From 1575a9b3f7e7f475d4d5d8d1541f783948c0d398 Mon Sep 17 00:00:00 2001 From: Eddie Arrage Date: Wed, 21 Mar 2018 18:38:59 +0000 Subject: Added initial nginx services - Proxy allows ingress traffic to be sent to another element in service mesh - Mirroring is also in the default configuration - Default configuration is to proxy to a clover-server and mirror to snort-ids - A location_path (URI in HTTP requests) can be reconfigured to restrict proxing; default to '/' - A proxy_path can be reconfigured to specify an alternate destination - A mirror path can be reconfigured to specify where traffic will be spanned - The default server_port (listen port) for the proxy is 9180 but can be reconfigured - The default server_name is http-proxy but can be reconfigured - Reconfiguration is done over GRPC with jinja2 template for nginx - Currently snort ids sends alerts to proxy with stub code in GRPC - Refactored the code to have a nginx base with subservices - Proxy, Load Balancer (lb), and Server can share code - mainly GRPC server - Nginx subservices have separate docker builds - Improved build scripts for CI - Render yaml manifests dynamically - Improve nginx_client for runtime modifications (but not really useful yet) Change-Id: Icbff6890021bcc8a8da4690c9261205d6e1ca43a Signed-off-by: Eddie Arrage --- samples/services/nginx/yaml/render_yaml.py | 64 ++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 samples/services/nginx/yaml/render_yaml.py (limited to 'samples/services/nginx/yaml/render_yaml.py') diff --git a/samples/services/nginx/yaml/render_yaml.py b/samples/services/nginx/yaml/render_yaml.py new file mode 100644 index 0000000..527ba8d --- /dev/null +++ b/samples/services/nginx/yaml/render_yaml.py @@ -0,0 +1,64 @@ +# Copyright (c) Authors of Clover +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 + +import argparse + +from jinja2 import Template + + +def render_yaml(args): + template_file = 'manifest.template' + server_port = '9180' + grpc_port = '50054' + if args['service_type'] == 'lb': + out_file = 'lb.yaml' + deploy_name = 'http-lb' + elif args['service_type'] == 'proxy': + out_file = 'proxy.yaml' + deploy_name = 'proxy-access-control' + elif args['service_type'] == 'server': + out_file = 'server.yaml' + deploy_name = 'clover-server' + else: + return "Invalid service type: {}".format(args['service_type']) + + try: + with open(template_file) as f: + tmpl = Template(f.read()) + output = tmpl.render( + image_path=args['image_path'], + image_name=args['image_name'], + image_tag=args['image_tag'], + deploy_name=deploy_name, + server_port=server_port, + grpc_port=grpc_port + ) + with open(out_file, "wb") as fh: + fh.write(output) + return "Generated manifest for {}".format(args['service_type']) + except Exception as e: + print(e) + return "Unable to generate manifest for {}".format( + args['service_type']) + + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + parser.add_argument( + '--service_type', required=True, + help='The service to generate k8s manifest for') + parser.add_argument( + '--image_name', required=True, + help='The image name to use') + parser.add_argument( + '--image_path', default='localhost:5000', + help='The path to the images to use') + parser.add_argument( + '--image_tag', default='latest', + help='The image tag to use') + args = parser.parse_args() + print(render_yaml(vars(args))) -- cgit 1.2.3-korg