Added initial nginx services

- Proxy allows ingress traffic to be sent to another element in service mesh - Mirroring is also in the default configuration - Default configuration is to proxy to a clover-server and mirror to snort-ids - A location_path (URI in HTTP requests) can be reconfigured to restrict proxing; default to '/' - A proxy_path can be reconfigured to specify an alternate destination - A mirror path can be reconfigured to specify where traffic will be spanned - The default server_port (listen port) for the proxy is 9180 but can be reconfigured - The default server_name is http-proxy but can be reconfigured - Reconfiguration is done over GRPC with jinja2 template for nginx - Currently snort ids sends alerts to proxy with stub code in GRPC - Refactored the code to have a nginx base with subservices - Proxy, Load Balancer (lb), and Server can share code - mainly GRPC server - Nginx subservices have separate docker builds - Improved build scripts for CI - Render yaml manifests dynamically - Improve nginx_client for runtime modifications (but not really useful yet) Change-Id: Icbff6890021bcc8a8da4690c9261205d6e1ca43a Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
author: Eddie Arrage <eddie.arrage@huawei.com> 2018-03-21 18:38:59 +0000
committer: Eddie Arrage <eddie.arrage@huawei.com> 2018-03-30 01:22:37 +0000
commit: 1575a9b3f7e7f475d4d5d8d1541f783948c0d398 (patch)
tree: 6c663149df632258e41a5d961079a9236d42a7a8 /samples/services/nginx/docker/grpc/nginx_client.py
parent: 9f3d87d798cf04c243e82d284a7dc4f7b3ec5c1a (diff)
1 files changed, 87 insertions, 0 deletions
diff --git a/samples/services/nginx/docker/grpc/nginx_client.py b/samples/services/nginx/docker/grpc/nginx_client.py
new file mode 100644
index 0000000..dfefb08
--- /dev/null
+++ b/samples/services/nginx/docker/grpc/nginx_client.py
@@ -0,0 +1,87 @@
+# Copyright (c) Authors of Clover
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+
+from __future__ import print_function
+from kubernetes import client, config
+
+import grpc
+import argparse
+import pickle
+
+import nginx_pb2
+import nginx_pb2_grpc
+
+
+def run(args):
+    # get pod ip for grpc
+    pod_ip = get_podip(args['service_name'])
+    if pod_ip == '':
+        return "Cant find service with name: {}".format(args['service_name'])
+    nginx_grpc = pod_ip + ':50054'
+    channel = grpc.insecure_channel(nginx_grpc)
+    stub = nginx_pb2_grpc.ControllerStub(channel)
+
+    # modify config
+    if args['service_type'] == 'lb':
+        modify_lb(stub)
+    elif args['service_type'] == 'proxy':
+        modify_proxy(stub)
+    elif args['service_type'] == 'server':
+        modify_server(stub)
+    else:
+        return "Invalid service type: {}".format(args['service_type'])
+    return "Modification complete"
+
+
+def get_podip(pod_name):
+    config.load_kube_config()
+    v1 = client.CoreV1Api()
+    ret = v1.list_pod_for_all_namespaces(watch=False)
+    ip = ''
+    for i in ret.items:
+        if i.metadata.name.lower().find(pod_name.lower()) != -1:
+            print(i.status.pod_ip)
+            ip = i.status.pod_ip
+    return str(ip)
+
+
+def modify_proxy(stub):
+    response = stub.ModifyProxy(nginx_pb2.ConfigProxy(
+            server_port='9180', server_name='http-proxy',
+            location_path='/', proxy_path='http://clover-server:9180',
+            mirror_path='http://snort-ids:80'))
+    print(response.message)
+
+
+def modify_server(stub):
+    response = stub.ModifyServer(nginx_pb2.ConfigServer(
+            server_port='9180', server_name='clover-server',
+            site_root='/var/www/html', site_index='index.nginx-debian.html'))
+    print(response.message)
+
+
+def modify_lb(stub):
+    slb_list = pickle.dumps(
+                    ['clover-server1', 'clover-server2', 'clover-server3'])
+    response = stub.ModifyLB(nginx_pb2.ConfigLB(
+            server_port='9188', server_name='http-lb',
+            slb_list=slb_list,
+            slb_group='cloverlb', lb_path='/'))
+    print(response.message)
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+            '--service_type', required=True,
+            help='The service to reconfigure')
+    parser.add_argument(
+            '--service_name', required=True,
+            help='The service to reconfigure')
+
+    args = parser.parse_args()
+    print(run(vars(args)))
author	Eddie Arrage <eddie.arrage@huawei.com>	2018-03-21 18:38:59 +0000
committer	Eddie Arrage <eddie.arrage@huawei.com>	2018-03-30 01:22:37 +0000
commit	1575a9b3f7e7f475d4d5d8d1541f783948c0d398 (patch)
tree	6c663149df632258e41a5d961079a9236d42a7a8 /samples/services/nginx/docker/grpc/nginx_client.py
parent	9f3d87d798cf04c243e82d284a7dc4f7b3ec5c1a (diff)