Initial implementation

.github/workflows/ci.yaml

@@ -3,16 +3,30 @@ on:
   pull_request:
   push:
     branches:
-    - 'main'
+      - main
 env:
-  go-version: "1.21"
+  cache-version: 1
 jobs:
   test:
-    name: Small tests
+    name: e2e
     runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-go@v4
-      with:
-        go-version: ${{ env.go-version }}
-    - run: make test
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v4
+        with:
+          go-version-file: go.mod
+      - name: Cache tools
+        id: cache-tools
+        uses: actions/cache@v3
+        with:
+          path: bin/download
+          key: cache-${{ env.cache-version }}-go-${{ hashFiles('go.mod') }}-${{ hashFiles('Makefile') }}
+      - name: Setup tools
+        if: steps.cache-tools.outputs.cache-hit != 'true'
+        run: make setup
+      - name: Run environment
+        run: make start
+        working-directory: e2e
+      - name: Install
+        run: make install
+        working-directory: e2e

Makefile

@@ -1,45 +1,57 @@
 BIN_DIR := $(shell pwd)/bin
-
-# Tool versions
-MDBOOK_VERSION = 0.4.35
-MDBOOK := $(BIN_DIR)/mdbook
+TOOLS_DIR := $(BIN_DIR)/download
+HELM_VERSION := 3.14.3
+KIND_VERSION := 0.22.0
+KUBECTL_VERSION := 1.29.3
+KUSTOMIZE_VERSION := 5.3.0
 
 # Test tools
-STATICCHECK = $(BIN_DIR)/staticcheck
+HELM := $(TOOLS_DIR)/helm
+KUBECTL := $(TOOLS_DIR)/kubectl
+KUSTOMIZE := $(TOOLS_DIR)/kustomize
+STATICCHECK := $(TOOLS_DIR)/staticcheck
 
 .PHONY: all
-all: test
+all: help
 
-.PHONY: book
-book: $(MDBOOK)
-	rm -rf docs/book
-	cd docs; $(MDBOOK) build
+##@ Basic
 
+.PHONY: help
+help: ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
-.PHONY: test
-test:
-	if find . -name go.mod | grep -q go.mod; then \
-		$(MAKE) test-go; \
-	fi
+.PHONY: setup
+setup: $(HELM) $(KUBECTL) $(KUSTOMIZE) ## Install necessary tools
+	GOBIN=$(TOOLS_DIR) go install sigs.k8s.io/kind@v$(KIND_VERSION)
+	$(HELM) repo add cilium https://helm.cilium.io/
+	$(HELM) repo update cilium
 
-.PHONY: test-go
-test-go: test-tools
-	test -z "$$(gofmt -s -l . | tee /dev/stderr)"
-	$(STATICCHECK) ./...
-	go install ./...
-	go test -race -v ./...
-	go vet ./...
+$(HELM):
+	mkdir -p $(TOOLS_DIR)
+	wget -qO - https://get.helm.sh/helm-v$(HELM_VERSION)-linux-amd64.tar.gz | tar zx -O linux-amd64/helm > $@
+	chmod +x $@
 
+$(KUBECTL):
+	mkdir -p $(TOOLS_DIR)
+	wget -qO $@ https://storage.googleapis.com/kubernetes-release/release/v$(KUBECTL_VERSION)/bin/linux/amd64/kubectl
+	chmod +x $@
 
-##@ Tools
+$(KUSTOMIZE):
+	mkdir -p $(TOOLS_DIR)
+	wget -qO - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv$(KUSTOMIZE_VERSION)/kustomize_v$(KUSTOMIZE_VERSION)_linux_amd64.tar.gz | tar zx -O kustomize > $@
+	chmod +x $@
 
-$(MDBOOK):
-	mkdir -p bin
-	curl -fsL https://github.com/rust-lang/mdBook/releases/download/v$(MDBOOK_VERSION)/mdbook-v$(MDBOOK_VERSION)-x86_64-unknown-linux-gnu.tar.gz | tar -C bin -xzf -
+.PHONY: build
+build:
+	mkdir -p $(BIN_DIR)
+	go build -o $(BIN_DIR)/cilium-policy main.go
 
-.PHONY: test-tools
-test-tools: $(STATICCHECK)
+.PHONY: clean
+clean:
+	rm -rf $(BIN_DIR)
 
-$(STATICCHECK):
-	mkdir -p $(BIN_DIR)
-	GOBIN=$(BIN_DIR) go install honnef.co/go/tools/cmd/staticcheck@latest
+.PHONY: test
+test:
+	if find . -name go.mod | grep -q go.mod; then \
+		$(MAKE) test-go; \
+	fi

README.md

@@ -3,8 +3,8 @@
 [![PkgGoDev](https://pkg.go.dev/badge/github.com/cybozu-go/cilium-policy-viewer?tab=overview)](https://pkg.go.dev/github.com/cybozu-go/cilium-policy-viewer?tab=overview)
 [![Go Report Card](https://goreportcard.com/badge/github.com/cybozu-go/cilium-policy-viewer)](https://goreportcard.com/report/github.com/cybozu-go/cilium-policy-viewer)
 
-Template repository for Neco
-============================
+Cilium Policy Viewer
+====================
 
 **Project Status**: Initial development
 

cmd/dump.go

@@ -0,0 +1,98 @@
+package cmd
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/spf13/cobra"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+)
+
+var dumpOptions struct {
+	namespace string
+}
+
+func init() {
+	dumpCmd.Flags().StringVarP(&dumpOptions.namespace, "namespace", "n", "", "namespace of a pod")
+	rootCmd.AddCommand(dumpCmd)
+}
+
+var dumpCmd = &cobra.Command{
+	Use:   "dump",
+	Short: "dump endpoint status",
+	Long:  `Dump endpoint status`,
+
+	Args: cobra.ExactArgs(1),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return runDump(context.Background(), args[0])
+	},
+}
+
+func runDump(ctx context.Context, name string) error {
+	config, err := rest.InClusterConfig()
+	if err != nil {
+		return err
+	}
+
+	clientset, _ := kubernetes.NewForConfig(config)
+	pod, err := clientset.CoreV1().Pods(dumpOptions.namespace).Get(ctx, name, metav1.GetOptions{})
+	if err != nil {
+		return err
+	}
+	node := pod.Spec.NodeName
+	proxy, err := clientset.CoreV1().Pods("kube-system").List(ctx, metav1.ListOptions{
+		FieldSelector: "spec.nodeName=" + node,
+		LabelSelector: "app.kubernetes.io/name=cilium-agent-proxy",
+	})
+	if err != nil {
+		return err
+	}
+	if len(proxy.Items) != 1 {
+		return errors.New("proxy not found")
+	}
+	proxyIP := proxy.Items[0].Status.PodIP
+
+	client, err := dynamic.NewForConfig(config)
+	if err != nil {
+		return err
+	}
+
+	gvr := schema.GroupVersionResource{
+		Group:    "cilium.io",
+		Version:  "v2",
+		Resource: "ciliumendpoints",
+	}
+	obj, err := client.Resource(gvr).Namespace(dumpOptions.namespace).Get(ctx, name, metav1.GetOptions{})
+	if err != nil {
+		return err
+	}
+
+	endpointID, found, err := unstructured.NestedInt64(obj.Object, "status", "id")
+	if err != nil {
+		return err
+	}
+	if !found {
+		return errors.New("endpoint not found")
+	}
+
+	url := fmt.Sprintf("http://%s:8080/v1/endpoint/%d", proxyIP, endpointID)
+	resp, err := http.Get(url)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+	fmt.Println(string(data))
+	return nil
+}

cmd/root.go

@@ -0,0 +1,17 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var rootCmd = &cobra.Command{}
+
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}

e2e/Makefile

@@ -0,0 +1,41 @@
+CILIUM_VERSION := 1.15.3
+
+BIN_DIR := $(shell pwd)/../bin
+TOOLS_DIR := $(BIN_DIR)/download
+CILIUM_POLICY := $(BIN_DIR)/cilium-policy
+HELM := $(TOOLS_DIR)/helm
+KIND := $(TOOLS_DIR)/kind
+KUBECTL := $(TOOLS_DIR)/kubectl
+KUSTOMIZE := $(TOOLS_DIR)/kustomize
+
+##@ Basic
+
+.PHONY: help
+help: ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Test
+
+.PHONY: start
+start:
+	docker pull quay.io/cilium/cilium:v$(CILIUM_VERSION)
+	$(KIND) create cluster --config cluster.yaml
+	$(KIND) load docker-image quay.io/cilium/cilium:v$(CILIUM_VERSION)
+	$(HELM) install cilium cilium/cilium --version $(CILIUM_VERSION) \
+		--namespace kube-system \
+		--set image.pullPolicy=IfNotPresent \
+		--set ipam.mode=kubernetes
+	$(KUSTOMIZE) build . | $(KUBECTL) apply -f -
+	$(KUBECTL) wait --for=condition=Available --all deployments --all-namespaces --timeout=1h
+	$(KUBECTL) wait --for=condition=Ready --all pods --all-namespaces --timeout=1h
+
+.PHONY: install
+install:
+	$(MAKE) -C ../ build
+	PODNAME=$$($(KUBECTL) get po -l app=ubuntu -o name | cut -d'/' -f2); \
+	$(KUBECTL) cp $(CILIUM_POLICY) $${PODNAME}:/tmp/; \
+	$(KUBECTL) exec $${PODNAME} -- chmod +x /tmp/cilium-policy
+
+.PHONY: stop
+stop:
+	$(KIND) delete cluster