* feat: add timestamps falg to logs collector
Kubernetes logs can be transmitted with the captured timestamps. This is useful for containers that do not log with timestamps. So I'm exposing that as a flag.
* fix: update schemas
* Allowing more comperators for the http analyzer
* test
* Update pkg/analyze/host_http.go
Co-authored-by: Andrew Lavery <laverya@umich.edu>
---------
Co-authored-by: Andrew Lavery <laverya@umich.edu>
The OS version analyzer did not allow checking for things like "redhat 8.x" - this equates to >= 8 && < 9 in the new code.
Also, we previously only collected the OS name (like redhat, centos, or ubuntu) not the OS family (which would be rhel, rhel, and debian for the previous OSes) - this greatly reduces the number of cases required in an analyzer.
* save YAML spec of support bundle
* save YAML spec of preflight
* add unit test
* redact TLS private key by default in output spec
* update YAML path for HTTP TLS redactor
when templating the output of the namespace connectivity check we were
referring to the 'fromCIDR' as 'fromNamespace'. it makes way more sense
to refer to it as 'fromCIDR' as this is how it is provided in the input
for the collector.
as this is a brand new feature it is very unlikely that anyone is using
this feature (except for the embedded cluster that still needs to be
patched accodringly).
this is how the analyser were defined before:
```yaml
apiVersion: troubleshoot.sh/v1beta2
kind: HostPreflight
metadata:
name: ec-cluster-preflight
spec:
analyzers:
- networkNamespaceConnectivity:
collectorName: check-network-connectivity
outcomes:
- pass:
message: "Communication between {{ .FromNamespace }} and {{ .ToNamespace }} is working"
- fail:
message: "{{ .ErrorMessage }}"
```
and this is how it is now:
```yaml
apiVersion: troubleshoot.sh/v1beta2
kind: HostPreflight
metadata:
name: ec-cluster-preflight
spec:
analyzers:
- networkNamespaceConnectivity:
collectorName: check-network-connectivity
outcomes:
- pass:
message: "Communication between {{ .FromCIDR }} and {{ .ToCIDR }} is working"
- fail:
message: "{{ .ErrorMessage }}"
```
* fix remote host collection rbac checks
* move saveNodeList into collectRemoteHost function
* fix resource attribute list and retrieve namespace from kubeconfig
* revert change to set a default namespace from kubeconfig
* remove duplicate code
* feat: implement collector and analyser for network namespace connectivity
checks if two network namespaces can talk to each other on udp and tcp.
its usage is as follows:
```yaml
apiVersion: troubleshoot.sh/v1beta2
kind: SupportBundle
metadata:
name: test
spec:
hostCollectors:
- networkNamespaceConnectivity:
collectorName: check-network-connectivity
fromCIDR: 10.0.0.0/24
toCIDR: 10.0.1.0/24
hostAnalyzers:
- networkNamespaceConnectivity:
collectorName: check-network-connectivity
outcomes:
- pass:
message: "Communication between 10.0.0.0/24 and 10.0.1.0/24 is working"
- fail:
message: "Communication between 10.0.0.0/24 and 10.0.1.0/24 isn't working"
```
if this fails then you may need to enable `forwarding` with:
```bash
sysctl -w net.ipv4.ip_forward=1
```
if it still fails then you may need to configure firewalld to allow the
traffic or simply disable it for sake of testing.
* chore: rebuild schemas
* chore: remove unused property
* chore: disable namespaces for other platforms
* chore: make sure we timeout temporary servers
* feat: analyzer now supports multi-node collection
* feat: check both udp and tcp even on failure
check both protocols even if one fails. this pr commit also introduces a
timeout that can be set by the user.
* feat: add templating to the failure outcome
allow users to dump the errors found during the analysis.
* chore: addressing pr comments
* feat: delete interface pair before namespace
even though the interface pair is deleted everyttime we delete the
namespace on my tests we better delete it before we delete the
namespace.
this comes out of a review comment where some people seem to still be
able to see the interface pair even after the namespace is deleted.
i.e. better safe than sorry.
* chore: fix typo on comment
* Don't convert output bytes to string
This prevents binary files getting mangled when the collector ourput is being passed around between functions
* Update pkg/collect/runner.go
Co-authored-by: Evans Mungai <evans@replicated.com>
* organise imports
---------
Co-authored-by: Evans Mungai <evans@replicated.com>
In interactive mode, do not prompt users to save support
bundle analysis results. Users end up providing this file
instead of the support bundle archive. The analysis results
are contained in the support bundle archive already
Signed-off-by: Evans Mungai <evans@replicated.com>
* add a TLS parameter for cacert
* pass a ca cert into http request
* test preflight
* make schemas
* log extra information from http request
* pass a proxy into the collector spec
* hitting a segfault; breakpoint
* accept a dir, file, or a string-literal as CA
* move tls params into get, put, post methods
* test for cert untrusted response
* make generate
* make schemas
* more test cases
* make schemas
* dont include system certs
* make generate && make schemas
* resolve gosec G402 warning
* remove old check for system certs
* ignore errcheck "return value not checked" linter errors
