Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encryption status sub command. #2212

Merged
merged 2 commits into from
Jan 31, 2024
Merged

Encryption status sub command. #2212

merged 2 commits into from
Jan 31, 2024

Conversation

viktor-kurchenko
Copy link
Contributor

@viktor-kurchenko viktor-kurchenko commented Jan 8, 2024
edited by nathanjsweet
Loading

Cluster wide encryption status command:

Output examples:

  1. Encryption disabled:
./cilium encrypt status
Encryption: Disabled (3/3 nodes)
  1. Cluster wide IPsec without errors:
./cilium encrypt status
Encryption: IPsec (3/3 nodes)
IPsec keys in use: 1 on 3/3
IPsec highest Seq. Number: 0x7b2/0xffffffff across all nodes
IPsec errors: 0 across all nodes
  1. Cluster wide IPsec with errors:
./cilium encrypt status
Encryption: IPsec (3/3 nodes)
IPsec keys in use: 1 on 3/3
IPsec highest Seq. Number: 0x7da/0xffffffff across all nodes
IPsec errors: 6 across all nodes
        XfrmInNoState: 6 on 3/3 nodes
  1. Per node IPsec without errors:
./cilium encrypt status --per-node-details
Node: kind-worker
Encryption: IPsec
IPsec keys in use: 1
IPsec highest Seq. Number: 0x7b5/0xffffffff
IPsec errors: 0

Node: kind-worker2
Encryption: IPsec
IPsec keys in use: 1
IPsec highest Seq. Number: 0x7b5/0xffffffff
IPsec errors: 0

Node: kind-control-plane
Encryption: IPsec
IPsec keys in use: 1
IPsec highest Seq. Number: N/A
IPsec errors: 0

@viktor-kurchenko viktor-kurchenko requested a review from a team as a code owner January 8, 2024 16:38
mhofstetter
mhofstetter requested changes Jan 9, 2024
View reviewed changes
Copy link
Member

@mhofstetter mhofstetter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this addition.

I have concerns building this feature by parsing the raw text output of the command cilium-dbg encrypt status. IMO we have to improve the "API" first: at least by introducing a structured form that we can rely on a little bit more.

encrypt/encrypt.go Outdated Show resolved Hide resolved
internal/cli/cmd/encrypt.go Outdated Show resolved Hide resolved
encrypt/encrypt.go Outdated Show resolved Hide resolved
encrypt/status.go Show resolved Hide resolved
encrypt/status.go Show resolved Hide resolved
@viktor-kurchenko viktor-kurchenko mentioned this pull request Jan 10, 2024
Merged
@viktor-kurchenko viktor-kurchenko mentioned this pull request Jan 27, 2024
Merged
mhofstetter
mhofstetter approved these changes Jan 29, 2024
View reviewed changes
Copy link
Member

@mhofstetter mhofstetter left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for the CLI aspect (i only tested that the command works - but didn't verified the output from a IPSec & Wireguard perspective)

nit: would be nice if you could reduce the amount of commits and squash the following commits into the first one.

  • Alias for the encryption command
  • Status structure and initTargetCiliumPods method simplified.

I think it's OK to have the last commit (JSON) as dedicated commit.

But i'll leave that up to the maintainer that will merge this PR.

Thanks Viktor!

@viktor-kurchenko
Copy link
Contributor Author

LGTM for the CLI aspect (i only tested that the command works - but didn't verified the output from a IPSec & Wireguard perspective)

nit: would be nice if you could reduce the amount of commits and squash the following commits into the first one.

  • Alias for the encryption command
  • Status structure and initTargetCiliumPods method simplified.

I think it's OK to have the last commit (JSON) as dedicated commit.

But i'll leave that up to the maintainer that will merge this PR.

Thanks Viktor!

Done.
Thank you for the review @mhofstetter !

@pchaigno pchaigno requested review from rgo3 and removed request for pchaigno January 29, 2024 14:41
rgo3
rgo3 reviewed Jan 31, 2024
View reviewed changes
Copy link

@rgo3 rgo3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM, just a small nit to simplify the concurrent status fetch if possible.

encrypt/status.go Outdated Show resolved Hide resolved
@maintainer-s-little-helper maintainer-s-little-helper bot added ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Jan 31, 2024
@mhofstetter mhofstetter removed the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 31, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 31, 2024
@viktor-kurchenko
Encryption status sub command implemented.
c5fe5a1 
Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com>
@viktor-kurchenko
Encryption status models and JSON output parsing support added.
e851321 
Signed-off-by: viktor-kurchenko <viktor.kurchenko@isovalent.com>
@tklauser tklauser merged commit 79e9d91 into main Jan 31, 2024
13 checks passed
@tklauser tklauser deleted the pr/vk/encryption/status branch January 31, 2024 20:15
@BrewTestBot BrewTestBot mentioned this pull request Feb 2, 2024
Merged
@mhofstetter mhofstetter mentioned this pull request Feb 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pchaigno pchaigno pchaigno left review comments

@rgo3 rgo3 rgo3 approved these changes

@mhofstetter mhofstetter mhofstetter approved these changes

Assignees
No one assigned
Labels
ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@viktor-kurchenko @pchaigno @mhofstetter @rgo3 @tklauser