Skip to content

npm: enable debug feature parity for v2 #1324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 48 commits into from
Jun 14, 2022
Merged

npm: enable debug feature parity for v2 #1324

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
abd49ff
pretty print
matmerr Mar 4, 2022
0b49cfe
netpol files
matmerr Mar 9, 2022
bcbdeb2
parser type
matmerr Mar 21, 2022
918acf2
cache/pod interface
matmerr Mar 29, 2022
b409a9c
cache interface
matmerr Mar 29, 2022
5de4db7
retrieve cache common interface
matmerr Mar 30, 2022
4d45146
Merge branch 'master' into npmcliv2
matmerr Mar 31, 2022
a6fdea9
cachev2 tuple
matmerr Apr 5, 2022
061d768
set map retrieval
matmerr Apr 5, 2022
7ef3678
add test files and start test
matmerr Apr 6, 2022
90d8fb2
simplified rules
matmerr Apr 8, 2022
12bd4da
remove log lines
matmerr Apr 9, 2022
2adecf7
lint
matmerr Apr 12, 2022
d2ace83
lint
matmerr Apr 12, 2022
c38d471
Merge branch 'npmcliv2' of github.com:matmerr/azure-container-network…
matmerr Apr 13, 2022
43a73f9
remove old tests
matmerr Apr 13, 2022
742e468
remove log lines
matmerr Apr 14, 2022
cd3f01b
simplify
matmerr Apr 20, 2022
b373b64
jumps
matmerr Apr 21, 2022
04b1063
nested chains
matmerr Apr 21, 2022
0df7a4d
skip when prefix
matmerr Apr 21, 2022
eb64649
reorg
matmerr May 9, 2022
0f68de7
bring back legacy cache behavior
matmerr May 11, 2022
ddbd75c
common ns
matmerr May 11, 2022
37e432b
isolate cache
matmerr May 11, 2022
28d87e7
uncomment tests
matmerr May 11, 2022
fce0c97
Merge branch 'master' into npmcliv2
matmerr May 11, 2022
61a673a
linting
matmerr May 11, 2022
cd3d9db
linting
matmerr May 11, 2022
7c3fd3f
fix npm tests
matmerr May 11, 2022
37cacc7
Merge branch 'master' into npmcliv2
matmerr May 11, 2022
214ba18
better match conditions
matmerr May 11, 2022
2d4ada2
ipsm v1 hashing serversize for set+listmap
matmerr May 12, 2022
ab609af
replace old cache files
matmerr May 12, 2022
180bc47
tests
matmerr May 12, 2022
fa51304
update controller tools for ci
matmerr May 12, 2022
da2be05
simplify generic cache signature
matmerr May 12, 2022
912ebd0
parent string
matmerr May 16, 2022
427c1d0
nestedlabel prefix
matmerr May 17, 2022
92cef04
match keylabelns
matmerr May 17, 2022
656c2ef
printing formatting
matmerr May 17, 2022
c96a6cb
update tests
matmerr May 26, 2022
b3602a0
lint
matmerr May 26, 2022
0ea0170
Merge branch 'master' into npmcliv2
matmerr May 27, 2022
a9c74dd
Merge branch 'master' into npmcliv2
matmerr Jun 10, 2022
7ea845e
nnc
matmerr Jun 10, 2022
a6a4346
build tools conflict
matmerr Jun 10, 2022
56ddd95
fix crdgen
matmerr Jun 13, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions build/tools/tools.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
//+build tools
//go:build tools
// +build tools

package tools

Expand All @@ -8,8 +9,8 @@ import (
_ "github.com/golang/mock/mockgen"
_ "github.com/golangci/golangci-lint/cmd/golangci-lint"
_ "github.com/jstemmer/go-junit-report"
_ "mvdan.cc/gofumpt"
_ "google.golang.org/protobuf/cmd/protoc-gen-go"
_ "google.golang.org/grpc/cmd/protoc-gen-go-grpc"
_ "google.golang.org/protobuf/cmd/protoc-gen-go"
_ "mvdan.cc/gofumpt"
_ "sigs.k8s.io/controller-tools/cmd/controller-gen"
)
3 changes: 3 additions & 0 deletions hack/toolbox/server/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
module github.com/Azure/azure-container-networking/hack/toolbox/server

go 1.17
74 changes: 37 additions & 37 deletions npm/azure-npm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ metadata:
addonmanager.kubernetes.io/mode: EnsureExists
rules:
- apiGroups:
- ""
- ""
resources:
- pods
- nodes
Expand All @@ -25,7 +25,7 @@ rules:
- list
- watch
- apiGroups:
- networking.k8s.io
- networking.k8s.io
resources:
- networkpolicies
verbs:
Expand All @@ -34,7 +34,7 @@ rules:
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
kind: ClusterRoleBinding
metadata:
name: azure-npm-binding
namespace: kube-system
Expand Down Expand Up @@ -66,20 +66,20 @@ spec:
labels:
k8s-app: azure-npm
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
azure.npm/scrapeable: ''
scheduler.alpha.kubernetes.io/critical-pod: ""
azure.npm/scrapeable: ""
spec:
priorityClassName: system-node-critical
tolerations:
- operator: "Exists"
effect: NoExecute
- operator: "Exists"
effect: NoSchedule
- key: CriticalAddonsOnly
operator: Exists
- operator: "Exists"
effect: NoExecute
- operator: "Exists"
effect: NoSchedule
- key: CriticalAddonsOnly
operator: Exists
containers:
- name: azure-npm
image: mcr.microsoft.com/containernetworking/azure-npm:v1.4.1
image: acnpublic.azurecr.io/azure-npm:v1.4.22-24-g0df7a4d7-dirty-v3
Copy link
Contributor

@huntergregory huntergregory Jun 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: do we want to have acnpublic here?

resources:
limits:
cpu: 250m
Expand All @@ -97,31 +97,31 @@ spec:
- name: NPM_CONFIG
value: /etc/azure-npm/azure-npm.json
volumeMounts:
- name: log
mountPath: /var/log
- name: xtables-lock
mountPath: /run/xtables.lock
- name: protocols
mountPath: /etc/protocols
- name: azure-npm-config
mountPath: /etc/azure-npm
- name: log
mountPath: /var/log
- name: xtables-lock
mountPath: /run/xtables.lock
- name: protocols
mountPath: /etc/protocols
- name: azure-npm-config
mountPath: /etc/azure-npm
hostNetwork: true
volumes:
- name: log
hostPath:
path: /var/log
type: Directory
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: File
- name: protocols
hostPath:
path: /etc/protocols
type: File
- name: azure-npm-config
configMap:
name: azure-npm-config
- name: log
hostPath:
path: /var/log
type: Directory
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: File
- name: protocols
hostPath:
path: /etc/protocols
type: File
- name: azure-npm-config
configMap:
name: azure-npm-config
serviceAccountName: azure-npm
---
apiVersion: v1
Expand Down Expand Up @@ -153,7 +153,7 @@ data:
"EnablePrometheusMetrics": true,
"EnablePprof": true,
"EnableHTTPDebugAPI": true,
"EnableV2NPM": false,
"PlaceAzureChainFirst": false
"EnableV2NPM": true,
"PlaceAzureChainFirst": true
}
}
14 changes: 10 additions & 4 deletions npm/cmd/convertiptable.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,23 @@ func newConvertIPTableCmd() *cobra.Command {
c := &dataplane.Converter{}
switch {
case npmCacheF == "" && iptableSaveF == "":
ipTableRulesRes, err := c.GetJSONRulesFromIptables(iptableName)
ipTableRulesRes, err := c.GetProtobufRulesFromIptable(iptableName)
if err != nil {
return fmt.Errorf("%w", err)
}
fmt.Printf("%s\n", ipTableRulesRes)

if err := prettyPrintIPTables(ipTableRulesRes); err != nil {
return fmt.Errorf("error printing iptables: %w", err)
}
case npmCacheF != "" && iptableSaveF != "":
ipTableRulesRes, err := c.GetJSONRulesFromIptableFile(iptableName, npmCacheF, iptableSaveF)
ipTableRulesRes, err := c.GetProtobufRulesFromIptableFile(iptableName, npmCacheF, iptableSaveF)
if err != nil {
return fmt.Errorf("%w", err)
}
fmt.Printf("%s\n", ipTableRulesRes)

if err := prettyPrintIPTables(ipTableRulesRes); err != nil {
return fmt.Errorf("error printing iptables from file: %w", err)
}
default:
return errSpecifyBothFiles
}
Expand Down
2 changes: 1 addition & 1 deletion npm/cmd/convertiptable_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ func TestConvertIPTableCmd(t *testing.T) {
},
{
name: "correct files with file order switched",
args: concatArgs(baseArgs, npmCacheFlag, npmCacheFile, iptablesSaveFileFlag, iptableSaveFile),
args: concatArgs(baseArgs, npmCacheFlag, npmCacheFile, iptablesSaveFileFlag, npmCacheFile),
wantErr: false,
},
{
Expand Down
14 changes: 14 additions & 0 deletions npm/cmd/debug.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,25 @@ package main
import (
"fmt"

"github.com/Azure/azure-container-networking/npm/pkg/dataplane/pb"
"github.com/spf13/cobra"
)

var errSpecifyBothFiles = fmt.Errorf("must specify either no files or both a cache file and an iptables save file")

type IPTablesResponse struct {
Rules map[*pb.RuleResponse]struct{} `json:"rules,omitempty"`
}

func prettyPrintIPTables(iptableRules map[*pb.RuleResponse]struct{}) error {
iptresponse := IPTablesResponse{
Rules: iptableRules,
}

fmt.Printf("%+v", iptresponse)
return nil
}

func newDebugCmd() *cobra.Command {
debugCmd := &cobra.Command{
Use: "debug",
Expand Down
23 changes: 19 additions & 4 deletions npm/cmd/debug_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,14 @@ import (
"io"
"testing"

dataplane "github.com/Azure/azure-container-networking/npm/pkg/dataplane/debug"
"github.com/Azure/azure-container-networking/npm/util"
"github.com/stretchr/testify/require"
)

const (
iptableSaveFile = "../pkg/dataplane/testdata/iptablesave"
npmCacheFile = "../pkg/dataplane/testdata/npmcache.json"
iptableSaveFile = "../pkg/dataplane/testdata/iptablesave-v1"
npmCacheFile = "../pkg/dataplane/testdata/npmcachev1.json"
nonExistingFile = "non-existing-iptables-file"

npmCacheFlag = "-c"
Expand All @@ -19,8 +21,8 @@ const (
srcFlag = "-s"
unknownShorthandFlag = "-z"

testIP1 = "10.240.0.17" // from npmCacheWithCustomFormat.json
testIP2 = "10.240.0.68" // ditto
testIP1 = "10.224.0.87" // from npmCacheWithCustomFormat.json
testIP2 = "10.224.0.20" // ditto

debugCmdString = "debug"
convertIPTableCmdString = "convertiptable"
Expand Down Expand Up @@ -65,3 +67,16 @@ func testCommand(t *testing.T, tests []*testCases) {
func concatArgs(baseArgs []string, args ...string) []string {
return append(baseArgs, args...)
}

func TestPrettyPrint(t *testing.T) {
c := &dataplane.Converter{}

iptables, err := c.GetProtobufRulesFromIptableFile(
util.IptablesFilterTable,
npmCacheFile,
iptableSaveFile,
)

require.NoError(t, err)
require.NoError(t, prettyPrintIPTables(iptables))
}
48 changes: 35 additions & 13 deletions npm/cmd/gettuples.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,13 @@ package main
import (
"fmt"

dataplane "github.com/Azure/azure-container-networking/npm/pkg/dataplane/debug"
npmconfig "github.com/Azure/azure-container-networking/npm/config"
"github.com/Azure/azure-container-networking/npm/http/api"
"github.com/Azure/azure-container-networking/npm/pkg/controlplane/controllers/common"
"github.com/Azure/azure-container-networking/npm/pkg/dataplane/debug"
"github.com/Azure/azure-container-networking/npm/util/errors"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)

func newGetTuples() *cobra.Command {
Expand All @@ -23,28 +27,46 @@ func newGetTuples() *cobra.Command {
}
npmCacheF, _ := cmd.Flags().GetString("cache-file")
iptableSaveF, _ := cmd.Flags().GetString("iptables-file")
srcType := dataplane.GetInputType(src)
dstType := dataplane.GetInputType(dst)
srcInput := &dataplane.Input{Content: src, Type: srcType}
dstInput := &dataplane.Input{Content: dst, Type: dstType}
srcType := common.GetInputType(src)
dstType := common.GetInputType(dst)
srcInput := &common.Input{Content: src, Type: srcType}
dstInput := &common.Input{Content: dst, Type: dstType}

config := &npmconfig.Config{}
err := viper.Unmarshal(config)
if err != nil {
return fmt.Errorf("failed to load config with err %w", err)
}

switch {
case npmCacheF == "" && iptableSaveF == "":
_, tuples, err := dataplane.GetNetworkTuple(srcInput, dstInput)

c := &debug.Converter{
NPMDebugEndpointHost: "http://localhost",
NPMDebugEndpointPort: api.DefaultHttpPort,
EnableV2NPM: config.Toggles.EnableV2NPM, // todo: pass this a different way than param to this
Copy link
Contributor

@huntergregory huntergregory Jun 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any plans for the todo?

}

_, tuples, srcList, dstList, err := c.GetNetworkTuple(srcInput, dstInput, config)
if err != nil {
return fmt.Errorf("%w", err)
}
for _, tuple := range tuples {
fmt.Printf("%+v\n", tuple)
}

debug.PrettyPrintTuples(tuples, srcList, dstList)

Copy link
Contributor

@vakalapa vakalapa Apr 20, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove line

case npmCacheF != "" && iptableSaveF != "":
_, tuples, err := dataplane.GetNetworkTupleFile(srcInput, dstInput, npmCacheF, iptableSaveF)

c := &debug.Converter{
EnableV2NPM: config.Toggles.EnableV2NPM,
}

_, tuples, srcList, dstList, err := c.GetNetworkTupleFile(srcInput, dstInput, npmCacheF, iptableSaveF)
if err != nil {
return fmt.Errorf("%w", err)
}
for _, tuple := range tuples {
fmt.Printf("%+v\n", tuple)
}

debug.PrettyPrintTuples(tuples, srcList, dstList)

default:
return errSpecifyBothFiles
}
Expand Down
7 changes: 6 additions & 1 deletion npm/cmd/parseiptable.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package main
import (
"fmt"

"github.com/Azure/azure-container-networking/common"
"github.com/Azure/azure-container-networking/npm/pkg/dataplane/parse"
"github.com/spf13/cobra"
)
Expand All @@ -14,7 +15,11 @@ func newParseIPTableCmd() *cobra.Command {
RunE: func(cmd *cobra.Command, args []string) error {
iptableSaveF, _ := cmd.Flags().GetString("iptables-file")
if iptableSaveF == "" {
iptable, err := parse.Iptables("filter")
parser := parse.IPTablesParser{
IOShim: common.NewIOShim(),
}

iptable, err := parser.Iptables("filter")
if err != nil {
return fmt.Errorf("%w", err)
}
Expand Down
3 changes: 2 additions & 1 deletion npm/controller/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"fmt"

npmconfig "github.com/Azure/azure-container-networking/npm/config"
"github.com/Azure/azure-container-networking/npm/pkg/controlplane/controllers/common"
controllersv2 "github.com/Azure/azure-container-networking/npm/pkg/controlplane/controllers/v2"
"github.com/Azure/azure-container-networking/npm/pkg/dataplane"
"github.com/Azure/azure-container-networking/npm/pkg/models"
Expand Down Expand Up @@ -87,7 +88,7 @@ func NewNetworkPolicyServer(
},
}

n.NpmNamespaceCacheV2 = &controllersv2.NpmNamespaceCache{NsMap: make(map[string]*controllersv2.Namespace)}
n.NpmNamespaceCacheV2 = &controllersv2.NpmNamespaceCache{NsMap: make(map[string]*common.Namespace)}
n.PodControllerV2 = controllersv2.NewPodController(n.PodInformer, dp, n.NpmNamespaceCacheV2)
n.NamespaceControllerV2 = controllersv2.NewNamespaceController(n.NsInformer, dp, n.NpmNamespaceCacheV2)
n.NetPolControllerV2 = controllersv2.NewNetworkPolicyController(n.NpInformer, dp)
Expand Down
3 changes: 1 addition & 2 deletions npm/http/server/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,8 @@ func NPMRestServerListenAndServe(config npmconfig.Config, npmEncoder json.Marsha
rs.router.Handle(api.ClusterMetricsPath, metrics.GetHandler(metrics.ClusterMetrics))
}

// TODO support the debug CLI for v2
// the nil check is for fan-out npm
if config.Toggles.EnableHTTPDebugAPI && npmEncoder != nil && !config.Toggles.EnableV2NPM {
if config.Toggles.EnableHTTPDebugAPI && npmEncoder != nil {
// ACN CLI debug handlers
rs.router.Handle(api.NPMMgrPath, rs.npmCacheHandler(npmEncoder)).Methods(http.MethodGet)
}
Expand Down
Loading