create mode 100644 go.mod create mode 100644 go.sum create mode 100644 main.go diff --git a/Makefile b/Makefile index 22b6098..d613b2e 100644 --- a/Makefile +++ b/Makefile @@ -1,20 +1,39 @@ BIN_DIR := $(shell pwd)/bin - -# Tool versions -MDBOOK_VERSION = 0.4.35 -MDBOOK := $(BIN_DIR)/mdbook +HELM_VERSION := 3.14.3 +KIND_VERSION := 0.22.0 # Test tools -STATICCHECK = $(BIN_DIR)/staticcheck +HELM := $(BIN_DIR)/helm +STATICCHECK := $(BIN_DIR)/staticcheck .PHONY: all -all: test +all: help + +##@ Basic -.PHONY: book -book: $(MDBOOK) - rm -rf docs/book - cd docs; $(MDBOOK) build +.PHONY: help +help: ## Display this help + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) +.PHONY: setup +setup: $(HELM) ## Install necessary tools + GOBIN=$(BIN_DIR) go install sigs.k8s.io/kind@v$(KIND_VERSION) + $(HELM) repo add cilium https://helm.cilium.io/ + $(HELM) repo update cilium + +$(HELM): + mkdir -p $(BIN_DIR) + wget -qO - https://get.helm.sh/helm-v$(HELM_VERSION)-linux-amd64.tar.gz | tar zx -O linux-amd64/helm > $@ + chmod +x $@ + +.PHONY: build +build: + mkdir -p $(BIN_DIR) + go build -o $(BIN_DIR)/cilium-policy main.go + +.PHONY: clean +clean: + rm -rf $(BIN_DIR) .PHONY: test test: @@ -30,13 +49,8 @@ test-go: test-tools go test -race -v ./... go vet ./... - ##@ Tools -$(MDBOOK): - mkdir -p bin - curl -fsL https://github.com/rust-lang/mdBook/releases/download/v$(MDBOOK_VERSION)/mdbook-v$(MDBOOK_VERSION)-x86_64-unknown-linux-gnu.tar.gz | tar -C bin -xzf - - .PHONY: test-tools test-tools: $(STATICCHECK) diff --git a/README.md b/README.md index 23bd1c6..55bd4d4 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,8 @@ [![PkgGoDev](https://pkg.go.dev/badge/github.com/cybozu-go/cilium-policy-viewer?tab=overview)](https://pkg.go.dev/github.com/cybozu-go/cilium-policy-viewer?tab=overview) [![Go Report Card](https://goreportcard.com/badge/github.com/cybozu-go/cilium-policy-viewer)](https://goreportcard.com/report/github.com/cybozu-go/cilium-policy-viewer) -Template repository for Neco -============================ +Cilium Policy Viewer +==================== **Project Status**: Initial development diff --git a/cmd/dump.go b/cmd/dump.go new file mode 100644 index 0000000..c47f6bc --- /dev/null +++ b/cmd/dump.go @@ -0,0 +1,23 @@ +package cmd + +import ( + "fmt" + + "github.com/spf13/cobra" +) + +var dumpCmd = &cobra.Command{ + Use: "dump", + Short: "dump endpoint status", + Long: `Dump endpoint status`, + + Args: cobra.ExactArgs(1), + RunE: func(cmd *cobra.Command, args []string) error { + fmt.Println("Hello") + return nil + }, +} + +func init() { + rootCmd.AddCommand(dumpCmd) +} diff --git a/cmd/root.go b/cmd/root.go new file mode 100644 index 0000000..0ddc1aa --- /dev/null +++ b/cmd/root.go @@ -0,0 +1,17 @@ +package cmd + +import ( + "fmt" + "os" + + "github.com/spf13/cobra" +) + +var rootCmd = &cobra.Command{} + +func Execute() { + if err := rootCmd.Execute(); err != nil { + fmt.Println(err) + os.Exit(1) + } +} diff --git a/e2e/Makefile b/e2e/Makefile new file mode 100644 index 0000000..8285cb3 --- /dev/null +++ b/e2e/Makefile @@ -0,0 +1,27 @@ +CILIUM_VERSION := 1.15.3 + +BIN_DIR := $(shell pwd)/../bin +HELM := $(BIN_DIR)/helm +KIND := $(BIN_DIR)/kind + +##@ Basic + +.PHONY: help +help: ## Display this help + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Environment + +.PHONY: start +start: + docker pull quay.io/cilium/cilium:v$(CILIUM_VERSION) + $(KIND) create cluster --config cluster.yaml + $(KIND) load docker-image quay.io/cilium/cilium:v$(CILIUM_VERSION) + $(HELM) install cilium cilium/cilium --version $(CILIUM_VERSION) \ + --namespace kube-system \ + --set image.pullPolicy=IfNotPresent \ + --set ipam.mode=kubernetes + +.PHONY: stop +stop: + $(KIND) delete cluster diff --git a/e2e/cilium-agent-proxy.yaml b/e2e/cilium-agent-proxy.yaml new file mode 100644 index 0000000..80344a7 --- /dev/null +++ b/e2e/cilium-agent-proxy.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + namespace: kube-system + name: cilium-agent-proxy +spec: + selector: + matchLabels: + app.kubernetes.io/name: cilium-agent-proxy + template: + metadata: + labels: + app.kubernetes.io/name: cilium-agent-proxy + spec: + securityContext: + fsGroup: 0 + containers: + - image: ghcr.io/cybozu/envoy + name: envoy + command: ["envoy", "-c", "/etc/envoy/envoy-config.yaml"] + args: [] + volumeMounts: + - name: cilium-socket + mountPath: /var/run/cilium + - name: envoy-config + mountPath: /etc/envoy + securityContext: + capabilities: + drop: + - ALL + volumes: + - name: cilium-socket + hostPath: + path: /var/run/cilium + - name: envoy-config + configMap: + name: cilium-agent-proxy diff --git a/e2e/cluster.yaml b/e2e/cluster.yaml new file mode 100644 index 0000000..31f1ab9 --- /dev/null +++ b/e2e/cluster.yaml @@ -0,0 +1,9 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: + - role: control-plane + - role: worker + - role: worker + - role: worker +networking: + disableDefaultCNI: true diff --git a/e2e/envoy-config.yaml b/e2e/envoy-config.yaml new file mode 100644 index 0000000..21fddfb --- /dev/null +++ b/e2e/envoy-config.yaml @@ -0,0 +1,49 @@ +static_resources: + listeners: + - name: cilium-agent-proxy + address: + socket_address: + address: 0.0.0.0 + port_value: 8080 + filter_chains: + - filters: + - name: envoy.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + http_filters: + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + route_config: + name: cilium-agent-proxy + virtual_hosts: + - name: cilium-agent-proxy + domains: ["*"] + routes: + - match: + prefix: "/v1/endpoint/" + headers: + - name: ":method" + string_match: + exact: "GET" + route: + cluster: cilium-agent-proxy + - match: + prefix: "/v1/identity/" + headers: + - name: ":method" + string_match: + exact: "GET" + route: + cluster: cilium-agent-proxy + clusters: + - name: cilium-agent-proxy + load_assignment: + cluster_name: cilium-agent-proxy + endpoints: + - lb_endpoints: + - endpoint: + address: + pipe: + path: /var/run/cilium/cilium.sock diff --git a/e2e/kustomization.yaml b/e2e/kustomization.yaml new file mode 100644 index 0000000..1dfb016 --- /dev/null +++ b/e2e/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - cilium-agent-proxy.yaml + - ubuntu.yaml +configMapGenerator: + - namespace: kube-system + name: cilium-agent-proxy + files: + - envoy-config.yaml +images: + - name: ghcr.io/cybozu/envoy + newTag: 1.28.1.1 diff --git a/e2e/ubuntu.yaml b/e2e/ubuntu.yaml new file mode 100644 index 0000000..e26830b --- /dev/null +++ b/e2e/ubuntu.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ubuntu +spec: + replicas: 1 + selector: + matchLabels: + app: ubuntu + template: + metadata: + labels: + app: ubuntu + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + containers: + - name: ubuntu + args: + - pause + image: ghcr.io/cybozu/ubuntu-debug:22.04 diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..b38ab65 --- /dev/null +++ b/go.mod @@ -0,0 +1,10 @@ +module github.com/cybozu-go/cilium-policy-viewer + +go 1.22.1 + +require github.com/spf13/cobra v1.8.0 + +require ( + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..d0e8c2c --- /dev/null +++ b/go.sum @@ -0,0 +1,10 @@ +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/main.go b/main.go new file mode 100644 index 0000000..5a8ab97 --- /dev/null +++ b/main.go @@ -0,0 +1,9 @@ +package main + +import ( + "github.com/cybozu-go/cilium-policy-viewer/cmd" +) + +func main() { + cmd.Execute() +}