Documentation
¶
Index ¶
- type Config
- type Hub
- func (h *Hub) AttachPath(name string, paths []string, cb func(string, *event.TraceEvent)) pubsub.Unsubscriber
- func (h *Hub) AttachTrace(t *v1alpha1.Trace, cb func(n string, ev *event.TraceEvent)) pubsub.Unsubscriber
- func (h *Hub) DeleteTrace(t *v1alpha1.Trace) error
- func (h *Hub) MustRun(ctx context.Context)
- func (h *Hub) MustRunJob(job *Job)
- func (h *Hub) Probe() *kernel.Probe
- func (h *Hub) PushJob(job *Job, ns, nr int)
- func (h *Hub) Run(ctx context.Context) error
- func (h *Hub) RunJob(job *Job) error
- func (h *Hub) RunTrace(t *v1alpha1.Trace) error
- func (h *Hub) Topology() *topology.Topology
- func (h *Hub) WriteEvent(ev *event.TraceEvent)
- type Job
- func (j *Job) AddContainer(pod, name string)
- func (j *Job) Duration() time.Duration
- func (j *Job) JobID() string
- func (j *Job) MonitoredHosts(all bool) []string
- func (j *Job) RemoveContainer(pod, name string)
- func (j *Job) Run(h *Hub, done chan bool) error
- func (j *Job) TraceSpec() *v1alpha1.TraceSpec
- func (j *Job) TraceStatus() *v1alpha1.TraceStatus
- func (j *Job) WriteEvent(h *Hub, ev *event.TraceEvent)
- type JobContext
- type JobList
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// if we have an alternate root setting, and the endpoints start with
// "$root", use the AltRoot as the CWD for any further lookups, whether
// that be for /proc, or for configurations.
//
// mainly here for development reasons, if you're able to see your k8s
// node via /proc/<pid>/root, you can set the AltRoot to this, and
// namespace lookups will look at /proc/<pid>/root/proc/...
// cri socket will look at /proc/<pid>/root/path/to/cri.sock
// etc...
AltRoot string
// The kube CRI socket needed for resolving kernel namespaces to containers
CRIEndpoint string
// If running out-of-cluster, this is the local k8s configuration
K8SEndpoint string
// The namespace in which to monitor for pods, if empty we watch all
// namespaces.
K8SNamespace string
// The raw BPF probe object loaded via assets (go-bindata) or via file
BPFObject []byte
}
type Hub ¶
Hub maintains the global kernel probe and all the underlying filters and event message routing.
func NewHub ¶
NewHub creates and initializes a Hub context for reading and writing data to the kernel probe and routing them to the clients that care.
func (*Hub) AttachPath ¶
func (h *Hub) AttachPath(name string, paths []string, cb func(string, *event.TraceEvent)) pubsub.Unsubscriber
AttachPath will subscribe the caller to a stream which is a subset of data sent to a specific job.
func (*Hub) AttachTrace ¶
func (h *Hub) AttachTrace(t *v1alpha1.Trace, cb func(n string, ev *event.TraceEvent)) pubsub.Unsubscriber
AttachTrace will subscribe the caller to a stream which has the output of a specific job.
func (*Hub) DeleteTrace ¶
DeleteTrace will stop all the runninb jobs that are associated with this Trace specification. using the job-id, we iterate over each context and if there are no other jobs trying to use the syscall and pod associated with this, the kernel filters are removed.
func (*Hub) MustRunJob ¶
MustRunJob calls hub.RunJob but exits on any errors
func (*Hub) PushJob ¶
PushJob insert a namespace+nr specific job as a value of a list in two buckets; the first being the `nsmap`, a mapping of pidNamespace + syscall_NR to lists of jobs, and an `idmap`, a mapping of jobID's to jobs.
We keep these lists like this so that if two jobs that have overlapping rules (e.g., rule-A=syscall_A,syscall_B, rule-B=syscall_A,syscall_C) we don't accidentally delete a running check for `syscall_A` if `rule-B` is removed.
func (*Hub) Run ¶
Run starts up and runs the global kernel probe and maintains various state. For each event that is recv'd via the bpf, we decode it (`Ingest`), find all jobs associated with this message, and publish the event to the streams tied to the jobs.
func (*Hub) WriteEvent ¶
func (h *Hub) WriteEvent(ev *event.TraceEvent)
WriteEvent writes a single TraceEvent to all subscribers
type Job ¶
Job maintains the general rules for which a trace runs under.
func (*Job) AddContainer ¶
AddContainer tells the job to monitor a very specific container in a specific pod.
func (*Job) MonitoredHosts ¶
MonitoredHosts returns a list of hosts that have been monitored by this job. If `all` is `false`, then ony containers that are currently being monitored will return, otherwise it will return every host that has ever matched this job.
func (*Job) RemoveContainer ¶
RemoveContainer removes the watch for a specific container in a specific pod
func (*Job) Run ¶
Run will run a job inside the Hub. The primary goal of this function is to read topology events using the LabelMatch, and for each pod that matches, create the kernel filter if needed, and append the JobContext to the list of running jobs in the Hub.
func (*Job) TraceStatus ¶
func (j *Job) TraceStatus() *v1alpha1.TraceStatus
TraceStatus returns the status of this Job
func (*Job) WriteEvent ¶
func (j *Job) WriteEvent(h *Hub, ev *event.TraceEvent)
WriteEvent writes event `ev` to all listeners of this `Job`
type JobContext ¶
type JobContext struct {
*Job
// contains filtered or unexported fields
}
JobContext is a structure that is used to store all the kernel filtering information per pid-namespace.
When we reference a "POD" in this code, we use the PID namespace of the underlying container to key off of. Since multiple jobs can have some of the same syscalls and hosts being monitored, we create a list of all possible rules, but only filter in the kernel what is needed.
For example: say we have two "jobs". "Job-A", and "Job-B". Job-A monitors "app=nginx" with the syscalls "open"/"close" Job-B monitors "type=webserver" with the syscalls "open"
app=nginx matches 'host-A' and 'host-B' type=webserver matches 'host-A' and 'host-Z'
If we were to blindly delete Job-B, (meaning removing the filters for 'Host-A' and syscall "open"), we would also delete the filter that is being used for 'Job-A'. So we just make sure we don't delete from the actual kernel filter until our lists are empty.
Source Files