decompose

module
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 18, 2023 License: MIT

README

License Go Version Release

CI Go Report Card Maintainability Test Coverage Issues

decompose

Reverse-engineering tool for docker environments.

Takes all network connections from your docker containers, and produces graphviz dot or json stream of elements:

type Node struct {
    Name       string              `json:"name"`            // container name
    Image      *string             `json:"image,omitempty"` // docker image (if any)
    IsExternal bool                `json:"is_external"`     // this host is external
    Networks   []string            `json:"networks"`        // network names
    Listen     []string            `json:"listen"`          // ports description i.e. '443/tcp'
    Connected  map[string][]string `json:"connected"`       // mapping name -> ports slice
}

features

  • produces detailed connections graph with ports
  • fast, it scans ~400 containers in around 5 seconds
  • 100% test-coverage

known limitations

  • runs only on linux, as it uses nsenter
  • runs only as root, same reason
  • only established and listen connections are listed

usage

decompose [flags]

possible flags with default values:

  -follow string
        follow only this container by name
  -format string
        output format: json or dot (default "dot")
  -help
        show this help
  -load value
        load json stream, can be used multiple times
  -local
        skip external hosts
  -out string
        output: filename or "-" for stdout (default "-")
  -proto string
        protocol to scan: tcp, udp or all (default "all")
  -silent
        suppress progress messages in stderr
  -version
        show version

examples

Get dot file:

sudo decompose > connections.dot

Get json stream:

sudo decompose -format json | jq '{name}'

Get only tcp connections as dot:

sudo decompose -proto tcp > tcp.dot

Save json stream:

sudo decompose -format json > nodes-1.json

Rebuild graph from json streams, filter by protocol, skip remote hosts and save as dot (no need to be root):

decompose -local -proto tcp -load nodes-1.json -load nodes-2.json > graph.dot

example result

Scheme taken from redis-cluster:

svg

Steps to reproduce:

git clone https://github.com/s0rg/redis-cluster-compose.git
cd redis-cluster-compose
docker compose up

in other terminal:

sudo decompose | dot -Tsvg > redis-cluster.svg

Directories

Path Synopsis
cmd
decompose command
internal
builder
graph
node

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.