charts: add skydive-analyzer and skydive-agent

.gitignore

@@ -14,3 +14,5 @@ ebpf/flow.o
 ebpf/flow-gre.o
 js/node_modules/
 .idea
+lint.json
+go.sum

.mk/k8s.mk

@@ -0,0 +1,42 @@
+TOOLSBIN:=/usr/local/bin
+export PATH:=$(TOOLSBIN):${PATH}
+
+$(TOOLSBIN)/k3d:
+	curl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | TAG=v3.0.0 bash
+
+$(TOOLSBIN)/kind:
+	GOBIN=$(TOOLSBIN) GO111MODULE=on sudo -E $(shell which go) get sigs.k8s.io/[email protected]
+
+$(TOOLSBIN)/helm:
+	curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | HELM_INSTALL_DIR=$(TOOLSBIN) sudo -E bash -
+
+$(TOOLSBIN)/kubectl:
+	sudo -E curl -fsSL -o $(TOOLSBIN)/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.20.1/bin/linux/amd64/kubectl && \
+		sudo -E chmod a+x $(TOOLSBIN)/kubectl
+
+# NodePorts are in the 30000-32767 range by default, which means a NodePort is
+# unlikely to match a service’s intended port (for example, 8080 may be exposed
+# as 31020).
+K3D_NODEPORTS?=30000-30100
+
+.PHONY: k3d
+k3d: k3d-delete k3d-create
+
+.PHONY: k3d-create
+k3d-create: $(TOOLSBIN)/k3d
+	k3d cluster create manager -p "${K3D_NODEPORTS}:${K3D_NODEPORTS}@server[0]" --agents 2
+
+.PHONY: k3d-delete
+k3d-delete: $(TOOLSBIN)/k3d
+	k3d cluster delete manager 2>/dev/null || true
+
+.PHONY: kind
+kind: kind-delete kind-create
+
+.PHONY: kind-create
+kind-create: $(TOOLSBIN)/kind
+	kind create cluster --name kind
+
+.PHONY: kind-delete
+kind-delete: $(TOOLSBIN)/kind
+	kind delete cluster --name kind 2>/dev/null || true

README.md

@@ -49,6 +49,21 @@ SKYDIVE_ETCD_DATA_DIR=/tmp SKYDIVE_ANALYZER_LISTEN=0.0.0.0:8082 sudo -E /usr/loc
 
 Open a browser to http://localhost:8082 to access the analyzer Web UI.
 
+### Helm
+
+If you are using Kubernetes then you can deploy skydive using helm directly from Git:
+
+```console
+helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0
+helm repo add skydive git+https://github.com/skydive-project/skydive@contrib/charts
+helm repo update
+helm install skydive-analyzer skydive/skydive-analyzer
+helm install skydive-agent skydive/skydive-agent
+kubectl port-forward service/skydive-analyzer 8082:8082
+```
+
+Open a browser to http://localhost:8082 to access the analyzer Web UI.
+
 ### Docker
 
 ```console

contrib/charts/Makefile

@@ -0,0 +1,11 @@
+SUBDIRS := \
+	skydive-analyzer \
+	skydive-agent
+
+.PHONY: install uninstall status
+install uninstall status:
+	for i in $(SUBDIRS); do \
+		make -C $$i $@; \
+	done
+
+include ../../.mk/k8s.mk

contrib/charts/skydive-agent/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: skydive-agent
+description: Skydive Agent - Network Topology and Protocols Analyzer
+version: 0.0.0
+appVersion: 0.0.0
+icon: http://skydive.network/assets/images/logo.png

contrib/charts/skydive-agent/Makefile

@@ -0,0 +1,21 @@
+include ../../../.mk/k8s.mk
+
+ANALYZER_SERVICE?=skydive-analyzer
+ANALYZER_PORT?=8082
+
+.PHONY: uninstall
+uninstall: $(TOOLSBIN)/helm
+	helm uninstall skydive-agent 2>/dev/null || true
+
+.PHONY: install
+install: $(TOOLSBIN)/helm
+	helm install skydive-agent . \
+		--set analyzer.host=${ANALYZER_SERVICE}:${ANALYZER_PORT}
+
+.PHONY: status
+status: $(TOOLSBIN)/kubectl
+	kubectl get all -l app=skydive-agent
+
+.PHONY: logs
+logs: $(TOOLSBIN)/kubectl
+	kubectl logs -f -l app=skydive-agent

contrib/charts/skydive-agent/templates/_helpers.tpl

@@ -0,0 +1,85 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "platform" -}}
+  {{- if (eq "linux/amd64" .Capabilities.KubeVersion.Platform) }}
+    {{- printf "-%s" "x86_64" }}
+  {{- end -}}
+  {{- if (eq "linux/ppc64le" .Capabilities.KubeVersion.Platform) }}
+    {{- printf "-%s" "ppc64le" }}
+  {{- end -}}
+  {{- if (eq "linux/s390x" .Capabilities.KubeVersion.Platform) }}
+    {{- printf "-%s" "s390x" }}
+  {{- end -}}
+{{- end -}}
+
+{{- define "arch" -}}
+  {{- if (eq "linux/amd64" .Capabilities.KubeVersion.Platform) }}
+    {{- printf "%s" "amd64" }}
+  {{- end -}}
+  {{- if (eq "linux/ppc64le" .Capabilities.KubeVersion.Platform) }}
+    {{- printf "%s" "ppc64le" }}
+  {{- end -}}
+  {{- if (eq "linux/s390x" .Capabilities.KubeVersion.Platform) }}
+    {{- printf "%s" "s390x" }}
+  {{- end -}}
+{{- end -}}
+
+{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}}
+
+{{- define "nodeaffinity" }}
+#https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+    {{- include "nodeAffinityRequiredDuringScheduling" . }}
+    preferredDuringSchedulingIgnoredDuringExecution:
+    {{- include "nodeAffinityPreferredDuringScheduling" . }}
+{{- end }}
+
+{{- define "nodeAffinityRequiredDuringScheduling" }}
+    #If you specify multiple nodeSelectorTerms associated with nodeAffinity types,
+    #then the pod can be scheduled onto a node if one of the nodeSelectorTerms is satisfied.
+    #
+    #If you specify multiple matchExpressions associated with nodeSelectorTerms,
+    #then the pod can be scheduled onto a node only if all matchExpressions can be satisfied.
+    #
+    #valid operators: In, NotIn, Exists, DoesNotExist, Gt, Lt
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: beta.kubernetes.io/arch
+          operator: In
+          values:
+        {{- range $key, $val := (dict "amd64" "2" "ppc64le" "2" "s390x" "2") }}
+          {{- if gt ($val | trunc 1 | int) 0 }}
+          - {{ $key }}
+          {{- end }}
+        {{- end }}
+{{- end }}
+
+{{- define "nodeAffinityPreferredDuringScheduling" }}
+  {{- range $key, $val := (dict "amd64" "2" "ppc64le" "2" "s390x" "2") }}
+    {{- if gt ($val | trunc 1 | int) 0 }}
+    - weight: {{ $val | trunc 1 | int }}
+      preference:
+        matchExpressions:
+        - key: beta.kubernetes.io/arch
+          operator: In
+          values:
+          - {{ $key }}
+    {{- end }}
+  {{- end }}
+{{- end }}

contrib/charts/skydive-agent/templates/daemonset.yaml

@@ -0,0 +1,123 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: skydive-agent
+  labels:
+    app: skydive-agent
+spec:
+  selector:
+    matchLabels:
+      app: skydive-agent
+  template:
+    metadata:
+      labels:
+        app: skydive-agent
+    spec:
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      hostPID: true
+      hostIPC: true
+      securityContext:
+        runAsNonRoot: false
+      affinity:
+        {{- include "nodeaffinity" . | indent 6 }}
+      containers:
+      - name: skydive-agent
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: {{ .Values.image.imagePullPolicy | default "" | quote }}
+        terminationMessagePolicy: FallbackToLogsOnError
+        args:
+        - agent
+        - --listen=0.0.0.0:8081
+        ports:
+        - containerPort: 8081
+        readinessProbe:
+          httpGet:
+            port: 8081
+            path: /api/status
+          initialDelaySeconds: 10
+          periodSeconds: 10
+        livenessProbe:
+          httpGet:
+            port: 8081
+            path: /api/status
+          initialDelaySeconds: 20
+          periodSeconds: 10
+          failureThreshold: 10
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+        env:
+        - name: SKYDIVE_ANALYZERS
+          value: {{ .Values.analyzer.host }}
+        - name: SKYDIVE_FLOW_PROTOCOL
+          value: websocket
+        - name: SKYDIVE_FLOW_DEFAULT_LAYER_KEY_MODE
+          value: L3
+        - name: SKYDIVE_AGENT_TOPOLOGY_PROBES
+          value: "ovsdb docker runc"
+        - name: SKYDIVE_AGENT_TOPOLOGY_RUNC_RUN_PATH
+          value: /var/run/runc /var/run/runc-ctrs /var/run/containerd/runc
+      {{- if .Values.extraEnvs }}
+{{ toYaml .Values.extraEnvs | indent 8 }}
+      {{- end }}
+        securityContext:
+          privileged: true
+          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: true
+          runAsNonRoot: false
+          runAsUser: 0
+          capabilities:
+            add:
+            - all
+        volumeMounts:
+        - name: docker
+          mountPath: /var/run/docker.sock
+        - name: run
+          mountPath: /host/run
+        - name: ovsdb
+          mountPath: /var/run/openvswitch/db.sock
+        - name: runc
+          mountPath: /var/run/runc
+        - name: runc-ctrs
+          mountPath: /var/run/runc-ctrs
+        - name: containerd-runc
+          mountPath: /var/run/containerd/runc
+        - name: data-kubelet
+          mountPath: /var/data/kubelet
+        - name: lib-kubelet
+          mountPath: /var/lib/kubelet
+        - name: data-openshiftvolumes
+          mountPath: /var/data/openshiftvolumes
+        - name: lib-origin
+          mountPath: /var/lib/origin
+      volumes:
+      - name: docker
+        hostPath:
+          path: /var/run/docker.sock
+      - name: run
+        hostPath:
+          path: /var/run/netns
+      - name: ovsdb
+        hostPath:
+          path: /var/run/openvswitch/db.sock
+      - name: runc
+        hostPath:
+          path: /var/run/runc
+      - name: runc-ctrs
+        hostPath:
+          path: /var/run/runc-ctrs
+      - name: containerd-runc
+        hostPath:
+          path: /var/run/containerd/runc
+      - name: data-kubelet
+        hostPath:
+          path: /var/data/kubelet
+      - name: lib-kubelet
+        hostPath:
+          path: /var/lib/kubelet
+      - name: data-openshiftvolumes
+        hostPath:
+          path: /var/data/openshiftvolumes
+      - name: lib-origin
+        hostPath:
+          path: /var/lib/origin

contrib/charts/skydive-agent/values.yaml

@@ -0,0 +1,20 @@
+image:
+  repository: skydive/skydive
+  tag: "latest"
+  imagePullPolicy: IfNotPresent
+
+resources:
+  limits:
+    cpu: 2000m
+    memory: 8192Mi
+  requests:
+    cpu: 100m
+    memory: 512Mi
+
+analyzer:
+  host: skydive-analyzer:8082
+
+# Extra environment variables to be appended to default skydive variables
+extraEnvs: []
+#  - name: MY_ENVIRONMENT_VAR
+#    value: the_value_goes_here

contrib/charts/skydive-analyzer/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: skydive-analyzer
+description: Skydive Analyzer - Network Topology and Protocols Analyzer
+version: 0.0.0
+appVersion: 0.0.0
+icon: http://skydive.network/assets/images/logo.png

contrib/charts/skydive-analyzer/Makefile

@@ -0,0 +1,42 @@
+include ../../../.mk/k8s.mk
+
+# must be within the range of k8s nodePort
+ANALYZER_NODEPORT?=30000
+ANALYZER_PORT?=8082
+ANALYZER_SERVICE?=skydive-analyzer
+ETCD_NODEPORT?=30001
+NEWUI_NODEPORT?=30002
+
+.PHONY: uninstall
+uninstall: $(TOOLSBIN)/helm
+	helm uninstall skydive-analyzer 2>/dev/null || true
+
+.PHONY: install
+install: $(TOOLSBIN)/helm
+	helm install skydive-analyzer . \
+		--set service.port=${ANALYZER_PORT} \
+		--set service.nodePort=${ANALYZER_NODEPORT} \
+		--set etcd.nodePort=${ETCD_NODEPORT} \
+		--set newui.nodePort=${NEWUI_NODEPORT} \
+
+.PHONY: status
+status: $(TOOLSBIN)/kubectl
+	kubectl get all -l app=skydive-analyzer
+
+.PHONY: logs
+logs: $(TOOLSBIN)/kubectl
+	kubectl logs -f -l app=skydive-analyzer -c skydive-analyzer
+
+.PHONY: verify
+verify:
+	curl http://localhost:${ANALYZER_NODEPORT}
+
+.PHONY: port-forward
+port-forward: $(TOOLSBIN)/kubectl
+	kubectl port-forward service/${ANALYZER_SERVICE} ${ANALYZER_PORT}:${ANALYZER_PORT}
+
+.PHONY: help
+help:
+	@echo "Skydive Analyzer is running at: http://localhost:${ANALYZER_NODEPORT}"
+	@echo "Skydive ETCD is running at: http://localhost:${ETCD_NODEPORT}"
+	@echo "Skydive NewUI is running at: http://localhost:${NEWUI_NODEPORT}"