| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- Add description of new VirtualService and Gateway resources
in Istio 1.0
- Modify manual inject commands to match Istio 1.0
- Update tracing UI graphic with Jaeger that is integrated with Istio 1.0
- Update Istio pod listing
- Update how to expose Prometheus and Jaeger
- Fix the commands to remove Istio 1.0
- Modify SDC yaml for local Docker registry case
Change-Id: I51e2b876699eae48714e94e33e56191364a0dbe5
Signed-off-by: earrage <eddie.arrage@huawei.com>
|
|
prometheus has been installed in istio 1.0
so we need to delete the view.sh file.
but we need to change to to NodePort way to expose the port
Change-Id: I8ae6bc1c251ba5effbc94efe984384af6e64adfc
Signed-off-by: Ace Lee <liyin11@huawei.com>
|
|
The clover-ns-modsecurity-crs docker image is now built by Jenkins and uploaded
to the OPNFV docker hub.
This patch updates the modsecurity deployment kubernetes manifest to pull image from OPNFV docker hub.
Change-Id: I7e8afd27f726600de9247fc98fe3f5d491000f1c
Signed-off-by: JingLu5 <lvjing5@huawei.com>
|
|
- Modify nginx server template to use clover-controller
in clover-system namespace for file upload
- Add ability to set nginx server paths and move uploaded files
in clover-controller and set/get file upload metadata
- Add cloverctl commands to set nginx server and lb configurations
- Add example yaml files to configure nginx server and
lb v1/v2 from cloverctl
- Modify service definition for http-lb versions to distinguish
the two versions for GRPC messaging from clover-controller in SDC
deployment yaml
Change-Id: I5c6866c5ff3de358939c58ea8c0bde64a69c6eca
Signed-off-by: earrage <eddie.arrage@huawei.com>
|
|
This patch adds ModSecurity config guide.
This patch also deploy the modsecurity and ext_authz filter to clover-gateway namespace.
Change-Id: I5ab21e6337b8f8b839ddd028370df378686bd017
Signed-off-by: JingLu5 <lvjing5@huawei.com>
|
|
|
|
JIRA: CLOVER-84
There will be some Bug in SDC after we upgrade the Istio to 1.0.0
Istio 1.0 have some concept, for example : virtualservice gateway.
So we change the yaml file using the 1.0.0 concepts.
Add mirror function
Change-Id: Id138cfec2c7d94b44eb508a056c91e193ac1b08b
Signed-off-by: Ace Lee <liyin11@huawei.com>
|
|
JIRA: CLOVER-86
This external authorization HTTP filter calls an external HTTP service (ModSecuruty service) to check if the incoming HTTP request is authorized or not. If the request is deemed unauthorized then the request will be denied normally with 403 (Forbidden) response.
Change-Id: I0fe14c73defec027c54f42713cbdf69b0b83e102
Signed-off-by: JingLu5 <lvjing5@huawei.com>
|
|
JIRA: CLOVER-84
we change the env in clover and change some deploy script.
will upgrade the doc later
Change-Id: I73a78afb91676efc3278b623c5d263a4a215ccd9
Signed-off-by: Ace Lee <liyin11@huawei.com>
|
|
|
|
- Left the file samples/scenarios/service_delivery_controller_opnfv.yaml unchanged.
- Added a yaml definition of Cassandra StatefulSet and its service into a separate file under tools directory
- Cassandra Service run with 1 replica
- Deleted 'data-plane-ns' and use 'default' instead for cassandra containers.
- Revoked changes for samples/scenarios/service_delivery_controller_opnfv.yaml.
- Added new line (Wutien suggested it)
JIRA: CLOVER-000
Change-Id: I2bb4249cf2523f5011d6fefc69dc469a90e20eaf
Signed-off-by: iharijono <indra.harijono@huawei.com>
|
|
service-mesh
Checking into CLEARWATER_ISTIO branch
This part of the project is intended to validate the clearwater IMS with istio service-mesh.
Change-Id: Ia5ba86301a363fcf9cfe0bac525606b0d897713e
Signed-off-by: Muhammad Shaikh (Salman) <muhammad.shaikh@huawei.com>
|
|
- Added deploy/clean scripts for use in Clover container
- Deployment of entire SDC scenario
- Deployment includes istio install for manual sidecar injection
without TLS authentication (deploy.sh)
- Added Jaeger tracing and Prometheus monitoring install (view.sh)
- Exposes NodePort for monitoring/tracing to access UIs outside
of cluster
- Clean.sh attempts to remove all of the above
Change-Id: Id9548a77d71465a814a6e0cb1cbdf02d37235590
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
- Added missing k8s manifest yaml files for overall service delivery
controller scenario - cannot be deployed coherently without this manifest
- One file for private docker registry and one for opnfv
public registry
- Outlined in JIRA ticket CLOVER-16 and validated per
description
- Includes ingress rule, community redis pod/service and deployments
for http-lb (v1/v2), snort-ids, proxy-access-controller,
and clover-server1-5
- All above pod/deployment naming matches default container
configuration
- Tested with istio manual injection
Change-Id: Ia03782b38020d744ab00c99adbf4832d15bbd9f3
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
|
- Initial commit to show potential structure of a sample service
- This wil be part of a larger sample application currently dubbed
Service Delivery Controller
- Docker container needs to be built and employs open-source Linux packages
- Service is deployable in Istio service mesh using provided yaml
- Control snort daemon and add custom rules with GRPC messaging
- Process snort alerts actively and send to redis and upstream service
mesh components
- Integrates a web server for better HTTP signature detection
- Improved build script for CI with variables
- Render k8s yaml snort manifest dynamically with command
line options
- Improve snort_client sample script for runtime modifications
including passing args on CLI, error checking
- Update nginx proxy interface
- Added logging to snort server and alert process
Change-Id: Ic56f9fcd9ed21f64b84b85ac8ee280d69af7b7c9
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
|
earrage
Ace Lee
JingLu5
Stephen Wong
iharijono
Muhammad Shaikh (Salman)