登录 注册
开源 企业版 高校版 私有云 模力方舟 模力方舟
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
2 Star 1 Fork 0

李玮/trireme-lib

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
克隆/下载
monitor.go 6.37 KB
一键复制 编辑 原始数据 按行查看 历史
李玮 提交于 2020-01-29 13:23 +08:00 . v1
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221
package podmonitor



import (

	"context"

	"errors"

	"fmt"

	"time"



	"git.cloud.top/DSec/trireme-lib/monitor/config"

	"git.cloud.top/DSec/trireme-lib/monitor/extractors"

	"git.cloud.top/DSec/trireme-lib/monitor/registerer"



	"k8s.io/client-go/rest"

	"k8s.io/client-go/tools/clientcmd"



	"sigs.k8s.io/controller-runtime/pkg/client"

	"sigs.k8s.io/controller-runtime/pkg/event"

	"sigs.k8s.io/controller-runtime/pkg/manager"

)



// PodMonitor implements a monitor that sends pod events upstream

// It is implemented as a filter on the standard DockerMonitor.

// It gets all the PU events from the DockerMonitor and if the container is the POD container from Kubernetes,

// It connects to the Kubernetes API and adds the tags that are coming from Kuberntes that cannot be found

type PodMonitor struct {

	localNode                 string

	handlers                  *config.ProcessorConfig

	metadataExtractor         extractors.PodMetadataExtractor

	netclsProgrammer          extractors.PodNetclsProgrammer

	pidsSetMaxProcsProgrammer extractors.PodPidsSetMaxProcsProgrammer

	resetNetcls               extractors.ResetNetclsKubepods

	sandboxExtractor          extractors.PodSandboxExtractor

	enableHostPods            bool

	workers                   int

	kubeCfg                   *rest.Config

	kubeClient                client.Client

	eventsCh                  chan event.GenericEvent

}



// New returns a new kubernetes monitor.

func New() *PodMonitor {

	podMonitor := &PodMonitor{

		eventsCh: make(chan event.GenericEvent),

	}



	return podMonitor

}



// SetupConfig provides a configuration to implmentations. Every implmentation

// can have its own config type.

func (m *PodMonitor) SetupConfig(registerer registerer.Registerer, cfg interface{}) error {



	defaultConfig := DefaultConfig()



	if cfg == nil {

		cfg = defaultConfig

	}



	kubernetesconfig, ok := cfg.(*Config)

	if !ok {

		return fmt.Errorf("Invalid configuration specified (type '%T')", cfg)

	}



	kubernetesconfig = SetupDefaultConfig(kubernetesconfig)



	// build kubernetes config

	var kubeCfg *rest.Config

	if len(kubernetesconfig.Kubeconfig) > 0 {

		var err error

		kubeCfg, err = clientcmd.BuildConfigFromFlags("", kubernetesconfig.Kubeconfig)

		if err != nil {

			return err

		}

	} else {

		var err error

		kubeCfg, err = rest.InClusterConfig()

		if err != nil {

			return err

		}

	}



	if kubernetesconfig.MetadataExtractor == nil {

		return fmt.Errorf("missing metadata extractor")

	}



	if kubernetesconfig.NetclsProgrammer == nil {

		return fmt.Errorf("missing net_cls programmer")

	}



	if kubernetesconfig.ResetNetcls == nil {

		return fmt.Errorf("missing reset net_cls implementation")

	}

	if kubernetesconfig.SandboxExtractor == nil {

		return fmt.Errorf("missing SandboxExtractor implementation")

	}

	if kubernetesconfig.Workers < 1 {

		return fmt.Errorf("number of Kubernetes monitor workers must be at least 1")

	}

	// Setting up Kubernetes

	m.kubeCfg = kubeCfg

	m.localNode = kubernetesconfig.Nodename

	m.enableHostPods = kubernetesconfig.EnableHostPods

	m.metadataExtractor = kubernetesconfig.MetadataExtractor

	m.netclsProgrammer = kubernetesconfig.NetclsProgrammer

	m.pidsSetMaxProcsProgrammer = kubernetesconfig.PidsSetMaxProcsProgrammer

	m.sandboxExtractor = kubernetesconfig.SandboxExtractor

	m.resetNetcls = kubernetesconfig.ResetNetcls

	m.workers = kubernetesconfig.Workers



	return nil

}



// Run starts the monitor.

func (m *PodMonitor) Run(ctx context.Context) error {

	if m.kubeCfg == nil {

		return errors.New("pod: missing kubeconfig")

	}



	if err := m.handlers.IsComplete(); err != nil {

		return fmt.Errorf("pod: %s", err.Error())

	}



	// ensure to run the reset net_cls

	// NOTE: we also call this during resync, however, that is not called at startup

	if m.resetNetcls == nil {

		return errors.New("pod: missing net_cls reset implementation")

	}

	if err := m.resetNetcls(ctx); err != nil {

		return fmt.Errorf("pod: failed to reset net_cls cgroups: %s", err.Error())

	}



	syncPeriod := time.Second * 30

	mgr, err := manager.New(m.kubeCfg, manager.Options{

		SyncPeriod: &syncPeriod,

	})

	if err != nil {

		return fmt.Errorf("pod: %s", err.Error())

	}



	// Create the delete event controller first

	dc := NewDeleteController(mgr.GetClient(), m.handlers, m.sandboxExtractor, m.eventsCh)

	if err := mgr.Add(dc); err != nil {

		return fmt.Errorf("pod: %s", err.Error())

	}



	// Create the main controller for the monitor

	r := newReconciler(mgr, m.handlers, m.metadataExtractor, m.netclsProgrammer, m.sandboxExtractor, m.localNode, m.enableHostPods, dc.GetDeleteCh(), dc.GetReconcileCh())

	if err := addController(mgr, r, m.workers, m.eventsCh); err != nil {

		return fmt.Errorf("pod: %s", err.Error())

	}



	controllerStarted := make(chan struct{})

	if err := mgr.Add(&runnable{ch: controllerStarted}); err != nil {

		return fmt.Errorf("pod: %s", err.Error())

	}



	// starting the manager is a bit awkward:

	// - it does not use contexts

	// - we pass in a fake signal handler channel

	// - we start another go routine which waits for the context to be cancelled

	//   and closes that channel if that is the case

	// -

	z := make(chan struct{})

	errCh := make(chan error, 2)

	go func() {

		<-ctx.Done()

		close(z)

		errCh <- ctx.Err()

	}()

	go func() {

		if err := mgr.Start(z); err != nil {

			errCh <- err

		}

	}()



	select {

	case err := <-errCh:

		return fmt.Errorf("pod: %s", err.Error())

	case <-time.After(5 * time.Second):

		// we give the controller 5 seconds to report back

		return errors.New("pod: controller did not start within 5s")

	case <-controllerStarted:

		m.kubeClient = mgr.GetClient()

		return nil

	}

}



// SetupHandlers sets up handlers for monitors to invoke for various events such as

// processing unit events and synchronization events. This will be called before Start()

// by the consumer of the monitor

func (m *PodMonitor) SetupHandlers(c *config.ProcessorConfig) {

	m.handlers = c

}



// Resync requests to the monitor to do a resync.

func (m *PodMonitor) Resync(ctx context.Context) error {

	if m.resetNetcls != nil {

		if err := m.resetNetcls(ctx); err != nil {

			return err

		}

	}



	if m.kubeClient == nil {

		return errors.New("pod: client has not been initialized yet")

	}



	return ResyncWithAllPods(ctx, m.kubeClient, m.eventsCh)

}



type runnable struct {

	ch chan struct{}

}



func (r *runnable) Start(z <-chan struct{}) error {

	// close the indicator channel which means that the manager has been started successfully

	close(r.ch)



	// stay up and running, the manager needs that

	<-z

	return nil

}
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/emmoblin/trireme-lib.git
git@gitee.com:emmoblin/trireme-lib.git
emmoblin
trireme-lib
trireme-lib
7726874a2b9a
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部