1
0
Fork 0
cilium-docker/test/http-sw.sh

115 lines
2.7 KiB
Bash
Executable file

#!/bin/sh
# REF: https://docs.cilium.io/en/stable/gettingstarted/demo/#starwars-demo
# Compute WORK_DIR
SCRIPT="$(readlink -f "$0")"
SCRIPT_DIR="$(dirname "$SCRIPT")"
WORK_DIR_RELPATH="."
WORK_DIR="$(readlink -f "$SCRIPT_DIR/$WORK_DIR_RELPATH")"
# VARIABLES
NAMESPACE="http-sw"
YAML_DIR="$WORK_DIR/http-sw"
APP_YAML="$YAML_DIR/http-sw-app.yaml"
SW_L3_L4_POLICY_YAML="$YAML_DIR/sw_l3_l4_policy.yaml"
SW_L3_L4_L7_POLICY_YAML="$YAML_DIR/sw_l3_l4_l7_policy.yaml"
access_test() {
for pod in xwing tiefighter; do
ret="0"
echo "Checking deathstar access from '$pod'"
kubectl -n "$NAMESPACE" exec "$pod" -- curl --connect-timeout 5 \
-s -XPOST deathstar.$NAMESPACE.svc.cluster.local/v1/request-landing ||
ret="$?"
if [ "$ret" -ne "0" ]; then
echo "Connection failed!"
fi
done
# shellcheck disable=SC2043
for pod in tiefighter; do
ret="0"
echo "Checking deathstar exaust-port access from '$pod'"
kubectl -n "$NAMESPACE" exec "$pod" -- curl --connect-timeout 5 \
-s -XPUT deathstar.$NAMESPACE.svc.cluster.local/v1/exhaust-port ||
ret="$?"
if [ "$ret" -ne "0" ]; then
echo "Connection failed!"
fi
done
}
create_deployment() {
kubectl create ns "$NAMESPACE" || true
kubectl -n "$NAMESPACE" apply -f "$APP_YAML"
}
delete_deployment() {
kubectl delete ns "$NAMESPACE"
}
list_sw_endpoints() {
for pod in $(kubectl -n kube-system get pods -l k8s-app=cilium -o name); do
OUTPUT="$(
kubectl -n kube-system exec "$pod" -c cilium-agent \
-- cilium endpoint list
)"
echo "$OUTPUT" | head -1
echo "$OUTPUT" | grep -B6 "org=\(alliance\|empire\)" | grep -v "^--"
done
}
status() {
kubectl -n "$NAMESPACE" get all,CiliumNetworkPolicy
}
usage() {
echo "Usage: $0 create|delete|desc|endpoints|policy-(l34|l7|none)|status|test"
exit "$1"
}
# ====
# MAIN
# ====
case "$1" in
create) create_deployment;;
delete) delete_deployment;;
desc|describe)
if kubectl -n "$NAMESPACE" get cnp/rule1 -o name 2>/dev/null 1>&2; then
echo "Describe current policy"
kubectl -n "$NAMESPACE" describe CiliumNetworkPolicy/rule1
else
echo "Policy not installed"
fi
;;
eps|endpoints) list_sw_endpoints;;
policy-l34)
echo "Adding SW L3-L4 policy"
echo ""
cat "$SW_L3_L4_POLICY_YAML"
echo ""
kubectl -n "$NAMESPACE" apply -f "$SW_L3_L4_POLICY_YAML"
;;
policy-l7)
echo "Adding SW L3-L4-L7 policy:"
echo ""
cat "$SW_L3_L4_L7_POLICY_YAML"
echo ""
kubectl -n "$NAMESPACE" apply -f "$SW_L3_L4_L7_POLICY_YAML"
;;
policy-none)
echo "Removing Cilium Network Policy 'rule1'"
kubectl -n "$NAMESPACE" delete CiliumNetworkPolicy/rule1
;;
status) status;;
test)
echo "Running access test"
access_test
;;
"") usage "0" ;;
*) usage "1" ;;
esac
# ----
# vim: ts=2:sw=2:et:ai:sts=2