diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000..94143827e --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..50ae1de72 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,31 @@ +FROM golang:alpine as build + +WORKDIR /go/src/github.com/networkservicemesh/sdk + +COPY go.mod go.sum ./ +COPY ./pkg/imports/ ./pkg/imports/ +RUN go build ./pkg/imports/ + +COPY . . +RUN go install -v github.com/networkservicemesh/sdk/cmd/icmp-server +RUN go install -v github.com/networkservicemesh/sdk/cmd/icmp-client +RUN go install -v github.com/networkservicemesh/sdk/cmd/healthcheck +RUN go install -v github.com/networkservicemesh/sdk/cmd/nsmgr +RUN go install -v github.com/networkservicemesh/sdk/cmd/registry + +FROM alpine as runtime + +RUN apk update +RUN apk add tmux + +RUN mkdir -p /run/networkservicemesh/ + +COPY --from=build /go/bin/icmp-server /bin/icmp-server +COPY --from=build /go/bin/icmp-client /bin/icmp-client +COPY --from=build /go/bin/healthcheck /bin/healthcheck +COPY --from=build /go/bin/nsmgr /bin/nsmgr +COPY --from=build /go/bin/registry /bin/registry +COPY --from=build /go/src/github.com/networkservicemesh/sdk/run.sh /bin/run.sh +RUN chmod +x /bin/run.sh + +CMD /bin/icmp-server diff --git a/cmd/healthcheck/main.go b/cmd/healthcheck/main.go new file mode 100644 index 000000000..b9800a77a --- /dev/null +++ b/cmd/healthcheck/main.go @@ -0,0 +1,84 @@ +package main + +import ( + "context" + "github.com/networkservicemesh/api/pkg/api/networkservice" + "github.com/networkservicemesh/sdk/pkg/tools/flags" + "github.com/networkservicemesh/sdk/pkg/tools/log" + "github.com/networkservicemesh/sdk/pkg/tools/spiffeutils" + "github.com/spf13/pflag" + "github.com/spiffe/go-spiffe/spiffe" + "google.golang.org/grpc" + healthgrpc "google.golang.org/grpc/health/grpc_health_v1" + healthpb "google.golang.org/grpc/health/grpc_health_v1" + "net/url" + "os" + "sync" + "time" +) + +func main() { + ctx := context.Background() + + flagSet := pflag.FlagSet{} + Flags(&flagSet) + + populateFromEnv := flags.FromEnv(flags.EnvPrefix, flags.EnvReplacer, &flagSet) + populateFromEnv() + + err := flagSet.Parse(os.Args) + if err != nil { + log.Entry(ctx).Fatalln(err) + } + + tlsPeer, err := spiffeutils.NewTLSPeer(spiffe.WithWorkloadAPIAddr("unix:/run/spire/sockets/agent.sock")) + + monitor, err := grpc.DialContext(ctx,"unix://" + ListenOnURL.String(),spiffeutils.WithSpiffe(tlsPeer,10 * time.Second), grpc.WithBlock()) + + hC := healthgrpc.NewHealthClient(monitor) + + wg := &sync.WaitGroup{} + wg.Add(1) + + go func() { + for { + resp, err := hC.Check(ctx, &healthpb.HealthCheckRequest{ + Service: "connection.MonitorConnection", + }) + if err != nil { + log.Entry(ctx).Fatalf("hC check failed", &hC, err) + } + log.Entry(ctx).Println("resp status", resp) + + time.Sleep(5 * time.Second) + } + }() + + monitorClient := networkservice.NewMonitorConnectionClient(monitor) + + mCC, err := monitorClient.MonitorConnections(ctx, &networkservice.MonitorScopeSelector{ + PathSegments: nil, + }) + if err != nil { + log.Entry(ctx).Fatalf("mcc failed", &mCC, err) + } + + go func() { + log.Entry(ctx).Println("attempting to monitor") + log.Entry(ctx).Println(mCC.Recv()) + }() + wg.Wait() +} + +var Name string +var BaseDir string +var ListenOnURL url.URL +var ConnectToURL url.URL + +func Flags(f *pflag.FlagSet) { + // Standard NSM flags + f.StringVarP(&Name, flags.NameKey, flags.NameShortHand, "icmp-responder", flags.NameUsageDefault) + f.StringVarP(&BaseDir, flags.BaseDirKey, flags.BaseDirShortHand, flags.BaseDirDefault, flags.BaseDirUsageDefault) + flags.URLVarP(f, &ListenOnURL, flags.ListenOnURLKey, flags.ListenOnURLShortHand, &url.URL{Scheme: flags.ListenOnURLSchemeDefault, Path: flags.ListenOnURLPathDefault}, flags.ListenOnURLUsageDefault) + flags.URLVarP(f, &ConnectToURL, flags.ConnectToURLKey, flags.ConnectToURLShortHand, &url.URL{Scheme: flags.ConnectToURLSchemeDefault, Path: flags.ConnectToURLPathDefault}, flags.ConnectToURLUsageDefault) +} diff --git a/cmd/icmp-client/main.go b/cmd/icmp-client/main.go new file mode 100644 index 000000000..425f5194f --- /dev/null +++ b/cmd/icmp-client/main.go @@ -0,0 +1,154 @@ +package main + +import ( + "context" + "github.com/networkservicemesh/api/pkg/api/networkservice" + "github.com/networkservicemesh/sdk/pkg/networkservice/chains/client" + "github.com/networkservicemesh/sdk/pkg/tools/flags" + "github.com/spf13/pflag" + "github.com/spiffe/go-spiffe/spiffe" + "net/url" + "os" + "strings" + "time" + + "google.golang.org/grpc" + + "github.com/networkservicemesh/sdk/pkg/tools/log" + "github.com/networkservicemesh/sdk/pkg/tools/spiffeutils" +) + +var Name string +var BaseDir string +var ListenOnURL url.URL +var ConnectToURL url.URL + +var CidrPrefix string + +func main() { + ctx := context.Background() + + flagSet := pflag.FlagSet{} + Flags(&flagSet) + + populateFromEnv := flags.FromEnv(flags.EnvPrefix, flags.EnvReplacer, &flagSet) + populateFromEnv() + + err := flagSet.Parse(os.Args) + if err != nil { + log.Entry(ctx).Fatalln(err) + } + + log.Entry(ctx).Printf("Args: %s", os.Args) + log.Entry(ctx).Printf("Name: %s", Name) + log.Entry(ctx).Printf("BaseDir: %s", BaseDir) + log.Entry(ctx).Printf("ListenOnURL: %s", ListenOnURL) + log.Entry(ctx).Printf("ConnectToURL: %s", ConnectToURL) + log.Entry(ctx).Printf("CIDR Prefix: %s", CidrPrefix) + + log.Entry(ctx).Println() + for _, e := range os.Environ() { + pair := strings.SplitN(e, "=", 2) + log.Entry(ctx).Printf("ENV: %q", pair) + } + + tlsPeer, err := spiffeutils.NewTLSPeer(spiffe.WithWorkloadAPIAddr("unix:/run/spire/sockets/agent.sock")) + if err != nil { + log.Entry(ctx).Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) + } + tlsPeer.WaitUntilReady(ctx) + cert, err := tlsPeer.GetCertificate() + if err != nil { + log.Entry(ctx).Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) + } + svid, err := spiffeutils.SpiffeIDFromTLS(cert) + log.Entry(ctx).Println("svid: ", svid) + log.Entry(ctx).Println("cert id: ", svid) + + cc, err := grpc.DialContext(ctx, ConnectToURL.String(), spiffeutils.WithSpiffe(tlsPeer, 10*time.Second), grpc.WithBlock()) + if err != nil { + log.Entry(ctx).Fatalf("failed to connect on %q: %+v", &ConnectToURL, err) + } + + defer cc.Close() + + //nsc := networkservice.NewNetworkServiceClient(cc) + nsc := client.NewClient(ctx, "", nil, spiffeutils.SpiffeJWTTokenGeneratorFunc(tlsPeer.GetCertificate, 10*time.Second), cc) + + request := &networkservice.NetworkServiceRequest{ + Connection: &networkservice.Connection{ + NetworkService: "icmp-responder", + }, + } + + nsc.Request(ctx, request) + //request := &networkservice.NetworkServiceRequest{ + // Connection: &networkservice.Connection{ + // Id: "nsc", + // NetworkService: "icmp-responder", + // Path: &networkservice.Path{ + // Index: 0, + // PathSegments: networkservice.PathSegment{ + // Name: "", + // Id: "", + // Token: "", + // Expires: nil, + // Metrics: nil, + // XXX_NoUnkeyedLiteral: struct{}{}, + // XXX_unrecognized: nil, + // XXX_sizecache: 0, + // }, + // }, + // }, + //} + //conn, err := nsc.Request(ctx, request) + //if err != nil { + // log.Entry(ctx).Fatalln("unable to request network service:", err) + //} + //defer nsc.Close(ctx, conn) + + if ctx.Err() != nil { + log.Entry(ctx).Warnf(ctx.Err().Error()) + } + log.Entry(ctx).Warnf("complete!") +} + +func Flags(f *pflag.FlagSet) { + // Standard NSM flags + f.StringVarP(&Name, flags.NameKey, flags.NameShortHand, "icmp-responder", flags.NameUsageDefault) + f.StringVarP(&BaseDir, flags.BaseDirKey, flags.BaseDirShortHand, flags.BaseDirDefault, flags.BaseDirUsageDefault) + flags.URLVarP(f, &ListenOnURL, flags.ListenOnURLKey, flags.ListenOnURLShortHand, &url.URL{Scheme: flags.ListenOnURLSchemeDefault, Path: flags.ListenOnURLPathDefault}, flags.ListenOnURLUsageDefault) + flags.URLVarP(f, &ConnectToURL, flags.ConnectToURLKey, flags.ConnectToURLShortHand, &url.URL{Scheme: flags.ConnectToURLSchemeDefault, Path: flags.ConnectToURLPathDefault}, flags.ConnectToURLUsageDefault) + + // icmp-server specific flags + f.StringVarP(&CidrPrefix, "CIDR_PREFIX", "p", "169.254.0.0/16", "CIDR Prefix to assign IPs from") +} + +// TODO Remove endpointServer, NewServer and Register when nsmgr is updated with timeout + +//type endpointServer struct { +// networkservice.NetworkServiceServer +// networkservice.MonitorConnectionServer +//} + +//// NewServer - returns a NetworkServiceMesh client as a chain of the standard Client pieces plus whatever +//// additional functionality is specified +//// - name - name of the NetworkServiceServer +//// - tokenGenerator - token.GeneratorFunc - generates tokens for use in Path +//// - additionalFunctionality - any additional NetworkServiceServer chain elements to be included in the chain +//func NewServer(name string, authzPolicy *rego.PreparedEvalQuery, tokenGenerator token.GeneratorFunc, additionalFunctionality ...networkservice.NetworkServiceServer) endpoint.Endpoint { +// rv := &endpointServer{} +// rv.NetworkServiceServer = chain.NewNetworkServiceServer( +// append([]networkservice.NetworkServiceServer{ +// authorize.NewServer(authzPolicy), +// setid.NewServer(name), +// monitor.NewServer(&rv.MonitorConnectionServer), +// updatepath.NewServer(name, tokenGenerator), +// }, additionalFunctionality...)...) +// return rv +//} + +//func (e *endpointServer) Register(s *grpc.Server) { +// networkservice.RegisterNetworkServiceServer(s, e) +// networkservice.RegisterMonitorConnectionServer(s, e) +//} diff --git a/cmd/icmp-server/main.go b/cmd/icmp-server/main.go new file mode 100644 index 000000000..4624b23c1 --- /dev/null +++ b/cmd/icmp-server/main.go @@ -0,0 +1,239 @@ +package main + +import ( + "context" + "github.com/networkservicemesh/api/pkg/api/networkservice" + "github.com/networkservicemesh/api/pkg/api/registry" + "github.com/networkservicemesh/sdk/pkg/networkservice/chains/endpoint" + "github.com/networkservicemesh/sdk/pkg/tools/flags" + "github.com/networkservicemesh/sdk/pkg/tools/grpcutils" + "github.com/spf13/pflag" + "github.com/spiffe/go-spiffe/spiffe" + "google.golang.org/grpc/health" + "net" + "net/url" + "os" + "strings" + "time" + + "github.com/open-policy-agent/opa/rego" + "google.golang.org/grpc" + + "github.com/networkservicemesh/sdk/pkg/networkservice/common/mechanisms/kernel" + "github.com/networkservicemesh/sdk/pkg/networkservice/ipam/point2pointipam" + "github.com/networkservicemesh/sdk/pkg/tools/log" + "github.com/networkservicemesh/sdk/pkg/tools/spiffeutils" + + healthgrpc "google.golang.org/grpc/health/grpc_health_v1" + healthpb "google.golang.org/grpc/health/grpc_health_v1" +) +var Name string +var BaseDir string +var ListenOnURL url.URL +var ConnectToURL url.URL + +var CidrPrefix string + +func main() { + ctx := context.Background() + + flagSet := pflag.FlagSet{} + Flags(&flagSet) + + populateFromEnv := flags.FromEnv(flags.EnvPrefix, flags.EnvReplacer, &flagSet) + populateFromEnv() + + err := flagSet.Parse(os.Args) + if err != nil { + log.Entry(ctx).Fatalln(err) + } + + podName := os.Getenv("HOSTNAME") + + log.Entry(ctx).Printf("Args: %s", os.Args) + log.Entry(ctx).Printf("Name: %s", Name) + log.Entry(ctx).Printf("BaseDir: %s", BaseDir) + log.Entry(ctx).Printf("ListenOnURL: %s", ListenOnURL) + log.Entry(ctx).Printf("ConnectToURL: %s", ConnectToURL) + log.Entry(ctx).Printf("CIDR Prefix: %s", CidrPrefix) + + log.Entry(ctx).Println() + for _, e := range os.Environ() { + pair := strings.SplitN(e, "=", 2) + log.Entry(ctx).Printf("ENV: %q", pair) + } + + reg, err := rego.New( + rego.Query("true = true"), + ).PrepareForEval(ctx) + if err != nil { + log.Entry(ctx).Fatalln(err) + } + + tlsPeer, err := spiffeutils.NewTLSPeer(spiffe.WithWorkloadAPIAddr("unix:/run/spire/sockets/agent.sock")) + //tlsPeer, err := spiffeutils.NewTLSPeer(spiffeutils.tim) + if err != nil { + log.Entry(ctx).Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) + } + tlsPeer.WaitUntilReady(ctx) + cert, err := tlsPeer.GetCertificate() + if err != nil { + log.Entry(ctx).Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) + } + svid, err := spiffeutils.SpiffeIDFromTLS(cert) + //if err != nil { + // log.Entry(ctx).Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) + //} + log.Entry(ctx).Println("svid: ", svid) + //log.Entry(ctx).Println("tlsPeer: ", tlsPeer) + //log.Entry(ctx).Println("tlsPeer.GetCertificate()", cert) + + server := grpc.NewServer(spiffeutils.SpiffeCreds(tlsPeer, 10 * time.Minute)) + + _, ipnet, err := net.ParseCIDR(CidrPrefix) + if err != nil { + log.Entry(ctx).Fatalf("Error parsing cidr: %+v", err) + } + prefixes := []*net.IPNet{ + ipnet, + } + + ipamServer, err := point2pointipam.NewServer(prefixes) + if err != nil { + log.Entry(ctx).Fatalf("Error attempting to build ipam server %+v", err) + } + + //tlsPeer.WaitUntilReady(ctx) + //cert, _ := tlsPeer.GetCertificate() + //svid, _ := spiffeutils.SpiffeIDFromTLS(cert) + log.Entry(ctx).Println("cert id: ", svid) + + endpoint := endpoint.NewServer("icmp-server", ®, spiffeutils.SpiffeJWTTokenGeneratorFunc(tlsPeer.GetCertificate, 10*time.Minute), + ipamServer, + kernel.NewServer(), + ) + endpoint.Register(server) + + cc, err := grpc.DialContext(ctx,ConnectToURL.String(),spiffeutils.WithSpiffe(tlsPeer,10 * time.Second), grpc.WithBlock()) + //cc, err := grpc.Dial("unix://" + ConnectToURL.String()) + if err != nil { + log.Entry(ctx).Fatalf("failed to connect on %q: %+v", &ConnectToURL, err) + } + + defer cc.Close() + + ListenOnURL.Scheme = "unix" + + srvCtx := grpcutils.ListenAndServe(ctx, &ListenOnURL, server) + + registryClient := registry.NewNetworkServiceRegistryClient(cc) + + nseRegistration := ®istry.NSERegistration{ + NetworkService: ®istry.NetworkService{ + Name: "icmp-responder", + Payload: "IP", + }, + NetworkServiceEndpoint: ®istry.NetworkServiceEndpoint{ + Name: podName, + Payload: "IP", + NetworkServiceName: "icmp-responder", + NetworkServiceManagerName: "", + Labels: nil, + State: "", + }, + } + + log.Entry(ctx).Printf("Attempting to register NSE") + registerNSERet, err := registryClient.RegisterNSE(ctx, nseRegistration) + log.Entry(ctx).Printf("nse ret: %q", registerNSERet) + if err != nil { + log.Entry(ctx).Fatalf("failed to register nse on %q: %+v", &nseRegistration, err) + } + + + monitor, err := grpc.DialContext(ctx,ListenOnURL.String(),spiffeutils.WithSpiffe(tlsPeer,10 * time.Second), grpc.WithBlock()) + if err != nil { + log.Entry(ctx).Fatalf("failed to connect monitor on %q: %+v", &monitor, err) + } + + monitorClient := networkservice.NewMonitorConnectionClient(monitor) + + health.NewServer() + + hC := healthgrpc.NewHealthClient(monitor) + + go func() { + for { + resp, err := hC.Check(ctx, &healthpb.HealthCheckRequest{ + Service: "connection.MonitorConnection", + }) + if err != nil { + log.Entry(ctx).Fatalf("hC check failed", &hC, err) + } + log.Entry(ctx).Println("resp status", resp) + + time.Sleep(5 * time.Second) + } + }() + + mCC, err := monitorClient.MonitorConnections(ctx, &networkservice.MonitorScopeSelector{ + PathSegments: nil, + }) + if err != nil { + log.Entry(ctx).Fatalf("mcc failed", &mCC, err) + } + + go func() { + log.Entry(ctx).Println("attempting to monitor") + log.Entry(ctx).Println(mCC.Recv()) + }() + + for err = range srvCtx { + log.Entry(ctx).Println("server err:", err) + time.Sleep(5 * time.Second) + } + + log.Entry(ctx).Warnf("complete!") +} + + +func Flags(f *pflag.FlagSet) { + // Standard NSM flags + f.StringVarP(&Name, flags.NameKey, flags.NameShortHand, "icmp-responder", flags.NameUsageDefault) + f.StringVarP(&BaseDir, flags.BaseDirKey, flags.BaseDirShortHand, flags.BaseDirDefault, flags.BaseDirUsageDefault) + flags.URLVarP(f, &ListenOnURL, flags.ListenOnURLKey, flags.ListenOnURLShortHand, &url.URL{Scheme: flags.ListenOnURLSchemeDefault, Path: flags.ListenOnURLPathDefault}, flags.ListenOnURLUsageDefault) + flags.URLVarP(f, &ConnectToURL, flags.ConnectToURLKey, flags.ConnectToURLShortHand, &url.URL{Scheme: flags.ConnectToURLSchemeDefault, Path: flags.ConnectToURLPathDefault}, flags.ConnectToURLUsageDefault) + + // icmp-server specific flags + f.StringVarP(&CidrPrefix, "CIDR_PREFIX", "p", "169.254.0.0/16", "CIDR Prefix to assign IPs from") +} + + +// TODO Remove endpointServer, NewServer and Register when nsmgr is updated with timeout + +//type endpointServer struct { +// networkservice.NetworkServiceServer +// networkservice.MonitorConnectionServer +//} + +//// NewServer - returns a NetworkServiceMesh client as a chain of the standard Client pieces plus whatever +//// additional functionality is specified +//// - name - name of the NetworkServiceServer +//// - tokenGenerator - token.GeneratorFunc - generates tokens for use in Path +//// - additionalFunctionality - any additional NetworkServiceServer chain elements to be included in the chain +//func NewServer(name string, authzPolicy *rego.PreparedEvalQuery, tokenGenerator token.GeneratorFunc, additionalFunctionality ...networkservice.NetworkServiceServer) endpoint.Endpoint { +// rv := &endpointServer{} +// rv.NetworkServiceServer = chain.NewNetworkServiceServer( +// append([]networkservice.NetworkServiceServer{ +// authorize.NewServer(authzPolicy), +// setid.NewServer(name), +// monitor.NewServer(&rv.MonitorConnectionServer), +// updatepath.NewServer(name, tokenGenerator), +// }, additionalFunctionality...)...) +// return rv +//} + +//func (e *endpointServer) Register(s *grpc.Server) { +// networkservice.RegisterNetworkServiceServer(s, e) +// networkservice.RegisterMonitorConnectionServer(s, e) +//} diff --git a/cmd/nsmgr/loggers.go b/cmd/nsmgr/loggers.go new file mode 100644 index 000000000..1110061a9 --- /dev/null +++ b/cmd/nsmgr/loggers.go @@ -0,0 +1,3 @@ +package main + + diff --git a/cmd/nsmgr/main.go b/cmd/nsmgr/main.go new file mode 100644 index 000000000..883f31321 --- /dev/null +++ b/cmd/nsmgr/main.go @@ -0,0 +1,132 @@ +package main + +import ( + "context" + "github.com/networkservicemesh/sdk/pkg/networkservice/chains/nsmgr" + "github.com/networkservicemesh/sdk/pkg/tools/flags" + "github.com/networkservicemesh/sdk/pkg/tools/grpcutils" + "github.com/networkservicemesh/sdk/pkg/tools/log" + "github.com/networkservicemesh/sdk/pkg/tools/spiffeutils" + "github.com/open-policy-agent/opa/rego" + "github.com/spf13/pflag" + "github.com/spiffe/go-spiffe/spiffe" + "google.golang.org/grpc" + "net/url" + "os" + "strings" + "time" +) + +var Name string +var BaseDir string +var ConnectToURL url.URL +var ListenOnURL url.URL +var RegistryURL url.URL + +func main() { + ctx := context.Background() + + flagSet := pflag.FlagSet{} + Flags(&flagSet) + + populateFromEnv := flags.FromEnv(flags.EnvPrefix, flags.EnvReplacer, &flagSet) + populateFromEnv() + + err := flagSet.Parse(os.Args) + if err != nil { + log.Entry(ctx).Fatalln(err) + } + + podName := os.Getenv("HOSTNAME") + + log.Entry(ctx).Printf("Args: %s", os.Args) + log.Entry(ctx).Printf("Name: %s", Name) + log.Entry(ctx).Printf("BaseDir: %s", BaseDir) + log.Entry(ctx).Printf("ConnectToURL: %s", ConnectToURL) + log.Entry(ctx).Printf("ListenOnURL: %s", ListenOnURL) + log.Entry(ctx).Printf("RegistryURL: %s", RegistryURL) + + for _, e := range os.Environ() { + pair := strings.SplitN(e, "=", 2) + log.Entry(ctx).Printf("ENV: %q", pair) + } + + reg, err := rego.New( + rego.Query("true = true"), + ).PrepareForEval(ctx) + if err != nil { + log.Entry(ctx).Fatalln(err) + } + + tlsPeer, err := spiffeutils.NewTLSPeer(spiffe.WithWorkloadAPIAddr("unix:/run/spire/sockets/agent.sock")) + if err != nil { + log.Entry(ctx).Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) + } + tlsPeer.WaitUntilReady(ctx) + cert, err := tlsPeer.GetCertificate() + if err != nil { + log.Entry(ctx).Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) + } + svid, err := spiffeutils.SpiffeIDFromTLS(cert) + log.Entry(ctx).Println("svid: ", svid) + + // set up registry client + registryCC, err := grpc.DialContext(ctx, RegistryURL.String(), spiffeutils.WithSpiffe(tlsPeer, 10*time.Minute), grpc.WithBlock()) + if err != nil { + log.Entry(ctx).Fatalf("Error attempting to build ipam server %+v", err) + } + ep := nsmgr.NewServer("nsmgr-"+podName, ®, spiffeutils.SpiffeJWTTokenGeneratorFunc(tlsPeer.GetCertificate, 10*time.Minute), registryCC, ConnectToURL) + if err != nil { + log.Entry(ctx).Fatalf("Error attempting to build ipam server %+v", err) + } + log.Entry(ctx).Println("cert id: ", svid) + + server := grpc.NewServer(spiffeutils.SpiffeCreds(tlsPeer, 10*time.Minute)) + ep.Register(server) + + nsmgrCtx := grpcutils.ListenAndServe(ctx, &ConnectToURL, server) + + //healthServer := health.NewServer() + //grpc_health_v1.RegisterHealthServer(server, healthServer) + //for _, service := range api.ServiceNames(ep) { + // log.Entry(ctx).Println("service: ", service) + // healthServer.SetServingStatus(service, grpc_health_v1.HealthCheckResponse_SERVING) + //} + + for err = range nsmgrCtx { + log.Entry(ctx).Println("error running nsmgr: ", err) + } + + log.Entry(ctx).Println("nsmgr exiting") +} + + +//type endpointServer struct { +// networkservice.NetworkServiceServer +// networkservice.MonitorConnectionServer +//} +// +//func NewServer(name string, authzPolicy *rego.PreparedEvalQuery, tokenGenerator token.GeneratorFunc, additionalFunctionality ...networkservice.NetworkServiceServer) endpoint.Endpoint { +// rv := &endpointServer{} +// rv.NetworkServiceServer = chain.NewNetworkServiceServer( +// append([]networkservice.NetworkServiceServer{ +// authorize.NewServer(authzPolicy), +// setid.NewServer(name), +// monitor.NewServer(&rv.MonitorConnectionServer), +// updatepath.NewServer(name, tokenGenerator), +// }, additionalFunctionality...)...) +// return rv +//} +//func (e *endpointServer) Register(s *grpc.Server) { +// networkservice.RegisterNetworkServiceServer(s, e) +// networkservice.RegisterMonitorConnectionServer(s, e) +//} +// +func Flags(f *pflag.FlagSet) { + // Standard NSM flags + f.StringVarP(&Name, flags.NameKey, flags.NameShortHand, "icmp-responder", flags.NameUsageDefault) + f.StringVarP(&BaseDir, flags.BaseDirKey, flags.BaseDirShortHand, flags.BaseDirDefault, flags.BaseDirUsageDefault) + flags.URLVarP(f, &ListenOnURL, flags.ListenOnURLKey, flags.ListenOnURLShortHand, &url.URL{Scheme: flags.ListenOnURLSchemeDefault, Path: flags.ListenOnURLPathDefault}, flags.ListenOnURLUsageDefault) + flags.URLVarP(f, &ConnectToURL, flags.ConnectToURLKey, flags.ConnectToURLShortHand, &url.URL{Scheme: flags.ConnectToURLSchemeDefault, Path: flags.ConnectToURLPathDefault}, flags.ConnectToURLUsageDefault) + flags.URLVarP(f, &RegistryURL, "registry-url", "r", &url.URL{Scheme: "unix", Path: "/registry.socket"}, "path to registry") +} diff --git a/cmd/registry/main.go b/cmd/registry/main.go new file mode 100644 index 000000000..5468b839d --- /dev/null +++ b/cmd/registry/main.go @@ -0,0 +1,166 @@ +package main + +import ( + "context" + "github.com/networkservicemesh/api/pkg/api/registry" + "github.com/networkservicemesh/sdk/pkg/registry/memory" + "github.com/networkservicemesh/sdk/pkg/tools/flags" + "github.com/networkservicemesh/sdk/pkg/tools/grpcutils" + "github.com/networkservicemesh/sdk/pkg/tools/log" + "github.com/networkservicemesh/sdk/pkg/tools/spiffeutils" + "github.com/spf13/pflag" + "github.com/spiffe/go-spiffe/spiffe" + "google.golang.org/grpc" + "net/url" + "os" + "time" +) + +var Name string +var BaseDir string +var ConnectToURL url.URL +var ListenOnURL url.URL +var RegistryURL url.URL + +func main() { + ctx := context.Background() + + flagSet := pflag.FlagSet{} + Flags(&flagSet) + + populateFromEnv := flags.FromEnv(flags.EnvPrefix, flags.EnvReplacer, &flagSet) + populateFromEnv() + + err := flagSet.Parse(os.Args) + if err != nil { + log.Entry(ctx).Fatalln(err) + } + + storage := &memory.Storage{} + nsmReg := memory.NewNSMRegistryServer(storage, "nsm-name") + nsReg := memory.NewNetworkServiceRegistryServer("nsm-name", storage) + nsdReg := memory.NewNetworkServiceDiscoveryServer(storage) + + tlsPeer, err := spiffeutils.NewTLSPeer(spiffe.WithWorkloadAPIAddr("unix:/run/spire/sockets/agent.sock")) + if err != nil { + log.Entry(ctx).Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) + } + tlsPeer.WaitUntilReady(ctx) + + server := grpc.NewServer(spiffeutils.SpiffeCreds(tlsPeer, 10*time.Minute)) + + registry.RegisterNsmRegistryServer(server, nsmReg) + registry.RegisterNetworkServiceRegistryServer(server, nsReg) + registry.RegisterNetworkServiceDiscoveryServer(server, nsdReg) + + errCh := grpcutils.ListenAndServe(ctx, &RegistryURL, server) + + for err := range errCh { + log.Entry(ctx).Println(err) + } +} + +//func main() { +// ctx := context.Background() +// +// flagSet := pflag.FlagSet{} +// Flags(&flagSet) +// +// populateFromEnv := flags.FromEnv(flags.EnvPrefix, flags.EnvReplacer, &flagSet) +// populateFromEnv() +// +// err := flagSet.Parse(os.Args) +// if err != nil { +// log.Entry(ctx).Fatalln(err) +// } +// +// tlsPeer, err := spiffeutils.NewTLSPeer(spiffe.WithWorkloadAPIAddr("unix:/run/spire/sockets/agent.sock")) +// if err != nil { +// log.Entry(ctx).Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) +// } +// tlsPeer.WaitUntilReady(ctx) +// +// f := &fakeRegistry{ +// registrations: make(map[string]*registry.NSERegistration, 0), +// } +// registryServer := newFakeRegistry(f) +// discoveryServer := newFakeDiscovery(f) +// regCtx := newRegistryServer(ctx, registryServer, discoveryServer, &RegistryURL, tlsPeer) +// for err := range regCtx { +// log.Entry(ctx).Println(err) +// } +// log.Entry(ctx).Println("registry server exiting") +//} + +//type fakeRegistry struct { +// registrations map[string]*registry.NSERegistration +//} +// +//func (f *fakeRegistry) FindNetworkService(ctx context.Context, request *registry.FindNetworkServiceRequest) (*registry.FindNetworkServiceResponse, error) { +// log.Entry(ctx).Printf("request: %+v", request) +// +// if entry, ok := f.registrations[request.NetworkServiceName]; ok { +// log.Entry(ctx).Println("entry: %+v", entry) +// payload := entry.NetworkService.Payload +// networkService := entry.NetworkService +// endpoints := []*registry.NetworkServiceEndpoint{entry.NetworkServiceEndpoint} +// networkServiceManagers := map[string]*registry.NetworkServiceManager{ +// entry.NetworkServiceEndpoint.NetworkServiceManagerName: entry.NetworkServiceManager, +// } +// response := ®istry.FindNetworkServiceResponse{ +// Payload: payload, +// NetworkService: networkService, +// NetworkServiceManagers: networkServiceManagers, +// NetworkServiceEndpoints: endpoints, +// } +// log.Entry(ctx).Printf("payload: %+v", payload) +// log.Entry(ctx).Printf("%ns: %+v", networkService) +// log.Entry(ctx).Printf("nse: %+v", entry.NetworkServiceEndpoint) +// log.Entry(ctx).Printf("nsms: %+v", entry.NetworkServiceManager) +// log.Entry(ctx).Printf("response: %+v", request) +// return response, nil +// } +// return nil, status.Error(codes.NotFound, fmt.Sprintf("network service not found: %s", request.GetNetworkServiceName())) +//} +// +//func (f *fakeRegistry) RegisterNSE(ctx context.Context, registration *registry.NSERegistration) (*registry.NSERegistration, error) { +// log.Entry(ctx).Printf("Register: %+v", registration) +// f.registrations[registration.NetworkService.Name] = registration +// return registration, nil +//} +// +//func (f *fakeRegistry) BulkRegisterNSE(registration registry.NetworkServiceRegistry_BulkRegisterNSEServer) error { +// panic("implement me") +//} +// +//func (f *fakeRegistry) RemoveNSE(ctx context.Context, registration *registry.RemoveNSERequest) (*empty.Empty, error) { +// // TODO something +// return &empty.Empty{}, nil +//} +// +//func newFakeRegistry(reg *fakeRegistry) registry.NetworkServiceRegistryServer { +// next.NewNetworkServiceRegistryServer(reg) +// return reg +//} +// +//func newRegistryServer(ctx context.Context, r registry.NetworkServiceRegistryServer, d registry.NetworkServiceDiscoveryServer, url *url.URL, peer spiffeutils.TLSPeer) <-chan error { +// server := grpc.NewServer(spiffeutils.SpiffeCreds(peer, 10*time.Minute)) +// registry.RegisterNetworkServiceRegistryServer(server, r) +// registry.RegisterNetworkServiceDiscoveryServer(server, d) +// +// errCh := grpcutils.ListenAndServe(ctx, url, server) +// return errCh +//} +// +//func newFakeDiscovery(f *fakeRegistry) registry.NetworkServiceDiscoveryServer { +// return f +//} +// +func Flags(f *pflag.FlagSet) { + // Standard NSM flags + f.StringVarP(&Name, flags.NameKey, flags.NameShortHand, "icmp-responder", flags.NameUsageDefault) + f.StringVarP(&BaseDir, flags.BaseDirKey, flags.BaseDirShortHand, flags.BaseDirDefault, flags.BaseDirUsageDefault) + flags.URLVarP(f, &ListenOnURL, flags.ListenOnURLKey, flags.ListenOnURLShortHand, &url.URL{Scheme: flags.ListenOnURLSchemeDefault, Path: flags.ListenOnURLPathDefault}, flags.ListenOnURLUsageDefault) + flags.URLVarP(f, &ConnectToURL, flags.ConnectToURLKey, flags.ConnectToURLShortHand, &url.URL{Scheme: flags.ConnectToURLSchemeDefault, Path: flags.ConnectToURLPathDefault}, flags.ConnectToURLUsageDefault) + flags.URLVarP(f, &RegistryURL, "registry-url", "r", &url.URL{Scheme: "unix", Path: "/registry.socket"}, "path to registry") +} diff --git a/deployment.yaml b/deployment.yaml new file mode 100644 index 000000000..6f472e7d9 --- /dev/null +++ b/deployment.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: apps/v1 +kind: Deployment +spec: + selector: + matchLabels: + networkservicemesh.io/app: "icmp-responder" + networkservicemesh.io/impl: "icmp-responder" + replicas: 2 + template: + metadata: + labels: + networkservicemesh.io/app: "icmp-responder" + networkservicemesh.io/impl: "icmp-responder" + spec: + serviceAccount: nse-acc + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: networkservicemesh.io/app + operator: In + values: + - icmp-responder + - key: networkservicemesh.io/impl + operator: In + values: + - icmp-responder + topologyKey: "kubernetes.io/hostname" + containers: + - name: icmp-responder-nse + image: fkautz/icmp-responder:0.0.8 + command: ["/bin/icmp-server"] + imagePullPolicy: IfNotPresent + env: + - name: ADVERTISE_NSE_NAME + value: "icmp-responder" + - name: ADVERTISE_NSE_LABELS + value: "app=icmp-responder" + - name: TRACER_ENABLED + value: "true" + - name: IP_ADDRESS + value: "172.16.1.0/24" +resources: + limits: + networkservicemesh.io/socket: 1 +metadata: + name: icmp-responder-nse + namespace: default diff --git a/go.mod b/go.mod index e349e3baa..ac456ef49 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ require ( github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/edwarnicke/exechelper v1.0.1 + github.com/edwarnicke/imports-gen v1.0.0 // indirect github.com/fsnotify/fsnotify v1.4.9 // indirect github.com/golang/protobuf v1.3.5 github.com/google/uuid v1.1.1 diff --git a/go.sum b/go.sum index b77e790ff..83a0bdc25 100644 --- a/go.sum +++ b/go.sum @@ -48,12 +48,15 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +github.com/edwarnicke/exechelper v1.0.0/go.mod h1:/T271jtNX/ND4De6pa2aRy2+8sNtyCDB1A2pp4M+fUs= github.com/edwarnicke/exechelper v1.0.1 h1:0FwYHBKyLK2Ce97u86BXI3tnD6Dwlt9Qj2XkPgfP1Bg= github.com/edwarnicke/exechelper v1.0.1/go.mod h1:/T271jtNX/ND4De6pa2aRy2+8sNtyCDB1A2pp4M+fUs= +github.com/edwarnicke/imports-gen v0.0.0-20200518033323-dca01a5a9d4b/go.mod h1:qaVJ7uwOdBzzwhjqVhPqozlyHRFpvChxa50qEIDCEuY= +github.com/edwarnicke/imports-gen v1.0.0 h1:54olQ5SHO7/URkM5cujXjsgvDAouDDQdc9skiQnyA+I= +github.com/edwarnicke/imports-gen v1.0.0/go.mod h1:aCSe8SMtEh1O51cS5s3vxK6Lu3sPMkQwAqnye8AROwo= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= @@ -63,35 +66,28 @@ github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/glycerine/go-unsnap-stream v0.0.0-20181221182339-f9677308dec2 h1:Ujru1hufTHVb++eG6OuNDKMxZnGIvF6o/u8q/8h2+I4= github.com/glycerine/go-unsnap-stream v0.0.0-20181221182339-f9677308dec2/go.mod h1:/20jfyN9Y5QPEAprSgKAUr+glWDY39ZiUEAYOEv5dsE= -github.com/glycerine/goconvey v0.0.0-20190410193231-58a59202ab31 h1:gclg6gY70GLy3PbkQ1AERPfmLMMagS60DKF78eWwLn8= github.com/glycerine/goconvey v0.0.0-20190410193231-58a59202ab31/go.mod h1:Ogl1Tioa0aV7gstGFO7KhffUsb9M4ydbEbbxpcEDc24= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.0 h1:G8O7TerXerS4F6sx9OV7/nRfJdnXgHZu/S/7F2SN+UE= github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v0.0.0-20181025225059-d3de96c4c28e/go.mod h1:Qd/q+1AKNOZr9uGQzbzCmRO6sUih6GTPZv6a1/R87v0= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3 h1:gyjaxf+svBWX08ZjK86iN9geUJF0H6gp2IRKX6Nf6/I= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.5 h1:F768QJ1E9tib+q5Sc8MkdJi1RxLTbRcTf8LJV56aRls= github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= @@ -100,18 +96,14 @@ github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/certificate-transparency-go v1.0.21 h1:Yf1aXowfZ2nuboBsg7iYGLmwsOARdV86pfH3g95wXmE= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= -github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99 h1:twflg0XRTjwKpxb/jFExr4HGq6on2dEOmnL6FV+fgPw= github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/mux v0.0.0-20181024020800-521ea7b17d02/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= @@ -121,20 +113,14 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-hclog v0.9.1 h1:9PZfAcVEvez4yhLH2TBU64/h/z4xlFI80cWXRrxuKuM= github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-immutable-radix v1.0.0 h1:AKDB1HM5PWEA7i4nhcpwOrO2byshxBjXVn/J/3+z5/0= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI= github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-uuid v1.0.0 h1:RS8zrF7PhGwyNPOtxSClXXj9HA8feRnJzgnI1RJCSnM= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/golang-lru v0.5.0 h1:CL2msUPvZTLb5O648aiLNJw3hnBxN2+1Jq8rCOH9wdo= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/raft v1.1.1 h1:HJr7UE1x/JrJSc9Oy6aDBHtNHUUBHjcQjTgvUVihoZs= github.com/hashicorp/raft v1.1.1/go.mod h1:vPAJM8Asw6u8LxC3eJCUZmRP/E4QmUGE1R7g7k8sG/8= github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= @@ -143,7 +129,6 @@ github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548/go.mod h1:hGT6jSUVz github.com/jmoiron/sqlx v0.0.0-20180124204410-05cef0741ade/go.mod h1:IiEW3SEiiErVyFdH8NTuWjSifiEQKUoyK3LNqr2kCHU= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= @@ -152,19 +137,14 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kisielk/sqlstruct v0.0.0-20150923205031-648daed35d49/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE= github.com/kisom/goutils v1.1.0/go.mod h1:+UBTfd78habUYWFbNWTJNG+jNG/i/lGURakr4A/yNRw= -github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kylelemons/go-gypsy v0.0.0-20160905020020-08cad365cd28/go.mod h1:T/T7jsxVqf9k/zYOqbgNAsANsjxTd1Yq3htjDhQ1H0c= github.com/lib/pq v0.0.0-20180201184707-88edab080323/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.3.0 h1:/qkRGz8zljWiDcFvgpwUpwIAPu3r07TDvs3Rws+o/pU= github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -173,7 +153,6 @@ github.com/matryer/try v0.0.0-20161228173917-9ac251b645a2/go.mod h1:0KeJpeMD6o+O github.com/mattn/go-runewidth v0.0.0-20181025052659-b20a3daf6a39/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.3.0 h1:iDwIio/3gk2QtLLEsqU5lInaMzos0hDTz8a6lazSFVw= github.com/mitchellh/mapstructure v1.3.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= @@ -182,16 +161,13 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= -github.com/mschoch/smat v0.0.0-20160514031455-90eadee771ae h1:VeRdUYdCw49yizlSbMEn2SZ+gT+3IUKx8BqxyQdz+BY= github.com/mschoch/smat v0.0.0-20160514031455-90eadee771ae/go.mod h1:qAyveg+e4CE+eKJXWVjKXM4ck2QobLqTDytGJbLLhJg= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2 h1:+RB5hMpXUUA2dfxuhBTEkMOrYmM+gKIZYS1KjSostMI= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= github.com/nats-io/nats-server/v2 v2.1.4/go.mod h1:Jw1Z28soD/QasIA2uWjXyM9El1jly3YwyFOuR8tH1rg= -github.com/nats-io/nats-server/v2 v2.1.6 h1:qAaHZaS8pRRNQLFaiBA1rq5WynyEGp9DFgmMfoaiXGY= github.com/nats-io/nats-server/v2 v2.1.6/go.mod h1:BL1NOtaBQ5/y97djERRVWNouMW7GT3gxnmbE/eC8u8A= -github.com/nats-io/nats-streaming-server v0.17.0 h1:eYhSmjRmRsCYNsoUshmZ+RgKbhq6B+7FvMHXo3M5yMs= github.com/nats-io/nats-streaming-server v0.17.0/go.mod h1:ewPBEsmp62Znl3dcRsYtlcfwudxHEdYMtYqUQSt4fE0= github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= github.com/nats-io/nats.go v1.9.2 h1:oDeERm3NcZVrPpdR/JpGdWHMv3oJ8yY30YwxKq+DU2s= @@ -214,9 +190,7 @@ github.com/open-policy-agent/opa v0.16.1 h1:BDADmi1Xl08aPcubaYgSEU0lJ/zrWDwmFMRX github.com/open-policy-agent/opa v0.16.1/go.mod h1:P0xUE/GQAAgnvV537GzA0Ikw4+icPELRT327QJPkaKY= github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.7.0 h1:7utD74fnzVc/cpcyy8sjrlFr5vYpypUixARcHIMIGuI= github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= @@ -244,7 +218,6 @@ github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a h1:9ZKAASQSHhDYGoxY8uLVpewe1GDZ2vu2Tr/vTdVAkFQ= @@ -255,28 +228,21 @@ github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 h1:qLC7fQah7D6K1B0ujays3HV9gkFtllcxhzImRR7ArPQ= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.0-20181021141114-fe5e611709b0/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v0.0.0-20181024212040-082b515c9490/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -285,11 +251,9 @@ github.com/spf13/viper v1.6.3/go.mod h1:jUMtyi0/lB5yZH/FjyGAoH7IMNrIhlBf6pXZmbMD github.com/spiffe/go-spiffe v0.0.0-20200115174642-4e401e3b85fe h1:okfhAaVh1GXypS7sh9g0ZBtLe9M/66yLZVhjXd3iLf8= github.com/spiffe/go-spiffe v0.0.0-20200115174642-4e401e3b85fe/go.mod h1:HyNeJnVYkDyQgB2qcSPxVYkAA2F3lQu51bDxNpFcKxY= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= @@ -308,7 +272,6 @@ github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPU github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= github.com/weppos/publicsuffix-go v0.5.0 h1:rutRtjBJViU/YjcI5d80t4JAVvDltS6bciJg2K1HrLU= github.com/weppos/publicsuffix-go v0.5.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= -github.com/willf/bitset v1.1.10 h1:NotGKqX0KwQ72NUzqrjZq5ipPNDQex9lo3WpaS8L2sc= github.com/willf/bitset v1.1.10/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= @@ -323,7 +286,6 @@ github.com/zmap/zcrypto v0.0.0-20190729165852-9051775e6a2e/go.mod h1:w7kd3qXHh8F github.com/zmap/zlint v0.0.0-20190806154020-fd021b4cfbeb h1:vxqkjztXSaPVDc8FQCdHTaejm2x747f6yPbnu1h2xkg= github.com/zmap/zlint v0.0.0-20190806154020-fd021b4cfbeb/go.mod h1:29UiAJNsiVdvTBFCJW8e3q6dcDbOoPkhMgttOSCIMMY= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.3 h1:MUGmc65QhB3pIlaQ5bB4LwqSj6GIonVJXpZiaKNyaKk= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.1 h1:rsqfU5vBkVknbhUGbAUwQKR2H4ItV8tjJ+6kJX4cxHM= @@ -342,7 +304,6 @@ golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2 h1:y102fOLFqhV41b+4GPiJoa0k/x+pJcEi2/HB1Y5T6fU= golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/lint v0.0.0-20181023182221-1baf3a9d7d67/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -350,10 +311,8 @@ golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -384,7 +343,6 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5 h1:LfCXLvNmTYH9kEmVgqbnsWfruoXZIrh4YBgqVHtDvw0= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 h1:5B6i6EAiSYyejWfvc5Rc9BbI3rzIsrrXfAQBWnYfn+w= golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -407,16 +365,13 @@ golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200417140056-c07e33ef3290 h1:NXNmtp0ToD36cui5IqWy95LC4Y6vT/4y3RnPxlQPinU= golang.org/x/tools v0.0.0-20200417140056-c07e33ef3290/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= gonum.org/v1/gonum v0.6.2 h1:4r+yNT0+8SWcOkXP+63H2zQbN+USnC73cjGUxnDF94Q= gonum.org/v1/gonum v0.6.2/go.mod h1:9mxDZsDKxgMAuccQkewq682L+0eCu4dCN2yonUJTCLU= -gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0 h1:OE9mWmgKkjJyEmDAAtGMPjXu+YNeGvK9VTSHY6+Qihc= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= @@ -433,10 +388,8 @@ google.golang.org/grpc v1.27.0 h1:rRYRFMVgRv6E0D70Skyfsr28tDXIuuPZyWGMPdMcnXg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.55.0 h1:E8yzL5unfpW3M6fz/eB7Cb5MQAYSZ7GKo4Qth+N2sgQ= gopkg.in/ini.v1 v1.55.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -444,7 +397,6 @@ gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/icmp-responder.yaml b/icmp-responder.yaml new file mode 100644 index 000000000..f3fe5080b --- /dev/null +++ b/icmp-responder.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Pod +metadata: + labels: + run: icmp-responder + networkservicemesh.io/app: "icmp-responder" + networkservicemesh.io/impl: "icmp-responder" + name: icmp-responder + namespace: default +spec: + containers: + - args: + - /bin/sh + env: + - name: NSM_LISTEN_ON_URL + value: /var/lib/networkservicemesh/nsm.client.io.sock + - name: NSM_CONNECT_TO_URL + value: /var/lib/networkservicemesh/nsm.server.io.sock + image: fkautz/icmp-responder:0.0.8 + imagePullPolicy: IfNotPresent + name: icmp-responder + stdin: true + stdinOnce: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + tty: true + resources: + limits: + networkservicemesh.io/socket: 1 + dnsPolicy: ClusterFirst + enableServiceLinks: true + nodeName: kind-control-plane + priority: 0 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: default + serviceAccountName: default + terminationGracePeriodSeconds: 30 + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 300 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 300 diff --git a/icmp-responder/.helmignore b/icmp-responder/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/icmp-responder/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/icmp-responder/Chart.yaml b/icmp-responder/Chart.yaml new file mode 100644 index 000000000..907ffc5a4 --- /dev/null +++ b/icmp-responder/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: 0.2.0 +description: Endpoints and Clients for ICMP Responder Example +name: icmp-responder +version: 0.2.0 diff --git a/icmp-responder/templates/icmp-responder-nse.tpl b/icmp-responder/templates/icmp-responder-nse.tpl new file mode 100644 index 000000000..a98e7d4cb --- /dev/null +++ b/icmp-responder/templates/icmp-responder-nse.tpl @@ -0,0 +1,75 @@ +--- +apiVersion: apps/v1 +kind: Deployment +spec: + selector: + matchLabels: + networkservicemesh.io/app: "icmp-responder" + networkservicemesh.io/impl: "icmp-responder" + replicas: 2 + template: + metadata: + labels: + networkservicemesh.io/app: "icmp-responder" + networkservicemesh.io/impl: "icmp-responder" + spec: + serviceAccount: nse-acc + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: networkservicemesh.io/app + operator: In + values: + - icmp-responder + - key: networkservicemesh.io/impl + operator: In + values: + - icmp-responder + topologyKey: "kubernetes.io/hostname" + containers: + - name: icmp-responder-nse + image: fkautz/icmp-responder:0.0.8 + command: ["/bin/sh"] + imagePullPolicy: {{ .Values.pullPolicy }} + stdin: true + stdinOnce: true + tty: true + env: + - name: ADVERTISE_NSE_NAME + value: "icmp-responder" + - name: ADVERTISE_NSE_LABELS + value: "app=icmp-responder" + - name: TRACER_ENABLED + value: "true" + - name: IP_ADDRESS + value: "172.16.1.0/24" + - name: NSM_LISTEN_ON_URL + value: unix:///run/networkservicemesh/nsm.client.io.sock + - name: NSM_CONNECT_TO_URL + value: unix:///run/networkservicemesh/nsm.server.io.sock + - name: NSM_CLIENT_LISTEN_ON_URL + value: unix:///run/networkservicemesh/client.client.io.sock + - name: NSM_CLIENT_CONNECT_TO_URL + value: unix:///run/networkservicemesh/client.server.io.sock + - name: NSM_REGISTRY_URL + value: unix:///run/networkservicemesh/registry.io.sock + - name: GRPC_GO_LOG_VERBOSITY_LEVEL + value: "99" + - name: GRPC_GO_LOG_SEVERITY_LEVEL + value: "info" +{{- if .Values.global.JaegerTracing }} + - name: TRACER_ENABLED + value: "true" + - name: JAEGER_AGENT_HOST + value: jaeger.nsm-system + - name: JAEGER_AGENT_PORT + value: "6831" +{{- end }} + resources: + limits: + networkservicemesh.io/socket: 1 +metadata: + name: icmp-responder-nse + namespace: {{ .Release.Namespace }} diff --git a/icmp-responder/templates/nsc.tpl b/icmp-responder/templates/nsc.tpl new file mode 100644 index 000000000..f23165cce --- /dev/null +++ b/icmp-responder/templates/nsc.tpl @@ -0,0 +1,23 @@ +--- +apiVersion: apps/v1 +kind: Deployment +spec: + selector: + matchLabels: + networkservicemesh.io/app: "icmp-responder-nsc" + replicas: 0 + template: + metadata: + labels: + networkservicemesh.io/app: "icmp-responder-nsc" + spec: + serviceAccount: nsc-acc + containers: + - name: alpine-img + image: alpine:latest + command: ['tail', '-f', '/dev/null'] +metadata: + name: icmp-responder-nsc + namespace: {{ .Release.Namespace }} + annotations: + ns.networkservicemesh.io: icmp-responder?app=icmp diff --git a/icmp-responder/values.yaml b/icmp-responder/values.yaml new file mode 100644 index 000000000..2c0450927 --- /dev/null +++ b/icmp-responder/values.yaml @@ -0,0 +1,13 @@ +--- +# Default values for icmp-responder. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +registry: docker.io +org: networkservicemesh +tag: v0.2.0 +pullPolicy: IfNotPresent + +global: + # set to true to enable Jaeger tracing for NSM components + JaegerTracing: false diff --git a/justfile b/justfile new file mode 100644 index 000000000..94d50bbfe --- /dev/null +++ b/justfile @@ -0,0 +1,38 @@ + +build: + go generate ./pkg/imports + docker build -t fkautz/icmp-responder:0.0.8 . + +load: + kind load docker-image fkautz/icmp-responder:0.0.8 + +kill: + #!/bin/sh + POD=$(kubectl get pods -l networkservicemesh.io/app=icmp-responder --field-selector status.phase=Running -o jsonpath="{.items[0].metadata.name}") + kubectl delete pod $POD + +install: + helm install ./icmp-responder --generate-name + +term: + #!/bin/sh + POD=$(kubectl get pods -l networkservicemesh.io/app=icmp-responder --field-selector status.phase=Running -o jsonpath="{.items[0].metadata.name}") + kubectl exec -it $POD -- /bin/sh + +list: + kubectl get pods --all-namespaces + +register: + kubectl exec -n spire spire-server-0 -- \ + /opt/spire/bin/spire-server entry create \ + -spiffeID spiffe://test.com/icmp-responder \ + -parentID spiffe://test.com/spire-agent \ + -selector k8s:ns:default \ + -selector k8s:sa:default + +delete-cluster: + kind delete cluster + +start-cluster: + kind create cluster + helm install nsm/nsm --generate-name diff --git a/nsm/.helmignore b/nsm/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/nsm/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/nsm/Chart.yaml b/nsm/Chart.yaml new file mode 100644 index 000000000..62acce31c --- /dev/null +++ b/nsm/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: 0.2.0 +description: Basic Network Service Mesh Infrastructure +name: nsm +version: 0.2.0 diff --git a/nsm/charts/admission-webhook/.helmignore b/nsm/charts/admission-webhook/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/nsm/charts/admission-webhook/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/nsm/charts/admission-webhook/Chart.yaml b/nsm/charts/admission-webhook/Chart.yaml new file mode 100644 index 000000000..369a55135 --- /dev/null +++ b/nsm/charts/admission-webhook/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: 0.2.0 +description: A Helm chart for Kubernetes +name: admission-webhook +version: 0.2.0 diff --git a/nsm/charts/admission-webhook/templates/admission-webhook-secret.tpl b/nsm/charts/admission-webhook/templates/admission-webhook-secret.tpl new file mode 100644 index 000000000..e34b6bf7d --- /dev/null +++ b/nsm/charts/admission-webhook/templates/admission-webhook-secret.tpl @@ -0,0 +1,107 @@ +{{- $ca := genCA "admission-controller-ca" 3650 -}} +{{- $cn := printf "nsm-admission-webhook-svc" -}} +{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }} +{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }} +{{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca -}} + +apiVersion: v1 +kind: Secret +metadata: + name: nsm-admission-webhook-certs + namespace: {{ .Release.Namespace }} +type: Opaque +data: + tls.key: {{ $cert.Key | b64enc }} + tls.crt: {{ $cert.Cert | b64enc }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nsm-admission-webhook + namespace: {{ .Release.Namespace }} + labels: + app: nsm-admission-webhook +spec: + replicas: 1 + selector: + matchLabels: + app: nsm-admission-webhook + template: + metadata: + labels: + app: nsm-admission-webhook + spec: + containers: + - name: nsm-admission-webhook + image: {{ .Values.registry }}/{{ .Values.org }}/admission-webhook:{{ .Values.tag }} + imagePullPolicy: {{ .Values.pullPolicy }} + env: + - name: REPO + value: "{{ .Values.org }}" + - name: TAG + value: "{{ .Values.tag }}" +{{- if .Values.global.JaegerTracing }} + - name: TRACER_ENABLED + value: "true" + - name: JAEGER_AGENT_HOST + value: jaeger.nsm-system + - name: JAEGER_AGENT_PORT + value: "6831" +{{- end }} + volumeMounts: + - name: webhook-certs + mountPath: /etc/webhook/certs + readOnly: true + livenessProbe: + httpGet: + path: /liveness + port: 5555 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: /readiness + port: 5555 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + volumes: + - name: webhook-certs + secret: + secretName: nsm-admission-webhook-certs +--- +apiVersion: v1 +kind: Service +metadata: + name: nsm-admission-webhook-svc + namespace: {{ .Release.Namespace }} + labels: + app: nsm-admission-webhook +spec: + ports: + - port: 443 + targetPort: 443 + selector: + app: nsm-admission-webhook +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: nsm-admission-webhook-cfg + namespace: {{ .Release.Namespace }} + labels: + app: nsm-admission-webhook +webhooks: + - name: admission-webhook.networkservicemesh.io + clientConfig: + service: + name: nsm-admission-webhook-svc + namespace: {{ .Release.Namespace }} + path: "/mutate" + caBundle: {{ $ca.Cert | b64enc }} + rules: + - operations: ["CREATE"] + apiGroups: ["apps", "extensions", ""] + apiVersions: ["v1", "v1beta1"] + resources: ["deployments", "services", "pods"] diff --git a/nsm/charts/admission-webhook/values.yaml b/nsm/charts/admission-webhook/values.yaml new file mode 100644 index 000000000..f8092d7c9 --- /dev/null +++ b/nsm/charts/admission-webhook/values.yaml @@ -0,0 +1,9 @@ +--- +# Default values for admission-webhook. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +registry: docker.io +org: networkservicemesh +tag: v0.2.0 +pullPolicy: IfNotPresent diff --git a/nsm/charts/spire/.helmignore b/nsm/charts/spire/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/nsm/charts/spire/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/nsm/charts/spire/Chart.yaml b/nsm/charts/spire/Chart.yaml new file mode 100644 index 000000000..a7ad188de --- /dev/null +++ b/nsm/charts/spire/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: spire +version: 0.1.0 diff --git a/nsm/charts/spire/registration.json b/nsm/charts/spire/registration.json new file mode 100644 index 000000000..ad2a56291 --- /dev/null +++ b/nsm/charts/spire/registration.json @@ -0,0 +1,44 @@ +{ + "entries": [ + { + "selectors": [ + { + "type": "k8s", + "value": "sa:nsmgr-acc" + } + ], + "spiffe_id": "spiffe://test.com/nsmgr", + "parent_id": "spiffe://test.com/spire-agent" + }, + { + "selectors": [ + { + "type": "k8s", + "value": "sa:nse-acc" + } + ], + "spiffe_id": "spiffe://test.com/nse", + "parent_id": "spiffe://test.com/spire-agent" + }, + { + "selectors": [ + { + "type": "k8s", + "value": "sa:nsc-acc" + } + ], + "spiffe_id": "spiffe://test.com/nsc", + "parent_id": "spiffe://test.com/spire-agent" + }, + { + "selectors": [ + { + "type": "k8s", + "value": "sa:forward-plane-acc" + } + ], + "spiffe_id": "spiffe://test.com/forward-plane", + "parent_id": "spiffe://test.com/spire-agent" + } + ] +} diff --git a/nsm/charts/spire/templates/agent-account.tpl b/nsm/charts/spire/templates/agent-account.tpl new file mode 100644 index 000000000..1f38aadae --- /dev/null +++ b/nsm/charts/spire/templates/agent-account.tpl @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: spire-agent + namespace: {{ .Values.namespace }} diff --git a/nsm/charts/spire/templates/agent-configmap.tpl b/nsm/charts/spire/templates/agent-configmap.tpl new file mode 100644 index 000000000..a4f75c385 --- /dev/null +++ b/nsm/charts/spire/templates/agent-configmap.tpl @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: spire-agent + namespace: {{ .Values.namespace }} +data: + agent.conf: | + agent { + data_dir = "/run/spire" + log_level = "DEBUG" + server_address = "spire-server" + server_port = "8081" + socket_path = "/run/spire/sockets/agent.sock" + trust_bundle_path = "/run/spire/bundle/bundle.crt" + trust_domain = "test.com" + } + plugins { + NodeAttestor "k8s_sat" { + plugin_data { + # NOTE: Change this to your cluster name + cluster = "kubernetes" + } + } + KeyManager "memory" { + plugin_data { + } + } + WorkloadAttestor "k8s" { + plugin_data { + {{- if .Values.azure }} + kubelet_read_only_port = 10255 + {{- else }} + skip_kubelet_verification = true + {{- end }} + } + } + } diff --git a/nsm/charts/spire/templates/agent-daemonset.tpl b/nsm/charts/spire/templates/agent-daemonset.tpl new file mode 100644 index 000000000..efea8ba6a --- /dev/null +++ b/nsm/charts/spire/templates/agent-daemonset.tpl @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: spire-agent + namespace: {{ .Values.namespace }} + labels: + app: spire-agent +spec: + selector: + matchLabels: + app: spire-agent + template: + metadata: + namespace: spire + labels: + app: spire-agent + spec: + hostPID: true + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: "spire-agent" + initContainers: + - name: init + # This is a small image with wait-for-it, choose whatever image + # you prefer that waits for a service to be up. This image is built + # from https://github.com/lqhl/wait-for-it + image: gcr.io/spiffe-io/wait-for-it + args: ["-t", "30", "spire-server:8081"] + containers: + - name: spire-agent + image: gcr.io/spiffe-io/spire-agent:0.8.4 + args: ["-config", "/run/spire/config/agent.conf"] + volumeMounts: + - name: spire-config + mountPath: /run/spire/config + readOnly: true + - name: spire-agent-socket + mountPath: /run/spire/sockets + readOnly: false + - name: spire-bundle + mountPath: /run/spire/bundle + readOnly: true + livenessProbe: + exec: + command: + - /bin/sh + - -c + - "/opt/spire/bin/spire-agent api fetch -socketPath /run/spire/sockets/agent.sock 2>&1 | grep -vqE 'connection refused|no such file or directory'" + failureThreshold: 2 + initialDelaySeconds: 15 + periodSeconds: 60 + timeoutSeconds: 3 + volumes: + - name: spire-config + configMap: + name: spire-agent + - name: spire-bundle + configMap: + name: spire-bundle + - name: spire-agent-socket + hostPath: + path: /run/spire/sockets + type: DirectoryOrCreate diff --git a/nsm/charts/spire/templates/registration-configmap.tpl b/nsm/charts/spire/templates/registration-configmap.tpl new file mode 100644 index 000000000..c9ada9ae3 --- /dev/null +++ b/nsm/charts/spire/templates/registration-configmap.tpl @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: spire-entries + namespace: {{ .Values.namespace }} +data: + registration.json: |- +{{ .Files.Get "registration.json" | indent 4}} diff --git a/nsm/charts/spire/templates/server-account.tpl b/nsm/charts/spire/templates/server-account.tpl new file mode 100644 index 000000000..6c2d1b578 --- /dev/null +++ b/nsm/charts/spire/templates/server-account.tpl @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: spire-server + namespace: {{ .Values.namespace }} diff --git a/nsm/charts/spire/templates/server-configmap.tpl b/nsm/charts/spire/templates/server-configmap.tpl new file mode 100644 index 000000000..28bd76997 --- /dev/null +++ b/nsm/charts/spire/templates/server-configmap.tpl @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: spire-bundle + namespace: {{ .Values.namespace }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: spire-server + namespace: {{ .Values.namespace }} +data: + server.conf: | + server { + bind_address = "0.0.0.0" + bind_port = "8081" + trust_domain = "test.com" + data_dir = "/run/spire/data" + log_level = "DEBUG" + svid_ttl = "1h" + upstream_bundle = true + ca_subject = { + Country = ["US"], + Organization = ["SPIFFE"], + CommonName = "", + } + } + plugins { + DataStore "sql" { + plugin_data { + database_type = "sqlite3" + connection_string = "/run/spire/data/datastore.sqlite3" + } + } + NodeAttestor "k8s_sat" { + plugin_data { + clusters = { + # NOTE: Change this to your cluster name + "kubernetes" = { + use_token_review_api_validation = true + service_account_whitelist = ["{{ .Values.namespace }}:spire-agent"] + } + } + } + } + NodeResolver "noop" { + plugin_data {} + } + KeyManager "disk" { + plugin_data { + keys_path = "/run/spire/data/keys.json" + } + } + {{- if not .Values.selfSignedCA }} + UpstreamCA "disk" { + plugin_data { + ttl = "12h" + key_file_path = "/run/spire/secret/bootstrap.key" + cert_file_path = "/run/spire/secret/bootstrap.crt" + } + } + {{- end }} + Notifier "k8sbundle" { + plugin_data { + # This plugin updates the bundle.crt value in the spire:spire-bundle + # ConfigMap by default, so no additional configuration is necessary. + } + } + } diff --git a/nsm/charts/spire/templates/server-service.tpl b/nsm/charts/spire/templates/server-service.tpl new file mode 100644 index 000000000..8fae7619e --- /dev/null +++ b/nsm/charts/spire/templates/server-service.tpl @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: spire-server + namespace: {{ .Values.namespace }} +spec: + type: NodePort + ports: + - name: grpc + port: 8081 + targetPort: 8081 + protocol: TCP + selector: + app: spire-server diff --git a/nsm/charts/spire/templates/server-statefulset.tpl b/nsm/charts/spire/templates/server-statefulset.tpl new file mode 100644 index 000000000..c115d99a5 --- /dev/null +++ b/nsm/charts/spire/templates/server-statefulset.tpl @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: spire-server + namespace: {{ .Values.namespace }} + labels: + app: spire-server +spec: + replicas: 1 + selector: + matchLabels: + app: spire-server + serviceName: spire-server + template: + metadata: + namespace: spire + labels: + app: spire-server + spec: + serviceAccountName: spire-server + containers: + - name: spire-server + image: {{ .Values.registry }}/{{ .Values.org }}/spire-registration:{{ .Values.tag }} + imagePullPolicy: {{ .Values.pullPolicy }} + ports: + - containerPort: 8081 + volumeMounts: + - name: spire-config + mountPath: /run/spire/config + readOnly: true + - name: spire-entries + mountPath: /run/spire/entries + readOnly: true + - name: spire-data + mountPath: /run/spire/data + readOnly: false + - name: spire-secret + mountPath: /run/spire/secret + livenessProbe: + tcpSocket: + port: 8081 + failureThreshold: 2 + initialDelaySeconds: 15 + periodSeconds: 60 + timeoutSeconds: 3 + volumes: + - name: spire-config + configMap: + name: spire-server + - name: spire-secret + secret: + secretName: spire-secret + - name: spire-entries + configMap: + name: spire-entries + - name: spire-data + hostPath: + path: /var/spire-data + type: DirectoryOrCreate diff --git a/nsm/charts/spire/templates/spire-namespace.tpl b/nsm/charts/spire/templates/spire-namespace.tpl new file mode 100644 index 000000000..77db5f9f6 --- /dev/null +++ b/nsm/charts/spire/templates/spire-namespace.tpl @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.namespace }} diff --git a/nsm/charts/spire/templates/spire-roles.tpl b/nsm/charts/spire/templates/spire-roles.tpl new file mode 100644 index 000000000..6f375249f --- /dev/null +++ b/nsm/charts/spire/templates/spire-roles.tpl @@ -0,0 +1,49 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: spire-agent-role +rules: + - apiGroups: [""] + resources: ["nodes/proxy"] + verbs: ["get", "watch", "list", "create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: spire-server-role +rules: + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["get", "watch", "list", "create"] + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["spire-bundle"] + verbs: ["get", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: ClusterRoleBinding +metadata: + name: spire-agent-binding +subjects: + - kind: ServiceAccount + name: spire-agent + namespace: {{ .Values.namespace }} +roleRef: + kind: ClusterRole + name: spire-agent-role + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: ClusterRoleBinding +metadata: + name: spire-server-binding +subjects: + - kind: ServiceAccount + name: spire-server + namespace: {{ .Values.namespace }} +roleRef: + kind: ClusterRole + name: spire-server-role + apiGroup: rbac.authorization.k8s.io diff --git a/nsm/charts/spire/templates/spire-secret.tpl b/nsm/charts/spire/templates/spire-secret.tpl new file mode 100644 index 000000000..a916ae9b7 --- /dev/null +++ b/nsm/charts/spire/templates/spire-secret.tpl @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: spire-secret + namespace: {{ .Values.namespace }} +type: Opaque +data: + bootstrap.key: |- +{{ .Files.Get "key.pem" | b64enc | indent 4 }} + bootstrap.crt: |- +{{ .Files.Get "cert.pem" | b64enc | indent 4 }} diff --git a/nsm/charts/spire/values.yaml b/nsm/charts/spire/values.yaml new file mode 100644 index 000000000..6249d80ae --- /dev/null +++ b/nsm/charts/spire/values.yaml @@ -0,0 +1,14 @@ +--- +# Default values for spire. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +registry: docker.io +org: networkservicemesh +tag: v0.2.0 +pullPolicy: IfNotPresent + +# workaround since Azure doesn't support by default 10250 security port for kubelet +azure: false +namespace: spire +selfSignedCA: true diff --git a/nsm/requirements.yaml b/nsm/requirements.yaml new file mode 100644 index 000000000..e3b501d28 --- /dev/null +++ b/nsm/requirements.yaml @@ -0,0 +1,5 @@ +--- +dependencies: + - name: spire + version: 0.1.0 + condition: spire.enabled diff --git a/nsm/templates/cluster-role-admin.yaml b/nsm/templates/cluster-role-admin.yaml new file mode 100644 index 000000000..709494a8b --- /dev/null +++ b/nsm/templates/cluster-role-admin.yaml @@ -0,0 +1,24 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nsm-role + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: ["networkservicemesh.io"] + resources: + - "networkservices" + - "networkserviceendpoints" + - "networkservicemanagers" + verbs: ["*"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["*"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + - apiGroups: [""] + resources: ["nodes", "services", "namespaces"] + verbs: ["get", "list", "watch"] diff --git a/nsm/templates/cluster-role-binding.tpl b/nsm/templates/cluster-role-binding.tpl new file mode 100644 index 000000000..57c155577 --- /dev/null +++ b/nsm/templates/cluster-role-binding.tpl @@ -0,0 +1,13 @@ +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nsm-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nsm-role +subjects: + - kind: ServiceAccount + name: nsmgr-acc + namespace: {{ .Release.Namespace }} diff --git a/nsm/templates/cluster-role-view.yaml b/nsm/templates/cluster-role-view.yaml new file mode 100644 index 000000000..88e09aa2d --- /dev/null +++ b/nsm/templates/cluster-role-view.yaml @@ -0,0 +1,12 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: aggregate-network-services-view + labels: + # Add these permissions to the "view" default role. + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: ["networkservicemesh.io"] + resources: ["networkservices"] + verbs: ["get", "list", "watch"] diff --git a/nsm/templates/crd-networkserviceendpoints.yaml b/nsm/templates/crd-networkserviceendpoints.yaml new file mode 100644 index 000000000..9855ab87c --- /dev/null +++ b/nsm/templates/crd-networkserviceendpoints.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networkserviceendpoints.networkservicemesh.io +spec: + conversion: + strategy: None + group: networkservicemesh.io + names: + kind: NetworkServiceEndpoint + listKind: NetworkServiceEndpointList + plural: networkserviceendpoints + shortNames: + - nse + - nses + singular: networkserviceendpoint + scope: Namespaced + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/nsm/templates/crd-networkservicemanagers.yaml b/nsm/templates/crd-networkservicemanagers.yaml new file mode 100644 index 000000000..b1b181e27 --- /dev/null +++ b/nsm/templates/crd-networkservicemanagers.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networkservicemanagers.networkservicemesh.io +spec: + conversion: + strategy: None + group: networkservicemesh.io + names: + kind: NetworkServiceManager + listKind: NetworkServiceManagerList + plural: networkservicemanagers + shortNames: + - nsm + - nsms + singular: networkservicemanager + scope: Namespaced + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/nsm/templates/crd-networkservices.yaml b/nsm/templates/crd-networkservices.yaml new file mode 100644 index 000000000..3041fd04f --- /dev/null +++ b/nsm/templates/crd-networkservices.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networkservices.networkservicemesh.io +spec: + conversion: + strategy: None + group: networkservicemesh.io + names: + kind: NetworkService + listKind: NetworkServiceList + plural: networkservices + shortNames: + - netsvc + - netsvcs + singular: networkservice + scope: Namespaced + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/nsm/templates/forwarding-plane.tpl b/nsm/templates/forwarding-plane.tpl new file mode 100644 index 000000000..a4477f4ca --- /dev/null +++ b/nsm/templates/forwarding-plane.tpl @@ -0,0 +1,81 @@ +{{ $fp := .Values.forwardingPlane }} + +apiVersion: apps/v1 +kind: DaemonSet +spec: + selector: + matchLabels: + app: nsm-{{ $fp }}-plane + template: + metadata: + labels: + app: nsm-{{ $fp }}-plane + spec: + hostPID: true + hostNetwork: true + serviceAccount: forward-plane-acc + containers: + - name: {{ (index .Values $fp).image }} + securityContext: + privileged: true + image: {{ .Values.registry }}/{{ .Values.org }}/{{ (index .Values $fp).image }}:{{ .Values.tag }} + imagePullPolicy: {{ .Values.pullPolicy }} + env: + - name: INSECURE +{{- if .Values.insecure }} + value: "true" +{{- else }} + value: "false" +{{- end }} +{{- if .Values.global.JaegerTracing }} + - name: TRACER_ENABLED + value: "true" + - name: JAEGER_AGENT_HOST + value: jaeger.nsm-system + - name: JAEGER_AGENT_PORT + value: "6831" +{{- end }} + - name: NSM_FORWARDER_SRC_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumeMounts: + - name: workspace + mountPath: /var/lib/networkservicemesh/ + mountPropagation: Bidirectional + - name: spire-agent-socket + mountPath: /run/spire/sockets + readOnly: true + livenessProbe: + httpGet: + path: /liveness + port: 5555 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: /readiness + port: 5555 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + {{- if (index .Values $fp).resources }} + resources: + limits: + cpu: {{ (index .Values $fp).resources.limitCPU }} + requests: + cpu: {{ (index .Values $fp).resources.requestsCPU }} + {{- end }} + volumes: + - hostPath: + path: /var/lib/networkservicemesh + type: DirectoryOrCreate + name: workspace + - hostPath: + path: /run/spire/sockets + type: DirectoryOrCreate + name: spire-agent-socket +metadata: + name: nsm-{{ $fp }}-forwarder + namespace: {{ .Release.Namespace }} diff --git a/nsm/templates/nsmgr.tpl b/nsm/templates/nsmgr.tpl new file mode 100644 index 000000000..2342b5e75 --- /dev/null +++ b/nsm/templates/nsmgr.tpl @@ -0,0 +1,131 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: nsmgr + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: nsmgr-daemonset + template: + metadata: + labels: + app: nsmgr-daemonset + spec: + serviceAccount: nsmgr-acc + containers: + - name: nsmdp + image: {{ .Values.registry }}/{{ .Values.org }}/nsmdp:{{ .Values.tag }} + imagePullPolicy: {{ .Values.pullPolicy }} + env: + - name: INSECURE +{{- if .Values.insecure }} + value: "true" +{{- else }} + value: "false" +{{- end }} +{{- if .Values.global.JaegerTracing }} + - name: TRACER_ENABLED + value: "true" + - name: JAEGER_AGENT_HOST + value: jaeger.nsm-system + - name: JAEGER_AGENT_PORT + value: "6831" +{{- end }} + volumeMounts: + - name: kubelet-socket + mountPath: /var/lib/kubelet/device-plugins + - name: nsm-socket + mountPath: /var/lib/networkservicemesh + - name: spire-agent-socket + mountPath: /run/spire/sockets + readOnly: true + - name: nsmd + image: {{ .Values.registry }}/{{ .Values.org }}/nsmd:{{ .Values.tag }} + imagePullPolicy: {{ .Values.pullPolicy }} + env: + - name: GRPC_GO_LOG_VERBOSITY_LEVEL + value: "99" + - name: GRPC_GO_LOG_SEVERITY_LEVEL + value: "info" + - name: INSECURE +{{- if .Values.insecure }} + value: "true" +{{- else }} + value: "false" +{{- end }} +{{- if .Values.global.JaegerTracing }} + - name: TRACER_ENABLED + value: "true" + - name: JAEGER_AGENT_HOST + value: jaeger.nsm-system + - name: JAEGER_AGENT_PORT + value: "6831" +{{- end }} + volumeMounts: + - name: nsm-socket + mountPath: /var/lib/networkservicemesh + - name: nsm-plugin-socket + mountPath: /var/lib/networkservicemesh/plugins + - name: spire-agent-socket + mountPath: /run/spire/sockets + readOnly: true + livenessProbe: + httpGet: + path: /liveness + port: 5555 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: /readiness + port: 5555 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + - name: nsmd-k8s + image: {{ .Values.registry }}/{{ .Values.org }}/nsmd-k8s:{{ .Values.tag }} + imagePullPolicy: {{ .Values.pullPolicy }} + volumeMounts: + - name: spire-agent-socket + mountPath: /run/spire/sockets + readOnly: true + - name: nsm-plugin-socket + mountPath: /var/lib/networkservicemesh/plugins + env: + - name: INSECURE +{{- if .Values.insecure }} + value: "true" +{{- else }} + value: "false" +{{- end }} + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName +{{- if .Values.global.JaegerTracing }} + - name: TRACER_ENABLED + value: "true" + - name: JAEGER_AGENT_HOST + value: jaeger.nsm-system + - name: JAEGER_AGENT_PORT + value: "6831" +{{- end }} + volumes: + - hostPath: + path: /var/lib/kubelet/device-plugins + type: DirectoryOrCreate + name: kubelet-socket + - hostPath: + path: /var/lib/networkservicemesh + type: DirectoryOrCreate + name: nsm-socket + - hostPath: + path: /var/lib/networkservicemesh/plugins + type: DirectoryOrCreate + name: nsm-plugin-socket + - hostPath: + path: /run/spire/sockets + type: DirectoryOrCreate + name: spire-agent-socket diff --git a/nsm/templates/service-accounts.tpl b/nsm/templates/service-accounts.tpl new file mode 100644 index 000000000..9881506d5 --- /dev/null +++ b/nsm/templates/service-accounts.tpl @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nse-acc + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nsc-acc + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nsmgr-acc + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: forward-plane-acc + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/nsm/values.yaml b/nsm/values.yaml new file mode 100644 index 000000000..6e1c40045 --- /dev/null +++ b/nsm/values.yaml @@ -0,0 +1,28 @@ +--- +# Default values for nsm. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +registry: docker.io +org: networkservicemesh +tag: v0.2.0 +pullPolicy: IfNotPresent + +forwardingPlane: vpp +insecure: false + +vpp: + image: vppagent-forwarder + +kernel: + image: kernel-forwarder + resources: + limitCPU: 1 + requestsCPU: 1m + +spire: + enabled: true + +global: + # set to true to enable Jaeger tracing for NSM components + JaegerTracing: false diff --git a/pkg/imports/gen.go b/pkg/imports/gen.go new file mode 100644 index 000000000..25bbdcfa5 --- /dev/null +++ b/pkg/imports/gen.go @@ -0,0 +1,3 @@ +//go:generate go get github.com/edwarnicke/imports-gen +//go:generate imports-gen +package imports diff --git a/pkg/imports/imports.go b/pkg/imports/imports.go new file mode 100644 index 000000000..e0d62440b --- /dev/null +++ b/pkg/imports/imports.go @@ -0,0 +1,91 @@ +// DO NOT EDIT - generated by github.com/edwarnicke/imports-gen +package imports + +import ( + _ "bytes" + _ "context" + _ "crypto" + _ "crypto/ecdsa" + _ "crypto/elliptic" + _ "crypto/rand" + _ "crypto/tls" + _ "crypto/x509" + _ "crypto/x509/pkix" + _ "encoding/asn1" + _ "encoding/binary" + _ "encoding/csv" + _ "encoding/json" + _ "encoding/pem" + _ "errors" + _ "fmt" + _ "github.com/RoaringBitmap/roaring" + _ "github.com/cloudflare/cfssl/signer" + _ "github.com/dgrijalva/jwt-go" + _ "github.com/edwarnicke/exechelper" + _ "github.com/golang/protobuf/proto" + _ "github.com/golang/protobuf/ptypes" + _ "github.com/golang/protobuf/ptypes/empty" + _ "github.com/golang/protobuf/ptypes/timestamp" + _ "github.com/google/uuid" + _ "github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc" + _ "github.com/matryer/try" + _ "github.com/nats-io/stan.go" + _ "github.com/networkservicemesh/api/pkg/api" + _ "github.com/networkservicemesh/api/pkg/api/networkservice" + _ "github.com/networkservicemesh/api/pkg/api/networkservice/mechanisms/cls" + _ "github.com/networkservicemesh/api/pkg/api/networkservice/mechanisms/common" + _ "github.com/networkservicemesh/api/pkg/api/networkservice/mechanisms/kernel" + _ "github.com/networkservicemesh/api/pkg/api/networkservice/mechanisms/memif" + _ "github.com/networkservicemesh/api/pkg/api/networkservice/mechanisms/srv6" + _ "github.com/networkservicemesh/api/pkg/api/networkservice/mechanisms/vxlan" + _ "github.com/networkservicemesh/api/pkg/api/registry" + _ "github.com/open-policy-agent/opa/rego" + _ "github.com/opentracing/opentracing-go" + _ "github.com/opentracing/opentracing-go/log" + _ "github.com/pkg/errors" + _ "github.com/sirupsen/logrus" + _ "github.com/spf13/pflag" + _ "github.com/spf13/viper" + _ "github.com/spiffe/go-spiffe/spiffe" + _ "github.com/spiffe/go-spiffe/uri" + _ "github.com/spiffe/go-spiffe/workload" + _ "github.com/stretchr/testify/assert" + _ "github.com/stretchr/testify/require" + _ "github.com/stretchr/testify/suite" + _ "github.com/uber/jaeger-client-go" + _ "github.com/uber/jaeger-client-go/config" + _ "go.uber.org/goleak" + _ "gonum.org/v1/gonum/stat/combin" + _ "google.golang.org/grpc" + _ "google.golang.org/grpc/codes" + _ "google.golang.org/grpc/credentials" + _ "google.golang.org/grpc/health" + _ "google.golang.org/grpc/health/grpc_health_v1" + _ "google.golang.org/grpc/metadata" + _ "google.golang.org/grpc/peer" + _ "google.golang.org/grpc/status" + _ "io" + _ "io/ioutil" + _ "log" + _ "math" + _ "math/big" + _ "net" + _ "net/url" + _ "os" + _ "os/exec" + _ "os/signal" + _ "path" + _ "path/filepath" + _ "reflect" + _ "regexp" + _ "runtime" + _ "runtime/debug" + _ "strconv" + _ "strings" + _ "sync" + _ "sync/atomic" + _ "syscall" + _ "testing" + _ "text/template" + _ "time" +) diff --git a/pkg/networkservice/chains/nsmgr/server.go b/pkg/networkservice/chains/nsmgr/server.go index b06ff7196..2d8501881 100644 --- a/pkg/networkservice/chains/nsmgr/server.go +++ b/pkg/networkservice/chains/nsmgr/server.go @@ -19,9 +19,6 @@ package nsmgr import ( "github.com/networkservicemesh/api/pkg/api/registry" - "github.com/open-policy-agent/opa/rego" - "google.golang.org/grpc" - "github.com/networkservicemesh/sdk/pkg/networkservice/chains/client" "github.com/networkservicemesh/sdk/pkg/networkservice/chains/endpoint" "github.com/networkservicemesh/sdk/pkg/networkservice/common/connect" @@ -33,6 +30,9 @@ import ( chain_registry "github.com/networkservicemesh/sdk/pkg/registry/core/chain" "github.com/networkservicemesh/sdk/pkg/tools/addressof" "github.com/networkservicemesh/sdk/pkg/tools/token" + "github.com/open-policy-agent/opa/rego" + "google.golang.org/grpc" + "net/url" ) // Nsmgr - A simple combintation of the Endpoint, registry.NetworkServiceRegistryServer, and registry.NetworkServiceDiscoveryServer interfaces @@ -48,11 +48,37 @@ type nsmgr struct { registry.NetworkServiceDiscoveryServer } +//type urlInjector struct { +// name string +// listenOnURL url.URL +//} +// +//func (u *urlInjector) RegisterNSE(ctx context.Context, registration *registry.NSERegistration) (*registry.NSERegistration, error) { +// expiration := time.Now() +// expiration.Add(24 * time.Hour) +// expirationTimestamp, _ := ptypes.TimestampProto(expiration) +// registration.NetworkServiceManager = ®istry.NetworkServiceManager{ +// Name: u.name, +// Url: u.listenOnURL.String(), +// ExpirationTime: expirationTimestamp, +// State: "RUNNING", +// } +// return registration, nil +//} +// +//func (u *urlInjector) BulkRegisterNSE(server registry.NetworkServiceRegistry_BulkRegisterNSEServer) error { +// panic("implement me") +//} +// +//func (u *urlInjector) RemoveNSE(ctx context.Context, request *registry.RemoveNSERequest) (*empty.Empty, error) { +// panic("implement me") +//} + // NewServer - Creates a new Nsmgr // name - name of the Nsmgr // authzPolicy - authorization policy // registryCC - client connection to reach the upstream registry -func NewServer(name string, authzPolicy *rego.PreparedEvalQuery, tokenGenerator token.GeneratorFunc, registryCC grpc.ClientConnInterface) Nsmgr { +func NewServer(name string, authzPolicy *rego.PreparedEvalQuery, tokenGenerator token.GeneratorFunc, registryCC grpc.ClientConnInterface, listenOnURL url.URL) Nsmgr { rv := &nsmgr{} rv.Endpoint = endpoint.NewServer( name, @@ -65,6 +91,10 @@ func NewServer(name string, authzPolicy *rego.PreparedEvalQuery, tokenGenerator ) rv.NetworkServiceRegistryServer = chain_registry.NewNetworkServiceRegistryServer( rv.NetworkServiceRegistryServer, + //&urlInjector{ + // name: "nsmgr", + // listenOnURL: listenOnURL, + //}, adapter_registry.NewRegistryClientToServer(registry.NewNetworkServiceRegistryClient(registryCC)), ) rv.NetworkServiceDiscoveryServer = adapter_registry.NewDiscoveryClientToServer(registry.NewNetworkServiceDiscoveryClient(registryCC)) diff --git a/pkg/networkservice/common/discover/server.go b/pkg/networkservice/common/discover/server.go index e656c32db..27bbfa960 100644 --- a/pkg/networkservice/common/discover/server.go +++ b/pkg/networkservice/common/discover/server.go @@ -56,5 +56,5 @@ func (d *discoverCandidatesServer) Request(ctx context.Context, request *network } func (d *discoverCandidatesServer) Close(context.Context, *networkservice.Connection) (*empty.Empty, error) { - panic("implement me") + return &empty.Empty{}, nil } diff --git a/pkg/networkservice/common/monitor/server.go b/pkg/networkservice/common/monitor/server.go index 79d66b38d..e59bcbba8 100644 --- a/pkg/networkservice/common/monitor/server.go +++ b/pkg/networkservice/common/monitor/server.go @@ -20,6 +20,7 @@ package monitor import ( "context" + "github.com/networkservicemesh/sdk/pkg/tools/log" "runtime" "github.com/golang/protobuf/ptypes/empty" @@ -47,6 +48,7 @@ type monitorServer struct { // networkservice.MonitorConnectionServer that can be used either standalone or in a // networkservice.MonitorConnectionServer chain func NewServer(monitorServerPtr *networkservice.MonitorConnectionServer) networkservice.NetworkServiceServer { + log.Entry(context.Background()).Println("monitor.NewServer", monitorServerPtr) rv := &monitorServer{ connections: make(map[string]*networkservice.Connection), monitors: nil, // Intentionally nil @@ -61,6 +63,7 @@ func NewServer(monitorServerPtr *networkservice.MonitorConnectionServer) network } func (m *monitorServer) MonitorConnections(selector *networkservice.MonitorScopeSelector, srv networkservice.MonitorConnection_MonitorConnectionsServer) error { + log.Entry(srv.Context()).Println("monitor.MonitorConn", selector, srv) m.executor.AsyncExec(func() { monitor := newMonitorFilter(selector, srv) m.monitors = append(m.monitors, monitor) @@ -79,9 +82,11 @@ func (m *monitorServer) MonitorConnections(selector *networkservice.MonitorScope } func (m *monitorServer) Request(ctx context.Context, request *networkservice.NetworkServiceRequest) (*networkservice.Connection, error) { + log.Entry(ctx).Println("request", request) conn, err := next.Server(ctx).Request(ctx, request) if err == nil { m.executor.AsyncExec(func() { + log.Entry(ctx).Println("monitor.request.async", request) m.connections[conn.GetId()] = conn // Send update event event := &networkservice.ConnectionEvent{ @@ -97,8 +102,10 @@ func (m *monitorServer) Request(ctx context.Context, request *networkservice.Net } func (m *monitorServer) Close(ctx context.Context, conn *networkservice.Connection) (*empty.Empty, error) { + log.Entry(ctx).Println("monitor.close", conn) // Remove connection object we have and send DELETE m.executor.AsyncExec(func() { + log.Entry(ctx).Println("monitor.close.async", conn) delete(m.connections, conn.GetId()) event := &networkservice.ConnectionEvent{ Type: networkservice.ConnectionEventType_DELETE, @@ -113,6 +120,7 @@ func (m *monitorServer) Close(ctx context.Context, conn *networkservice.Connecti // send - perform a send to clients. func (m *monitorServer) send(ctx context.Context, event *networkservice.ConnectionEvent) (err error) { + log.Entry(ctx).Println("send", event) newMonitors := []networkservice.MonitorConnection_MonitorConnectionsServer{} for _, filter := range m.monitors { select { diff --git a/pkg/networkservice/common/refresh/client.go b/pkg/networkservice/common/refresh/client.go index f7bfc9ec8..5723c3f13 100644 --- a/pkg/networkservice/common/refresh/client.go +++ b/pkg/networkservice/common/refresh/client.go @@ -51,7 +51,7 @@ func NewClient() networkservice.NetworkServiceClient { } func (t *refreshClient) Request(ctx context.Context, request *networkservice.NetworkServiceRequest, opts ...grpc.CallOption) (*networkservice.Connection, error) { - rv, err := next.Client(ctx).Request(ctx, request) + rv, err := next.Client(ctx).Request(ctx, request, opts...) if err != nil { return nil, err } diff --git a/pkg/registry/core/adapters/registry_client_to_server.go b/pkg/registry/core/adapters/registry_client_to_server.go index 865d685c8..34adc1198 100644 --- a/pkg/registry/core/adapters/registry_client_to_server.go +++ b/pkg/registry/core/adapters/registry_client_to_server.go @@ -18,6 +18,7 @@ package adapters import ( "context" + "net/url" "github.com/golang/protobuf/ptypes/empty" "github.com/networkservicemesh/api/pkg/api/registry" @@ -26,11 +27,14 @@ import ( type registryClientToServer struct { client registry.NetworkServiceRegistryClient + url url.URL } // NewRegistryClientToServer - returns a registry.NetworkServiceRegistryClient wrapped around the supplied client func NewRegistryClientToServer(client registry.NetworkServiceRegistryClient) registry.NetworkServiceRegistryServer { - return ®istryClientToServer{client: client} + return ®istryClientToServer{ + client: client, + } } func (r *registryClientToServer) RegisterNSE(ctx context.Context, registration *registry.NSERegistration) (*registry.NSERegistration, error) { diff --git a/pkg/registry/memory/ns_memory_server.go b/pkg/registry/memory/ns_memory_server.go index 0d53e927e..b95193f92 100644 --- a/pkg/registry/memory/ns_memory_server.go +++ b/pkg/registry/memory/ns_memory_server.go @@ -18,6 +18,7 @@ package memory import ( "context" + "github.com/networkservicemesh/sdk/pkg/tools/log" "github.com/networkservicemesh/api/pkg/api/registry" "github.com/pkg/errors" @@ -28,6 +29,7 @@ type memoryServiceDiscoveryServer struct { } func (d *memoryServiceDiscoveryServer) FindNetworkService(ctx context.Context, req *registry.FindNetworkServiceRequest) (*registry.FindNetworkServiceResponse, error) { + log.Entry(ctx).Println("Find NS %+v", req) service, ok := d.storage.NetworkServices.Load(req.NetworkServiceName) if !ok { return nil, errors.Errorf("network service %v is not found", req.NetworkServiceName) diff --git a/pkg/registry/memory/nse_memory_server.go b/pkg/registry/memory/nse_memory_server.go index 627d6382e..e87e27c46 100644 --- a/pkg/registry/memory/nse_memory_server.go +++ b/pkg/registry/memory/nse_memory_server.go @@ -18,6 +18,7 @@ package memory import ( "context" + "github.com/networkservicemesh/sdk/pkg/tools/log" "github.com/golang/protobuf/ptypes/empty" "github.com/networkservicemesh/api/pkg/api/registry" @@ -32,6 +33,7 @@ type memoryNetworkServeRegistry struct { } func (m *memoryNetworkServeRegistry) RegisterNSE(ctx context.Context, registration *registry.NSERegistration) (*registry.NSERegistration, error) { + log.Entry(ctx).Println("Register NSE: %+v", registration) if registration == nil { return nil, errors.New("can not register nil registration") } @@ -53,6 +55,7 @@ func (m *memoryNetworkServeRegistry) BulkRegisterNSE(s registry.NetworkServiceRe } func (m *memoryNetworkServeRegistry) RemoveNSE(ctx context.Context, req *registry.RemoveNSERequest) (*empty.Empty, error) { + log.Entry(ctx).Println("Remove NSE: %+v", req) m.storage.NetworkServiceEndpoints.Delete(req.NetworkServiceEndpointName) return next.NetworkServiceRegistryServer(ctx).RemoveNSE(ctx, req) } diff --git a/pkg/registry/memory/nsm_memory_server.go b/pkg/registry/memory/nsm_memory_server.go index b37baaff2..3e79dfa4c 100644 --- a/pkg/registry/memory/nsm_memory_server.go +++ b/pkg/registry/memory/nsm_memory_server.go @@ -18,9 +18,9 @@ package memory import ( "context" - "github.com/golang/protobuf/ptypes/empty" "github.com/networkservicemesh/api/pkg/api/registry" + "github.com/networkservicemesh/sdk/pkg/tools/log" "github.com/networkservicemesh/sdk/pkg/registry/core/next" ) @@ -31,12 +31,14 @@ type nsmMemoryNetworkServerRegistry struct { } func (n *nsmMemoryNetworkServerRegistry) RegisterNSM(ctx context.Context, nsm *registry.NetworkServiceManager) (*registry.NetworkServiceManager, error) { + log.Entry(ctx).Println("Register NSM: %+v", nsm) nsm.Name = n.nsmName n.storage.NetworkServiceManagers.Store(nsm.Name, nsm) return next.NSMRegistryServer(ctx).RegisterNSM(ctx, nsm) } -func (n *nsmMemoryNetworkServerRegistry) GetEndpoints(context.Context, *empty.Empty) (*registry.NetworkServiceEndpointList, error) { +func (n *nsmMemoryNetworkServerRegistry) GetEndpoints(ctx context.Context, _ *empty.Empty) (*registry.NetworkServiceEndpointList, error) { + log.Entry(ctx).Println("Get NSM Endpoints") result := new(registry.NetworkServiceEndpointList) n.storage.NetworkServiceEndpoints.Range(func(_ string, v *registry.NetworkServiceEndpoint) bool { if v.NetworkServiceManagerName == n.nsmName { diff --git a/pkg/tools/grpcutils/listen_and_serve.go b/pkg/tools/grpcutils/listen_and_serve.go index 2bf2b20ad..6fac7035c 100644 --- a/pkg/tools/grpcutils/listen_and_serve.go +++ b/pkg/tools/grpcutils/listen_and_serve.go @@ -19,6 +19,7 @@ package grpcutils import ( "context" + "github.com/networkservicemesh/sdk/pkg/tools/log" "net" "net/url" @@ -37,17 +38,23 @@ func ListenAndServe(ctx context.Context, address *url.URL, server *grpc.Server) // Serve go func() { // Create listener + log.Entry(ctx).Println("creating listener...", address) network, target := urlToNetworkTarget(address) + log.Entry(ctx).Println("urlToNetworkTarget:", network, target) ln, err := net.Listen(network, target) + log.Entry(ctx).Println("listen:", ln, err) if err != nil { errCh <- err close(errCh) return } defer func() { + log.Entry(ctx).Println("close:", ln, err) _ = ln.Close() }() + log.Entry(ctx).Println("serve:") err = server.Serve(ln) + log.Entry(ctx).Println("serve err:", err) select { case <-ctx.Done(): default: diff --git a/pkg/tools/spiffeutils/grpcoptions.go b/pkg/tools/spiffeutils/grpcoptions.go index e5636f10f..b081e439f 100644 --- a/pkg/tools/spiffeutils/grpcoptions.go +++ b/pkg/tools/spiffeutils/grpcoptions.go @@ -47,6 +47,7 @@ func WithSpiffe(peer TLSPeer, timeout time.Duration) grpc.DialOption { if err != nil { return grpc.WithInsecure() } + tlsConfig.InsecureSkipVerify = true return grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)) } @@ -67,5 +68,6 @@ func SpiffeCreds(peer TLSPeer, timeout time.Duration) grpc.ServerOption { if err != nil { return grpc.EmptyServerOption{} } + tlsConfig.InsecureSkipVerify = true return grpc.Creds(credentials.NewTLS(tlsConfig)) } diff --git a/pkg/tools/spiffeutils/tls_peer.go b/pkg/tools/spiffeutils/tls_peer.go index 1ec4f7dc8..61480aab3 100644 --- a/pkg/tools/spiffeutils/tls_peer.go +++ b/pkg/tools/spiffeutils/tls_peer.go @@ -21,6 +21,7 @@ import ( "crypto/tls" "crypto/x509" "fmt" + "log" "net/url" "sync" "time" @@ -112,6 +113,26 @@ func NewTLSPeer(opts ...spiffe.TLSPeerOption) (TLSPeer, error) { } peer, err := spiffe.NewTLSPeer(opts...) if err != nil { + log.Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) + } + //ctx, cancel := context.WithTimeout(context.Background(), time.Second) + //defer cancel() + //peer.WaitUntilReady(ctx) + //cert, err := peer.GetCertificate() + //if err != nil { + // log.Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) + //} + //svid, err := SpiffeIDFromTLS(cert) + //if err != nil { + // log.Fatalf("Error attempting to create spiffeutils.TLSPeer %+v", err) + //} + //log.Println("svid: ", svid) + //log.Println("tlsPeer: ", peer) + //log.Println("tlsPeer.GetCertificate()", cert) + //log.Println("peer", peer) + //log.Println("peer err", err) + if err != nil { + log.Println(rv.selfSignedTLSPeer) if rv.selfSignedTLSPeer != nil { rv.replacePeer() return rv, nil diff --git a/run.sh b/run.sh new file mode 100755 index 000000000..59463fac1 --- /dev/null +++ b/run.sh @@ -0,0 +1,5 @@ +#!/bin/sh +tmux new-session 'registry' \; \ +split-window 'nsmgr' \; \ +split-window 'icmp-server' \; \ +split-window 'NSM_LISTEN_ON_URL=/run/networkservicemesh/icmp.client.sock icmp-client'