summaryrefslogtreecommitdiffstats
path: root/samples
diff options
context:
space:
mode:
Diffstat (limited to 'samples')
-rw-r--r--samples/scenarios/service_delivery_controller.yaml362
-rw-r--r--samples/scenarios/service_delivery_controller_opnfv.yaml361
-rw-r--r--samples/services/snort_ids/docker/grpc/snort_alerts.py2
-rw-r--r--samples/services/snort_ids/yaml/manifest.template3
-rw-r--r--samples/services/snort_ids/yaml/render_yaml.py11
5 files changed, 734 insertions, 5 deletions
diff --git a/samples/scenarios/service_delivery_controller.yaml b/samples/scenarios/service_delivery_controller.yaml
index c3a9411..b9c3506 100644
--- a/samples/scenarios/service_delivery_controller.yaml
+++ b/samples/scenarios/service_delivery_controller.yaml
@@ -1 +1,361 @@
-<Toplevel yaml for entire sample scenario (applciation) goes here>
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ name: redis
+ redis-sentinel: "true"
+ role: master
+ name: redis
+spec:
+ containers:
+ - name: redis
+ image: k8s.gcr.io/redis:v1
+ env:
+ - name: MASTER
+ value: "true"
+ ports:
+ - containerPort: 6379
+ resources:
+ limits:
+ cpu: "0.1"
+ volumeMounts:
+ - mountPath: /redis-master-data
+ name: data
+ - name: sentinel
+ image: kubernetes/redis:v1
+ env:
+ - name: SENTINEL
+ value: "true"
+ ports:
+ - containerPort: 26379
+ volumes:
+ - name: data
+ emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: redis
+spec:
+ ports:
+ - port: 6379
+ selector:
+ name: redis
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server1
+ labels:
+ app: clover-server1
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server1
+ spec:
+ containers:
+ - name: clover-server1
+ image: localhost:5000/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server1
+ labels:
+ app: clover-server1
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server1
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server2
+ labels:
+ app: clover-server2
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server2
+ spec:
+ containers:
+ - name: clover-server2
+ image: localhost:5000/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server2
+ labels:
+ app: clover-server2
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server2
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server3
+ labels:
+ app: clover-server3
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server3
+ spec:
+ containers:
+ - name: clover-server3
+ image: localhost:5000/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server3
+ labels:
+ app: clover-server3
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server3
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server4
+ labels:
+ app: clover-server4
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server4
+ spec:
+ containers:
+ - name: clover-server4
+ image: localhost:5000/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server4
+ labels:
+ app: clover-server4
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server4
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server5
+ labels:
+ app: clover-server5
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server5
+ spec:
+ containers:
+ - name: clover-server5
+ image: localhost:5000/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server5
+ labels:
+ app: clover-server5
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server5
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: http-lb-v1
+ labels:
+ app: http-lb
+ version: v1
+spec:
+ template:
+ metadata:
+ labels:
+ app: http-lb
+ version: v1
+ spec:
+ containers:
+ - name: http-lb
+ image: localhost:5000/clover-ns-nginx-lb:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: http-lb-v2
+ labels:
+ app: http-lb
+ version: v2
+spec:
+ template:
+ metadata:
+ labels:
+ app: http-lb
+ version: v2
+ spec:
+ containers:
+ - name: http-lb
+ image: localhost:5000/clover-ns-nginx-lb:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: http-lb
+ labels:
+ app: http-lb
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: http-lb
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: snort-ids
+ labels:
+ app: snort-ids
+spec:
+ template:
+ metadata:
+ labels:
+ app: snort-ids
+ spec:
+ containers:
+ - name: snort-ids
+ image: localhost:5000/clover-ns-snort-ids:latest
+ ports:
+ - containerPort: 50052
+ - containerPort: 50054
+ - containerPort: 6379
+ - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: snort-ids
+ labels:
+ app: snort-ids
+spec:
+ ports:
+ - port: 50052
+ name: grpc
+ - port: 50054
+ name: proxy-access-control
+ - port: 6379
+ name: redis
+ - port: 80
+ name: http
+ selector:
+ app: snort-ids
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: proxy-access-control
+ labels:
+ app: proxy-access-control
+spec:
+ template:
+ metadata:
+ labels:
+ app: proxy-access-control
+ spec:
+ containers:
+ - name: proxy-access-control
+ image: localhost:5000/clover-ns-nginx-proxy:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: proxy-access-control
+ labels:
+ app: proxy-access-control
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: proxy-access-control
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: proxy-gateway
+ annotations:
+ kubernetes.io/ingress.class: "istio"
+spec:
+ rules:
+ - http:
+ paths:
+ - path:
+ backend:
+ serviceName: proxy-access-control
+ servicePort: 9180
+---
diff --git a/samples/scenarios/service_delivery_controller_opnfv.yaml b/samples/scenarios/service_delivery_controller_opnfv.yaml
new file mode 100644
index 0000000..ee0adcc
--- /dev/null
+++ b/samples/scenarios/service_delivery_controller_opnfv.yaml
@@ -0,0 +1,361 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ name: redis
+ redis-sentinel: "true"
+ role: master
+ name: redis
+spec:
+ containers:
+ - name: redis
+ image: k8s.gcr.io/redis:v1
+ env:
+ - name: MASTER
+ value: "true"
+ ports:
+ - containerPort: 6379
+ resources:
+ limits:
+ cpu: "0.1"
+ volumeMounts:
+ - mountPath: /redis-master-data
+ name: data
+ - name: sentinel
+ image: kubernetes/redis:v1
+ env:
+ - name: SENTINEL
+ value: "true"
+ ports:
+ - containerPort: 26379
+ volumes:
+ - name: data
+ emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: redis
+spec:
+ ports:
+ - port: 6379
+ selector:
+ name: redis
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server1
+ labels:
+ app: clover-server1
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server1
+ spec:
+ containers:
+ - name: clover-server1
+ image: opnfv/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server1
+ labels:
+ app: clover-server1
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server1
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server2
+ labels:
+ app: clover-server2
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server2
+ spec:
+ containers:
+ - name: clover-server2
+ image: opnfv/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server2
+ labels:
+ app: clover-server2
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server2
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server3
+ labels:
+ app: clover-server3
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server3
+ spec:
+ containers:
+ - name: clover-server3
+ image: opnfv/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server3
+ labels:
+ app: clover-server3
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server3
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server4
+ labels:
+ app: clover-server4
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server4
+ spec:
+ containers:
+ - name: clover-server4
+ image: opnfv/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server4
+ labels:
+ app: clover-server4
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server4
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: clover-server5
+ labels:
+ app: clover-server5
+spec:
+ template:
+ metadata:
+ labels:
+ app: clover-server5
+ spec:
+ containers:
+ - name: clover-server5
+ image: opnfv/clover-ns-nginx-server:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: clover-server5
+ labels:
+ app: clover-server5
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: clover-server5
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: http-lb-v1
+ labels:
+ app: http-lb
+ version: v1
+spec:
+ template:
+ metadata:
+ labels:
+ app: http-lb
+ version: v1
+ spec:
+ containers:
+ - name: http-lb
+ image: opnfv/clover-ns-nginx-lb:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: http-lb-v2
+ labels:
+ app: http-lb
+ version: v2
+spec:
+ template:
+ metadata:
+ labels:
+ app: http-lb
+ version: v2
+ spec:
+ containers:
+ - name: http-lb
+ image: opnfv/clover-ns-nginx-lb:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: http-lb
+ labels:
+ app: http-lb
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: http-lb
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: snort-ids
+ labels:
+ app: snort-ids
+spec:
+ template:
+ metadata:
+ labels:
+ app: snort-ids
+ spec:
+ containers:
+ - name: snort-ids
+ image: opnfv/clover-ns-snort-ids:latest
+ ports:
+ - containerPort: 50052
+ - containerPort: 50054
+ - containerPort: 6379
+ - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: snort-ids
+ labels:
+ app: snort-ids
+spec:
+ ports:
+ - port: 50052
+ name: grpc
+ - port: 50054
+ name: proxy-access-control
+ - port: 6379
+ name: redis
+ - port: 80
+ name: http
+ selector:
+ app: snort-ids
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: proxy-access-control
+ labels:
+ app: proxy-access-control
+spec:
+ template:
+ metadata:
+ labels:
+ app: proxy-access-control
+ spec:
+ containers:
+ - name: proxy-access-control
+ image: opnfv/clover-ns-nginx-proxy:latest
+ ports:
+ - containerPort: 50054
+ - containerPort: 9180
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: proxy-access-control
+ labels:
+ app: proxy-access-control
+spec:
+ ports:
+ - port: 50054
+ name: grpc
+ - port: 9180
+ name: http
+ selector:
+ app: proxy-access-control
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: proxy-gateway
+ annotations:
+ kubernetes.io/ingress.class: "istio"
+spec:
+ rules:
+ - http:
+ paths:
+ - path:
+ backend:
+ serviceName: proxy-access-control
+ servicePort: 9180
+---
diff --git a/samples/services/snort_ids/docker/grpc/snort_alerts.py b/samples/services/snort_ids/docker/grpc/snort_alerts.py
index eda2bd6..4cb87e2 100644
--- a/samples/services/snort_ids/docker/grpc/snort_alerts.py
+++ b/samples/services/snort_ids/docker/grpc/snort_alerts.py
@@ -14,7 +14,7 @@ from idstools import unified2
HOST_IP = 'redis'
-PROXY_GRPC = 'http-proxy:50054'
+PROXY_GRPC = 'proxy-access-control:50054'
logging.basicConfig(filename='alert.log', level=logging.DEBUG)
diff --git a/samples/services/snort_ids/yaml/manifest.template b/samples/services/snort_ids/yaml/manifest.template
index 178765b..25dbefa 100644
--- a/samples/services/snort_ids/yaml/manifest.template
+++ b/samples/services/snort_ids/yaml/manifest.template
@@ -18,6 +18,7 @@ spec:
- containerPort: {{ grpc_port }}
- containerPort: {{ redis_port }}
- containerPort: {{ http_port }}
+ - containerPort: {{ pac_port }}
---
apiVersion: v1
kind: Service
@@ -33,6 +34,8 @@ spec:
name: redis
- port: {{ http_port }}
name: http
+ - port: {{ pac_port }}
+ name: proxy-access-control
selector:
app: {{ deploy_name }}
---
diff --git a/samples/services/snort_ids/yaml/render_yaml.py b/samples/services/snort_ids/yaml/render_yaml.py
index e23f540..42a2615 100644
--- a/samples/services/snort_ids/yaml/render_yaml.py
+++ b/samples/services/snort_ids/yaml/render_yaml.py
@@ -23,6 +23,7 @@ def render_yaml(args):
image_tag=args['image_tag'],
deploy_name=args['deploy_name'],
grpc_port=args['grpc_port'],
+ pac_port=args['pac_port'],
redis_port=args['redis_port'],
http_port=args['http_port']
)
@@ -42,7 +43,7 @@ if __name__ == '__main__':
help='The image name to use')
parser.add_argument(
'--image_path', default='localhost:5000',
- help='The path to the images to use')
+ help='The path to the image to use')
parser.add_argument(
'--image_tag', default='latest',
help='The image tag to use')
@@ -54,9 +55,13 @@ if __name__ == '__main__':
help='The redis port to connect to for alerts')
parser.add_argument(
'--http_port', default='80',
- help='Analyze http traffic on this port')
+ help='Analyze http data-plane traffic on this port')
parser.add_argument(
'--grpc_port', default='50052',
- help='The image tag to use')
+ help='The GRPC server port for snort management')
+ parser.add_argument(
+ '--pac_port', default='50054',
+ help='The GRPC server port of the service to send alerts on')
+
args = parser.parse_args()
print(render_yaml(vars(args)))