KubeSkoop Web Console

.gitignore

@@ -4,3 +4,34 @@ cmd/exporter/exporter
 .idea
 .vscode
 pkg/exporter/proto/github.com/alibaba/kubeskoop/proto/inspector_grpc.pb.go
+
+# dependencies
+webui/node_modules
+
+# testing
+webui/coverage
+
+# production
+webui/build
+
+# misc
+.DS_Store
+*.swp
+*.dia~
+
+# logs
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+# local env files
+.env*.local
+
+# tmp
+.ice
+
+# cache
+.eslintcache
+.stylelintcache
+

Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/library/golang:1.19.4-alpine AS build
+FROM docker.io/library/golang:1.20.5-alpine AS build
 # --build-arg GOPROXY=https://goproxy.cn,direct
 ARG GOPROXY
 # --build-arg ALPINE_MIRROR=mirrors.aliyun.com
@@ -12,6 +12,11 @@ WORKDIR /go/src/github.com/alibaba/kubeskoop/
 ADD . /go/src/github.com/alibaba/kubeskoop/
 RUN mkdir -p bin && make all
 
+FROM --platform=linux/amd64 docker.io/library/node:20.9.0-alpine as build-ui
+WORKDIR /webconsole
+ADD ./webui /webconsole
+RUN yarn install && yarn build
+
 FROM docker.io/library/alpine
 
 RUN apk add --no-cache \
@@ -27,8 +32,12 @@ RUN apk add --no-cache \
 
 COPY --from=build /go/src/github.com/alibaba/kubeskoop/bin/inspector /bin/inspector
 COPY --from=build /go/src/github.com/alibaba/kubeskoop/bin/pod-collector /bin/pod-collector
+COPY --from=build /go/src/github.com/alibaba/kubeskoop/bin/controller /bin/controller
 COPY --from=build /go/src/github.com/alibaba/kubeskoop/bin/skoop /bin/skoop
 COPY --from=build /go/src/github.com/alibaba/kubeskoop/bin/btfhack /bin/btfhack
+COPY --from=build /go/src/github.com/alibaba/kubeskoop/bin/webconsole /bin/webconsole
+
+COPY --from=build-ui /webconsole/build /var/www
 
 COPY tools/scripts/* /bin/
 COPY deploy/resource/kubeskoop-exporter-dashboard.json /etc/

Makefile

@@ -14,7 +14,7 @@ GIT_COMMIT=${shell git rev-parse HEAD}
 ldflags="-X $(VERSION_PKG).Version=$(TAG) -X $(VERSION_PKG).Commit=${GIT_COMMIT}"
 
 .PHONY: all
-all: build-exporter build-skoop build-collector build-btfhack
+all: build-exporter build-skoop build-controller build-collector build-btfhack build-webconsole
 
 .PHONY: fmt
 fmt:
@@ -36,10 +36,18 @@ build-skoop:
 build-collector:
 	CGO_ENABLED=0 go build -o bin/pod-collector -ldflags $(ldflags) ./cmd/collector
 
+.PHONY: build-controller
+build-controller:
+	go build -o bin/controller -ldflags $(ldflags) ./cmd/controller
+
 .PHONY: build-btfhack
 build-btfhack:
 	CGO_ENABLED=0 go build -o bin/btfhack -ldflags $(ldflags) ./cmd/btfhack
 
+.PHONY: build-btfhack
+build-webconsole:
+	cd webui && CGO_ENABLED=0 go build -o ../bin/webconsole -ldflags $(ldflags) .
+
 .PHONY: image
 image: ## build kubeskoop image
 	docker build -t $(SKOOP_REPO):$(TAG) .

cmd/controller/main.go

@@ -0,0 +1,7 @@
+package main
+
+import "github.com/alibaba/kubeskoop/pkg/controller/cmd"
+
+func main() {
+	cmd.Execute()
+}

cmd/exporter/init.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	_ "github.com/alibaba/kubeskoop/pkg/exporter/probe/flow"
+	_ "github.com/alibaba/kubeskoop/pkg/exporter/probe/info"
 	_ "github.com/alibaba/kubeskoop/pkg/exporter/probe/nlconntrack"
 	_ "github.com/alibaba/kubeskoop/pkg/exporter/probe/nlqdisc"
 	_ "github.com/alibaba/kubeskoop/pkg/exporter/probe/procfd"

deploy/skoopbundle.yaml

@@ -31,15 +31,15 @@ spec:
       dnsPolicy: ClusterFirstWithHostNet
       initContainers:
         - name: inspector-prepare
-          image: "kubeskoop/kubeskoop:latest"
+          image: kubeskoop/kubeskoop:v1.0.0
           volumeMounts:
             - name: btf-rawdata
               mountPath: /etc/net-exporter/btf
             - mountPath: /boot/
               name: boot
           command: [btfhack, discover, -p, /etc/net-exporter/btf/]
       containers:
-      - image: "kubeskoop/kubeskoop:latest"
+      - image: kubeskoop/kubeskoop:v1.0.0
         name: inspector
         env:
         - name: INSPECTOR_NODENAME
@@ -363,6 +363,12 @@ spec:
         env:
           - name: GF_SECURITY_ADMIN_PASSWORD
             value: "kubeskoop"
+          - name: GF_SECURITY_ALLOW_EMBEDDING
+            value: "true"
+          - name: GF_SERVER_SERVE_FROM_SUB_PATH
+            value: "true"
+          - name: GF_SERVER_ROOT_URL
+            value: "/grafana"
         resources:
           limits:
             memory: "1Gi"
@@ -377,7 +383,7 @@ spec:
             name: grafana-datasources
             readOnly: false
       - name: register-dashboard
-        image: kubeskoop/kubeskoop:latest
+        image: kubeskoop/kubeskoop:v1.0.0
         env:
           - name: GRAFANA_PASSWORD
             value: "kubeskoop"
@@ -399,8 +405,7 @@ metadata:
       prometheus.io/scrape: 'true'
       prometheus.io/port:   '3000'
 spec:
-  selector:
-    app: grafana
+  selector: app: grafana
   type: NodePort
   ports:
     - port: 80
@@ -486,3 +491,173 @@ data:
 
     analytics:
       reporting_enabled: false
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: controller
+rules:
+- apiGroups: [""]
+  resources:
+  - pods
+  verbs: ["get", "list", "watch", "delete", "create"]
+- apiGroups: [""]
+  resources:
+  - nodes
+  - nodes/proxy
+  - services
+  - endpoints
+  - configmaps
+  - namespaces
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps"]
+  resources: ["daemonsets"]
+  verbs: ["get", "list"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["networkpolicies"]
+  verbs: ["get", "list"]
+- apiGroups: [""]
+  resources: ["pods/exec", "pods/attach", "pods/portforward"]
+  verbs: ["create", "get", "list", "update", "delete"]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: controller
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: kubeskoop
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: controller
+  namespace: kubeskoop
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  resourceNames: ["kubeskoop-config"]
+  verbs: ["get", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: controller
+  namespace: kubeskoop
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: controller
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: kubeskoop
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller
+  namespace: kubeskoop
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: controller
+  template:
+    metadata:
+      name: controller
+      labels:
+        app: controller
+    spec:
+      containers:
+      - name: controller
+        image: kubeskoop/kubeskoop:v1.0.0
+        command: ["/bin/controller"]
+        env:
+          - name: PROMETHEUS_ENDPOINT
+            value: http://prometheus-service
+          - name: LOKI_ENDPOINT
+            value: http://loki-service:3100
+        volumeMounts:
+          - name:  db
+            mountPath: /var/lib/kubeskoop
+      volumes:
+      - name: db
+        emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: controller
+  namespace: kubeskoop
+spec:
+  selector:
+    app: controller
+  ports:
+    - name: grpc
+      port: 10263
+      targetPort: 10263
+    - name: http
+      port: 10264
+      targetPort: 10264
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: webconsole
+  namespace: kubeskoop
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: webconsole
+  template:
+    metadata:
+      name: webconsole
+      labels:
+        app: webconsole
+    spec:
+      containers:
+      - name: controller
+        image: kubeskoop/kubeskoop:v1.0.0
+        command: ["/bin/webconsole"]
+        env:
+          - name: CONTROLLER_ENDPOINT
+            value: "http://controller:10264"
+          - name: GRAFANA_PROXY
+            value: "true"
+          - name: GRAFANA_ENDPOINT
+            value: "http://grafana/grafana"
+          - name: GRAFANA_USERNAME
+            value: "admin"
+          - name: GRAFANA_PASSWORD
+            value: "kubeskoop"
+          - name: AUTH_USERNAME
+            value: "admin"
+          - name: AUTH_PASSWORD
+            value: "kubeskoop"
+        ports:
+        - name: http
+          containerPort: 8080
+          protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: webconsole
+  namespace: kubeskoop
+spec:
+  selector:
+    app: webconsole
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8080