# README
node-comm-lib
This go library provide tools to produce k8s node communication matrix, i.e.
a file that describes what ports the cluster listens to.
We produce this matrix from the existing EndpointSlieces, and in order to fetch
the relevant ones, the endpointslices
package provide various querying methods.
e2etest:
To invoke the e2etest, start by exporting the "KUBECONFIG" variable, and then run 'make e2etest.' This test will generate two matrices: One from the EndpointSlices when the host services are manually produced using the 'customEndpointSlices.json' file. The other matrix is generated by running 'ss' on the nodes. The test is expected to fail. You can find the output of the 'ss' command for each node and protocol, as well as the raw communication matrices in the 'e2etest/artifacts' directory, and the diff will be printed as part of the test output.
Communication Matrix Creation Guide
The Communication Matrix is a structured list of Communication Details,
with each ComDetails
entry representing a port. The fields for each entry
include Direction
(currently "ingress" only), Protocol
("TCP" or "UDP"),
Port
(number), NodeRole
("master" or "worker"), ServiceName
,
and Required
(false if optional).
Struct Definitions:
type ComMatrix struct {
Matrix []ComDetails
}
type ComDetails struct {
Direction string `json:"direction"`
Protocol string `json:"protocol"`
Port string `json:"port"`
NodeRole string `json:"nodeRole"`
ServiceName string `json:"serviceName"`
Required bool `json:"required"`
}
Usage of EndpointSlice Resource
This library leverages the EndpointSlice resource to identify the ports the
cluster uses for ingress traffic. Relevant EndpointSlices include those
referencing host-networked pods, Node Port services, LoadBalancer services,
or any custom EndpointSlice labeled with "ingress":""
.
Explore the example in /examples/query_endpointslices/main.go
.
Creating Custom ComDetails with ss Command
To encompass all ports Kubernetes nodes are listening to, querying existing
EndpointSlices may be insufficient. Not all services, like the SSH service,
are represented. The ss
command, a Linux utility, lists listening ports on
the host with ss -anplt
for TCP or ss -anplu
for UDP.
The ss
package provides the ToComDetails
function, converting ss
command
output into a corresponding ComDetails list. Use the ToEndpointSlice
method
to create an EndpointSlice object from this list.
As a convention, EndpointSlices referencing non-critical services are labeled with "optional": ""
.
Check the example in /examples/create_custom_endpointslices/main.go
for a practical demonstration.