Merge pull request #69 from Zenika/master

Release v1.8.0

Author: RomainVernoux

.circleci/config.yml

@@ -12,7 +12,8 @@ jobs:
             - karto
   build-front:
     docker:
-      - image: cimg/node:14.15.1
+      - image: cimg/node:16.15.0
+    resource_class: large
     working_directory: /home/circleci/karto
     steps:
       - attach_workspace:
@@ -33,7 +34,7 @@ jobs:
       - run:
           working_directory: front
           name: Run tests
-          command: yarn test
+          command: yarn test --maxWorkers=3
       - run:
           working_directory: front
           name: Build frontend
@@ -44,7 +45,8 @@ jobs:
             - karto/front/build
   build-back:
     docker:
-      - image: cimg/go:1.17
+      - image: cimg/go:1.18
+    resource_class: large
     working_directory: /home/circleci/karto
     steps:
       - attach_workspace:
@@ -93,16 +95,16 @@ jobs:
           command: |
             docker build -t zenikalabs/karto .
             docker tag zenikalabs/karto zenikalabs/karto:v1
-            docker tag zenikalabs/karto zenikalabs/karto:v1.7
-            docker tag zenikalabs/karto zenikalabs/karto:v1.7.0
+            docker tag zenikalabs/karto zenikalabs/karto:v1.8
+            docker tag zenikalabs/karto zenikalabs/karto:v1.8.0
       - run:
           name: Push docker image
           command: |
             echo "$DOCKER_PASS" | docker login --username $DOCKER_USER --password-stdin
             docker push zenikalabs/karto
             docker push zenikalabs/karto:v1
-            docker push zenikalabs/karto:v1.7
-            docker push zenikalabs/karto:v1.7.0
+            docker push zenikalabs/karto:v1.8
+            docker push zenikalabs/karto:v1.8.0
 workflows:
   version: 2
   build-test-and-deploy:

README.md

@@ -24,6 +24,7 @@ A simple static analysis tool to explore a Kubernetes cluster.
 ## Main features
 
 The left part of the screen contains the controls for the main view:
+
 - View: choose your view
     - Workloads: deployments, controllers, pods, services, ingresses... and how they interact with each other
     - Network policies: network routes allowed between pods, based on network policy declarations
@@ -32,75 +33,88 @@ The left part of the screen contains the controls for the main view:
     - by pod namespace
     - by pod labels
     - by pod name
-    - \[Network policies view only\] Include ingress neighbors: also display pods that can reach those in the current selection
-    - \[Network policies view only\] Include egress neighbors: also display pods that can be reached by those in the current selection
+    - \[Network policies view only\] Include ingress neighbors: also display pods that can reach those in the current
+      selection
+    - \[Network policies view only\] Include egress neighbors: also display pods that can be reached by those in the
+      current selection
 - Display options: customize how items are displayed
     - Auto-refresh: automatically refresh the view every 2 seconds
     - Auto-zoom: automatically resize the view to fit all the elements to display
     - Show namespace prefix: add the namespace to the name of the displayed items
-    - Always display large datasets: try to render the data even if the number of item is high (may slow down your browser) 
+    - Always display large datasets: try to render the data even if the number of item is high (may slow down your
+      browser)
     - \[Network policies view only\] Highlight non isolated pods (ingress): color pods with no ingress network policy
     - \[Network policies view only\] Highlight non isolated pods (egress): color pods with no egress network policy
     - \[Health view only\] Highlight pods with container not running: color pods with at least one container not running
     - \[Health view only\] Highlight pods with container not ready: color pods with at least one container not ready
-    - \[Health view only\] Highlight pods with container restarted: color pods with at least one container which restarted
+    - \[Health view only\] Highlight pods with container restarted: color pods with at least one container which
+      restarted
 
 The main view shows the graph or list of items, depending on the selected view, filters and display options:
+
 - Zoom in and out by scrolling
 - Drag and drop graph elements to draw the perfect map of your cluster
 - Hover over any graph element to display details: name, namespace, labels, isolation (ingress/egress)... and more!
 
 In the top left part of the screen you will find action buttons to:
-- Export the current graph as PNG to use it in slides or share it 
+
+- Export the current graph as PNG to use it in slides or share it
 - Go fullscreen and use Karto as an office (or situation room) dashboard!
 
 ## Installation
 
 There are two ways to install and run Karto:
-- To deploy it inside the Kubernetes cluster to analyze, proceed to the 
-[Run inside a cluster](#run-inside-a-cluster) section.
-- To run it on any machine outside the Kubernetes cluster to analyze, refer to the 
-[Run outside a cluster](#run-outside-a-cluster) section.
+
+- To deploy it inside the Kubernetes cluster to analyze, proceed to the
+  [Run inside a cluster](#run-inside-a-cluster) section.
+- To run it on any machine outside the Kubernetes cluster to analyze, refer to the
+  [Run outside a cluster](#run-outside-a-cluster) section.
 
 ### Run inside a cluster
 
 #### Deployment
 
 Simply apply the provided descriptor:
+
 ```shell script
 kubectl apply -f deploy/k8s.yml
 ```
+
 This will:
+
 - create a `karto` namespace
-- create a `karto` service account with a role allowing to watch the resources displayed by Karto (namespaces, pods, 
+- create a `karto` service account with a role allowing to watch the resources displayed by Karto (namespaces, pods,
   network policies, services, deployments...)
 - deploy an instance of the application in this namespace with this service account
 
 #### Exposition
 
 Once deployed, the application must be exposed. For a quick try, use `port-forward`:
+
 ```shell script
 kubectl -n karto port-forward <pod name> 8000:8000
 ```
+
 The will exposed the app on your local machine on `localhost:8000`.
 
 For a long-term solution, investigate the use of a [LoadBalancer service](
 https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) or an [Ingress](
 https://kubernetes.io/docs/concepts/services-networking/ingress/).
 
-*Remember to always secure the access to the application as it obviously displays sensitive data about your cluster.* 
+*Remember to always secure the access to the application as it obviously displays sensitive data about your cluster.*
 
 #### Cleanup
 
 Delete everything using the same descriptor:
+
 ```shell script
 kubectl delete -f deploy/k8s.yml
 ```
 
 ### Run outside a cluster
 
 For this to work, a local `kubeconfig` file with existing connection information to the target cluster must be present
-on the machine (if you already use `kubectl` locally, you are good to go!). 
+on the machine (if you already use `kubectl` locally, you are good to go!).
 
 Simply download the Karto binary from the [releases page](https://github.com/Zenika/karto/releases) and run it!
 
@@ -109,28 +123,33 @@ Simply download the Karto binary from the [releases page](https://github.com/Zen
 ### Prerequisites
 
 The following tools must be available locally:
-- [Go](https://golang.org/doc/install) (tested with Go 1.17)
-- [NodeJS](https://nodejs.org/en/download/) (tested with NodeJS 14)
+
+- [Go](https://golang.org/doc/install) (tested with Go 1.18)
+- [NodeJS](https://nodejs.org/en/download/) (tested with NodeJS 16)
 
 ### Run the frontend in dev mode
 
 In the `front` directory, execute:
+
 ```shell script
 yarn start
 ```
+
 This will expose the app in dev mode on `localhost:3000` with a proxy to `localhost:8000` for the API calls.
 
 ### Run the backend locally
 
-In the `back` directory, execute: 
+In the `back` directory, execute:
+
 ```shell script
 go build karto
 ./karto
 ```
 
 ### Test suites
 
-To run the entire backend test suite, execute in the `back` directory: 
+To run the entire backend test suite, execute in the `back` directory:
+
 ```shell script
 go test ./...
 ```
@@ -141,17 +160,21 @@ In production mode, the frontend is packaged in the go binary using [embed](http
 configuration, the frontend is served on the `/` route and the API on the `/api` route.
 
 To compile the Karto binary from source, first compile the frontend source code. In the `front` directory, execute:
+
 ```shell script
 yarn build
 ```
+
 This will generate a `build` directory in `front`.
 
 Then, make a copy in a directory visible by the backend module:
+
 ```shell script
 cp -R front/build/* back/exposition/frontend
 ```
 
 Finally, compile the go binary in the `back` directory:
+
 ```shell script
 go build karto
 ```

back/analyzer/health/analyzer.go

@@ -3,6 +3,7 @@ package health
 import (
 	corev1 "k8s.io/api/core/v1"
 	"karto/analyzer/health/podhealth"
+	"karto/commons"
 	"karto/types"
 )
 
@@ -29,17 +30,8 @@ func NewAnalyzer(podHealthAnalyzer podhealth.Analyzer) Analyzer {
 }
 
 func (analyzer analyzerImpl) Analyze(clusterState ClusterState) AnalysisResult {
-	podHealths := analyzer.podHealthOfAllPods(clusterState.Pods)
+	podsHealth := commons.Map(clusterState.Pods, analyzer.podHealthAnalyzer.Analyze)
 	return AnalysisResult{
-		Pods: podHealths,
+		Pods: podsHealth,
 	}
 }
-
-func (analyzer analyzerImpl) podHealthOfAllPods(pods []*corev1.Pod) []*types.PodHealth {
-	podHealths := make([]*types.PodHealth, 0)
-	for _, pod := range pods {
-		podHealth := analyzer.podHealthAnalyzer.Analyze(pod)
-		podHealths = append(podHealths, podHealth)
-	}
-	return podHealths
-}

back/analyzer/health/podhealth/analyzer.go

@@ -2,6 +2,7 @@ package podhealth
 
 import (
 	corev1 "k8s.io/api/core/v1"
+	"karto/analyzer/shared"
 	"karto/types"
 )
 
@@ -30,17 +31,10 @@ func (analyzer analyzerImpl) Analyze(pod *corev1.Pod) *types.PodHealth {
 		}
 	}
 	return &types.PodHealth{
-		Pod:                      analyzer.toPodRef(pod),
+		Pod:                      shared.ToPodRef(pod),
 		Containers:               containers,
 		ContainersRunning:        running,
 		ContainersReady:          ready,
 		ContainersWithoutRestart: withoutRestart,
 	}
 }
-
-func (analyzer analyzerImpl) toPodRef(pod *corev1.Pod) types.PodRef {
-	return types.PodRef{
-		Name:      pod.Name,
-		Namespace: pod.Namespace,
-	}
-}

back/analyzer/pod/analyzer.go

@@ -2,6 +2,7 @@ package pod
 
 import (
 	corev1 "k8s.io/api/core/v1"
+	"karto/commons"
 	"karto/types"
 )
 
@@ -24,19 +25,12 @@ func NewAnalyzer() Analyzer {
 }
 
 func (analyzer analyzerImpl) Analyze(clusterState ClusterState) AnalysisResult {
+	Pods := commons.Map(clusterState.Pods, analyzer.toPod)
 	return AnalysisResult{
-		Pods: analyzer.toPods(clusterState.Pods),
+		Pods: Pods,
 	}
 }
 
-func (analyzer analyzerImpl) toPods(pods []*corev1.Pod) []*types.Pod {
-	result := make([]*types.Pod, 0)
-	for _, pod := range pods {
-		result = append(result, analyzer.toPod(pod))
-	}
-	return result
-}
-
 func (analyzer analyzerImpl) toPod(pod *corev1.Pod) *types.Pod {
 	return &types.Pod{
 		Name:      pod.Name,

back/analyzer/utils/utils.go back/analyzer/shared/metadata.go

@@ -1,11 +1,18 @@
-package utils
+package shared
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
+	"karto/commons"
 )
 
 func SelectorMatches(objectLabels map[string]string, labelSelector metav1.LabelSelector) bool {
 	selector, _ := metav1.LabelSelectorAsSelector(&labelSelector)
 	return selector.Matches(labels.Set(objectLabels))
 }
+
+func IsOwnedBy(objectOwned metav1.Object, objectOwning metav1.Object) bool {
+	return commons.AnyMatch(objectOwned.GetOwnerReferences(), func(ownerReference metav1.OwnerReference) bool {
+		return ownerReference.UID == objectOwning.GetUID()
+	})
+}

back/analyzer/traffic/shared/types.go back/analyzer/shared/podisolation.go

@@ -28,16 +28,9 @@ func (podIsolation *PodIsolation) AddEgressPolicy(egressPolicy *networkingv1.Net
 	podIsolation.EgressPolicies = append(podIsolation.EgressPolicies, egressPolicy)
 }
 
-func (podIsolation *PodIsolation) ToPodRef() types.PodRef {
-	return types.PodRef{
-		Name:      podIsolation.Pod.Name,
-		Namespace: podIsolation.Pod.Namespace,
-	}
-}
-
 func (podIsolation *PodIsolation) ToPodIsolation() *types.PodIsolation {
 	return &types.PodIsolation{
-		Pod:               podIsolation.ToPodRef(),
+		Pod:               ToPodRef(podIsolation.Pod),
 		IsIngressIsolated: podIsolation.IsIngressIsolated(),
 		IsEgressIsolated:  podIsolation.IsEgressIsolated(),
 	}
@@ -46,7 +39,7 @@ func (podIsolation *PodIsolation) ToPodIsolation() *types.PodIsolation {
 func NewPodIsolation(pod *corev1.Pod) PodIsolation {
 	return PodIsolation{
 		Pod:             pod,
-		IngressPolicies: make([]*networkingv1.NetworkPolicy, 0),
-		EgressPolicies:  make([]*networkingv1.NetworkPolicy, 0),
+		IngressPolicies: []*networkingv1.NetworkPolicy{},
+		EgressPolicies:  []*networkingv1.NetworkPolicy{},
 	}
 }

back/analyzer/shared/ref.go

@@ -0,0 +1,28 @@
+package shared
+
+import (
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+	"karto/types"
+)
+
+func ToPodRef(pod *corev1.Pod) types.PodRef {
+	return types.PodRef{
+		Name:      pod.Name,
+		Namespace: pod.Namespace,
+	}
+}
+
+func ToServiceRef(service *corev1.Service) types.ServiceRef {
+	return types.ServiceRef{
+		Name:      service.Name,
+		Namespace: service.Namespace,
+	}
+}
+
+func ToReplicaSetRef(replicaSet *appsv1.ReplicaSet) types.ReplicaSetRef {
+	return types.ReplicaSetRef{
+		Name:      replicaSet.Name,
+		Namespace: replicaSet.Namespace,
+	}
+}