summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--clover/monitoring/validate.py3
-rw-r--r--clover/tools/clover_validate_rr.py10
-rw-r--r--clover/tools/validate_rr.py8
-rw-r--r--clover/tracing/tracing_sample.py3
-rw-r--r--clover/tracing/validate.py2
-rw-r--r--docker/Dockerfile35
-rwxr-xr-xdocker/build.sh18
-rwxr-xr-xdocker/setup.sh38
-rw-r--r--docs/development/design/index.rst15
-rw-r--r--docs/development/design/logging.rst (renamed from docs/logging.rst)0
-rw-r--r--docs/development/design/monitoring.rst (renamed from docs/monitoring.rst)0
-rw-r--r--docs/development/design/tracing.rst (renamed from docs/tracing.rst)0
-rw-r--r--requirements.txt3
-rw-r--r--samples/scenarios/service_delivery_controller.yaml362
-rw-r--r--samples/scenarios/service_delivery_controller_opnfv.yaml361
-rw-r--r--samples/services/snort_ids/docker/grpc/snort_alerts.py2
-rw-r--r--samples/services/snort_ids/yaml/manifest.template3
-rw-r--r--samples/services/snort_ids/yaml/render_yaml.py11
18 files changed, 855 insertions, 19 deletions
diff --git a/clover/monitoring/validate.py b/clover/monitoring/validate.py
index fafe5df..347fe84 100644
--- a/clover/monitoring/validate.py
+++ b/clover/monitoring/validate.py
@@ -5,9 +5,10 @@
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
-from monitoring import Monitoring
from kubernetes import client, config
+from clover.monitoring.monitoring import Monitoring
+
PROMETHEUS_URL = "http://127.0.0.1:9090"
PROMETHEUS_DEPLOYMENT = "prometheus"
PROMETHEUS_LABELS = "app=prometheus"
diff --git a/clover/tools/clover_validate_rr.py b/clover/tools/clover_validate_rr.py
index ff1f8b4..896df6e 100644
--- a/clover/tools/clover_validate_rr.py
+++ b/clover/tools/clover_validate_rr.py
@@ -10,12 +10,10 @@
import getopt
import sys
-sys.path.insert(0, '..')
-
-from orchestration import kube_client
-import servicemesh.route_rules as rr
-from tracing.tracing import Tracing
-from validate_rr import ValidateWRR
+from clover.orchestration import kube_client
+import clover.servicemesh.route_rules as rr
+from clover.tracing.tracing import Tracing
+from clover.tools.validate_rr import ValidateWRR
def main(argv):
service_name = None
diff --git a/clover/tools/validate_rr.py b/clover/tools/validate_rr.py
index 0e7b9ed..aa1b211 100644
--- a/clover/tools/validate_rr.py
+++ b/clover/tools/validate_rr.py
@@ -8,11 +8,9 @@
# http://www.apache.org/licenses/LICENSE-2.0
import sys
-sys.path.insert(0, '..')
-
-from orchestration import kube_client
-import servicemesh.route_rules as rr
-from tracing.tracing import Tracing
+from clover.orchestration import kube_client
+import clover.servicemesh.route_rules as rr
+from clover.tracing.tracing import Tracing
class ValidateWRR(object):
diff --git a/clover/tracing/tracing_sample.py b/clover/tracing/tracing_sample.py
index f0234bf..1026008 100644
--- a/clover/tracing/tracing_sample.py
+++ b/clover/tracing/tracing_sample.py
@@ -7,7 +7,8 @@
import uuid
import time
-from tracing import Tracing
+
+from clover.tracing.tracing import Tracing
t = Tracing('localhost', '30888')
diff --git a/clover/tracing/validate.py b/clover/tracing/validate.py
index eed6f9a..9cbfdd0 100644
--- a/clover/tracing/validate.py
+++ b/clover/tracing/validate.py
@@ -5,9 +5,9 @@
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
-from tracing import Tracing
from kubernetes import client, config
+from clover.tracing.tracing import Tracing
JAEGER_IP = "localhost"
# JAEGER_IP = "1.1.1.1"
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..c2dcd84
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,35 @@
+# Copyright (c) Authors of Clover
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+
+FROM ubuntu:16.04
+LABEL image=opnfv/clover
+ARG BRANCH=master
+
+# GIT repo directory
+ENV REPOS_DIR="/home/opnfv/repos"
+
+# Clover repo
+ENV CLOVER_REPO_DIR="${REPOS_DIR}/clover"
+
+# Install basic dependency
+RUN apt-get update \
+ && apt-get install -y git python-setuptools python-pip curl apt-transport-https \
+ && apt-get -y autoremove && apt-get clean \
+ && pip install --upgrade pip
+
+# Fetch source code
+RUN mkdir -p ${REPOS_DIR}
+COPY ./ ${CLOVER_REPO_DIR}
+
+# Install tools like istioctl & kubectl
+RUN ${CLOVER_REPO_DIR}/docker/setup.sh
+
+# Install clover package
+RUN cd ${CLOVER_REPO_DIR} && pip install ./
+
+# Set work directory
+WORKDIR ${CLOVER_REPO_DIR}
diff --git a/docker/build.sh b/docker/build.sh
new file mode 100755
index 0000000..6b59647
--- /dev/null
+++ b/docker/build.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+#
+# Copyright (c) Authors of Clover
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+
+CLOVER_BASE_DIR=$(cd ${BASH_SOURCE[0]%/*}/..;pwd)
+IMAGE_PATH=${IMAGE_PATH:-"localhost:5000"}
+IMAGE_NAME=${IMAGE_NAME:-"clover"}
+
+cd $CLOVER_BASE_DIR
+docker build -f docker/Dockerfile -t $IMAGE_NAME .
+docker tag $IMAGE_NAME $IMAGE_PATH/$IMAGE_NAME
+docker push $IMAGE_PATH/$IMAGE_NAME
diff --git a/docker/setup.sh b/docker/setup.sh
new file mode 100755
index 0000000..459f44b
--- /dev/null
+++ b/docker/setup.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+#
+# Copyright (c) Authors of Clover
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+
+set -ex
+
+# Get latest istio version, refer: https://git.io/getLatestIstio
+if [ "x${ISTIO_VERSION}" = "x" ] ; then
+ ISTIO_VERSION=$(curl -L -s https://api.github.com/repos/istio/istio/releases/latest | \
+ grep tag_name | sed "s/ *\"tag_name\": *\"\(.*\)\",*/\1/")
+fi
+
+ISTIO_DIR_NAME="istio-$ISTIO_VERSION"
+
+cd /usr/local/
+curl -L https://git.io/getLatestIstio | sh -
+mv $ISTIO_DIR_NAME istio-source
+
+# Install kubectl
+curl -s http://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
+cat << EOF > /etc/apt/sources.list.d/kubernetes.list
+deb http://apt.kubernetes.io/ kubernetes-xenial main
+EOF
+
+apt-get update \
+ && apt-get install -y --allow-downgrades kubectl=1.9.1-00 \
+ && apt-get -y autoremove \
+ && apt-get clean
+
+# Persistently append istioctl bin path to PATH env
+echo 'export PATH="$PATH:/usr/local/istio-source/bin"' >> ~/.bashrc
+echo "source <(kubectl completion bash)" >> ~/.bashrc
diff --git a/docs/development/design/index.rst b/docs/development/design/index.rst
new file mode 100644
index 0000000..1bb89f1
--- /dev/null
+++ b/docs/development/design/index.rst
@@ -0,0 +1,15 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International
+.. License.
+.. http://creativecommons.org/licenses/by/4.0
+.. (c) OPNFV, Authors of Clover
+
+=================================
+OPNFV Clover Design Specification
+=================================
+
+.. toctree::
+ :maxdepth: 1
+
+ logging
+ monitoring
+ tracing
diff --git a/docs/logging.rst b/docs/development/design/logging.rst
index 196ba40..196ba40 100644
--- a/docs/logging.rst
+++ b/docs/development/design/logging.rst
diff --git a/docs/monitoring.rst b/docs/development/design/monitoring.rst
index 44b01e3..44b01e3 100644
--- a/docs/monitoring.rst
+++ b/docs/development/design/monitoring.rst
diff --git a/docs/tracing.rst b/docs/development/design/tracing.rst
index 79d686c..79d686c 100644
--- a/docs/tracing.rst
+++ b/docs/development/design/tracing.rst
diff --git a/requirements.txt b/requirements.txt
index ac3fdd2..c84c18f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,8 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
+kubernetes # Apache-2.0
pbr!=2.1.0,>=2.0.0 # Apache-2.0
+sh # MIT
xtesting # Apache-2.0
+redis # MIT
diff --git a/samples/scenarios/service_delivery_controller.yaml b/samples/scenarios/service_delivery_controller.yaml
index c3a9411..b9c3506 100644
--- a/samples/scenarios/service_delivery_controller.yaml
+++ b/samples/scenarios/service_delivery_controller.yaml
@@ -1 +1,361 @@
-<Toplevel yaml for entire sample scenario (applciation) goes here>
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ name: redis
+ redis-sentinel: "true"
+ role: master
+ name: redis
+spec:
+ containers:
+ - name: redis
+ image: k8s.gcr.io/redis:v1
+ env:
+ - name: MASTER
+ value: "true"
+ ports:
+ - containerPort: 6379
+ resources:
+ limits:
+ cpu: "0.1"
+ volumeMounts:
+ - mountPath: /redis-master-data
+ name: data
+ - name: sentinel
+ image: kubernetes/redis:v1
+ env:
+ - name: SENTINEL
+ value: "true"
+ ports:
+ - containerPort: 26379
+ volumes:
+ - name: data
+ emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: redis
+spec:
+ ports:
+ - port: 6379
+ selector:
+ name: redis
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server1
+ labels:
+ app: clover-server1
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server1
+ spec:
+ containers:
+ - name: clover-server1
+ image: localhost:5000/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server1
+ labels:
+ app: clover-server1
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server1
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server2
+ labels:
+ app: clover-server2
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server2
+ spec:
+ containers:
+ - name: clover-server2
+ image: localhost:5000/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server2
+ labels:
+ app: clover-server2
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server2
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server3
+ labels:
+ app: clover-server3
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server3
+ spec:
+ containers:
+ - name: clover-server3
+ image: localhost:5000/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server3
+ labels:
+ app: clover-server3
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server3
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server4
+ labels:
+ app: clover-server4
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server4
+ spec:
+ containers:
+ - name: clover-server4
+ image: localhost:5000/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server4
+ labels:
+ app: clover-server4
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server4
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server5
+ labels:
+ app: clover-server5
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server5
+ spec:
+ containers:
+ - name: clover-server5
+ image: localhost:5000/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server5
+ labels:
+ app: clover-server5
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server5
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: http-lb-v1
+ labels:
+ app: http-lb
+ version: v1
+spec:
+ template:
+ metadata:
+ labels:
+ app: http-lb
+ version: v1
+ spec:
+ containers:
+ - name: http-lb
+ image: localhost:5000/clover-ns-nginx-lb:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: http-lb-v2
+ labels:
+ app: http-lb
+ version: v2
+spec:
+ template:
+ metadata:
+ labels:
+ app: http-lb
+ version: v2
+ spec:
+ containers:
+ - name: http-lb
+ image: localhost:5000/clover-ns-nginx-lb:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: http-lb
+ labels:
+ app: http-lb
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: http-lb
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: snort-ids
+ labels:
+ app: snort-ids
+spec:
+ template:
+ metadata:
+ labels:
+ app: snort-ids
+ spec:
+ containers:
+ - name: snort-ids
+ image: localhost:5000/clover-ns-snort-ids:latest
+ ports:
+ - containerPort: 50052
+ - containerPort: 50054
+ - containerPort: 6379
+ - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: snort-ids
+ labels:
+ app: snort-ids
+spec:
+ ports:
+ - port: 50052
+ name: grpc
+ - port: 50054
+ name: proxy-access-control
+ - port: 6379
+ name: redis
+ - port: 80
+ name: http
+ selector:
+ app: snort-ids
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: proxy-access-control
+ labels:
+ app: proxy-access-control
+spec:
+ template:
+ metadata:
+ labels:
+ app: proxy-access-control
+ spec:
+ containers:
+ - name: proxy-access-control
+ image: localhost:5000/clover-ns-nginx-proxy:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: proxy-access-control
+ labels:
+ app: proxy-access-control
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: proxy-access-control
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: proxy-gateway
+ annotations:
+ kubernetes.io/ingress.class: "istio"
+spec:
+ rules:
+ - http:
+ paths:
+ - path:
+ backend:
+ serviceName: proxy-access-control
+ servicePort: 9180
+---
diff --git a/samples/scenarios/service_delivery_controller_opnfv.yaml b/samples/scenarios/service_delivery_controller_opnfv.yaml
new file mode 100644
index 0000000..ee0adcc
--- /dev/null
+++ b/samples/scenarios/service_delivery_controller_opnfv.yaml
@@ -0,0 +1,361 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ name: redis
+ redis-sentinel: "true"
+ role: master
+ name: redis
+spec:
+ containers:
+ - name: redis
+ image: k8s.gcr.io/redis:v1
+ env:
+ - name: MASTER
+ value: "true"
+ ports:
+ - containerPort: 6379
+ resources:
+ limits:
+ cpu: "0.1"
+ volumeMounts:
+ - mountPath: /redis-master-data
+ name: data
+ - name: sentinel
+ image: kubernetes/redis:v1
+ env:
+ - name: SENTINEL
+ value: "true"
+ ports:
+ - containerPort: 26379
+ volumes:
+ - name: data
+ emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: redis
+spec:
+ ports:
+ - port: 6379
+ selector:
+ name: redis
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server1
+ labels:
+ app: clover-server1
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server1
+ spec:
+ containers:
+ - name: clover-server1
+ image: opnfv/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server1
+ labels:
+ app: clover-server1
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server1
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server2
+ labels:
+ app: clover-server2
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server2
+ spec:
+ containers:
+ - name: clover-server2
+ image: opnfv/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server2
+ labels:
+ app: clover-server2
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server2
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server3
+ labels:
+ app: clover-server3
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server3
+ spec:
+ containers:
+ - name: clover-server3
+ image: opnfv/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server3
+ labels:
+ app: clover-server3
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server3
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server4
+ labels:
+ app: clover-server4
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server4
+ spec:
+ containers:
+ - name: clover-server4
+ image: opnfv/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server4
+ labels:
+ app: clover-server4
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server4
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server5
+ labels:
+ app: clover-server5
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server5
+ spec:
+ containers:
+ - name: clover-server5
+ image: opnfv/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server5
+ labels:
+ app: clover-server5
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server5
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: http-lb-v1
+ labels:
+ app: http-lb
+ version: v1
+spec:
+ template:
+ metadata:
+ labels:
+ app: http-lb
+ version: v1
+ spec:
+ containers:
+ - name: http-lb
+ image: opnfv/clover-ns-nginx-lb:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: http-lb-v2
+ labels:
+ app: http-lb
+ version: v2
+spec:
+ template:
+ metadata:
+ labels:
+ app: http-lb
+ version: v2
+ spec:
+ containers:
+ - name: http-lb
+ image: opnfv/clover-ns-nginx-lb:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: http-lb
+ labels:
+ app: http-lb
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: http-lb
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: snort-ids
+ labels:
+ app: snort-ids
+spec:
+ template:
+ metadata:
+ labels:
+ app: snort-ids
+ spec:
+ containers:
+ - name: snort-ids
+ image: opnfv/clover-ns-snort-ids:latest
+ ports:
+ - containerPort: 50052
+ - containerPort: 50054
+ - containerPort: 6379
+ - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: snort-ids
+ labels:
+ app: snort-ids
+spec:
+ ports:
+ - port: 50052
+ name: grpc
+ - port: 50054
+ name: proxy-access-control
+ - port: 6379
+ name: redis
+ - port: 80
+ name: http
+ selector:
+ app: snort-ids
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: proxy-access-control
+ labels:
+ app: proxy-access-control
+spec:
+ template:
+ metadata:
+ labels:
+ app: proxy-access-control
+ spec:
+ containers:
+ - name: proxy-access-control
+ image: opnfv/clover-ns-nginx-proxy:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: proxy-access-control
+ labels:
+ app: proxy-access-control
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: proxy-access-control
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: proxy-gateway
+ annotations:
+ kubernetes.io/ingress.class: "istio"
+spec:
+ rules:
+ - http:
+ paths:
+ - path:
+ backend:
+ serviceName: proxy-access-control
+ servicePort: 9180
+---
diff --git a/samples/services/snort_ids/docker/grpc/snort_alerts.py b/samples/services/snort_ids/docker/grpc/snort_alerts.py
index eda2bd6..4cb87e2 100644
--- a/samples/services/snort_ids/docker/grpc/snort_alerts.py
+++ b/samples/services/snort_ids/docker/grpc/snort_alerts.py
@@ -14,7 +14,7 @@ from idstools import unified2
HOST_IP = 'redis'
-PROXY_GRPC = 'http-proxy:50054'
+PROXY_GRPC = 'proxy-access-control:50054'
logging.basicConfig(filename='alert.log', level=logging.DEBUG)
diff --git a/samples/services/snort_ids/yaml/manifest.template b/samples/services/snort_ids/yaml/manifest.template
index 178765b..25dbefa 100644
--- a/samples/services/snort_ids/yaml/manifest.template
+++ b/samples/services/snort_ids/yaml/manifest.template
@@ -18,6 +18,7 @@ spec:
- containerPort: {{ grpc_port }}
- containerPort: {{ redis_port }}
- containerPort: {{ http_port }}
+ - containerPort: {{ pac_port }}
---
apiVersion: v1
kind: Service
@@ -33,6 +34,8 @@ spec:
name: redis
- port: {{ http_port }}
name: http
+ - port: {{ pac_port }}
+ name: proxy-access-control
selector:
app: {{ deploy_name }}
---
diff --git a/samples/services/snort_ids/yaml/render_yaml.py b/samples/services/snort_ids/yaml/render_yaml.py
index e23f540..42a2615 100644
--- a/samples/services/snort_ids/yaml/render_yaml.py
+++ b/samples/services/snort_ids/yaml/render_yaml.py
@@ -23,6 +23,7 @@ def render_yaml(args):
image_tag=args['image_tag'],
deploy_name=args['deploy_name'],
grpc_port=args['grpc_port'],
+ pac_port=args['pac_port'],
redis_port=args['redis_port'],
http_port=args['http_port']
)
@@ -42,7 +43,7 @@ if __name__ == '__main__':
help='The image name to use')
parser.add_argument(
'--image_path', default='localhost:5000',
- help='The path to the images to use')
+ help='The path to the image to use')
parser.add_argument(
'--image_tag', default='latest',
help='The image tag to use')
@@ -54,9 +55,13 @@ if __name__ == '__main__':
help='The redis port to connect to for alerts')
parser.add_argument(
'--http_port', default='80',
- help='Analyze http traffic on this port')
+ help='Analyze http data-plane traffic on this port')
parser.add_argument(
'--grpc_port', default='50052',
- help='The image tag to use')
+ help='The GRPC server port for snort management')
+ parser.add_argument(
+ '--pac_port', default='50054',
+ help='The GRPC server port of the service to send alerts on')
+
args = parser.parse_args()
print(render_yaml(vars(args)))