Merge pull request #108 from seungsoo-lee/master

Update flow id tracking
accuknox · Jan 27, 2021 · 2506e84 · 2506e84
2 parents 7ffee3d + 6781864
commit 2506e84
Show file tree

Hide file tree

Showing 19 changed files with 1,884 additions and 1,636 deletions.
diff --git a/database/mysql/init/flow_management.sql b/database/mysql/init/flow_management.sql
@@ -33,6 +33,7 @@ CREATE TABLE IF NOT EXISTS `discovered_policy` (
   `id` int NOT NULL AUTO_INCREMENT,
   `apiVersion` varchar(20) DEFAULT NULL,
   `kind` varchar(20) DEFAULT NULL,
+  `flow_ids` JSON DEFAULT NULL,
   `name` varchar(50) DEFAULT NULL,
   `cluster_name` varchar(50) DEFAULT NULL,
   `namespace` varchar(50) DEFAULT NULL,
@@ -47,27 +48,20 @@ CREATE TABLE IF NOT EXISTS `discovered_policy` (
 
 CREATE TABLE IF NOT EXISTS `auto_policy_config` (
   `id` int NOT NULL AUTO_INCREMENT,
-
   `config_name` varchar(50) DEFAULT NULL,
   `status` int DEFAULT '0',
-
   `config_db` JSON DEFAULT NULL,
   `config_cilium_hubble` JSON DEFAULT NULL,
-
   `operation_mode` int DEFAULT NULL,
   `cronjob_time_interval` varchar(50) DEFAULT NULL,
   `one_time_job_time_selection` varchar(50) DEFAULT NULL,
-
   `network_log_from` varchar(50) DEFAULT NULL,
   `discovered_policy_to` varchar(50) DEFAULT NULL,
   `policy_dir` varchar(50) DEFAULT NULL,
-
   `discovery_policy_types` int DEFAULT NULL,
   `discovery_rule_types` int DEFAULT NULL,
-
   `cidr_bits` int DEFAULT NULL,
   `ignoring_flows` JSON DEFAULT NULL,
-
   `l3_aggregation_level` int DEFAULT NULL,
   `l4_aggregation_level` int DEFAULT NULL,
   `l7_aggregation_level` int DEFAULT NULL,

diff --git a/scripts/startService.sh b/scripts/startService.sh
@@ -24,19 +24,31 @@ export HUBBLE_PORT=4245
 export OPERATION_MODE=2
 export CRON_JOB_TIME_INTERVAL="@every 0h0m5s"
 
-# available network log source: hubble | db
+# network log source: hubble | db
 export NETWORK_LOG_FROM=db
+
+# discovered policy output: db or db|file
 export DISCOVERED_POLICY_TO="db|file"
 export POLICY_DIR=$KNOX_AUTO_HOME/policies/
 
-# available discovery modes: 
-#   all (egress+ingress): 3
-#   egress only: 1
-#   ingress only: 2
+# discovery policy types: egress only   : 1
+#                         ingress only  : 2
+#                         all           : 3
 export DISCOVERY_POLICY_TYPES=3
+
+# discovery rule types: matchLabels: matchLabels: 1
+#                                    toPorts    : 2
+#                                    toHTTPs    : 4
+#                                    toCIDRs    : 8
+#                                    toEntities : 16
+#                                    toServices : 32
+#                                    toFQDNs    : 64
+#                                    fromCIDRs  : 128
+#                                    fromEntities : 256
+#                                    all        : 511
 export DISCOVERY_RULE_TYPES=511
 
 # skip namepsace info
 export IGNORING_NAMESPACES="kube-system|knox-auto-policy|cilium|hipster"
 
-$KNOX_AUTO_HOME/src/knoxAutoPolicy
+$KNOX_AUTO_HOME/src/knoxAutoPolicy
diff --git a/src/core/configManager.go b/src/core/configManager.go
@@ -15,9 +15,12 @@ var Cfg types.Configuration
 // SkipNamespaces ...
 var SkipNamespaces []string
 
-// HTTPUrlThreshold
+// HTTPUrlThreshold ...
 var HTTPUrlThreshold int
 
+// PlugIn ...
+var PlugIn string
+
 func init() {
 	// initially, default -> applied
 	LoadDefaultConfig()
@@ -56,6 +59,8 @@ func LoadConfigDB() types.ConfigDB {
 	cfgDB.TableDiscoveredPolicy = libs.GetEnv("TB_DISCOVERED_POLICY", "discovered_policy")
 	cfgDB.TableConfiguration = libs.GetEnv("TB_CONFIGURATION", "auto_policy_config")
 
+	PlugIn = "cilium"
+
 	return cfgDB
 }