istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tools/istio-clean-iptables/pkg/cmd/root.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tools/istio-clean-iptables/pkg/cmd/root.go (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package cmd
    16  
    17  import (
    18  	"github.com/spf13/cobra"
    19  
    20  	"istio.io/istio/pkg/flag"
    21  	"istio.io/istio/pkg/log"
    22  	"istio.io/istio/tools/istio-clean-iptables/pkg/config"
    23  	"istio.io/istio/tools/istio-iptables/pkg/constants"
    24  )
    25  
    26  func bindCmdlineFlags(cfg *config.Config, cmd *cobra.Command) {
    27  	fs := cmd.Flags()
    28  	flag.BindEnv(fs, constants.DryRun, "n", "Do not call any external dependencies like iptables.",
    29  		&cfg.DryRun)
    30  
    31  	flag.BindEnv(fs, constants.ProxyUID, "u",
    32  		"Specify the UID of the user for which the redirection is not applied. Typically, this is the UID of the proxy container.",
    33  		&cfg.ProxyUID)
    34  
    35  	flag.BindEnv(fs, constants.ProxyGID, "g",
    36  		"Specify the GID of the user for which the redirection is not applied (same default value as -u param).",
    37  		&cfg.ProxyGID)
    38  
    39  	flag.BindEnv(fs, constants.RedirectDNS, "", "Enable capture of dns traffic by istio-agent.", &cfg.RedirectDNS)
    40  	// Allow binding to a different var, for consistency with other components
    41  	flag.AdditionalEnv(fs, constants.RedirectDNS, "ISTIO_META_DNS_CAPTURE")
    42  
    43  	flag.BindEnv(fs, constants.CaptureAllDNS, "",
    44  		"Instead of only capturing DNS traffic to DNS server IP, capture all DNS traffic at port 53. This setting is only effective when redirect dns is enabled.",
    45  		&cfg.CaptureAllDNS)
    46  
    47  	flag.BindEnv(fs, constants.InboundInterceptionMode, "m",
    48  		"The mode used to redirect inbound connections to Envoy, either \"REDIRECT\" or \"TPROXY\".",
    49  		&cfg.InboundInterceptionMode)
    50  
    51  	flag.BindEnv(fs, constants.InboundTProxyMark, "t", "", &cfg.InboundTProxyMark)
    52  }
    53  
    54  func GetCommand(logOpts *log.Options) *cobra.Command {
    55  	cfg := config.DefaultConfig()
    56  	cmd := &cobra.Command{
    57  		Use:   "istio-clean-iptables",
    58  		Short: "Clean up iptables rules for Istio Sidecar",
    59  		Long:  "Script responsible for cleaning up iptables rules",
    60  		PreRunE: func(cmd *cobra.Command, args []string) error {
    61  			if err := log.Configure(logOpts); err != nil {
    62  				return err
    63  			}
    64  			return nil
    65  		},
    66  		RunE: func(cmd *cobra.Command, args []string) error {
    67  			cfg.FillConfigFromEnvironment()
    68  			if err := cfg.Validate(); err != nil {
    69  				return err
    70  			}
    71  			ext := NewDependencies(cfg)
    72  
    73  			iptVer, err := ext.DetectIptablesVersion(false)
    74  			if err != nil {
    75  				return err
    76  			}
    77  			ipt6Ver, err := ext.DetectIptablesVersion(true)
    78  			if err != nil {
    79  				return err
    80  			}
    81  
    82  			cleaner := NewIptablesCleaner(cfg, &iptVer, &ipt6Ver, ext)
    83  			cleaner.Run()
    84  			return nil
    85  		},
    86  	}
    87  	bindCmdlineFlags(cfg, cmd)
    88  	return cmd
    89  }