diff options
| author |   Eddie Arrage <eddie.arrage@huawei.com> | 2018-03-21 18:38:59 +0000 |
|---|---|---|
| committer | Eddie Arrage <eddie.arrage@huawei.com> | 2018-03-30 01:22:37 +0000 |
| commit | 1575a9b3f7e7f475d4d5d8d1541f783948c0d398 (patch) | |
| tree | 6c663149df632258e41a5d961079a9236d42a7a8 /samples/services/nginx/yaml/render_yaml.py | |
| parent | 9f3d87d798cf04c243e82d284a7dc4f7b3ec5c1a (diff) | |
Added initial nginx services
- Proxy allows ingress traffic to be sent to another element in
service mesh
- Mirroring is also in the default configuration
- Default configuration is to proxy to a clover-server and mirror
to snort-ids
- A location_path (URI in HTTP requests) can be reconfigured to
restrict proxing; default to '/'
- A proxy_path can be reconfigured to specify an alternate destination
- A mirror path can be reconfigured to specify where traffic
will be spanned
- The default server_port (listen port) for the proxy is 9180 but can be
reconfigured
- The default server_name is http-proxy but can be reconfigured
- Reconfiguration is done over GRPC with jinja2 template for nginx
- Currently snort ids sends alerts to proxy with stub code in GRPC
- Refactored the code to have a nginx base with subservices
- Proxy, Load Balancer (lb), and Server can share code - mainly GRPC
server
- Nginx subservices have separate docker builds
- Improved build scripts for CI
- Render yaml manifests dynamically
- Improve nginx_client for runtime modifications (but not really
useful yet)
Change-Id: Icbff6890021bcc8a8da4690c9261205d6e1ca43a
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Diffstat (limited to 'samples/services/nginx/yaml/render_yaml.py')
| -rw-r--r-- | samples/services/nginx/yaml/render_yaml.py | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/samples/services/nginx/yaml/render_yaml.py b/samples/services/nginx/yaml/render_yaml.py new file mode 100644 index 0000000..527ba8d --- /dev/null +++ b/samples/services/nginx/yaml/render_yaml.py @@ -0,0 +1,64 @@ +# Copyright (c) Authors of Clover +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 + +import argparse + +from jinja2 import Template + + +def render_yaml(args): + template_file = 'manifest.template' + server_port = '9180' + grpc_port = '50054' + if args['service_type'] == 'lb': + out_file = 'lb.yaml' + deploy_name = 'http-lb' + elif args['service_type'] == 'proxy': + out_file = 'proxy.yaml' + deploy_name = 'proxy-access-control' + elif args['service_type'] == 'server': + out_file = 'server.yaml' + deploy_name = 'clover-server' + else: + return "Invalid service type: {}".format(args['service_type']) + + try: + with open(template_file) as f: + tmpl = Template(f.read()) + output = tmpl.render( + image_path=args['image_path'], + image_name=args['image_name'], + image_tag=args['image_tag'], + deploy_name=deploy_name, + server_port=server_port, + grpc_port=grpc_port + ) + with open(out_file, "wb") as fh: + fh.write(output) + return "Generated manifest for {}".format(args['service_type']) + except Exception as e: + print(e) + return "Unable to generate manifest for {}".format( + args['service_type']) + + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + parser.add_argument( + '--service_type', required=True, + help='The service to generate k8s manifest for') + parser.add_argument( + '--image_name', required=True, + help='The image name to use') + parser.add_argument( + '--image_path', default='localhost:5000', + help='The path to the images to use') + parser.add_argument( + '--image_tag', default='latest', + help='The image tag to use') + args = parser.parse_args() + print(render_yaml(vars(args))) |