diff options
Diffstat (limited to 'samples')
-rw-r--r-- | samples/scenarios/service_delivery_controller.yaml | 362 | ||||
-rw-r--r-- | samples/scenarios/service_delivery_controller_opnfv.yaml | 361 | ||||
-rw-r--r-- | samples/services/snort_ids/docker/grpc/snort_alerts.py | 2 | ||||
-rw-r--r-- | samples/services/snort_ids/yaml/manifest.template | 3 | ||||
-rw-r--r-- | samples/services/snort_ids/yaml/render_yaml.py | 11 |
5 files changed, 734 insertions, 5 deletions
diff --git a/samples/scenarios/service_delivery_controller.yaml b/samples/scenarios/service_delivery_controller.yaml index c3a9411..b9c3506 100644 --- a/samples/scenarios/service_delivery_controller.yaml +++ b/samples/scenarios/service_delivery_controller.yaml @@ -1 +1,361 @@ -<Toplevel yaml for entire sample scenario (applciation) goes here> +--- +apiVersion: v1 +kind: Pod +metadata: + labels: + name: redis + redis-sentinel: "true" + role: master + name: redis +spec: + containers: + - name: redis + image: k8s.gcr.io/redis:v1 + env: + - name: MASTER + value: "true" + ports: + - containerPort: 6379 + resources: + limits: + cpu: "0.1" + volumeMounts: + - mountPath: /redis-master-data + name: data + - name: sentinel + image: kubernetes/redis:v1 + env: + - name: SENTINEL + value: "true" + ports: + - containerPort: 26379 + volumes: + - name: data + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: redis +spec: + ports: + - port: 6379 + selector: + name: redis +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: clover-server1 + labels: + app: clover-server1 +spec: + template: + metadata: + labels: + app: clover-server1 + spec: + containers: + - name: clover-server1 + image: localhost:5000/clover-ns-nginx-server:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: clover-server1 + labels: + app: clover-server1 +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: clover-server1 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: clover-server2 + labels: + app: clover-server2 +spec: + template: + metadata: + labels: + app: clover-server2 + spec: + containers: + - name: clover-server2 + image: localhost:5000/clover-ns-nginx-server:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: clover-server2 + labels: + app: clover-server2 +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: clover-server2 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: clover-server3 + labels: + app: clover-server3 +spec: + template: + metadata: + labels: + app: clover-server3 + spec: + containers: + - name: clover-server3 + image: localhost:5000/clover-ns-nginx-server:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: clover-server3 + labels: + app: clover-server3 +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: clover-server3 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: clover-server4 + labels: + app: clover-server4 +spec: + template: + metadata: + labels: + app: clover-server4 + spec: + containers: + - name: clover-server4 + image: localhost:5000/clover-ns-nginx-server:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: clover-server4 + labels: + app: clover-server4 +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: clover-server4 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: clover-server5 + labels: + app: clover-server5 +spec: + template: + metadata: + labels: + app: clover-server5 + spec: + containers: + - name: clover-server5 + image: localhost:5000/clover-ns-nginx-server:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: clover-server5 + labels: + app: clover-server5 +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: clover-server5 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: http-lb-v1 + labels: + app: http-lb + version: v1 +spec: + template: + metadata: + labels: + app: http-lb + version: v1 + spec: + containers: + - name: http-lb + image: localhost:5000/clover-ns-nginx-lb:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: http-lb-v2 + labels: + app: http-lb + version: v2 +spec: + template: + metadata: + labels: + app: http-lb + version: v2 + spec: + containers: + - name: http-lb + image: localhost:5000/clover-ns-nginx-lb:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: http-lb + labels: + app: http-lb +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: http-lb +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: snort-ids + labels: + app: snort-ids +spec: + template: + metadata: + labels: + app: snort-ids + spec: + containers: + - name: snort-ids + image: localhost:5000/clover-ns-snort-ids:latest + ports: + - containerPort: 50052 + - containerPort: 50054 + - containerPort: 6379 + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: snort-ids + labels: + app: snort-ids +spec: + ports: + - port: 50052 + name: grpc + - port: 50054 + name: proxy-access-control + - port: 6379 + name: redis + - port: 80 + name: http + selector: + app: snort-ids +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: proxy-access-control + labels: + app: proxy-access-control +spec: + template: + metadata: + labels: + app: proxy-access-control + spec: + containers: + - name: proxy-access-control + image: localhost:5000/clover-ns-nginx-proxy:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: proxy-access-control + labels: + app: proxy-access-control +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: proxy-access-control +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: proxy-gateway + annotations: + kubernetes.io/ingress.class: "istio" +spec: + rules: + - http: + paths: + - path: + backend: + serviceName: proxy-access-control + servicePort: 9180 +--- diff --git a/samples/scenarios/service_delivery_controller_opnfv.yaml b/samples/scenarios/service_delivery_controller_opnfv.yaml new file mode 100644 index 0000000..ee0adcc --- /dev/null +++ b/samples/scenarios/service_delivery_controller_opnfv.yaml @@ -0,0 +1,361 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + labels: + name: redis + redis-sentinel: "true" + role: master + name: redis +spec: + containers: + - name: redis + image: k8s.gcr.io/redis:v1 + env: + - name: MASTER + value: "true" + ports: + - containerPort: 6379 + resources: + limits: + cpu: "0.1" + volumeMounts: + - mountPath: /redis-master-data + name: data + - name: sentinel + image: kubernetes/redis:v1 + env: + - name: SENTINEL + value: "true" + ports: + - containerPort: 26379 + volumes: + - name: data + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: redis +spec: + ports: + - port: 6379 + selector: + name: redis +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: clover-server1 + labels: + app: clover-server1 +spec: + template: + metadata: + labels: + app: clover-server1 + spec: + containers: + - name: clover-server1 + image: opnfv/clover-ns-nginx-server:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: clover-server1 + labels: + app: clover-server1 +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: clover-server1 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: clover-server2 + labels: + app: clover-server2 +spec: + template: + metadata: + labels: + app: clover-server2 + spec: + containers: + - name: clover-server2 + image: opnfv/clover-ns-nginx-server:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: clover-server2 + labels: + app: clover-server2 +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: clover-server2 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: clover-server3 + labels: + app: clover-server3 +spec: + template: + metadata: + labels: + app: clover-server3 + spec: + containers: + - name: clover-server3 + image: opnfv/clover-ns-nginx-server:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: clover-server3 + labels: + app: clover-server3 +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: clover-server3 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: clover-server4 + labels: + app: clover-server4 +spec: + template: + metadata: + labels: + app: clover-server4 + spec: + containers: + - name: clover-server4 + image: opnfv/clover-ns-nginx-server:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: clover-server4 + labels: + app: clover-server4 +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: clover-server4 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: clover-server5 + labels: + app: clover-server5 +spec: + template: + metadata: + labels: + app: clover-server5 + spec: + containers: + - name: clover-server5 + image: opnfv/clover-ns-nginx-server:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: clover-server5 + labels: + app: clover-server5 +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: clover-server5 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: http-lb-v1 + labels: + app: http-lb + version: v1 +spec: + template: + metadata: + labels: + app: http-lb + version: v1 + spec: + containers: + - name: http-lb + image: opnfv/clover-ns-nginx-lb:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: http-lb-v2 + labels: + app: http-lb + version: v2 +spec: + template: + metadata: + labels: + app: http-lb + version: v2 + spec: + containers: + - name: http-lb + image: opnfv/clover-ns-nginx-lb:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: http-lb + labels: + app: http-lb +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: http-lb +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: snort-ids + labels: + app: snort-ids +spec: + template: + metadata: + labels: + app: snort-ids + spec: + containers: + - name: snort-ids + image: opnfv/clover-ns-snort-ids:latest + ports: + - containerPort: 50052 + - containerPort: 50054 + - containerPort: 6379 + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: snort-ids + labels: + app: snort-ids +spec: + ports: + - port: 50052 + name: grpc + - port: 50054 + name: proxy-access-control + - port: 6379 + name: redis + - port: 80 + name: http + selector: + app: snort-ids +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: proxy-access-control + labels: + app: proxy-access-control +spec: + template: + metadata: + labels: + app: proxy-access-control + spec: + containers: + - name: proxy-access-control + image: opnfv/clover-ns-nginx-proxy:latest + ports: + - containerPort: 50054 + - containerPort: 9180 +--- +apiVersion: v1 +kind: Service +metadata: + name: proxy-access-control + labels: + app: proxy-access-control +spec: + ports: + - port: 50054 + name: grpc + - port: 9180 + name: http + selector: + app: proxy-access-control +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: proxy-gateway + annotations: + kubernetes.io/ingress.class: "istio" +spec: + rules: + - http: + paths: + - path: + backend: + serviceName: proxy-access-control + servicePort: 9180 +--- diff --git a/samples/services/snort_ids/docker/grpc/snort_alerts.py b/samples/services/snort_ids/docker/grpc/snort_alerts.py index eda2bd6..4cb87e2 100644 --- a/samples/services/snort_ids/docker/grpc/snort_alerts.py +++ b/samples/services/snort_ids/docker/grpc/snort_alerts.py @@ -14,7 +14,7 @@ from idstools import unified2 HOST_IP = 'redis' -PROXY_GRPC = 'http-proxy:50054' +PROXY_GRPC = 'proxy-access-control:50054' logging.basicConfig(filename='alert.log', level=logging.DEBUG) diff --git a/samples/services/snort_ids/yaml/manifest.template b/samples/services/snort_ids/yaml/manifest.template index 178765b..25dbefa 100644 --- a/samples/services/snort_ids/yaml/manifest.template +++ b/samples/services/snort_ids/yaml/manifest.template @@ -18,6 +18,7 @@ spec: - containerPort: {{ grpc_port }} - containerPort: {{ redis_port }} - containerPort: {{ http_port }} + - containerPort: {{ pac_port }} --- apiVersion: v1 kind: Service @@ -33,6 +34,8 @@ spec: name: redis - port: {{ http_port }} name: http + - port: {{ pac_port }} + name: proxy-access-control selector: app: {{ deploy_name }} --- diff --git a/samples/services/snort_ids/yaml/render_yaml.py b/samples/services/snort_ids/yaml/render_yaml.py index e23f540..42a2615 100644 --- a/samples/services/snort_ids/yaml/render_yaml.py +++ b/samples/services/snort_ids/yaml/render_yaml.py @@ -23,6 +23,7 @@ def render_yaml(args): image_tag=args['image_tag'], deploy_name=args['deploy_name'], grpc_port=args['grpc_port'], + pac_port=args['pac_port'], redis_port=args['redis_port'], http_port=args['http_port'] ) @@ -42,7 +43,7 @@ if __name__ == '__main__': help='The image name to use') parser.add_argument( '--image_path', default='localhost:5000', - help='The path to the images to use') + help='The path to the image to use') parser.add_argument( '--image_tag', default='latest', help='The image tag to use') @@ -54,9 +55,13 @@ if __name__ == '__main__': help='The redis port to connect to for alerts') parser.add_argument( '--http_port', default='80', - help='Analyze http traffic on this port') + help='Analyze http data-plane traffic on this port') parser.add_argument( '--grpc_port', default='50052', - help='The image tag to use') + help='The GRPC server port for snort management') + parser.add_argument( + '--pac_port', default='50054', + help='The GRPC server port of the service to send alerts on') + args = parser.parse_args() print(render_yaml(vars(args))) |