blob: 257946d88cd4899d31500142d92160a824df0773 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
=====================
SSL endpoints check
=====================
Utility for checking if all of the ports exposed outside of Kubernetes cluster
use SSL tunnels.
Prerequisites
-------------
Configuration
~~~~~~~~~~~~~
``-kubeconfig``
Optional unless ``$HOME`` is not set. Defaults to ``$HOME/.kube/config``.
``-xfail``
Optional list of services with corresponding NodePorts which do not use SSL
tunnels. These ports are known as "expected failures" and will not be
checked.
Dependencies
~~~~~~~~~~~~
- nmap_
.. _nmap: https://nmap.org/book/install.html
Build (local)
~~~~~~~~~~~~~
- go_ (1.11+, tested on 1.13)
.. _go: https://golang.org/doc/install
Build (Docker)
~~~~~~~~~~~~~~
- Docker_ engine
- make (optional)
.. _Docker: https://docs.docker.com/install
Test
~~~~
- Ginkgo_
- GolangCI-Lint_ (optional)
.. _Ginkgo: https://onsi.github.io/ginkgo/#getting-ginkgo
.. _GolangCI-Lint: https://github.com/golangci/golangci-lint#install
Building
--------
Command (local)
~~~~~~~~~~~~~~~
.. code-block:: shell
$ mkdir bin
$ go build -o bin/sslendpoints
Additional ``bin`` directory and specifying ``go build`` output are used to
declutter project and maintain compatibility with Docker-based process. Running
``go build`` without parameters will create ``sslendpoints`` binary in current
directory.
Command (Docker)
~~~~~~~~~~~~~~~~
.. code-block:: shell
$ make # or commands from corresponding "make" targets
Running
-------
Command (local)
~~~~~~~~~~~~~~~
.. code-block:: shell
$ bin/sslendpoints [-kubeconfig KUBECONFIG] [-xfail XFAIL]
Command (Docker)
~~~~~~~~~~~~~~~~
.. code-block:: shell
$ docker run --rm --volume $KUBECONFIG:/.kube/config \
sslendpoints-build-img /bin/sslendpoints
$ docker run --rm --volume $KUBECONFIG:/opt/config \
sslendpoints-build-img /bin/sslendpoints -kubeconfig /opt/config
$ docker run --rm \
--volume $KUBECONFIG:/opt/config \
--volume $XFAIL:/opt/xfail \
sslendpoints-build-img /bin/sslendpoints \
-kubeconfig /opt/config
-xfail /opt/xfail
Output
~~~~~~
.. code-block:: shell
$ ./sslendpoints -kubeconfig ~/.kube/config.onap
2020/03/17 10:40:29 Host 192.168.2.10
2020/03/17 10:40:29 PORT SERVICE
2020/03/17 10:40:29 30203 sdnc-dgbuilder
2020/03/17 10:40:29 30204 sdc-be
2020/03/17 10:40:29 30207 sdc-fe
2020/03/17 10:40:29 30220 aai-sparky-be
2020/03/17 10:40:29 30226 message-router
2020/03/17 10:40:29 30233 aai
2020/03/17 10:40:29 30256 sdc-wfd-fe
2020/03/17 10:40:29 30257 sdc-wfd-be
2020/03/17 10:40:29 30264 sdc-dcae-fe
2020/03/17 10:40:29 30266 sdc-dcae-dt
2020/03/17 10:40:29 30279 aai-babel
2020/03/17 10:40:29 30406 so-vnfm-adapter
2020/03/17 10:40:29 There are 12 non-SSL NodePorts in the cluster
Testing
-------
.. code-block:: shell
$ go test ./... # basic
$ ginkgo -r # pretty
$ golangci-lint run # linters
|
