diff options
Diffstat (limited to 'samples/scenarios')
19 files changed, 565 insertions, 59 deletions
diff --git a/samples/scenarios/clearwater_ims/clt-docker/Dockerfile b/samples/scenarios/clearwater_ims/clt-docker/Dockerfile new file mode 100644 index 0000000..1047521 --- /dev/null +++ b/samples/scenarios/clearwater_ims/clt-docker/Dockerfile @@ -0,0 +1,22 @@ +From ubuntu:16.04 +MAINTAINER Salman Shaikh (muhammad.shaikh@huawei.com) +RUN apt-get update && apt-get -y upgrade +RUN apt-get install -y build-essential bundler git +RUN apt-get install -y curl +#RUN apt-get remove -y ruby +RUN gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 +RUN curl -L https://get.rvm.io | bash -s stable +#RUN /bin/bash -c "source /usr/local/rvm/scripts/rvm" +RUN /bin/bash -c "source /etc/profile.d/rvm.sh \ + && rvm autolibs enable \ + && rvm install 1.9.3 \ + && rvm use 1.9.3" +#RUN mkdir -p /root/.ssh +#ADD id_rsa /root/.ssh/id_rsa +#RUN chmod 700 /root/.ssh/id_rsa +ADD clearwater-live-test.tgz /opt/ +RUN /bin/bash -c "source /etc/profile.d/rvm.sh \ + && cd /opt/clearwater-live-test \ + && bundle install" +SHELL ["/bin/bash", "-c", "source /etc/profile.d/rvm.sh"] +#CMD /bin/bash -c "source /etc/profile.d/rvm.sh" diff --git a/samples/scenarios/clearwater_ims/scripts/prov-numbers.sh b/samples/scenarios/clearwater_ims/scripts/prov-numbers.sh new file mode 100755 index 0000000..a73527a --- /dev/null +++ b/samples/scenarios/clearwater_ims/scripts/prov-numbers.sh @@ -0,0 +1 @@ +kubectl exec -it $(kubectl get pods -l=service=ellis -o jsonpath='{.items[0].metadata.name}') -c ellis -- bash -c "sudo bash -c \"export PATH=/usr/share/clearwater/ellis/env/bin:$PATH ; cd /usr/share/clearwater/ellis/src/metaswitch/ellis/tools/ ; python create_numbers.py --start 6505550000 --count 10\"" diff --git a/samples/scenarios/clearwater_ims/scripts/run-live-test.sh b/samples/scenarios/clearwater_ims/scripts/run-live-test.sh new file mode 100755 index 0000000..6fb0a50 --- /dev/null +++ b/samples/scenarios/clearwater_ims/scripts/run-live-test.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +TITLE="System Information for $HOSTNAME" +RIGHT_NOW=$(date +"%x %r %Z") +TIME_STAMP="Updated on $RIGHT_NOW by $USER" + +BONO_SIP_PROXY_IP=$1 +ELLIS_IP=$2 +BASIC=$3 + +para1=0 +para2=0 +if [[ -n "$BONO_SIP_PROXY_IP" ]];then + para1=1 +else + echo "ERROR: Missing External Loadbalancer IP for Bono" +fi +if [[ -n "$ELLIS_IP" ]];then + para2=1 +else + echo "ERROR: Missing External Loadbalancer IP for Ellis" +fi + +if [ "$para1" -eq "0" ];then + echo "";echo "USAGE: $0 <BONO_SIP_PROXY_IP> <ELLIS_IP>";echo "" + exit +fi +if [ "$para2" -eq "0" ];then + echo "";echo "USAGE: $0 <BONO_SIP_PROXY_IP> <ELLIS_IP>";echo "" + exit +fi + + +if [[ $para1 == 1 && $para2 == 1 ]];then + if [ "$BASIC" == "basic" ];then + docker exec -it live-test bash -c "source /etc/profile.d/rvm.sh && cd /opt/clearwater-live-test && rake test[default.svc.cluster.local] PROXY=$BONO_SIP_PROXY_IP ELLIS=$ELLIS_IP SIGNUP_CODE=\"secret\" TESTS=\"Basic Call - Mainline\"" + else + docker exec -it live-test bash -c "source /etc/profile.d/rvm.sh && cd /opt/clearwater-live-test && rake test[default.svc.cluster.local] PROXY=$BONO_SIP_PROXY_IP ELLIS=$ELLIS_IP SIGNUP_CODE=\"secret\"" + fi +fi diff --git a/samples/scenarios/clearwater_ims/yaml/ellis-depl.yaml b/samples/scenarios/clearwater_ims/yaml/ellis-depl.yaml new file mode 100644 index 0000000..7cbaf1d --- /dev/null +++ b/samples/scenarios/clearwater_ims/yaml/ellis-depl.yaml @@ -0,0 +1,40 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: ellis + labels: + app: ellis +spec: + replicas: 1 + template: + metadata: + labels: + app: ellis + service: ellis + spec: + containers: + #- image: "localhost:5000/ellis:clearwater/base:latest" + - image: "instance-1:5000/clearwater/ellis:latest" + imagePullPolicy: Always + name: ellis + ports: + - containerPort: 22 + - containerPort: 80 + envFrom: + - configMapRef: + name: env-vars + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: PUBLIC_IP + value: <External Load Balancer IP> + livenessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 30 + readinessProbe: + tcpSocket: + port: 80 + restartPolicy: Always diff --git a/samples/scenarios/clearwater_ims/yaml/ellis-svc.yaml b/samples/scenarios/clearwater_ims/yaml/ellis-svc.yaml new file mode 100644 index 0000000..da65bd0 --- /dev/null +++ b/samples/scenarios/clearwater_ims/yaml/ellis-svc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: ellis + labels: + app: ellis +spec: + #clusterIP: None + type: "LoadBalancer" + loadBalancerIP: <External Load Balancer IP> + ports: + - name: "http" + port: 80 + selector: + app: ellis + service: ellis diff --git a/samples/scenarios/clearwater_ims/yaml/homer-depl.yaml b/samples/scenarios/clearwater_ims/yaml/homer-depl.yaml new file mode 100644 index 0000000..d753241 --- /dev/null +++ b/samples/scenarios/clearwater_ims/yaml/homer-depl.yaml @@ -0,0 +1,38 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: homer + labels: + app: homer +spec: + replicas: 1 + template: + metadata: + labels: + app: homer + service: homer + spec: + containers: + #- image: "localhost:5000/homer:clearwater/base:latest" + - image: "instance-1:5000/clearwater/homer:latest" + imagePullPolicy: Always + name: homer + ports: + - containerPort: 22 + - containerPort: 7888 + envFrom: + - configMapRef: + name: env-vars + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + livenessProbe: + tcpSocket: + port: 7888 + initialDelaySeconds: 30 + readinessProbe: + tcpSocket: + port: 7888 + restartPolicy: Always diff --git a/samples/scenarios/clearwater_ims/yaml/homer-svc.yaml b/samples/scenarios/clearwater_ims/yaml/homer-svc.yaml new file mode 100644 index 0000000..4329843 --- /dev/null +++ b/samples/scenarios/clearwater_ims/yaml/homer-svc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: homer + labels: + app: homer +spec: + ports: + - name: "7888" + port: 7888 + selector: + app: homer + service: homer + clusterIP: None diff --git a/samples/scenarios/clearwater_ims/yaml/homestead-depl.yaml b/samples/scenarios/clearwater_ims/yaml/homestead-depl.yaml new file mode 100644 index 0000000..c30bac0 --- /dev/null +++ b/samples/scenarios/clearwater_ims/yaml/homestead-depl.yaml @@ -0,0 +1,54 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: homestead + labels: + app: homestead +spec: + replicas: 1 + selector: + matchLabels: + service: homestead + template: + metadata: + labels: + app: homestead + service: homestead + snmp: enabled + spec: + containers: + #- image: "localhost:5000/homestead:clearwater/base:latest" + - image: "instance-1:5000/clearwater/homestead:latest" + imagePullPolicy: Always + name: homestead + ports: + - containerPort: 22 + - containerPort: 8888 + envFrom: + - configMapRef: + name: env-vars + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + livenessProbe: + exec: + command: ["/bin/bash", "/usr/share/kubernetes/liveness.sh", "8888"] + initialDelaySeconds: 60 + readinessProbe: + exec: + command: ["/bin/bash", "/usr/share/kubernetes/liveness.sh", "8888"] + volumeMounts: + - name: homesteadlogs + mountPath: /var/log/homestead + - image: busybox + name: tailer + command: [ "tail", "-F", "/var/log/homestead/homestead_current.txt" ] + volumeMounts: + - name: homesteadlogs + mountPath: /var/log/homestead + volumes: + - name: homesteadlogs + emptyDir: {} + restartPolicy: Always diff --git a/samples/scenarios/clearwater_ims/yaml/homestead-prov-depl.yaml b/samples/scenarios/clearwater_ims/yaml/homestead-prov-depl.yaml new file mode 100644 index 0000000..18b47ea --- /dev/null +++ b/samples/scenarios/clearwater_ims/yaml/homestead-prov-depl.yaml @@ -0,0 +1,42 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: homestead-prov + labels: + app: homestead-prov +spec: + replicas: 1 + selector: + matchLabels: + service: homestead-prov + template: + metadata: + labels: + app: homestead-prov + service: homestead-prov + snmp: enabled + spec: + containers: + #- image: "localhost:5000/homestead-prov:clearwater/base:latest" + - image: "instance-1:5000/clearwater/homestead-prov:latest" + imagePullPolicy: Always + name: homestead-prov + ports: + - containerPort: 22 + - containerPort: 8889 + envFrom: + - configMapRef: + name: env-vars + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + livenessProbe: + exec: + command: ["/bin/bash", "/usr/share/clearwater/bin/poll_homestead-prov.sh"] + initialDelaySeconds: 60 + readinessProbe: + exec: + command: ["/bin/bash", "/usr/share/clearwater/bin/poll_homestead-prov.sh"] + restartPolicy: Always diff --git a/samples/scenarios/clearwater_ims/yaml/homestead-prov-svc.yaml b/samples/scenarios/clearwater_ims/yaml/homestead-prov-svc.yaml new file mode 100644 index 0000000..66b6358 --- /dev/null +++ b/samples/scenarios/clearwater_ims/yaml/homestead-prov-svc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: homestead-prov + labels: + app: homestead-prov +spec: + ports: + - name: "8889" + port: 8889 + selector: + app: homestead-prov + service: homestead-prov + clusterIP: None diff --git a/samples/scenarios/clearwater_ims/yaml/homestead-svc.yaml b/samples/scenarios/clearwater_ims/yaml/homestead-svc.yaml new file mode 100644 index 0000000..99c1942 --- /dev/null +++ b/samples/scenarios/clearwater_ims/yaml/homestead-svc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: homestead + labels: + app: homestead +spec: + ports: + - name: "8888" + port: 8888 + selector: + app: homestead + service: homestead + clusterIP: None diff --git a/samples/scenarios/clearwater_ims/yaml/ralf-depl.yaml b/samples/scenarios/clearwater_ims/yaml/ralf-depl.yaml new file mode 100644 index 0000000..da6df5f --- /dev/null +++ b/samples/scenarios/clearwater_ims/yaml/ralf-depl.yaml @@ -0,0 +1,54 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: ralf + labels: + app: ralf +spec: + replicas: 1 + selector: + matchLabels: + service: ralf + template: + metadata: + labels: + app: ralf + service: ralf + snmp: enabled + spec: + containers: + #- image: "localhost:5000/ralf:clearwater/base:latest" + - image: "instance-1:5000/clearwater/ralf:latest" + imagePullPolicy: Always + name: ralf + ports: + - containerPort: 22 + - containerPort: 10888 + envFrom: + - configMapRef: + name: env-vars + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + livenessProbe: + tcpSocket: + port: 10888 + initialDelaySeconds: 30 + readinessProbe: + tcpSocket: + port: 10888 + volumeMounts: + - name: ralflogs + mountPath: /var/log/ralf + - image: busybox + name: tailer + command: [ "tail", "-F", "/var/log/ralf/ralf_current.txt" ] + volumeMounts: + - name: ralflogs + mountPath: /var/log/ralf + volumes: + - name: ralflogs + emptyDir: {} + restartPolicy: Always diff --git a/samples/scenarios/clearwater_ims/yaml/ralf-svc.yaml b/samples/scenarios/clearwater_ims/yaml/ralf-svc.yaml new file mode 100644 index 0000000..2e72ac0 --- /dev/null +++ b/samples/scenarios/clearwater_ims/yaml/ralf-svc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: ralf + labels: + app: ralf +spec: + ports: + - name: "10888" + port: 10888 + selector: + app: ralf + service: ralf + clusterIP: None diff --git a/samples/scenarios/deploy.sh b/samples/scenarios/deploy.sh index 1ffea37..962bd5a 100755 --- a/samples/scenarios/deploy.sh +++ b/samples/scenarios/deploy.sh @@ -15,7 +15,7 @@ cd $CLOVER_BASE_DIR echo "Deploying Istio manual sidecar injection without TLS authentication" -kubectl apply -f $ISTIO_BASE_DIR/install/kubernetes/istio.yaml +kubectl apply -f $ISTIO_BASE_DIR/install/kubernetes/istio-demo.yaml echo "Deploying Service Delivery Controller sample scenario" diff --git a/samples/scenarios/ingressgateway_ext_authz_filter.yaml b/samples/scenarios/ingressgateway_ext_authz_filter.yaml new file mode 100644 index 0000000..0960a50 --- /dev/null +++ b/samples/scenarios/ingressgateway_ext_authz_filter.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: ext-authz + namespace: clover-gateway +spec: + workloadLabels: + app: istio-ingressgateway + filters: + - insertPosition: + index: FIRST + listenerMatch: + portNumber: 80 + listenerType: GATEWAY + listenerProtocol: HTTP + filterType: HTTP + filterName: "envoy.ext_authz" + filterConfig: + http_service: + server_uri: + uri: "http://modsecurity-crs.clover-gateway.svc.cluster.local" + cluster: "outbound|80||modsecurity-crs.clover-gateway.svc.cluster.local" + timeout: 0.5s + failure_mode_allow: false diff --git a/samples/scenarios/modsecurity_all_in_one.yaml b/samples/scenarios/modsecurity_all_in_one.yaml new file mode 100644 index 0000000..84f3fe0 --- /dev/null +++ b/samples/scenarios/modsecurity_all_in_one.yaml @@ -0,0 +1,65 @@ +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: modsecurity-crs + namespace: clover-gateway +spec: + replicas: 1 + selector: + matchLabels: + app: modsecurity-crs + template: + metadata: + labels: + app: modsecurity-crs + spec: + containers: + - name: modsecurity-crs + image: opnfv/clover-ns-modsecurity-crs + ports: + - containerPort: 80 + env: + - name: PARANOIA + value: '1' +--- +apiVersion: v1 +kind: Service +metadata: + name: modsecurity-crs + namespace: clover-gateway +spec: + type: NodePort + ports: + - port: 80 + name: http-modsecurity-crs + protocol: TCP + targetPort: 80 + selector: + app: modsecurity-crs +--- +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: ext-authz + namespace: clover-gateway +spec: + workloadLabels: + app: istio-ingressgateway + filters: + - insertPosition: + index: FIRST + listenerMatch: + portNumber: 80 + listenerType: GATEWAY + listenerProtocol: HTTP + filterType: HTTP + filterName: "envoy.ext_authz" + filterConfig: + http_service: + server_uri: + uri: "http://modsecurity-crs.clover-gateway.svc.cluster.local" + cluster: "outbound|80||modsecurity-crs.clover-gateway.svc.cluster.local" + timeout: 0.5s + failure_mode_allow: false +--- diff --git a/samples/scenarios/service_delivery_controller.yaml b/samples/scenarios/service_delivery_controller.yaml index b9c3506..9f37f1b 100644 --- a/samples/scenarios/service_delivery_controller.yaml +++ b/samples/scenarios/service_delivery_controller.yaml @@ -226,6 +226,7 @@ spec: labels: app: http-lb version: v1 + name: http-lb-v1 spec: containers: - name: http-lb @@ -247,6 +248,7 @@ spec: labels: app: http-lb version: v2 + name: http-lb-v2 spec: containers: - name: http-lb @@ -263,13 +265,33 @@ metadata: app: http-lb spec: ports: - - port: 50054 - name: grpc - port: 9180 name: http selector: app: http-lb --- +apiVersion: v1 +kind: Service +metadata: + name: http-lb-v1 +spec: + ports: + - port: 50054 + name: grpc + selector: + name: http-lb-v1 +--- +apiVersion: v1 +kind: Service +metadata: + name: http-lb-v2 +spec: + ports: + - port: 50054 + name: grpc + selector: + name: http-lb-v2 +--- apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -344,18 +366,38 @@ spec: selector: app: proxy-access-control --- -apiVersion: extensions/v1beta1 -kind: Ingress +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway metadata: - name: proxy-gateway - annotations: - kubernetes.io/ingress.class: "istio" + name: sdc-gateway spec: - rules: - - http: - paths: - - path: - backend: - serviceName: proxy-access-control - servicePort: 9180 + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" --- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: sdcsample +spec: + hosts: + - "*" + gateways: + - sdc-gateway + http: + - match: + - uri: + prefix: / + route: + - destination: + host: proxy-access-control + port: + number: 9180 + mirror: + host: snort-ids diff --git a/samples/scenarios/service_delivery_controller_opnfv.yaml b/samples/scenarios/service_delivery_controller_opnfv.yaml index ee0adcc..cb4743f 100644 --- a/samples/scenarios/service_delivery_controller_opnfv.yaml +++ b/samples/scenarios/service_delivery_controller_opnfv.yaml @@ -226,6 +226,7 @@ spec: labels: app: http-lb version: v1 + name: http-lb-v1 spec: containers: - name: http-lb @@ -247,6 +248,7 @@ spec: labels: app: http-lb version: v2 + name: http-lb-v2 spec: containers: - name: http-lb @@ -263,13 +265,33 @@ metadata: app: http-lb spec: ports: - - port: 50054 - name: grpc - port: 9180 name: http selector: app: http-lb --- +apiVersion: v1 +kind: Service +metadata: + name: http-lb-v1 +spec: + ports: + - port: 50054 + name: grpc + selector: + name: http-lb-v1 +--- +apiVersion: v1 +kind: Service +metadata: + name: http-lb-v2 +spec: + ports: + - port: 50054 + name: grpc + selector: + name: http-lb-v2 +--- apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -344,18 +366,38 @@ spec: selector: app: proxy-access-control --- -apiVersion: extensions/v1beta1 -kind: Ingress +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway metadata: - name: proxy-gateway - annotations: - kubernetes.io/ingress.class: "istio" + name: sdc-gateway spec: - rules: - - http: - paths: - - path: - backend: - serviceName: proxy-access-control - servicePort: 9180 + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" --- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: sdcsample +spec: + hosts: + - "*" + gateways: + - sdc-gateway + http: + - match: + - uri: + prefix: / + route: + - destination: + host: proxy-access-control + port: + number: 9180 + mirror: + host: snort-ids diff --git a/samples/scenarios/view.sh b/samples/scenarios/view.sh deleted file mode 100755 index 8b155ce..0000000 --- a/samples/scenarios/view.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -# -# Copyright (c) Authors of Clover -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -# - -CLOVER_BASE_DIR=${CLOVER_BASE_DIR:-"/home/opnfv/repos/clover"} -ISTIO_BASE_DIR=${ISTIO_BASE_DIR:-"/istio-source"} - -cd $CLOVER_BASE_DIR - -echo "Deploying Prometheus monitoring" - -kubectl apply -f $ISTIO_BASE_DIR/install/kubernetes/addons/prometheus.yaml - -echo "Deploying Jaeger tracing" - -kubectl apply -n istio-system -f https://raw.githubusercontent.com/jaegertracing/jaeger-kubernetes/master/all-in-one/jaeger-all-in-one-template.yml - -echo "Exposing tracing and monitoring outside of Kubernetes cluster" - -kubectl delete -n istio-system svc prometheus - -kubectl expose -n istio-system deployment jaeger-deployment --port=16686 --type=NodePort - -kubectl expose -n istio-system deployment prometheus --port=9090 --type=NodePort |