github.phpd.cn/cilium/cilium@v1.6.12/examples/demo/demo3_top.sh (about) 1 #!/usr/bin/env bash 2 3 . $(dirname ${BASH_SOURCE})/../../contrib/shell/util.sh 4 5 CLIENT_LABEL="id.client" 6 SERVER_LABEL="id.server" 7 8 SERVER_IP=$(docker inspect --format '{{ .NetworkSettings.Networks.cilium.GlobalIPv6Address }}' server) 9 10 run "" 11 12 desc "Ping again to trigger events" 13 run "docker exec -ti client ping6 -c 4 $SERVER_IP" 14 15 desc "Not enough information? Enable debug mode!" 16 desc "This will recompile the BPF programs with debug instructions while the containers keeps running" 17 run "cilium endpoint list" 18 19 SERVER_ID=$(cilium endpoint list | grep $SERVER_LABEL | awk '{ print $1}') 20 CLIENT_ID=$(cilium endpoint list | grep $CLIENT_LABEL | awk '{ print $1}') 21 run "cilium endpoint config $CLIENT_ID Debug=true" 22 run "cilium endpoint config $SERVER_ID Debug=true" 23 24 desc "Ping again to see debugging events" 25 run "docker exec -ti client ping6 -c 4 $SERVER_IP" 26 27 clear 28 desc "Packets get dropped due to policy denial. Trace the policy decision" 29 run "cilium policy trace -s $CLIENT_LABEL -d $SERVER_LABEL" 30 31 desc "No policy has been loaded, import it." 32 run "cat $(relative policy.json)" 33 run "cilium policy import $(relative policy.json)" 34 35 clear 36 desc "Trace policy again" 37 run "cilium policy trace -s $CLIENT_LABEL -d $SERVER_LABEL" 38 39 desc "Ping should now work as expected" 40 run "docker exec -ti client ping6 -c 4 $SERVER_IP" 41 42 desc "All good. Compile out debug and drop notifications again for efficiency" 43 44 run "cilium endpoint config $CLIENT_ID Debug=false DropNotification=false TraceNotification=false" 45 run "cilium endpoint config $SERVER_ID Debug=false DropNotification=false TraceNotification=false" 46 47 desc "Ping will no longer trigger events for these containers" 48 run "docker exec -ti client ping6 -c 4 $SERVER_IP"