diff --git a/cmd/legacy/daemon.go b/cmd/legacy/daemon.go index 01777b5563..b2fd38856b 100644 --- a/cmd/legacy/daemon.go +++ b/cmd/legacy/daemon.go @@ -15,6 +15,8 @@ import ( utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/client-go/kubernetes" clientgoscheme "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" ctrl "sigs.k8s.io/controller-runtime" crcache "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" @@ -92,11 +94,22 @@ func (d *Daemon) Start() error { } fmt.Println("init client-go") - cfg, err := kcfg.GetConfig() - if err != nil { - panic(err) + var cfg *rest.Config + if kubeconfig := os.Getenv("KUBECONFIG"); kubeconfig != "" { + fmt.Println("KUBECONFIG set, using kubeconfig: ", kubeconfig) + cfg, err = clientcmd.BuildConfigFromFlags("", kubeconfig) + if err != nil { + return fmt.Errorf("creating controller-runtime manager: %w", err) + } + } else { + cfg, err = kcfg.GetConfig() + if err != nil { + panic(err) + } } + fmt.Println("api server: ", cfg.Host) + fmt.Println("init logger") zl, err := log.SetupZapLogger(&log.LogOpts{ Level: daemonConfig.LogLevel, diff --git a/cmd/root.go b/cmd/root.go index b1cec2ae0d..115da29ef0 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -19,6 +19,7 @@ var ( probeAddr string enableLeaderElection bool cfgFile string + kubeConfigFileName = "" rootCmd = &cobra.Command{ Use: "retina-agent", @@ -41,6 +42,9 @@ func init() { rootCmd.Flags().StringVar(&probeAddr, "health-probe-bind-address", ":18081", "The address the probe endpoint binds to.") rootCmd.Flags().BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.") rootCmd.Flags().StringVar(&cfgFile, "config", configFileName, "config file") + + // this is read during GetConfigOrDie, not explicitly passed to any of our logic + rootCmd.Flags().StringVar(&kubeConfigFileName, "kubeconfig", kubeConfigFileName, "noop we just need cobra to not check since controller runtime can use this flag") } func Execute() { diff --git a/controller/Dockerfile.windows-native b/controller/Dockerfile.windows-native index 3d5b41f105..6689aee144 100644 --- a/controller/Dockerfile.windows-native +++ b/controller/Dockerfile.windows-native @@ -26,6 +26,8 @@ WORKDIR C:\\retina FROM --platform=windows/amd64 mcr.microsoft.com/windows/nanoserver:ltsc2022 AS final ADD https://github.com/microsoft/etl2pcapng/releases/download/v1.10.0/etl2pcapng.exe /etl2pcapng.exe SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'Continue';"] +COPY --from=builder C:\\retina\\windows\\kubeconfigtemplate.yaml kubeconfigtemplate.yaml +COPY --from=builder C:\\retina\\windows\\setkubeconfigpath.ps1 setkubeconfigpath.ps1 COPY --from=builder C:\\retina\\controller.exe controller.exe COPY --from=pktmon-builder C:\\pktmon\\controller-pktmon.exe controller-pktmon.exe COPY --from=builder C:\\retina\\captureworkload.exe captureworkload.exe diff --git a/pkg/plugin/windows/pktmon/pktmon_plugin_windows.go b/pkg/plugin/windows/pktmon/pktmon_plugin_windows.go index ec6940aaf7..cb1daa0d8c 100644 --- a/pkg/plugin/windows/pktmon/pktmon_plugin_windows.go +++ b/pkg/plugin/windows/pktmon/pktmon_plugin_windows.go @@ -97,7 +97,16 @@ func (p *Plugin) RunPktMonServer(ctx context.Context) error { defer p.stdWriter.Close() p.errWriter = &zapio.Writer{Log: p.l.Logger, Level: zap.ErrorLevel} defer p.errWriter.Close() - p.pktmonCmd = exec.CommandContext(ctx, "controller-pktmon.exe") + + pwd, err := os.Getwd() + if err != nil { + return fmt.Errorf("failed to get current working directory for pktmon: %w", err) + } + + cmd := pwd + "\\" + "controller-pktmon.exe" + + p.pktmonCmd = exec.CommandContext(ctx, cmd) + p.pktmonCmd.Dir = pwd p.pktmonCmd.Args = append(p.pktmonCmd.Args, "--socketpath", socket) p.pktmonCmd.Env = os.Environ() p.pktmonCmd.Stdout = p.stdWriter @@ -106,7 +115,7 @@ func (p *Plugin) RunPktMonServer(ctx context.Context) error { p.l.Info("calling start on pktmon stream server", zap.String("cmd", p.pktmonCmd.String())) // block this thread, and should it ever return, it's a problem - err := p.pktmonCmd.Run() + err = p.pktmonCmd.Run() if err != nil { return fmt.Errorf("pktmon server exited when it should not have: %w", err) } diff --git a/windows/setkubeconfigpath.ps1 b/windows/setkubeconfigpath.ps1 index 38ec3440b2..328ffefecd 100644 --- a/windows/setkubeconfigpath.ps1 +++ b/windows/setkubeconfigpath.ps1 @@ -1,11 +1,16 @@ # pull the server value from the kubeconfig on host to construct our own kubeconfig, but using service principal settings # this is required to build a kubeconfig using the kubeconfig on disk in c:\k, and the service principle granted in the container mount, to generate clientset -$cpEndpoint = Get-Content C:\k\config | ForEach-Object -Process {if($_.Contains("server:")) {$_.Trim().Split()[1]}} +$cpEndpoint = Get-Content C:\k\config | ForEach-Object -Process { if ($_.Contains("server:")) { $_.Trim().Split()[1] } } $token = Get-Content -Path $env:CONTAINER_SANDBOX_MOUNT_POINT\var\run\secrets\kubernetes.io\serviceaccount\token $ca = Get-Content -Raw -Path $env:CONTAINER_SANDBOX_MOUNT_POINT\var\run\secrets\kubernetes.io\serviceaccount\ca.crt $caBase64 = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($ca)) $server = "server: $cpEndpoint" (Get-Content $env:CONTAINER_SANDBOX_MOUNT_POINT\kubeconfigtemplate.yaml). - replace("", $caBase64). - replace("", $server.Trim()). - replace("", $token) | Set-Content $env:CONTAINER_SANDBOX_MOUNT_POINT\kubeconfig -Force +replace("", $caBase64). +replace("", $server.Trim()). +replace("", $token) | Set-Content $env:CONTAINER_SANDBOX_MOUNT_POINT\kubeconfig -Force + +$env:KUBECONFIG = Join-Path -Path $env:CONTAINER_SANDBOX_MOUNT_POINT -ChildPath "kubeconfig" + +# Set the KUBECONFIG environment variable +[System.Environment]::SetEnvironmentVariable("KUBECONFIG", $env:KUBECONFIG, [System.EnvironmentVariableTarget]::Machine)