TRA-3317 Tap and show outbound traffic (#83)

* Tap outgoing: If --anydirection flag is passed with HOST_MODE, tap by source IP. * Moved ConnectionInfo from http_matcher to http_reader. * Generalized shouldTap in stream factory to get more properties. * tap reports IsOutgoing property of tcp connection. * gofmt. * CLI instructs tapper to tap outgoing connections. * API saves IsOutgoing to DB and passes it to UI. * Add a visual marker in the HAR list for outgoing messages. * Fixed: Swapped src and dst. * Resolver keeps a list of all ClusterIP services. * Do not save HARs with destination ClusterIP services. * CLI accepts flag that controls traffic direction. * Indicate incoming/outgoing with icon instead of with border color. * Fixed: Didn't filter messages to services in aggregator. * Clearer syntax around the direction icon. Added title text. * Fixed width around direction icon. * Less repetition. * Removed TODO. * Renamed incoming -> ingoing. * More verbose title text to image. * Switched routine order for readability.
2026-04-22 10:27:05 +00:00 · 2021-06-24 15:10:11 +03:00
parent f18f3da99c
commit 6f47ad862e
18 changed files with 171 additions and 58 deletions
--- a/cli/cmd/tap.go
+++ b/cli/cmd/tap.go
@@ -17,6 +17,7 @@ type MizuTapOptions struct {
 	MizuImage              string
 	MizuPodPort            uint16
 	PlainTextFilterRegexes []string
+	Direction              string
 }


@@ -39,6 +40,10 @@ var tapCmd = &cobra.Command{
 			return errors.New(fmt.Sprintf("%s is not a valid regex %s", args[0], err))
 		}

+		if mizuTapOptions.Direction != "in" && mizuTapOptions.Direction != "any" {
+			return errors.New(fmt.Sprintf("%s is not a valid value for flag --direction. Acceptable values are in/any.", mizuTapOptions.Direction))
+		}
+
 		RunMizuTap(regex, mizuTapOptions)
 		return nil
 	},
@@ -54,4 +59,5 @@ func init() {
 	tapCmd.Flags().StringVarP(&mizuTapOptions.MizuImage, "mizu-image", "", fmt.Sprintf("gcr.io/up9-docker-hub/mizu/%s:latest", mizu.Branch), "Custom image for mizu collector")
 	tapCmd.Flags().Uint16VarP(&mizuTapOptions.MizuPodPort, "mizu-port", "", 8899, "Port which mizu cli will attempt to forward from the mizu collector pod")
 	tapCmd.Flags().StringArrayVarP(&mizuTapOptions.PlainTextFilterRegexes, "regex-masking", "r", nil, "List of regex expressions that are used to filter matching values from text/plain http bodies")
+	tapCmd.Flags().StringVarP(&mizuTapOptions.Direction, "direction", "", "in", "Record traffic that goes in this direction (relative to the tapped pod): in/any")
 }
--- a/cli/cmd/tapRunner.go
+++ b/cli/cmd/tapRunner.go
@@ -60,8 +60,6 @@ func RunMizuTap(podRegexQuery *regexp.Regexp, tappingOptions *MizuTapOptions) {

 	//block until exit signal or error
 	waitForFinish(ctx, cancel)
-
-	// TODO handle incoming traffic from tapper using a channel
 }

 func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, tappingOptions *MizuTapOptions, mizuApiFilteringOptions *shared.TrafficFilteringOptions) error {
@@ -123,6 +121,7 @@ func createMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provi
 		fmt.Sprintf("%s.%s.svc.cluster.local", aggregatorService.Name, aggregatorService.Namespace),
 		nodeToTappedPodIPMap,
 		mizuServiceAccountExists,
+		tappingOptions.Direction,
 	); err != nil {
 		fmt.Printf("Error creating mizu tapper daemonset: %v\n", err)
 		return err
--- a/cli/kubernetes/provider.go
+++ b/cli/kubernetes/provider.go
@@ -226,19 +226,30 @@ func (provider *Provider) RemoveDaemonSet(ctx context.Context, namespace string,
 	return provider.clientSet.AppsV1().DaemonSets(namespace).Delete(ctx, daemonSetName, metav1.DeleteOptions{})
 }

-func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespace string, daemonSetName string, podImage string, tapperPodName string, aggregatorPodIp string, nodeToTappedPodIPMap map[string][]string, linkServiceAccount bool) error {
+func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespace string, daemonSetName string, podImage string, tapperPodName string, aggregatorPodIp string, nodeToTappedPodIPMap map[string][]string, linkServiceAccount bool, direction string) error {
 	nodeToTappedPodIPMapJsonStr, err := json.Marshal(nodeToTappedPodIPMap)
 	if err != nil {
 		return err
 	}

+	mizuCmd := []string{
+		"./mizuagent",
+		"-i", "any",
+		"--tap",
+		"--hardump",
+		"--aggregator-address", fmt.Sprintf("ws://%s/wsTapper", aggregatorPodIp),
+	}
+	if direction == "any" {
+		mizuCmd = append(mizuCmd, "--anydirection")
+	}
+
 	privileged := true
 	agentContainer := applyconfcore.Container()
 	agentContainer.WithName(tapperPodName)
 	agentContainer.WithImage(podImage)
 	agentContainer.WithImagePullPolicy(core.PullAlways)
 	agentContainer.WithSecurityContext(applyconfcore.SecurityContext().WithPrivileged(privileged))
-	agentContainer.WithCommand("./mizuagent", "-i", "any", "--tap", "--hardump", "--aggregator-address", fmt.Sprintf("ws://%s/wsTapper", aggregatorPodIp))
+	agentContainer.WithCommand(mizuCmd...)
 	agentContainer.WithEnv(
 		applyconfcore.EnvVar().WithName(shared.HostModeEnvVar).WithValue("1"),
 		applyconfcore.EnvVar().WithName(shared.TappedAddressesPerNodeDictEnvVar).WithValue(string(nodeToTappedPodIPMapJsonStr)),