Merge pull request #43 from thediveo/develop

Develop

README.md

@@ -12,6 +12,14 @@
 ![file descriptors](https://img.shields.io/badge/file%20descriptors-not%20leaking-success)
 [![Go Report Card](https://goreportcard.com/badge/github.com/thediveo/lxkns)](https://goreportcard.com/report/github.com/thediveo/lxkns)
 
+Discover how containers are using Linux kernel namespaces...
+
+[![container namespaces](docs/_images/all-namespaces-with-containers-thumbnail.png)](docs/_images/all-namespaces-with-containers.png)
+
+...or the mounts inside your containers, and how _over-mounts_ make other mounts
+_invisible_.
+
+[![container mounts](docs/_images/container-mounts-thumbnail.png)](docs/_images/container-mounts-containers.png)
 
 ## Quick Start
 
@@ -36,18 +44,18 @@ namespaces, as well as mount points with their hierarchies.
 ## Overview
 
 `lxkns` discovers...
-- Linux namespaces in almost every nook and cranny of your hosts (from open file
-  descriptors, bind-mounts, processes, and now even tasks and from open sockets)
-  – please see the table below,
-- the mount points inside mount namespaces (correctly representing
+- **Linux namespaces** in almost every nook and cranny of your hosts (from open
+  file descriptors, bind-mounts, processes, and now even tasks and from open
+  sockets) – please see the table below,
+- the **mount points inside mount namespaces** (correctly representing
   "overmounts").
-- container workloads: these are then related to the underlying Linux
-  namespaces.
+- **container workloads**: these are automatically related to the underlying
+  Linux namespaces.
   - `lxkns` now leverages [(Siemens OSS) Turtlefinder
     technology](https://github.com/siemens/turtlefinder) to autodetect container
     engines even in hierarchical configurations, such as Kubernetes-in-Docker
     and Docker Desktop on WSL2. Also, (socket-activated) podman detection has
-    finally landed in Turtlefinder, and in turn also in `lxkns`.
+    finally landed in turtlefinder, and in turn also in `lxkns`.
 
 
 | | Where? | `lsns` | `lxkns` |
@@ -60,16 +68,6 @@ namespaces, as well as mount points with their hierarchies.
 | ➄  | namespace hierarchy | ✗ | ✓ |
 | ➅  | owning user namespaces | ✗ | ✓ |
 
-The following container engine types are supported:
-- Docker,
-- plain containerd,
-- CRI Evented PLEG: containerd, CRI-O,
-- podman (via its Docker-compatible API only).
-
-The `lxkns` discovery engine can be operated as a stand-alone REST service with
-additional web UI. Alternatively, it can be embedded/integrated into other
-system diagnosis tools.
-
 For mount namespaces, lxkns finds mount points even in process-less mount
 namespaces (for instance, as utilized in ["snap"
 technology](https://snapcraft.io/docs)). Our discovery engine even determines
@@ -91,6 +89,26 @@ frontend:
 [![lxkns web
 app](https://img.youtube.com/vi/4e6_jGLM9JA/0.jpg)](https://www.youtube.com/watch?v=4e6_jGLM9JA)
 
+## Detected/Supported Container Engines
+
+The following container engine types are supported:
+- [Docker](https://docker.com),
+- plain [containerd](https://containerd.io/),
+- via the [CRI Evented
+  PLEG API](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/3386-kubelet-evented-pleg/README.md):
+  [containerd](https://containerd.io/) and [CRI-O](https://cri-o.io/),
+- [socket-activatable](https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md)
+  [podman](https://podman.io/) – via the Docker-compatible API only. Please note
+  that there is no support for podman-proprietary pods (not to be confused with
+  Kubernetes pods).
+
+## Deployment Options
+
+The `lxkns` discovery engine can be operated as a stand-alone REST service with
+additional web UI. Alternatively, it can be embedded/integrated into other
+system diagnosis tools. A prominent example of embedding `lxkns` is
+[@siemens/ghostwire](https://github.com/siemens/ghostwire).
+
 ## Notes
 
 ### Supported Go Versions

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.13.2
 	github.com/onsi/gomega v1.30.0
 	github.com/ory/dockertest/v3 v3.10.0
-	github.com/siemens/turtlefinder v1.1.0
+	github.com/siemens/turtlefinder v1.1.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0
 	github.com/thediveo/enumflag/v2 v2.0.5
@@ -35,14 +35,15 @@ require (
 
 require (
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
-	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
+	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
-	github.com/docker/distribution v2.8.2+incompatible // indirect
-	github.com/felixge/httpsnoop v1.0.3 // indirect
-	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/distribution/reference v0.5.0 // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-sql-driver/mysql v1.7.0 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
@@ -54,14 +55,14 @@ require (
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
 	github.com/perimeterx/marshmallow v1.1.5 // indirect
 	github.com/prometheus/procfs v0.9.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
-	go.opentelemetry.io/otel v1.19.0 // indirect
-	go.opentelemetry.io/otel/metric v1.19.0 // indirect
-	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
+	go.opentelemetry.io/otel v1.21.0 // indirect
+	go.opentelemetry.io/otel/metric v1.21.0 // indirect
+	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 	go.uber.org/goleak v1.2.1 // indirect
 	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/tools v0.16.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect
+	golang.org/x/tools v0.16.1 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240108191215-35c7eff3a6b1 // indirect
 	gotest.tools/v3 v3.4.0 // indirect
 )
 
@@ -73,12 +74,12 @@ require (
 	github.com/PaesslerAG/gval v1.0.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/containerd/cgroups v1.1.0 // indirect
-	github.com/containerd/continuity v0.4.2 // indirect
+	github.com/containerd/continuity v0.4.3 // indirect
 	github.com/containerd/fifo v1.1.0 // indirect
 	github.com/containerd/ttrpc v1.2.2 // indirect
 	github.com/docker/cli v24.0.2+incompatible // indirect
 	github.com/docker/docker v24.0.7+incompatible // indirect
-	github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/fvbommel/sortorder v1.1.0 // indirect
@@ -94,20 +95,20 @@ require (
 	github.com/google/uuid v1.5.0
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/klauspost/compress v1.16.6 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-isatty v0.0.18 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
-	github.com/moby/sys/mountinfo v0.6.2 // indirect
+	github.com/moby/sys/mountinfo v0.7.1 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
-	github.com/opencontainers/runc v1.1.7 // indirect
-	github.com/opencontainers/runtime-spec v1.1.0-rc.3 // indirect
+	github.com/opencontainers/runc v1.1.11 // indirect
+	github.com/opencontainers/runtime-spec v1.1.0 // indirect
 	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
@@ -123,11 +124,11 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc
-	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
-	google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect
+	google.golang.org/genproto v0.0.0-20240108191215-35c7eff3a6b1 // indirect
 	google.golang.org/grpc v1.60.1 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/client-go v0.28.3 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect