Skip to content
This repository has been archived by the owner on Oct 22, 2024. It is now read-only.
/ mirrosa Public archive

A helpful tool for SREs to investigate and learn about ROSA clusters

License

Notifications You must be signed in to change notification settings

mjlshen/mirrosa

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

mirrosa

Ever wondered if AWS infrastructure around a ROSA cluster has been modified? Wonder no more! mirrosa will let you know if a ROSA cluster is truly the fairest of them all.

Installation

For Linux and macOS binaries see the GitHub release assets.

Release binaries are signed using cosign and can be verified like:

cosign verify-blob --key signing.pub --signature mirrosa_darwin_arm64.sig mirrosa_darwin_arm64

Developer Installation

go install github.com/mjlshen/mirrosa@latest

Prerequisites

Usage

Validate of a cluster's AWS configuration using a cluster's name, internal ID, or external ID:

mirrosa -cluster-id mshen-sts

How it works

The goal of mirrosa is to essentially walk this graph to validate specific components of ROSA clusters. It collects information about a cluster from OCM and then uses ocm-backplane to build an AWS client in-memory to start validating! It's main purpose is to be a helpful learning and troubleshooting tool for SREs, so when adding features try to keep the AWS permissions available for SREs into account.

graph TD;
  C[OCM ClusterId]-->P[PrivateLink]
  P-->VPCES[VPC Endpoint Service]
  C-->D[DNS Basedomain]
  D-->R[Route53 Private Hosted Zone]
  D-->RPub[Route53 Public Hosted Zone]
  R-->APILB[api LB]
  R-->ALB[*.apps LB]
  R-->V[VPC ID]
  V-->Subnet[SubnetIDs]
  Subnet-->RT[Route Tables]
  V-->EC[EC2 Instances]
  EC-->SG[Security Groups]
  V-->VPCE[S3 VPC Endpoint]
  V-->IGW[Internet Gateway]
  V-->DHCP[DHCP Options]
  RT-->NAT[NAT Gateway]
Loading

Each AWS resource in the graph is represented by a Component, which requires functions to validate the component and return documentation if validation fails.

// Component represents a specific component that will be validated
type Component interface {
	// FilterValue returns the name of the component to implement the github.com/charmbracelet/bubbles/list Item interface
	FilterValue() string

	// Documentation returns a thorough description of the component's expected configuration.
	// It should allow a new user of ROSA to understand what the expected state is and why it should be that way.
	Documentation() string

	// Validate checks a component for any misconfiguration and returns any error
	Validate(ctx context.Context) error
}

Future Work

Check out the issues and CONTRIBUTING.md!

Long Term

  • A TUI UX for fun with charmbracelet, which can help users learn about ROSA clusters interactively beyond just validating them