Release v1.5.0

Author: RomainVernoux

.circleci/config.yml

@@ -12,7 +12,7 @@ jobs:
             - karto
   build-front:
     docker:
-      - image: cimg/node:12.16.3
+      - image: cimg/node:14.15.1
     working_directory: /home/circleci/karto
     steps:
       - attach_workspace:
@@ -44,7 +44,7 @@ jobs:
             - karto/front/build
   build-back:
     docker:
-      - image: cimg/go:1.14.2
+      - image: cimg/go:1.15.6
     working_directory: /home/circleci/karto
     steps:
       - attach_workspace:
@@ -94,16 +94,16 @@ jobs:
           command: |
             docker build -t zenikalabs/karto .
             docker tag zenikalabs/karto zenikalabs/karto:v1
-            docker tag zenikalabs/karto zenikalabs/karto:v1.4
-            docker tag zenikalabs/karto zenikalabs/karto:v1.4.0
+            docker tag zenikalabs/karto zenikalabs/karto:v1.5
+            docker tag zenikalabs/karto zenikalabs/karto:v1.5.0
       - run:
           name: Push docker image
           command: |
             echo "$DOCKER_PASS" | docker login --username $DOCKER_USER --password-stdin
             docker push zenikalabs/karto
             docker push zenikalabs/karto:v1
-            docker push zenikalabs/karto:v1.4
-            docker push zenikalabs/karto:v1.4.0
+            docker push zenikalabs/karto:v1.5
+            docker push zenikalabs/karto:v1.5.0
 workflows:
   version: 2
   build-test-and-deploy:

README.md

@@ -24,15 +24,19 @@ The left part of the screen contains the controls for the main view:
 - Include ingress neighbors: display pods that can reach those in the current selection 
 - Include egress neighbors: display pods that can be reached by those in the current selection
 - Auto refresh: refresh the view every 5 seconds
+- Auto zoom: zoom automatically to fit all elements in the screen
 - Show namespace prefix: include the namespace in pod names
 - Highlight non isolated pods (ingress/egress): color pods with no ingress/egress network policy
 - Always display large datasets: always try to display large sets of pods and routes (may slow down your browser)
 
 The main view shows the graph of pods and allowed routes in your selection:
 - Zoom in and out by scrolling
 - Drag and drop graph elements to draw the perfect map of your cluster
+- Hover over any graph element to display details: name, namespace, labels, isolation (ingress/egress)... and more!
 
-Hover over any graph element to display details: name, namespace, labels, isolation (ingress/egress)... and more!
+In the top left part of the screen you will find action buttons to:
+- Export the current graph as PNG to use it in slides or share it 
+- Go fullscreen and use Karto as an office (or situation room!) dashboard
 
 ## Installation
 
@@ -89,8 +93,8 @@ Simply download the Karto binary from the [releases page](https://github.com/Zen
 ### Prerequisites
 
 The following tools must be available locally:
-- [Go](https://golang.org/doc/install) (tested with Go 1.14)
-- [NodeJS 10+](https://nodejs.org/en/download/) (tested with NodeJS 10)
+- [Go](https://golang.org/doc/install) (tested with Go 1.15)
+- [NodeJS](https://nodejs.org/en/download/) (tested with NodeJS 14)
 
 ### Run the frontend in dev mode
 

back/analyzer/pod/pod_analyzer.go back/analyzer/pod/analyzer.go

@@ -8,7 +8,7 @@ import (
 	"testing"
 )
 
-func Test_Analyze(t *testing.T) {
+func TestAnalyze(t *testing.T) {
 	type args struct {
 		clusterState ClusterState
 	}

back/analyzer/pod/pod_analyzer_test.go back/analyzer/pod/analyzer_test.go

@@ -1,7 +1,6 @@
 package analyzer
 
 import (
-	"fmt"
 	"github.com/google/go-cmp/cmp"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -14,9 +13,10 @@ import (
 	"karto/types"
 	"reflect"
 	"testing"
+	"time"
 )
 
-func Test_Analyze(t *testing.T) {
+func TestAnalyze(t *testing.T) {
 	type args struct {
 		clusterState types.ClusterState
 	}
@@ -86,7 +86,7 @@ func Test_Analyze(t *testing.T) {
 		TargetReplicaSets: []types.ReplicaSetRef{replicaSetRef1}}
 	deployment2 := &types.Deployment{Name: k8sDeployment2.Name, Namespace: k8sDeployment2.Namespace,
 		TargetReplicaSets: []types.ReplicaSetRef{replicaSetRef2}}
-	var tests = []struct {
+	tests := []struct {
 		name                   string
 		mocks                  mocks
 		args                   args
@@ -176,9 +176,13 @@ func Test_Analyze(t *testing.T) {
 			resultsChannel := make(chan types.AnalysisResult)
 			go analyzer.AnalyzeOnClusterStateChange(clusterStateChannel, resultsChannel)
 			clusterStateChannel <- tt.args.clusterState
-			analysisResult := <-resultsChannel
-			if diff := cmp.Diff(tt.expectedAnalysisResult, analysisResult); diff != "" {
-				t.Errorf("Analyze() result mismatch (-want +got):\n%s", diff)
+			select {
+			case analysisResult := <-resultsChannel:
+				if diff := cmp.Diff(tt.expectedAnalysisResult, analysisResult); diff != "" {
+					t.Errorf("Analyze() result mismatch (-want +got):\n%s", diff)
+				}
+			case <-time.After(3 * time.Second):
+				t.Errorf("Test timed out (nothing was received on the channel)")
 			}
 		})
 	}
@@ -200,10 +204,8 @@ func (mock mockPodAnalyzer) Analyze(clusterState pod.ClusterState) pod.AnalysisR
 			return call.returnValue
 		}
 	}
-	fmt.Printf("mockPodAnalyzer was called with unexpected arguments: \n")
-	fmt.Printf("\tclusterState=%s\n", clusterState)
-	mock.t.FailNow()
-	panic("unreachable but required to compile")
+	mock.t.Fatalf("mockPodAnalyzer was called with unexpected arguments: \n\tclusterState: %s\n", clusterState)
+	return pod.AnalysisResult{}
 }
 
 func createMockPodAnalyzer(t *testing.T, calls []mockPodAnalyzerCall) pod.Analyzer {
@@ -229,10 +231,9 @@ func (mock mockTrafficAnalyzer) Analyze(clusterState traffic.ClusterState) traff
 			return call.returnValue
 		}
 	}
-	fmt.Printf("mockTrafficAnalyzer was called with unexpected arguments: \n")
-	fmt.Printf("\tclusterState:%s\n", clusterState)
-	mock.t.FailNow()
-	panic("unreachable but required to compile")
+	mock.t.Fatalf("mockTrafficAnalyzer was called with unexpected arguments: \n\tclusterState: %s\n",
+		clusterState)
+	return traffic.AnalysisResult{}
 }
 
 func createMockTrafficAnalyzer(t *testing.T, calls []mockTrafficAnalyzerCall) traffic.Analyzer {
@@ -258,10 +259,9 @@ func (mock mockWorkloadAnalyzer) Analyze(clusterState workload.ClusterState) wor
 			return call.returnValue
 		}
 	}
-	fmt.Printf("mockWorkloadAnalyzer was called with unexpected arguments: \n")
-	fmt.Printf("\tclusterState:%s\n", clusterState)
-	mock.t.FailNow()
-	panic("unreachable but required to compile")
+	mock.t.Fatalf("mockWorkloadAnalyzer was called with unexpected arguments: \n\tclusterState: %s\n",
+		clusterState)
+	return workload.AnalysisResult{}
 }
 
 func createMockWorkloadAnalyzer(t *testing.T, calls []mockWorkloadAnalyzerCall) workload.Analyzer {

back/analyzer/analysis_scheduler.go back/analyzer/scheduler.go

@@ -10,19 +10,18 @@ import (
 	"sort"
 )
 
+const portWildcard = -1
+
 type Analyzer interface {
 	Analyze(sourcePodIsolation *shared.PodIsolation, targetPodIsolation *shared.PodIsolation,
 		namespaces []*corev1.Namespace) *types.AllowedRoute
 }
 
 type analyzerImpl struct {
-	portWildcard int32
 }
 
 func NewAnalyzer() Analyzer {
-	return analyzerImpl{
-		portWildcard: -1,
-	}
+	return analyzerImpl{}
 }
 
 func (analyzer analyzerImpl) Analyze(sourcePodIsolation *shared.PodIsolation, targetPodIsolation *shared.PodIsolation,
@@ -47,18 +46,18 @@ func (analyzer analyzerImpl) ingressPoliciesByPort(sourcePod *corev1.Pod, target
 	namespaces []*corev1.Namespace) map[int32][]*networkingv1.NetworkPolicy {
 	policiesByPort := make(map[int32][]*networkingv1.NetworkPolicy)
 	if !targetPodIsolation.IsIngressIsolated() {
-		policiesByPort[analyzer.portWildcard] = make([]*networkingv1.NetworkPolicy, 0)
+		policiesByPort[portWildcard] = make([]*networkingv1.NetworkPolicy, 0)
 	} else {
 		for i, ingressPolicy := range targetPodIsolation.IngressPolicies {
 			for _, ingressRule := range ingressPolicy.Spec.Ingress {
 				if analyzer.ingressRuleAllows(sourcePod, ingressRule, namespaces) {
 					if len(ingressRule.Ports) == 0 {
-						policies := policiesByPort[analyzer.portWildcard]
+						policies := policiesByPort[portWildcard]
 						if policies == nil {
 							policies = make([]*networkingv1.NetworkPolicy, 0)
 						}
 						policies = append(policies, targetPodIsolation.IngressPolicies[i])
-						policiesByPort[analyzer.portWildcard] = policies
+						policiesByPort[portWildcard] = policies
 					} else {
 						for _, port := range ingressRule.Ports {
 							policies := policiesByPort[port.Port.IntVal]
@@ -90,18 +89,18 @@ func (analyzer analyzerImpl) egressPoliciesByPort(targetPod *corev1.Pod, sourceP
 	namespaces []*corev1.Namespace) map[int32][]*networkingv1.NetworkPolicy {
 	policiesByPort := make(map[int32][]*networkingv1.NetworkPolicy)
 	if !sourcePodIsolation.IsEgressIsolated() {
-		policiesByPort[analyzer.portWildcard] = make([]*networkingv1.NetworkPolicy, 0)
+		policiesByPort[portWildcard] = make([]*networkingv1.NetworkPolicy, 0)
 	} else {
 		for i, egressPolicy := range sourcePodIsolation.EgressPolicies {
 			for _, egressRule := range egressPolicy.Spec.Egress {
 				if analyzer.egressRuleAllows(targetPod, egressRule, namespaces) {
 					if len(egressRule.Ports) == 0 {
-						policies := policiesByPort[analyzer.portWildcard]
+						policies := policiesByPort[portWildcard]
 						if policies == nil {
 							policies = make([]*networkingv1.NetworkPolicy, 0)
 						}
 						policies = append(policies, sourcePodIsolation.EgressPolicies[i])
-						policiesByPort[analyzer.portWildcard] = policies
+						policiesByPort[portWildcard] = policies
 					} else {
 						for _, port := range egressRule.Ports {
 							policies := policiesByPort[port.Port.IntVal]
@@ -137,8 +136,8 @@ func (analyzer analyzerImpl) matchPoliciesByPort(ingressPoliciesByPort map[int32
 	egressPoliciesSet := make(map[*networkingv1.NetworkPolicy]bool)
 	for ingressPort, ingressPolicies := range ingressPoliciesByPort {
 		for egressPort, egressPolicies := range egressPoliciesByPort {
-			if ingressPort == analyzer.portWildcard || egressPort == analyzer.portWildcard || ingressPort == egressPort {
-				if ingressPort == analyzer.portWildcard {
+			if ingressPort == portWildcard || egressPort == portWildcard || ingressPort == egressPort {
+				if ingressPort == portWildcard {
 					portsSet[egressPort] = true
 				} else {
 					portsSet[ingressPort] = true
@@ -152,7 +151,7 @@ func (analyzer analyzerImpl) matchPoliciesByPort(ingressPoliciesByPort map[int32
 			}
 		}
 	}
-	if portsSet[analyzer.portWildcard] {
+	if portsSet[portWildcard] {
 		portsSet = nil
 	}
 	var ports []int32

back/analyzer/analysis_scheduler_test.go back/analyzer/scheduler_test.go

@@ -11,7 +11,7 @@ import (
 	"testing"
 )
 
-func Test_Analyze(t *testing.T) {
+func TestAnalyze(t *testing.T) {
 	type args struct {
 		sourcePodIsolation *shared.PodIsolation
 		targetPodIsolation *shared.PodIsolation

back/analyzer/traffic/allowedroute/allowed_route_analyzer.go back/analyzer/traffic/allowedroute/analyzer.go

@@ -1,7 +1,6 @@
 package traffic
 
 import (
-	"fmt"
 	"github.com/google/go-cmp/cmp"
 	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
@@ -14,7 +13,7 @@ import (
 	"testing"
 )
 
-func Test_Analyze(t *testing.T) {
+func TestAnalyze(t *testing.T) {
 	type args struct {
 		clusterState ClusterState
 	}
@@ -52,7 +51,7 @@ func Test_Analyze(t *testing.T) {
 		},
 		Ports: []int32{80, 443},
 	}
-	var tests = []struct {
+	tests := []struct {
 		name                   string
 		mocks                  mocks
 		args                   args
@@ -144,11 +143,9 @@ func (mock mockPodIsolationAnalyzer) Analyze(pod *corev1.Pod,
 			return call.returnValue
 		}
 	}
-	fmt.Printf("mockPodIsolationAnalyzer was called with unexpected arguments: \n")
-	fmt.Printf("\tpod:%s\n", pod)
-	fmt.Printf("\tnetworkPolicies=%s\n", networkPolicies)
-	mock.t.FailNow()
-	panic("unreachable but required to compile")
+	mock.t.Fatalf("mockPodIsolationAnalyzer was called with unexpected arguments: \n\tpod: %s\n"+
+		"\tnetworkPolicies: %s\n", pod, networkPolicies)
+	return nil
 }
 
 func createMockPodIsolationAnalyzer(t *testing.T, calls []mockPodIsolationAnalyzerCall) podisolation.Analyzer {
@@ -183,12 +180,10 @@ func (mock mockAllowedRouteAnalyzer) Analyze(sourcePodIsolation *shared.PodIsola
 			return call.returnValue
 		}
 	}
-	fmt.Printf("mockAllowedRouteAnalyzer was called with unexpected arguments: \n")
-	fmt.Printf("\tsourcePodIsolation:%s\n", sourcePodIsolation)
-	fmt.Printf("\ttargetPodIsolation=%s\n", targetPodIsolation)
-	fmt.Printf("\tnamespaces=%s\n", namespaces)
-	mock.t.FailNow()
-	panic("unreachable but required to compile")
+	mock.t.Fatalf("mockAllowedRouteAnalyzer was called with unexpected arguments: \n"+
+		"\tsourcePodIsolation: %s\n\ttargetPodIsolation: %s\n\tnamespaces: %s\n", sourcePodIsolation,
+		targetPodIsolation, namespaces)
+	return nil
 }
 
 func createMockAllowedRouteAnalyzer(t *testing.T, calls []mockAllowedRouteAnalyzerCall) allowedroute.Analyzer {

back/analyzer/traffic/allowedroute/allowed_route_analyzer_test.go back/analyzer/traffic/allowedroute/analyzer_test.go

@@ -9,7 +9,7 @@ import (
 	"testing"
 )
 
-func Test_Analyze(t *testing.T) {
+func TestAnalyze(t *testing.T) {
 	type args struct {
 		pod             *corev1.Pod
 		networkPolicies []*networkingv1.NetworkPolicy