Skip to content

hubble-proxy: implement 'serve' command#10653

Merged
borkmann merged 5 commits intomasterfrom
pr/rolinh/hubble-proxy-listen
Mar 25, 2020
Merged

hubble-proxy: implement 'serve' command#10653
borkmann merged 5 commits intomasterfrom
pr/rolinh/hubble-proxy-listen

Conversation

@rolinh
Copy link
Copy Markdown
Member

@rolinh rolinh commented Mar 20, 2020
edited
Loading

Please, look at individual commits for details.
This PR implements a very basic hubble-proxy serve command that proxies requests to the local hubble instance connected to via unix domain socket.

Ref: https://github.com/cilium/hubble/issues/89

@rolinh rolinh added kind/feature This introduces new functionality. release-note/major This PR introduces major new functionality to Cilium. area/hubble labels Mar 20, 2020
@rolinh rolinh requested a review from a team March 20, 2020 16:42
@rolinh rolinh requested review from a team as code owners March 20, 2020 16:42
aanm
aanm reviewed Mar 20, 2020
View reviewed changes
Comment thread daemon/cmd/daemon_main.go Outdated
@coveralls
Copy link
Copy Markdown

coveralls commented Mar 20, 2020
edited
Loading

Coverage Status

Coverage increased (+0.007%) to 45.435% when pulling 100dd63 on pr/rolinh/hubble-proxy-listen into 8fd7415 on master.

@rolinh rolinh force-pushed the pr/rolinh/hubble-proxy-listen branch from 92b4004 to 5cb87fb Compare March 23, 2020 09:22
gandro
gandro reviewed Mar 23, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Just some minor nits.

Comment thread daemon/cmd/daemon_main.go Outdated
Comment thread daemon/cmd/hubble.go Outdated
Comment thread pkg/hubble/proxy/options.go Outdated
@rolinh rolinh force-pushed the pr/rolinh/hubble-proxy-listen branch 2 times, most recently from ad2827a to 634f388 Compare March 23, 2020 16:08
@rolinh rolinh requested review from glibsm and michi-covalent March 24, 2020 10:11
glibsm
glibsm reviewed Mar 24, 2020
View reviewed changes
Comment thread go.mod
glibsm
glibsm requested changes Mar 24, 2020
View reviewed changes
Comment thread pkg/hubble/proxy/server.go
Comment thread pkg/hubble/proxy/server.go
rolinh added 5 commits March 25, 2020 09:43
@rolinh
vendor: pick up the latest cilium/hubble
daa94ba 
Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
@rolinh
deamon: add switch to enable/disable hubble, listen on local socket
bc5a8b0 
The newly introduced hubble-proxy component needs to connect to a hubble
server via a unix domain socket in order to query the API for initial
peer discovery. This commit updates cilium-agent such that when hubble
is enabled, it automatically listens on a unix domain socket.

In order to easily enable or disable the hubble server, a new switch is
also added. Note that it using unix domain sockets as listen address is
no longer enforced and a warning is emitted instead. In the future,
mutual TLS will be implemented to secure connections but for the time
being, allowing to listen on a TCP port will allow development of the
multi-node feature for Hubble.

This commit also updates some logging messages to the error level rather
than warning when the hubble component cannot be started.

Note that some variables (api => restAPI) had to be renamed to avoid a
name conflict when importing the api package but there are no functional
changes there.

Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
@rolinh
hubble: add a proxy package that implements hubble's ObserverServer
05ec0cb 
This commit adds package pkg/hubbel/proxy with an implementation of
hubble's ObserverServer interface. For the time being, the
implementation simply connects to the locally running hubble instance
via unix domain sockets and forward requests there. In the future, the
proxy API will be extended and decoupled from hubble's own API.

Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
@rolinh
hubble-proxy: implement serve command
6983e28 
The newly introduce 'serve' command runs a hubble-proxy server that, for
the time being, forwards requests to the local hubble instance connected
to via unix domain socket.

Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
@rolinh
daemon: move hubble specific code to a dedicated file
100dd63 
This commit brings no functional changes.

Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
@rolinh rolinh force-pushed the pr/rolinh/hubble-proxy-listen branch from 634f388 to 100dd63 Compare March 25, 2020 09:14
@rolinh
Copy link
Copy Markdown
Member Author

rolinh commented Mar 25, 2020
edited
Loading

test-me-please
EDIT: strange failure, probably a test flake. Let's re-trigger.

Unable to connect to the server: tls: first record does not look like a TLS handshake

@rolinh
Copy link
Copy Markdown
Member Author

rolinh commented Mar 25, 2020

test-me-please

@borkmann borkmann merged commit 94dba01 into master Mar 25, 2020
@borkmann borkmann deleted the pr/rolinh/hubble-proxy-listen branch March 25, 2020 15:14
@tgraf tgraf mentioned this pull request May 6, 2020
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aanm aanm aanm left review comments

@michi-covalent michi-covalent michi-covalent approved these changes

@gandro gandro gandro approved these changes

@glibsm glibsm glibsm approved these changes

Assignees

No one assigned

Labels

kind/feature This introduces new functionality. release-note/major This PR introduces major new functionality to Cilium.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@rolinh @coveralls @gandro @glibsm @aanm @michi-covalent @borkmann