feat(kumactl): added option to install transparent proxy with docker (#…

…5284) * feat(kumactl): added option to install transparent proxy with docker Signed-off-by: Łukasz Dziedziak <lukidzi@gmail.com> Signed-off-by: Łukasz Dziedziak <lukidzi@gmail.com>
kumahq · Nov 9, 2022 · 3517745 · 3517745
1 parent 12fb701
commit 3517745
Show file tree

Hide file tree

Showing 9 changed files with 18 additions and 5 deletions.
diff --git a/app/kumactl/cmd/completion/testdata/bash.golden b/app/kumactl/cmd/completion/testdata/bash.golden
@@ -4358,6 +4358,10 @@ _kumactl_install_transparent-proxy()
     local_nonpersistent_flags+=("--store-firewalld")
     flags+=("--verbose")
     local_nonpersistent_flags+=("--verbose")
+    flags+=("--vnet=")
+    two_word_flags+=("--vnet")
+    local_nonpersistent_flags+=("--vnet")
+    local_nonpersistent_flags+=("--vnet=")
     flags+=("--api-timeout=")
     two_word_flags+=("--api-timeout")
     flags+=("--config-file=")

diff --git a/app/kumactl/cmd/install/install_transparent_proxy.go b/app/kumactl/cmd/install/install_transparent_proxy.go
@@ -43,6 +43,7 @@ type transparentProxyArgs struct {
 	EbpfBPFFSPath                      string
 	EbpfCgroupPath                     string
 	EbpfTCAttachIface                  string
+	VnetNetworks                       []string
 }
 
 func newInstallTransparentProxy() *cobra.Command {
@@ -71,6 +72,7 @@ func newInstallTransparentProxy() *cobra.Command {
 		EbpfBPFFSPath:                      "/sys/fs/bpf",
 		EbpfCgroupPath:                     "/sys/fs/cgroup",
 		EbpfTCAttachIface:                  "",
+		VnetNetworks:                       []string{},
 	}
 	cmd := &cobra.Command{
 		Use:   "transparent-proxy",
@@ -205,6 +207,7 @@ runuser -u kuma-dp -- \
 
 	cmd.Flags().StringArrayVar(&args.ExcludeOutboundTCPPortsForUIDs, "exclude-outbound-tcp-ports-for-uids", []string{}, "tcp outbound ports to exclude for specific UIDs in a format of ports:uids where both ports and uids can be a single value, a list, a range or a combination of all, e.g. 3000-5000:103,104,106-108 would mean exclude ports from 3000 to 5000 for UIDs 103, 104, 106, 107, 108")
 	cmd.Flags().StringArrayVar(&args.ExcludeOutboundUDPPortsForUIDs, "exclude-outbound-udp-ports-for-uids", []string{}, "udp outbound ports to exclude for specific UIDs in a format of ports:uids where both ports and uids can be a single value, a list, a range or a combination of all, e.g. 3000-5000:103,104,106-108 would mean exclude ports from 3000 to 5000 for UIDs 103, 104, 106, 107, 108")
+	cmd.Flags().StringArrayVar(&args.VnetNetworks, "vnet", []string{}, "virtual networks in a format of interfaceNameRegex:CIDR split by ':' where interface name doesn't have to be exact name e.g. docker0:172.17.0.0/16, br+:172.18.0.0/16, iface:::1/64")
 
 	return cmd
 }
@@ -261,6 +264,7 @@ func configureTransparentProxy(cmd *cobra.Command, args *transparentProxyArgs) e
 		EbpfCgroupPath:                 args.EbpfCgroupPath,
 		EbpfTCAttachIface:              args.EbpfTCAttachIface,
 		EbpfProgramsSourcePath:         args.EbpfProgramsSourcePath,
+		VnetNetworks:                   args.VnetNetworks,
 		Stdout:                         cmd.OutOrStdout(),
 		Stderr:                         cmd.OutOrStderr(),
 	}

diff --git a/docs/generated/cmd/kumactl/kumactl_install_transparent-proxy.md b/docs/generated/cmd/kumactl/kumactl_install_transparent-proxy.md
@@ -86,6 +86,7 @@ kumactl install transparent-proxy [flags]
       --skip-dns-conntrack-zone-split                                                   skip applying conntrack zone splitting iptables rules
       --store-firewalld                                                                 store the iptables changes with firewalld
       --verbose                                                                         verbose
+      --vnet stringArray                                                                virtual networks in a format of interfaceNameRegex:CIDR split by ':' where interface name doesn't have to be exact name e.g. docker0:172.17.0.0/16, br+:172.18.0.0/16, iface:::1/64
 ```
 
 ### Options inherited from parent commands

diff --git a/go.mod b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/gruntwork-io/terratest v0.40.24
 	github.com/hoisie/mustache v0.0.0-20160804235033-6375acf62c69
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/kumahq/kuma-net v0.8.6
+	github.com/kumahq/kuma-net v0.8.7
 	github.com/kumahq/protoc-gen-kumadoc v0.3.1
 	github.com/lib/pq v1.10.7
 	github.com/miekg/dns v1.1.50

diff --git a/go.sum b/go.sum
@@ -1004,8 +1004,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/ktrysmt/go-bitbucket v0.6.4/go.mod h1:9u0v3hsd2rqCHRIpbir1oP7F58uo5dq19sBYvuMoyQ4=
 github.com/kumahq/gateway-api v0.0.0-20221019125100-747a4fedfd7a h1:szFGMVdySxtKAjCxO3JUncfr1JGWOIlQaqWnrTUJsBc=
 github.com/kumahq/gateway-api v0.0.0-20221019125100-747a4fedfd7a/go.mod h1:x0AP6gugkFV8fC/oTlnOMU0pnmuzIR8LfIPRVUjxSqA=
-github.com/kumahq/kuma-net v0.8.6 h1:/luArNTn/3LfQxK00D0FpAP3Shf5BkbXCqCfsGQcJ9s=
-github.com/kumahq/kuma-net v0.8.6/go.mod h1:aqhBHsY3LQCTvBOr7oU1r2hwjTn9vhXUKDJXJokkSCM=
+github.com/kumahq/kuma-net v0.8.7 h1:hsE4j7YZz5KJgmC82BSw+x+pCZLzEy5L7xuJy2WMkIY=
+github.com/kumahq/kuma-net v0.8.7/go.mod h1:aqhBHsY3LQCTvBOr7oU1r2hwjTn9vhXUKDJXJokkSCM=
 github.com/kumahq/protoc-gen-kumadoc v0.3.1 h1:tY2dGQJTYVGkhxAHN154fddcWDRy55Pl4+oLT+FhsHo=
 github.com/kumahq/protoc-gen-kumadoc v0.3.1/go.mod h1:F+c9RjgKlv1Q3UEoPJCtMJw8Fd+X5PfG5jlkTSfZOMA=
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=

diff --git a/pkg/transparentproxy/config/config.go b/pkg/transparentproxy/config/config.go
@@ -29,6 +29,7 @@ type TransparentProxyConfig struct {
 	EbpfCgroupPath                 string
 	EbpfTCAttachIface              string
 	EbpfProgramsSourcePath         string
+	VnetNetworks                   []string
 	Stdout                         io.Writer
 	Stderr                         io.Writer
 }
diff --git a/pkg/transparentproxy/transparentproxy_experimental.go b/pkg/transparentproxy/transparentproxy_experimental.go
@@ -168,6 +168,9 @@ func (tp *ExperimentalTransparentProxy) Setup(tpConfig *config.TransparentProxyC
 				Port:               agentDNSListenerPort,
 				ConntrackZoneSplit: !tpConfig.SkipDNSConntrackZoneSplit,
 			},
+			VNet: kumanet_config.VNet{
+				Networks: tpConfig.VnetNetworks,
+			},
 		},
 		Ebpf: kumanet_config.Ebpf{
 			Enabled:            tpConfig.EbpfEnabled,

diff --git a/tools/releases/distros.sh b/tools/releases/distros.sh
@@ -28,7 +28,7 @@ PULP_DIST_NAME="alpine"
 ENVOY_VERSION=$("${SCRIPT_DIR}/../envoy/version.sh")
 [ -z "$KUMA_CONFIG_PATH" ] && KUMA_CONFIG_PATH=pkg/config/app/kuma-cp/kuma-cp.defaults.yaml
 CTL_NAME="kumactl"
-[ -z "$EBPF_PROGRAMS_IMAGE" ] && EBPF_PROGRAMS_IMAGE="kumahq/kuma-net-ebpf:0.8.6"
+[ -z "$EBPF_PROGRAMS_IMAGE" ] && EBPF_PROGRAMS_IMAGE="kumahq/kuma-net-ebpf:0.8.7"
 
 function get_envoy() {
   local distro=$1

diff --git a/tools/releases/dockerfiles/Dockerfile.kuma-init b/tools/releases/dockerfiles/Dockerfile.kuma-init
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE_ARCH=amd64
 # When updatinng image version, remember to update it in tools/releases/distros.sh as well
-ARG EBPF_IMAGE=kumahq/kuma-net-ebpf:0.8.6
+ARG EBPF_IMAGE=kumahq/kuma-net-ebpf:0.8.7
 
 FROM --platform=linux/$BASE_IMAGE_ARCH $EBPF_IMAGE as ebpf
 FROM --platform=linux/$BASE_IMAGE_ARCH ubuntu:jammy