From 8e1c36926138db5f560e83c9d209aadaab2d5267 Mon Sep 17 00:00:00 2001 From: Lior Noy Date: Thu, 23 May 2024 15:51:16 +0300 Subject: [PATCH] Specify static entries namespaces This commit updates the static-custom-entries.go. fill the namespaces of some static custom entries, and renames the variable name of cloudStaticEntries to be cloud generic and not specific for AWS. Signed-off-by: Lior Noy --- README.md | 2 +- cmd/main.go | 6 +- commatrix/commatrix.go | 8 +- commatrix/static-custom-entries.go | 156 +++++++++++------------------ 4 files changed, 66 insertions(+), 106 deletions(-) diff --git a/README.md b/README.md index 6f0c2a54..5304eb2e 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ Use the `generate` Makefile target to create the matrix. The following environment variables are used to configure: ``` FORMAT (csv/json/yaml) -CLUSTER_ENV (baremetal/aws) +CLUSTER_ENV (baremetal/cloud) DEST_DIR (path to the directory containing the artifacts) DEPLOYMENT (mno/sno) ``` diff --git a/cmd/main.go b/cmd/main.go index 70ea6cfd..d4300b8c 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -32,7 +32,7 @@ func main() { flag.StringVar(&destDir, "destDir", "communication-matrix", "Output files dir") flag.StringVar(&format, "format", "csv", "Desired format (json,yaml,csv)") - flag.StringVar(&envStr, "env", "baremetal", "Cluster environment (baremetal/aws)") + flag.StringVar(&envStr, "env", "baremetal", "Cluster environment (baremetal/cloud)") flag.StringVar(&deploymentStr, "deployment", "mno", "Deployment type (mno/sno)") flag.StringVar(&customEntriesPath, "customEntriesPath", "", "Add custom entries from a JSON file to the matrix") @@ -58,8 +58,8 @@ func main() { switch envStr { case "baremetal": env = commatrix.Baremetal - case "aws": - env = commatrix.AWS + case "cloud": + env = commatrix.Cloud default: panic(fmt.Sprintf("invalid cluster environment: %s", envStr)) } diff --git a/commatrix/commatrix.go b/commatrix/commatrix.go index fc9931a3..6869d755 100644 --- a/commatrix/commatrix.go +++ b/commatrix/commatrix.go @@ -18,7 +18,7 @@ type Env int const ( Baremetal Env = iota - AWS + Cloud ) type Deployment int @@ -104,12 +104,12 @@ func getStaticEntries(e Env, d Deployment) ([]types.ComDetails, error) { break } comDetails = append(comDetails, baremetalStaticEntriesWorker...) - case AWS: - comDetails = append(comDetails, awsCloudStaticEntriesMaster...) + case Cloud: + comDetails = append(comDetails, cloudStaticEntriesMaster...) if d == SNO { break } - comDetails = append(comDetails, awsCloudStaticEntriesWorker...) + comDetails = append(comDetails, cloudStaticEntriesWorker...) default: return nil, fmt.Errorf("invalid value for cluster environment") } diff --git a/commatrix/static-custom-entries.go b/commatrix/static-custom-entries.go index 47c7c2ad..ddb1f8aa 100644 --- a/commatrix/static-custom-entries.go +++ b/commatrix/static-custom-entries.go @@ -9,7 +9,7 @@ var generalStaticEntriesWorker = []types.ComDetails{ Port: 22, NodeRole: "worker", Service: "sshd", - Namespace: "", + Namespace: "Host system service", Pod: "", Container: "", Optional: true, @@ -29,7 +29,7 @@ var generalStaticEntriesWorker = []types.ComDetails{ Port: 10250, NodeRole: "worker", Service: "kubelet", - Namespace: "", + Namespace: "Host system service", Pod: "", Container: "", Optional: false, @@ -40,8 +40,8 @@ var generalStaticEntriesWorker = []types.ComDetails{ NodeRole: "worker", Service: "egressip-node-healthcheck", Namespace: "openshift-ovn-kubernetes", - Pod: "", - Container: "", + Pod: "ovnkube-node", + Container: "ovnkube-controller", Optional: false, }, { Direction: "Ingress", @@ -49,7 +49,7 @@ var generalStaticEntriesWorker = []types.ComDetails{ Port: 111, NodeRole: "worker", Service: "rpcbind", - Namespace: "", + Namespace: "Host system service", Pod: "", Container: "", Optional: true, @@ -59,7 +59,7 @@ var generalStaticEntriesWorker = []types.ComDetails{ Port: 111, NodeRole: "worker", Service: "rpcbind", - Namespace: "", + Namespace: "Host system service", Pod: "", Container: "", Optional: true, @@ -69,17 +69,17 @@ var generalStaticEntriesWorker = []types.ComDetails{ Port: 10256, NodeRole: "worker", Service: "ovnkube", - Namespace: "openshift-sdn", + Namespace: "openshift-ovn-kubernetes", Pod: "ovnkube", Container: "ovnkube-controller", - Optional: true, + Optional: false, }, { Direction: "Ingress", Protocol: "TCP", Port: 9537, NodeRole: "worker", Service: "crio-metrics", - Namespace: "", + Namespace: "Host system service", Pod: "", Container: "", Optional: false, @@ -90,6 +90,16 @@ var generalStaticEntriesMaster = []types.ComDetails{ { Direction: "Ingress", Protocol: "TCP", + Port: 8080, + NodeRole: "master", + Service: "", + Namespace: "openshift-network-operator", + Pod: "network-operator", + Container: "network-operator", + Optional: false, + }, { + Direction: "ingress", + Protocol: "TCP", Port: 9637, NodeRole: "master", Service: "kube-rbac-proxy-crio", @@ -102,10 +112,10 @@ var generalStaticEntriesMaster = []types.ComDetails{ Protocol: "TCP", Port: 10256, NodeRole: "master", - Service: "openshift-sdn", - Namespace: "", - Pod: "", - Container: "", + Service: "ovnkube", + Namespace: "openshift-ovn-kubernetes", + Pod: "ovnkube", + Container: "ovnkube-controller", Optional: false, }, { Direction: "Ingress", @@ -113,7 +123,7 @@ var generalStaticEntriesMaster = []types.ComDetails{ Port: 9537, NodeRole: "master", Service: "crio-metrics", - Namespace: "", + Namespace: "Host system service", Pod: "", Container: "", Optional: false, @@ -123,7 +133,7 @@ var generalStaticEntriesMaster = []types.ComDetails{ Port: 10250, NodeRole: "master", Service: "kubelet", - Namespace: "", + Namespace: "Host system service", Pod: "", Container: "", Optional: false, @@ -134,7 +144,7 @@ var generalStaticEntriesMaster = []types.ComDetails{ NodeRole: "master", Service: "egressip-node-healthcheck", Namespace: "openshift-ovn-kubernetes", - Pod: "ovnkube", + Pod: "ovnkube-node", Container: "ovnkube-controller", Optional: false, }, { @@ -143,7 +153,7 @@ var generalStaticEntriesMaster = []types.ComDetails{ Port: 111, NodeRole: "master", Service: "rpcbind", - Namespace: "", + Namespace: "Host system service", Pod: "", Container: "", Optional: true, @@ -153,7 +163,7 @@ var generalStaticEntriesMaster = []types.ComDetails{ Port: 111, NodeRole: "master", Service: "rpcbind", - Namespace: "", + Namespace: "Host system service", Pod: "", Container: "", Optional: true, @@ -163,7 +173,7 @@ var generalStaticEntriesMaster = []types.ComDetails{ Port: 22, NodeRole: "master", Service: "sshd", - Namespace: "", + Namespace: "Host system service", Pod: "", Container: "", Optional: true, @@ -263,7 +273,7 @@ var generalStaticEntriesMaster = []types.ComDetails{ Port: 6080, NodeRole: "master", Service: "", - Namespace: "openshift-kube-apiserver-readyz", + Namespace: "openshift-kube-apiserver", Pod: "kube-apiserver", Container: "kube-apiserver-insecure-readyz", Optional: false, @@ -316,7 +326,7 @@ var baremetalStaticEntriesWorker = []types.ComDetails{ Protocol: "TCP", Port: 18080, NodeRole: "worker", - Service: "openshift-kni-infra-coredns", + Service: "", Namespace: "openshift-kni-infra", Pod: "coredns", Container: "coredns", @@ -350,7 +360,7 @@ var baremetalStaticEntriesMaster = []types.ComDetails{ Protocol: "TCP", Port: 5050, NodeRole: "master", - Service: "metal3", + Service: "", Namespace: "openshift-machine-api", Pod: "ironic-proxy", Container: "ironic-proxy", @@ -360,7 +370,7 @@ var baremetalStaticEntriesMaster = []types.ComDetails{ Protocol: "TCP", Port: 9444, NodeRole: "master", - Service: "openshift-kni-infra-haproxy-haproxy", + Service: "", Namespace: "openshift-kni-infra", Pod: "haproxy", Container: "haproxy", @@ -370,20 +380,10 @@ var baremetalStaticEntriesMaster = []types.ComDetails{ Protocol: "TCP", Port: 9445, NodeRole: "master", - Service: "haproxy-openshift-dsn-internal-loadbalancer", - Namespace: "", - Pod: "", - Container: "", - Optional: false, - }, { - Direction: "Ingress", - Protocol: "TCP", - Port: 9191, - NodeRole: "master", - Service: "machine-approver", - Namespace: "machine-approver", - Pod: "machine-approver", - Container: "machine-approver-controller", + Service: "", + Namespace: "openshift-kni-infra", + Pod: "haproxy", + Container: "haproxy", Optional: false, }, { Direction: "Ingress", @@ -395,22 +395,12 @@ var baremetalStaticEntriesMaster = []types.ComDetails{ Pod: "ironic-proxy", Container: "ironic-proxy", Optional: false, - }, { - Direction: "Ingress", - Protocol: "TCP", - Port: 29445, - NodeRole: "master", - Service: "haproxy-openshift-dsn", - Namespace: "", - Pod: "", - Container: "", - Optional: true, }, { Direction: "Ingress", Protocol: "TCP", Port: 18080, NodeRole: "master", - Service: "openshift-kni-infra-coredns", + Service: "", Namespace: "openshift-kni-infra", Pod: "coredns", Container: "coredns", @@ -420,88 +410,58 @@ var baremetalStaticEntriesMaster = []types.ComDetails{ Protocol: "TCP", Port: 9447, NodeRole: "master", - Service: "baremetal-operator-webhook-baremetal provisioning", - Namespace: "", - Pod: "", + Service: "", + Namespace: "openshift-machine-api", + Pod: "metal3-baremetal-operator", Container: "", Optional: false, }, } -var awsCloudStaticEntriesWorker = []types.ComDetails{ +var cloudStaticEntriesWorker = []types.ComDetails{ { - Direction: "Ingress", - Protocol: "TCP", - Port: 10304, - NodeRole: "worker", - Service: "csi-node-driver", - Namespace: "", - Pod: "", - Container: "", - Optional: false, - }, { Direction: "Ingress", Protocol: "TCP", Port: 10300, NodeRole: "worker", Service: "csi-livenessprobe", - Namespace: "", - Pod: "", - Container: "", + Namespace: "openshift-cluster-csi-drivers", + Pod: "csi-driver-node", + Container: "csi-driver", Optional: false, }, } -var awsCloudStaticEntriesMaster = []types.ComDetails{ +var cloudStaticEntriesMaster = []types.ComDetails{ { - Direction: "Ingress", - Protocol: "TCP", - Port: 8080, - NodeRole: "master", - Service: "cluster-network", - Namespace: "", - Pod: "", - Container: "", - Optional: false, - }, { Direction: "Ingress", Protocol: "TCP", Port: 10260, NodeRole: "master", - Service: "aws-cloud-controller", - Namespace: "", - Pod: "", - Container: "", + Service: "cloud-controller", + Namespace: "openshift-cloud-controller-manager-operator", + Pod: "cloud-controller-manager", + Container: "cloud-controller-manager", Optional: false, }, { Direction: "Ingress", Protocol: "TCP", Port: 10258, NodeRole: "master", - Service: "aws-cloud-controller", - Namespace: "", - Pod: "", - Container: "", - Optional: false, - }, { - Direction: "Ingress", - Protocol: "TCP", - Port: 10304, - NodeRole: "master", - Service: "csi-node-driver", - Namespace: "", - Pod: "", - Container: "", + Service: "cloud-controller", + Namespace: "openshift-cloud-controller-manager-operator", + Pod: "cloud-controller-manager", + Container: "cloud-controller-manager", Optional: false, }, { Direction: "Ingress", Protocol: "TCP", Port: 10300, NodeRole: "master", - Service: "csi-livenessprobe", - Namespace: "", - Pod: "", - Container: "", + Service: "csi-drivers-livenessprobe", + Namespace: "openshift-cluster-csi-drivers", + Pod: "csi-driver-node", + Container: "csi-driver", Optional: false, }, }