| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This patch adds ModSecurity config guide.
This patch also deploy the modsecurity and ext_authz filter to clover-gateway namespace.
Change-Id: I5ab21e6337b8f8b839ddd028370df378686bd017
Signed-off-by: JingLu5 <lvjing5@huawei.com>
|
|
|
|
|
|
|
|
microservice"
|
|
Functest is being updated to Xtesting 0.60 which leverages on
stevedore [1].
[1] https://docs.openstack.org/stevedore/latest/
Change-Id: I2c162c8e08a580f80b547b3a1cd6cc700d12c858
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
|
|
JIRA: CLOVER-72
This issue falls under the "Edge Cloud-Native Cluster" intern project and is a part of both Clover and Edge cloud projects. The scripts added are of an exemplar video streaming microservice designed to run on the raspberry pi edge cluster. This commit includes the docker scripts to containerize the UV4L stream and the kubernetes deployment script to correctly run the microservice as a pod on the cluster. The detailed description of the project and the instructions for using the scripts are documented in the README.
Change-Id: Ice4e5e7e63c2eb617556eaef1255801ffac851e7
Signed-off-by: adarsh1001 <adarshpalsingh1996@gmail.com>
|
|
JIRA: CLOVER-84
There will be some Bug in SDC after we upgrade the Istio to 1.0.0
Istio 1.0 have some concept, for example : virtualservice gateway.
So we change the yaml file using the 1.0.0 concepts.
Add mirror function
Change-Id: Id138cfec2c7d94b44eb508a056c91e193ac1b08b
Signed-off-by: Ace Lee <liyin11@huawei.com>
|
|
- Compile nginx from source in order to employ additional modules
- Add nginx-upload-module for high performance file upload that
avoids the need for file copies with a web application.
- File upload allows for placement of files for file download
for performance benchmarking.
- File upload can also be used directly for bi-directional throughput
testing having emulated clients upload files while file downloads
simultaneously occur.
- Nginx file upload stores files with hash to avoid conflicting
file names. Upload block in nginx config is configured to send
REST message to clover-controller with file metadata (original
filename, size, etc.) clover-controller will be responsible for
modifying the hashed filename and placing in a target directory
within an nginx server.
- Build also adds nginx-rtmp module to act as streaming media server
L7 loader will be extended to fetch streaming files from RTMP
servers.
- Add ability to create directories in server site root
and create the location directive(s) in nginx configuration
- Separated upload for configuration (download
files in various paths) from upload for testing (upload
to create bi-directional session throughput)
- Upload for testing does not sent upload metadata to
clover-controller
- Added ability to move upload files to file folders in the nginx site
root to use for download
- Delete files in upload folder
- Fixed issue with 426 Upgrade Required error message
when upload module sends upload metadata to clover-controller
- Added server name to metadata sent to clover-controller
Change-Id: Ib4cf6240f92360b82f378c062675f4fdaa19ca93
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
JIRA: CLOVER-86
This external authorization HTTP filter calls an external HTTP service (ModSecuruty service) to check if the incoming HTTP request is authorized or not. If the request is deemed unauthorized then the request will be denied normally with 403 (Forbidden) response.
Change-Id: I0fe14c73defec027c54f42713cbdf69b0b83e102
Signed-off-by: JingLu5 <lvjing5@huawei.com>
|
|
JIRA: CLOVER-68
1. Add Dockerfile and related files to build clover's modsecurity Docekr container
2. Add mainfest to install the Modsecurity in kubernetes cluster
Change-Id: Ia92926e730c04720f931999d7ec30565ce9e54be
Signed-off-by: JingLu5 <lvjing5@huawei.com>
|
|
|
|
|
|
|
|
|
|
|
|
JIRA: CLOVER-84
we change the env in clover and change some deploy script.
will upgrade the doc later
Change-Id: I73a78afb91676efc3278b623c5d263a4a215ccd9
Signed-off-by: Ace Lee <liyin11@huawei.com>
|
|
- Uses client-go package to interface to k8s API and implement
functions as cloverkube package.
- Identifies GKE LB IP for clover-controller for user
- Identifies NodePort port number for clover-controller for user
if environment is local k8s (assumes flannel CNI currently)
- Deploys and deletes clover-collector and clover-controller with
native client-go constructs (currently images are defined with
local registry). Future work will implement other clover services
and Istio components. Uses the clover-system namespace.
- Uses Cobra go package to implement CLI (used in kubectl and
istioctl) using cloverctl <verb> <noun> convention.
- Interfaces to clover-controller to configure clover services
(visibility, IDS ...) within the cluster via REST messaging
- Start visibility (collector) engine using input yaml file or
defaults
- Init, stop and clear (truncate Cassandra tables) visibility
engine or get basic stats.
- Add custom rules to IDS from input yaml file and start/stop
IDS
- Generate jmeter testplan on jmeter-master using input yaml
file. Start tests and output log/results from CLI.
- Specify number of jmeter slaves to initiate tests on from
CLI. Automatically find IP addresses of jmeter slaves within
the k8s cluster.
- Sample yaml files for adding IDS rules, starting visibility
engine and generating jmeter test plans.
- Build script to install go and get dependent packages.
- Implement a custom Istio inject package for manual sidecar
injection (cloverinject). Currently, unused as it is built from
Istio 0.8.0/1.0.0 code base.
Change-Id: Ibb8d08cb98267bdffb8905c221473f177d51bbb3
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
|
|
test istio service-mesh"
|
|
|
|
- First pass of clover-controller which resides within the k8s
cluster and provides interfaces to all Clover services
- Only service that should need to be exposed outside of
cluster
- Docker build of container that uses stack of nginx, gunicorn
and flask to provide REST interface
- REST interface is intended to serve cloverctl CLI and
dashboard browser UI
- Implements GRPC messaging to clover-collector and snort
- GRPC interfaces files for snort/nginx are added to
container from repo. Collector GRPC files will be removed
from controller/control/api once patch below is merged
https://gerrit.opnfv.org/gerrit/#/c/57245/ and added
similarly
- Provides first pass callback for file upload from
clover-server.
- Some REST messages implement JSON for passing params
to internal services
- Redis interface added to obtain data from services.
Currently, a simple interface to retrieve snort event
information
- YAML manifest renderer to add to k8s. Uses NodePort
service currently, defaulting to port 32044.
- Removed collector gRPC interface files with merge of collector
- Expose tracing and monitoring host/port parameters, as these vary
depending on Istio version and Jaeger version
- Add logging to flask blueprints
- Added jmeter blueprint interface with REST for
testplan generation, start test and result retrieval
- Added flask Response to REST reply messages
- Retrieve some basic stats from collector in json
response
Change-Id: I59eaeb860445ade4b45bba22747a61fb0cf0bbd4
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
- Jmeter can be used for L4-7 functional and performance testing
- Jmeter master has gRPC server for management
- Generates Jmeter test plans from minimal yaml params file
(sample to be added with cloverctl) using template
- Optionally span tests across slave containers to allow greater
loads to be generated
- Specify loop/thread/slave count and URL list, which
dictates target and number of connections that will be attempted
- clover-controller will interface to gRPC interface on Jmeter
master
- Start tests on master and retrieve log/result files
- Render master and slave k8s manifests files
Change-Id: Id144c8f551b7d375ff252c8de0611f895b50387c
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
- Left the file samples/scenarios/service_delivery_controller_opnfv.yaml unchanged.
- Added a yaml definition of Cassandra StatefulSet and its service into a separate file under tools directory
- Cassandra Service run with 1 replica
- Deleted 'data-plane-ns' and use 'default' instead for cassandra containers.
- Revoked changes for samples/scenarios/service_delivery_controller_opnfv.yaml.
- Added new line (Wutien suggested it)
JIRA: CLOVER-000
Change-Id: I2bb4249cf2523f5011d6fefc69dc469a90e20eaf
Signed-off-by: iharijono <indra.harijono@huawei.com>
|
|
JIRA: CLOVER-71
This issue falls under the "Edge Cloud-Native Cluster" intern project and is a part of both Clover and Edge cloud projects. The detailed description of the project and the instructions for using the scripts are documented in the README.
Change-Id: I4fdb98f17ae0c53f918376ad6fb90be8ff0b0a71
Signed-off-by: adarsh1001 <adarshpalsingh1996@gmail.com>
|
|
|
|
|
|
|
|
Change-Id: I0335fa912a3ca2dff5c989fa06183065216f10e4
Signed-off-by: wutianwei <wutianwei1@huawei.com>
|
|
Change-Id: Iff9c7bfbae8f5ca46ef88634d4864cd27512aa8a
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
|
|
if we set testid and start test immediately,
the first test's result can't be got from jaeger
Change-Id: Ia2ab8a91d8c5f9956ea4d3d7c2436fb05490acee
Signed-off-by: wutianwei <wutianwei1@huawei.com>
|
|
what the script do
1. git clone the XCI repo
2. set variable to deploy k8s
how to use
run the below command in you teminal
./xci-k8s-setup.sh
requirement
1. don't under the root user
2. run sudo without password
Change-Id: I5015e12d8d3b0db31285d5e817b3c40d6739ba22
Signed-off-by: wutianwei <wutianwei1@huawei.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Added a container named clover-collector using clover
container as a base with build script
- GRPC server to manage collector process
- Cassandra DB client interface to initialize visibility keyspace
- Init messaging adds table schemas for tracing - traces & spans
- Adds table for monitoring - metrics
- Does not implement Cassandra server but developed using
public Cassandra docker container
- Collector process in simple loop that periodically fetches
traces and monitoring data and inserts to Cassandra - not optimized
for batch retrieval yet for monitoring
- CLI interface added to collector process and used
by GRPC server for configuration
- Simple GRPC client script to test GRPC server and start/stop
of collector process
- Collector process can be configured with access for tracing,
monitoring and Cassandra
- Added a return value in monitoring query method
- Added ability to truncate tracing, metrics and spans tables
in cql
- Added cql prepared statements and batch insert for metrics
and spans
- Align cql connection to cql deployment within k8s
- Fix issue with cql host list using ast and collect process
args with background argument
- Added redis interface to accept service/metric list
externally for monitoring (will work in conjunction
with clover-controller)
- Use k8s DNS names and default ports for monitoring, tracing
and cassandra
- Added yaml manifest renderer/template for collector
Change-Id: I3e4353e28844c4ce9c185ff4638012b66c7fff67
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
Change-Id: Ib5b2240de3276164fe9e272bf36f0d1f89f409c0
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
service-mesh
Checking into CLEARWATER_ISTIO branch
This part of the project is intended to validate the clearwater IMS with istio service-mesh.
Change-Id: Ia5ba86301a363fcf9cfe0bac525606b0d897713e
Signed-off-by: Muhammad Shaikh (Salman) <muhammad.shaikh@huawei.com>
|
|
there is a issue "No module named google.protobuf",
when trying to run the services docker.
Add the protobuf in services Dockerfile.
Change-Id: I280dc1d5908bcec784e9e1e7c4d07e145f092cdb
Signed-off-by: wutianwei <wutianwei1@huawei.com>
|
|
Change-Id: I6a1e526bec4160bcdac32d4124acb110b9cf6959
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
Change-Id: I51fbdaf6991cb43a7cb1b2ce01099e0ed385df13
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
|
|
It must be done in two steps otherwise the mixer adapter may not
be initialized correctly.
Change-Id: Ie59e811fc287fbd52a007be45f0f9c74983149b3
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
Change-Id: I70b766fe26e750fef6a622344d69ad4f6e2b8962
Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
|
|
- Incorporated feedback from doc reviews
- Fix some rendering issues
- Add redis inspect section
- Update SDC deploy instructions using Fraser release tag
Change-Id: I573dcd04066ad83b9c659fae645c65ab4aaa2007
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
|
|
- Document A-B sample validation script
- Remove redundant TOC in docs
- Provide reference links in SDC guide
- Additional edits to SDC guide
Change-Id: Id4135c99df688f7de1af18017c847a6546082bfc
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
- Provided some overall edits to user guide
- Fixed titles of index files for release notes and user guide
- Added links to SDC, A-B configuration guides and logging, tracing
and monitoring install/validation docs
Change-Id: I9a0e1e0a2c12b20400eec5a5642f7c5de2dbd7bf
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
JingLu5
Stephen Wong
Wenjing Chu
Cédric Ollivier
adarsh1001
Ace Lee
Eddie Arrage
iharijono
wutianwei
Aric Gardner
Yujun Zhang
Muhammad Shaikh (Salman)