mirror of
https://github.com/kubeshark/kubeshark.git
synced 2026-05-09 02:37:29 +00:00
0eb7883a47
* Rename `mizu` to `kubeshark` * Rename `up9inc` to `kubeshark` * Change the logo, title, motto and the main color * Replace the favicon * Update the docs link * Change the copyright text in C files * Remove a comment * Rewrite the `README.md` and update the logo and screenshots used in it * Add a `TODO` * Fix the grammar * Fix the bottom text in the filtering guide * Change the Docker Hub username of cross-compilation intermediate images * Add an install script * Fix `docker/login-action` in the CI * Delete `build-custom-branch.yml` GitHub workflow * Update `README.md` * Remove `install.sh` * Change the motto back to "Traffic viewer for Kubernetes"
104 lines
4.3 KiB
Go
104 lines
4.3 KiB
Go
package resources
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/kubeshark/kubeshark/cli/errormessage"
|
|
"github.com/kubeshark/kubeshark/cli/kubeshark"
|
|
"github.com/kubeshark/kubeshark/cli/uiUtils"
|
|
"github.com/kubeshark/kubeshark/logger"
|
|
"github.com/kubeshark/kubeshark/shared"
|
|
"github.com/kubeshark/kubeshark/shared/kubernetes"
|
|
"github.com/op/go-logging"
|
|
core "k8s.io/api/core/v1"
|
|
)
|
|
|
|
func CreateTapKubesharkResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, serializedKubesharkConfig string, isNsRestrictedMode bool, kubesharkResourcesNamespace string, agentImage string, maxEntriesDBSizeBytes int64, apiServerResources shared.Resources, imagePullPolicy core.PullPolicy, logLevel logging.Level, profiler bool) (bool, error) {
|
|
if !isNsRestrictedMode {
|
|
if err := createKubesharkNamespace(ctx, kubernetesProvider, kubesharkResourcesNamespace); err != nil {
|
|
return false, err
|
|
}
|
|
}
|
|
|
|
if err := createKubesharkConfigmap(ctx, kubernetesProvider, serializedKubesharkConfig, kubesharkResourcesNamespace); err != nil {
|
|
return false, err
|
|
}
|
|
|
|
kubesharkServiceAccountExists, err := createRBACIfNecessary(ctx, kubernetesProvider, isNsRestrictedMode, kubesharkResourcesNamespace, []string{"pods", "services", "endpoints"})
|
|
if err != nil {
|
|
logger.Log.Warningf(uiUtils.Warning, fmt.Sprintf("Failed to ensure the resources required for IP resolving. Kubeshark will not resolve target IPs to names. error: %v", errormessage.FormatError(err)))
|
|
}
|
|
|
|
var serviceAccountName string
|
|
if kubesharkServiceAccountExists {
|
|
serviceAccountName = kubernetes.ServiceAccountName
|
|
} else {
|
|
serviceAccountName = ""
|
|
}
|
|
|
|
opts := &kubernetes.ApiServerOptions{
|
|
Namespace: kubesharkResourcesNamespace,
|
|
PodName: kubernetes.ApiServerPodName,
|
|
PodImage: agentImage,
|
|
KratosImage: "",
|
|
KetoImage: "",
|
|
ServiceAccountName: serviceAccountName,
|
|
IsNamespaceRestricted: isNsRestrictedMode,
|
|
MaxEntriesDBSizeBytes: maxEntriesDBSizeBytes,
|
|
Resources: apiServerResources,
|
|
ImagePullPolicy: imagePullPolicy,
|
|
LogLevel: logLevel,
|
|
Profiler: profiler,
|
|
}
|
|
|
|
if err := createKubesharkApiServerPod(ctx, kubernetesProvider, opts); err != nil {
|
|
return kubesharkServiceAccountExists, err
|
|
}
|
|
|
|
_, err = kubernetesProvider.CreateService(ctx, kubesharkResourcesNamespace, kubernetes.ApiServerPodName, kubernetes.ApiServerPodName)
|
|
if err != nil {
|
|
return kubesharkServiceAccountExists, err
|
|
}
|
|
|
|
logger.Log.Debugf("Successfully created service: %s", kubernetes.ApiServerPodName)
|
|
|
|
return kubesharkServiceAccountExists, nil
|
|
}
|
|
|
|
func createKubesharkNamespace(ctx context.Context, kubernetesProvider *kubernetes.Provider, kubesharkResourcesNamespace string) error {
|
|
_, err := kubernetesProvider.CreateNamespace(ctx, kubesharkResourcesNamespace)
|
|
return err
|
|
}
|
|
|
|
func createKubesharkConfigmap(ctx context.Context, kubernetesProvider *kubernetes.Provider, serializedKubesharkConfig string, kubesharkResourcesNamespace string) error {
|
|
err := kubernetesProvider.CreateConfigMap(ctx, kubesharkResourcesNamespace, kubernetes.ConfigMapName, serializedKubesharkConfig)
|
|
return err
|
|
}
|
|
|
|
func createRBACIfNecessary(ctx context.Context, kubernetesProvider *kubernetes.Provider, isNsRestrictedMode bool, kubesharkResourcesNamespace string, resources []string) (bool, error) {
|
|
if !isNsRestrictedMode {
|
|
if err := kubernetesProvider.CreateKubesharkRBAC(ctx, kubesharkResourcesNamespace, kubernetes.ServiceAccountName, kubernetes.ClusterRoleName, kubernetes.ClusterRoleBindingName, kubeshark.RBACVersion, resources); err != nil {
|
|
return false, err
|
|
}
|
|
} else {
|
|
if err := kubernetesProvider.CreateKubesharkRBACNamespaceRestricted(ctx, kubesharkResourcesNamespace, kubernetes.ServiceAccountName, kubernetes.RoleName, kubernetes.RoleBindingName, kubeshark.RBACVersion); err != nil {
|
|
return false, err
|
|
}
|
|
}
|
|
|
|
return true, nil
|
|
}
|
|
|
|
func createKubesharkApiServerPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, opts *kubernetes.ApiServerOptions) error {
|
|
pod, err := kubernetesProvider.GetKubesharkApiServerPodObject(opts, false, "", false)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if _, err = kubernetesProvider.CreatePod(ctx, opts.Namespace, pod); err != nil {
|
|
return err
|
|
}
|
|
logger.Log.Debugf("Successfully created API server pod: %s", kubernetes.ApiServerPodName)
|
|
return nil
|
|
}
|