mirror of
https://github.com/lucky-sideburn/kubeinvaders.git
synced 2026-04-06 18:36:52 +00:00
129 lines
4.5 KiB
Lua
129 lines
4.5 KiB
Lua
local https = require "ssl.https"
|
|
local ltn12 = require "ltn12"
|
|
local json = require 'lunajson'
|
|
local redis = require "resty.redis"
|
|
local red = redis:new()
|
|
local okredis, errredis = red:connect("unix:/tmp/redis.sock")
|
|
local k8s_url = ""
|
|
local kube_host = os.getenv("KUBERNETES_SERVICE_HOST")
|
|
local kube_port = os.getenv("KUBERNETES_SERVICE_PORT_HTTPS")
|
|
local endpoint = os.getenv("ENDPOINT")
|
|
local req_headers = ngx.req.get_headers()
|
|
local target = arg["target"] or req_headers["x-k8s-target"] or req_headers["X-K8S-Target"]
|
|
local token = req_headers["x-k8s-token"] or req_headers["X-K8S-Token"] or tostring(os.getenv("TOKEN") or "")
|
|
local ca_cert_b64 = req_headers["x-k8s-ca-cert-b64"] or req_headers["X-K8S-CA-CERT-B64"]
|
|
|
|
if kube_host and kube_host ~= "" then
|
|
local port_suffix = ""
|
|
if kube_port and kube_port ~= "" then
|
|
port_suffix = ":" .. kube_port
|
|
end
|
|
k8s_url = "https://" .. kube_host .. port_suffix
|
|
else
|
|
k8s_url = endpoint or ""
|
|
end
|
|
|
|
if target and target ~= "" then
|
|
if not string.match(target, "^https?://") then
|
|
target = "https://" .. target
|
|
end
|
|
k8s_url = string.gsub(target, "/+$", "")
|
|
end
|
|
|
|
if not string.match(k8s_url, "^https?://") then
|
|
k8s_url = "https://" .. k8s_url
|
|
end
|
|
|
|
k8s_url = string.gsub(k8s_url, "/+$", "")
|
|
|
|
if k8s_url == "" then
|
|
ngx.status = 500
|
|
ngx.say("Missing Kubernetes endpoint configuration. Set KUBERNETES_SERVICE_HOST or ENDPOINT.")
|
|
ngx.exit(ngx.OK)
|
|
end
|
|
|
|
if token == "" then
|
|
ngx.status = 500
|
|
ngx.say("Missing Kubernetes API token configuration.")
|
|
ngx.exit(ngx.OK)
|
|
end
|
|
|
|
if okredis then
|
|
ngx.log(ngx.INFO, "Connection to Redis is ok")
|
|
else
|
|
ngx.log(ngx.INFO, errredis)
|
|
ngx.say("Connection to Redis is not ok")
|
|
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) -- 500 Internal Server Error
|
|
end
|
|
|
|
ngx.header['Access-Control-Allow-Origin'] = '*'
|
|
ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
|
|
ngx.header['Access-Control-Allow-Headers'] = 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'
|
|
ngx.header['Access-Control-Expose-Headers'] = 'Content-Length,Content-Range';
|
|
ngx.req.read_body()
|
|
|
|
local arg = ngx.req.get_uri_args()
|
|
local body_data = ngx.req.get_body_data()
|
|
|
|
ngx.log(ngx.INFO, "[PROGRAMMING_MODE] Payload sent by client: " .. body_data)
|
|
|
|
math.randomseed(os.clock()*100000000000)
|
|
local rand = math.random(999, 9999)
|
|
file_name = "/tmp/experiments-".. rand ..".yaml"
|
|
file = io.open(file_name, "w")
|
|
io.output(file)
|
|
io.write(body_data)
|
|
io.close(file)
|
|
|
|
ngx.log(ngx.INFO, "[PROGRAMMING_MODE] Set programming_mode Redis key to 1")
|
|
red:set("programming_mode", "1")
|
|
|
|
ngx.log(ngx.INFO, "[PROGRAMMING_MODE] Set logs_enabled for " .. arg['id'] .. " as Redis key")
|
|
red:set("logs_enabled:" .. arg['id'], "1")
|
|
red:expire("logs_enabled:" .. arg['id'], "10")
|
|
|
|
|
|
ngx.log(ngx.INFO, "[PROGRAMMING_MODE] Checking if " .. file_name .. " is a valid YAML file")
|
|
local handle = io.popen("python3 -c 'import yaml, sys; print(yaml.safe_load(sys.stdin))' < " .. file_name .. " ; echo $? > " .. file_name .. ".check")
|
|
local result = handle:read("*a")
|
|
|
|
handle = io.popen("cat " .. file_name .. ".check")
|
|
result = handle:read("*a")
|
|
ngx.log(ngx.INFO, "[PROGRAMMING_MODE] Exit code for checking YAML syntax of " .. file_name .. " is " .. result)
|
|
|
|
if result == "0\n" then
|
|
ngx.log(ngx.INFO, "[PROGRAMMING_MODE] YAML Syntax is OK")
|
|
else
|
|
ngx.log(ngx.INFO, "[PROGRAMMING_MODE] YAML Syntax is NOT OK")
|
|
handle = io.popen("rm -f " .. file_name .. ".check")
|
|
handle:read("*a")
|
|
handle = io.popen("rm -f " .. file_name)
|
|
handle:read("*a")
|
|
ngx.status = 400
|
|
ngx.say("Invalid YAML Chaos Program")
|
|
end
|
|
|
|
ngx.log(ngx.INFO, "[PROGRAMMING_MODE] Starting Chaos Program using /opt/programming_mode/start.py")
|
|
local ca_cert_env = ""
|
|
if ca_cert_b64 and ca_cert_b64 ~= "" then
|
|
ca_cert_env = ca_cert_b64
|
|
end
|
|
local token_b64 = ngx.encode_base64(token)
|
|
handle = io.popen("K8S_TOKEN_B64='" .. token_b64 .. "' K8S_CA_CERT_B64='" .. ca_cert_env .. "' python3 /opt/programming_mode/start.py " .. file_name .. " " .. k8s_url .. "; echo $? > " .. file_name .. ".check")
|
|
result = handle:read("*a")
|
|
ngx.log(ngx.INFO, "[PROGRAMMING_MODE] Output for starting Chaos Program is " .. result)
|
|
handle = io.popen("cat " .. file_name .. ".check")
|
|
result = handle:read("*a")
|
|
|
|
if result == "0\n" then
|
|
ngx.log(ngx.INFO, "[PROGRAMMING_MODE] Chaos program successfully loaded")
|
|
ngx.say("[PROGRAMMING_MODE] Chaos program successfully loaded")
|
|
ngx.exit(ngx.HTTP_OK) -- 200 OK
|
|
else
|
|
handle = io.popen("rm -f " .. file_name .. ".check")
|
|
handle:read("*a")
|
|
ngx.status = 500
|
|
ngx.say("[PROGRAMMING_MODE] Error in loading Chaos Program. Please check the YAML syntax of kubeinvaders logs" .. result)
|
|
end
|
|
|