blob: 257946d88cd4899d31500142d92160a824df0773 [file] [log] [blame]
=====================
SSL endpoints check
=====================
Utility for checking if all of the ports exposed outside of Kubernetes cluster
use SSL tunnels.
Prerequisites
-------------
Configuration
~~~~~~~~~~~~~
``-kubeconfig``
Optional unless ``$HOME`` is not set. Defaults to ``$HOME/.kube/config``.
``-xfail``
Optional list of services with corresponding NodePorts which do not use SSL
tunnels. These ports are known as "expected failures" and will not be
checked.
Dependencies
~~~~~~~~~~~~
- nmap_
.. _nmap: https://nmap.org/book/install.html
Build (local)
~~~~~~~~~~~~~
- go_ (1.11+, tested on 1.13)
.. _go: https://golang.org/doc/install
Build (Docker)
~~~~~~~~~~~~~~
- Docker_ engine
- make (optional)
.. _Docker: https://docs.docker.com/install
Test
~~~~
- Ginkgo_
- GolangCI-Lint_ (optional)
.. _Ginkgo: https://onsi.github.io/ginkgo/#getting-ginkgo
.. _GolangCI-Lint: https://github.com/golangci/golangci-lint#install
Building
--------
Command (local)
~~~~~~~~~~~~~~~
.. code-block:: shell
$ mkdir bin
$ go build -o bin/sslendpoints
Additional ``bin`` directory and specifying ``go build`` output are used to
declutter project and maintain compatibility with Docker-based process. Running
``go build`` without parameters will create ``sslendpoints`` binary in current
directory.
Command (Docker)
~~~~~~~~~~~~~~~~
.. code-block:: shell
$ make # or commands from corresponding "make" targets
Running
-------
Command (local)
~~~~~~~~~~~~~~~
.. code-block:: shell
$ bin/sslendpoints [-kubeconfig KUBECONFIG] [-xfail XFAIL]
Command (Docker)
~~~~~~~~~~~~~~~~
.. code-block:: shell
$ docker run --rm --volume $KUBECONFIG:/.kube/config \
sslendpoints-build-img /bin/sslendpoints
$ docker run --rm --volume $KUBECONFIG:/opt/config \
sslendpoints-build-img /bin/sslendpoints -kubeconfig /opt/config
$ docker run --rm \
--volume $KUBECONFIG:/opt/config \
--volume $XFAIL:/opt/xfail \
sslendpoints-build-img /bin/sslendpoints \
-kubeconfig /opt/config
-xfail /opt/xfail
Output
~~~~~~
.. code-block:: shell
$ ./sslendpoints -kubeconfig ~/.kube/config.onap
2020/03/17 10:40:29 Host 192.168.2.10
2020/03/17 10:40:29 PORT SERVICE
2020/03/17 10:40:29 30203 sdnc-dgbuilder
2020/03/17 10:40:29 30204 sdc-be
2020/03/17 10:40:29 30207 sdc-fe
2020/03/17 10:40:29 30220 aai-sparky-be
2020/03/17 10:40:29 30226 message-router
2020/03/17 10:40:29 30233 aai
2020/03/17 10:40:29 30256 sdc-wfd-fe
2020/03/17 10:40:29 30257 sdc-wfd-be
2020/03/17 10:40:29 30264 sdc-dcae-fe
2020/03/17 10:40:29 30266 sdc-dcae-dt
2020/03/17 10:40:29 30279 aai-babel
2020/03/17 10:40:29 30406 so-vnfm-adapter
2020/03/17 10:40:29 There are 12 non-SSL NodePorts in the cluster
Testing
-------
.. code-block:: shell
$ go test ./... # basic
$ ginkgo -r # pretty
$ golangci-lint run # linters