blob: ba21b12ea9d692d9f9e0d579214a33d91c97ae3e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
=====================
SSL endpoints check
=====================
Utility for checking if all of the ports exposed outside of Kubernetes cluster
use SSL tunnels.
Prerequisites
-------------
Configuration
~~~~~~~~~~~~~
``-kubeconfig``
Optional unless ``$HOME`` is not set. Defaults to ``$HOME/.kube/config``.
``-xfail``
Optional list of services with corresponding NodePorts which do not use SSL
tunnels. These ports are known as "expected failures" and will not be
checked.
Build (local)
~~~~~~~~~~~~~
- go_ (1.11+, tested on 1.13)
.. _go: https://golang.org/doc/install
Build (Docker)
~~~~~~~~~~~~~~
- Docker_ engine
- make (optional)
.. _Docker: https://docs.docker.com/install
Test
~~~~
- Ginkgo_
- GolangCI-Lint_ (optional)
.. _Ginkgo: https://onsi.github.io/ginkgo/#getting-ginkgo
.. _GolangCI-Lint: https://github.com/golangci/golangci-lint#install
Building
--------
Command (local)
~~~~~~~~~~~~~~~
.. code-block:: shell
$ mkdir bin
$ go build -o bin/sslendpoints
Additional ``bin`` directory and specifying ``go build`` output are used to
declutter project and maintain compatibility with Docker-based process. Running
``go build`` without parameters will create ``sslendpoints`` binary in current
directory.
Command (Docker)
~~~~~~~~~~~~~~~~
.. code-block:: shell
$ make # or commands from corresponding "make" targets
Running
-------
Command (local)
~~~~~~~~~~~~~~~
.. code-block:: shell
$ bin/sslendpoints [-kubeconfig KUBECONFIG] [-xfail XFAIL]
Command (Docker)
~~~~~~~~~~~~~~~~
.. code-block:: shell
$ docker run --rm --volume $KUBECONFIG:/.kube/config \
sslendpoints-build-img /bin/sslendpoints
$ docker run --rm --volume $KUBECONFIG:/opt/config \
sslendpoints-build-img /bin/sslendpoints -kubeconfig /opt/config
$ docker run --rm \
--volume $KUBECONFIG:/opt/config \
--volume $XFAIL:/opt/xfail \
sslendpoints-build-img /bin/sslendpoints \
-kubeconfig /opt/config
-xfail /opt/xfail
Output
~~~~~~
.. code-block:: shell
$ ./sslendpoints -kubeconfig ~/.kube/config.onap
2020/03/17 10:40:29 Host 192.168.2.10
2020/03/17 10:40:29 PORT SERVICE
2020/03/17 10:40:29 30203 sdnc-dgbuilder
2020/03/17 10:40:29 30204 sdc-be
2020/03/17 10:40:29 30207 sdc-fe
2020/03/17 10:40:29 30220 aai-sparky-be
2020/03/17 10:40:29 30226 message-router
2020/03/17 10:40:29 30233 aai
2020/03/17 10:40:29 30256 sdc-wfd-fe
2020/03/17 10:40:29 30257 sdc-wfd-be
2020/03/17 10:40:29 30264 sdc-dcae-fe
2020/03/17 10:40:29 30266 sdc-dcae-dt
2020/03/17 10:40:29 30279 aai-babel
2020/03/17 10:40:29 30406 so-vnfm-adapter
2020/03/17 10:40:29 There are 12 non-SSL NodePorts in the cluster
Testing
-------
.. code-block:: shell
$ go test ./... # basic
$ ginkgo -r # pretty
$ golangci-lint run # linters
|
