From 30d36864d491d41fcb4700b5363b68086e239e5a Mon Sep 17 00:00:00 2001 From: Eddie Arrage Date: Tue, 3 Apr 2018 23:57:58 +0000 Subject: Aligned snort-ids default config for SDC scenario - Modified snort-ids alert process to use k8s DNS name 'proxy-access-control' to align with SDC scenario naming - Added default port 50054 to the manifest yaml template and rendering script for communication with proxy-access-control Change-Id: Ib04ee75e5d8ea9921b16b3b4469bed87b1cd2018 Signed-off-by: Eddie Arrage --- samples/services/snort_ids/docker/grpc/snort_alerts.py | 2 +- samples/services/snort_ids/yaml/manifest.template | 3 +++ samples/services/snort_ids/yaml/render_yaml.py | 11 ++++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/samples/services/snort_ids/docker/grpc/snort_alerts.py b/samples/services/snort_ids/docker/grpc/snort_alerts.py index eda2bd6..4cb87e2 100644 --- a/samples/services/snort_ids/docker/grpc/snort_alerts.py +++ b/samples/services/snort_ids/docker/grpc/snort_alerts.py @@ -14,7 +14,7 @@ from idstools import unified2 HOST_IP = 'redis' -PROXY_GRPC = 'http-proxy:50054' +PROXY_GRPC = 'proxy-access-control:50054' logging.basicConfig(filename='alert.log', level=logging.DEBUG) diff --git a/samples/services/snort_ids/yaml/manifest.template b/samples/services/snort_ids/yaml/manifest.template index 178765b..25dbefa 100644 --- a/samples/services/snort_ids/yaml/manifest.template +++ b/samples/services/snort_ids/yaml/manifest.template @@ -18,6 +18,7 @@ spec: - containerPort: {{ grpc_port }} - containerPort: {{ redis_port }} - containerPort: {{ http_port }} + - containerPort: {{ pac_port }} --- apiVersion: v1 kind: Service @@ -33,6 +34,8 @@ spec: name: redis - port: {{ http_port }} name: http + - port: {{ pac_port }} + name: proxy-access-control selector: app: {{ deploy_name }} --- diff --git a/samples/services/snort_ids/yaml/render_yaml.py b/samples/services/snort_ids/yaml/render_yaml.py index e23f540..42a2615 100644 --- a/samples/services/snort_ids/yaml/render_yaml.py +++ b/samples/services/snort_ids/yaml/render_yaml.py @@ -23,6 +23,7 @@ def render_yaml(args): image_tag=args['image_tag'], deploy_name=args['deploy_name'], grpc_port=args['grpc_port'], + pac_port=args['pac_port'], redis_port=args['redis_port'], http_port=args['http_port'] ) @@ -42,7 +43,7 @@ if __name__ == '__main__': help='The image name to use') parser.add_argument( '--image_path', default='localhost:5000', - help='The path to the images to use') + help='The path to the image to use') parser.add_argument( '--image_tag', default='latest', help='The image tag to use') @@ -54,9 +55,13 @@ if __name__ == '__main__': help='The redis port to connect to for alerts') parser.add_argument( '--http_port', default='80', - help='Analyze http traffic on this port') + help='Analyze http data-plane traffic on this port') parser.add_argument( '--grpc_port', default='50052', - help='The image tag to use') + help='The GRPC server port for snort management') + parser.add_argument( + '--pac_port', default='50054', + help='The GRPC server port of the service to send alerts on') + args = parser.parse_args() print(render_yaml(vars(args))) -- cgit 1.2.3-korg