Categorygithub.com/liornoy/node-comm-lib
module
0.0.0-20231206142518-ecd789e4d33c
Repository: https://github.com/liornoy/node-comm-lib.git
Documentation: pkg.go.dev

# README

node-comm-lib

This go library provide tools to produce k8s node communication matrix, i.e.
a file that describes what ports the cluster listens to.

We produce this matrix from the existing EndpointSlieces, and in order to fetch
the relevant ones, the endpointslices package provide various querying methods.

e2etest:

To invoke the e2etest, start by exporting the "KUBECONFIG" variable, and then run 'make e2etest.' This test will generate two matrices: One from the EndpointSlices when the host services are manually produced using the 'customEndpointSlices.json' file. The other matrix is generated by running 'ss' on the nodes. The test is expected to fail. You can find the output of the 'ss' command for each node and protocol, as well as the raw communication matrices in the 'e2etest/artifacts' directory, and the diff will be printed as part of the test output.

Communication Matrix Creation Guide

The Communication Matrix is a structured list of Communication Details,
with each ComDetails entry representing a port. The fields for each entry
include Direction (currently "ingress" only), Protocol ("TCP" or "UDP"),
Port (number), NodeRole ("master" or "worker"), ServiceName,
and Required (false if optional).

Struct Definitions:

type ComMatrix struct {
	Matrix []ComDetails
}

type ComDetails struct {
	Direction   string `json:"direction"`
	Protocol    string `json:"protocol"`
	Port        string `json:"port"`
	NodeRole    string `json:"nodeRole"`
	ServiceName string `json:"serviceName"`
	Required    bool   `json:"required"`
}

Usage of EndpointSlice Resource

This library leverages the EndpointSlice resource to identify the ports the
cluster uses for ingress traffic. Relevant EndpointSlices include those
referencing host-networked pods, Node Port services, LoadBalancer services,
or any custom EndpointSlice labeled with "ingress":"".

Explore the example in /examples/query_endpointslices/main.go.

Creating Custom ComDetails with ss Command

To encompass all ports Kubernetes nodes are listening to, querying existing
EndpointSlices may be insufficient. Not all services, like the SSH service,
are represented. The ss command, a Linux utility, lists listening ports on
the host with ss -anplt for TCP or ss -anplu for UDP.

The ss package provides the ToComDetails function, converting ss command
output into a corresponding ComDetails list. Use the ToEndpointSlice method
to create an EndpointSlice object from this list.

As a convention, EndpointSlices referencing non-critical services are labeled with "optional": "".

Check the example in /examples/create_custom_endpointslices/main.go for a practical demonstration.

# Packages

No description provided by the author
No description provided by the author