summaryrefslogtreecommitdiffstats
path: root/docs/submodules/clover
AgeCommit message (Collapse)AuthorFilesLines
2018-08-31Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Add envoy.ext_authz filter" - Add envoy.ext_authz filter JIRA: CLOVER-86 This external authorization HTTP filter calls an external HTTP service (ModSecuruty service) to check if the incoming HTTP request is authorized or not. If the request is deemed unauthorized then the request will be denied normally with 403 (Forbidden) response. Change-Id: I0fe14c73defec027c54f42713cbdf69b0b83e102 Signed-off-by: JingLu5 <lvjing5@huawei.com>
2018-08-31Update git submodulesAce Lee1-0/+0
* Update docs/submodules/clover from branch 'master' - Bug fix in SDC after istio to 1.0.0 JIRA: CLOVER-84 There will be some Bug in SDC after we upgrade the Istio to 1.0.0 Istio 1.0 have some concept, for example : virtualservice gateway. So we change the yaml file using the 1.0.0 concepts. Add mirror function Change-Id: Id138cfec2c7d94b44eb508a056c91e193ac1b08b Signed-off-by: Ace Lee <liyin11@huawei.com>
2018-08-21Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "upgrade istio to 1.0.0" - upgrade istio to 1.0.0 JIRA: CLOVER-84 we change the env in clover and change some deploy script. will upgrade the doc later Change-Id: I73a78afb91676efc3278b623c5d263a4a215ccd9 Signed-off-by: Ace Lee <liyin11@huawei.com>
2018-08-19Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Implement initial clover-controller service" - Implement initial clover-controller service - First pass of clover-controller which resides within the k8s cluster and provides interfaces to all Clover services - Only service that should need to be exposed outside of cluster - Docker build of container that uses stack of nginx, gunicorn and flask to provide REST interface - REST interface is intended to serve cloverctl CLI and dashboard browser UI - Implements GRPC messaging to clover-collector and snort - GRPC interfaces files for snort/nginx are added to container from repo. Collector GRPC files will be removed from controller/control/api once patch below is merged https://gerrit.opnfv.org/gerrit/#/c/57245/ and added similarly - Provides first pass callback for file upload from clover-server. - Some REST messages implement JSON for passing params to internal services - Redis interface added to obtain data from services. Currently, a simple interface to retrieve snort event information - YAML manifest renderer to add to k8s. Uses NodePort service currently, defaulting to port 32044. - Removed collector gRPC interface files with merge of collector - Expose tracing and monitoring host/port parameters, as these vary depending on Istio version and Jaeger version - Add logging to flask blueprints - Added jmeter blueprint interface with REST for testplan generation, start test and result retrieval - Added flask Response to REST reply messages - Retrieve some basic stats from collector in json response Change-Id: I59eaeb860445ade4b45bba22747a61fb0cf0bbd4 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-08-19Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Implement initial cloverctl CLI tool" - Implement initial cloverctl CLI tool - Uses client-go package to interface to k8s API and implement functions as cloverkube package. - Identifies GKE LB IP for clover-controller for user - Identifies NodePort port number for clover-controller for user if environment is local k8s (assumes flannel CNI currently) - Deploys and deletes clover-collector and clover-controller with native client-go constructs (currently images are defined with local registry). Future work will implement other clover services and Istio components. Uses the clover-system namespace. - Uses Cobra go package to implement CLI (used in kubectl and istioctl) using cloverctl <verb> <noun> convention. - Interfaces to clover-controller to configure clover services (visibility, IDS ...) within the cluster via REST messaging - Start visibility (collector) engine using input yaml file or defaults - Init, stop and clear (truncate Cassandra tables) visibility engine or get basic stats. - Add custom rules to IDS from input yaml file and start/stop IDS - Generate jmeter testplan on jmeter-master using input yaml file. Start tests and output log/results from CLI. - Specify number of jmeter slaves to initiate tests on from CLI. Automatically find IP addresses of jmeter slaves within the k8s cluster. - Sample yaml files for adding IDS rules, starting visibility engine and generating jmeter test plans. - Build script to install go and get dependent packages. - Implement a custom Istio inject package for manual sidecar injection (cloverinject). Currently, unused as it is built from Istio 0.8.0/1.0.0 code base. Change-Id: Ibb8d08cb98267bdffb8905c221473f177d51bbb3 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-08-19Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Implement initial Jmeter master/slave containers" - Implement initial Jmeter master/slave containers - Jmeter can be used for L4-7 functional and performance testing - Jmeter master has gRPC server for management - Generates Jmeter test plans from minimal yaml params file (sample to be added with cloverctl) using template - Optionally span tests across slave containers to allow greater loads to be generated - Specify loop/thread/slave count and URL list, which dictates target and number of connections that will be attempted - clover-controller will interface to gRPC interface on Jmeter master - Start tests on master and retrieve log/result files - Render master and slave k8s manifests files Change-Id: Id144c8f551b7d375ff252c8de0611f895b50387c Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-08-14Update git submodulesWenjing Chu1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Add ansible scripts for raspberry pi based kubernetes edge cluster" - Add ansible scripts for raspberry pi based kubernetes edge cluster JIRA: CLOVER-71 This issue falls under the "Edge Cloud-Native Cluster" intern project and is a part of both Clover and Edge cloud projects. The detailed description of the project and the instructions for using the scripts are documented in the README. Change-Id: I4fdb98f17ae0c53f918376ad6fb90be8ff0b0a71 Signed-off-by: adarsh1001 <adarshpalsingh1996@gmail.com>
2018-08-01Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Adding cassandra service with a separate yaml file." - Adding cassandra service with a separate yaml file. - Left the file samples/scenarios/service_delivery_controller_opnfv.yaml unchanged. - Added a yaml definition of Cassandra StatefulSet and its service into a separate file under tools directory - Cassandra Service run with 1 replica - Deleted 'data-plane-ns' and use 'default' instead for cassandra containers. - Revoked changes for samples/scenarios/service_delivery_controller_opnfv.yaml. - Added new line (Wutien suggested it) JIRA: CLOVER-000 Change-Id: I2bb4249cf2523f5011d6fefc69dc469a90e20eaf Signed-off-by: iharijono <indra.harijono@huawei.com>
2018-08-01Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Adding clearwater IMS yaml and clearwater live test dockerfile to test istio service-mesh" - Adding clearwater IMS yaml and clearwater live test dockerfile to test istio service-mesh Checking into CLEARWATER_ISTIO branch This part of the project is intended to validate the clearwater IMS with istio service-mesh. Change-Id: Ia5ba86301a363fcf9cfe0bac525606b0d897713e Signed-off-by: Muhammad Shaikh (Salman) <muhammad.shaikh@huawei.com>
2018-08-01Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "[Clover] using elasticsearch to store log" - [Clover] using elasticsearch to store log Change-Id: I0335fa912a3ca2dff5c989fa06183065216f10e4 Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-07-07Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Initial commit for Clover Collector" - Initial commit for Clover Collector - Added a container named clover-collector using clover container as a base with build script - GRPC server to manage collector process - Cassandra DB client interface to initialize visibility keyspace - Init messaging adds table schemas for tracing - traces & spans - Adds table for monitoring - metrics - Does not implement Cassandra server but developed using public Cassandra docker container - Collector process in simple loop that periodically fetches traces and monitoring data and inserts to Cassandra - not optimized for batch retrieval yet for monitoring - CLI interface added to collector process and used by GRPC server for configuration - Simple GRPC client script to test GRPC server and start/stop of collector process - Collector process can be configured with access for tracing, monitoring and Cassandra - Added a return value in monitoring query method - Added ability to truncate tracing, metrics and spans tables in cql - Added cql prepared statements and batch insert for metrics and spans - Align cql connection to cql deployment within k8s - Fix issue with cql host list using ast and collect process args with background argument - Added redis interface to accept service/metric list externally for monitoring (will work in conjunction with clover-controller) - Use k8s DNS names and default ports for monitoring, tracing and cassandra - Added yaml manifest renderer/template for collector Change-Id: I3e4353e28844c4ce9c185ff4638012b66c7fff67 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-07-07Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Sleep 1 sec after set test." - Sleep 1 sec after set test. if we set testid and start test immediately, the first test's result can't be got from jaeger Change-Id: Ia2ab8a91d8c5f9956ea4d3d7c2436fb05490acee Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-07-07Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "[clover] Add script to setup k8s" - [clover] Add script to setup k8s what the script do 1. git clone the XCI repo 2. set variable to deploy k8s how to use run the below command in you teminal ./xci-k8s-setup.sh requirement 1. don't under the root user 2. run sudo without password Change-Id: I5015e12d8d3b0db31285d5e817b3c40d6739ba22 Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-06-28Update git submodulesAric Gardner1-0/+0
* Update docs/submodules/clover from branch 'master' - Fix project LEAD in INFO.yaml Change-Id: Iff9c7bfbae8f5ca46ef88634d4864cd27512aa8a Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2018-06-15Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Streaming logs from application container" - Streaming logs from application container Change-Id: I6a1e526bec4160bcdac32d4124acb110b9cf6959 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-06-15Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Add support for node level logging" - Add support for node level logging Change-Id: Ib5b2240de3276164fe9e272bf36f0d1f89f409c0 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-06-15Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "fix the sdc sample deploy issue" - fix the sdc sample deploy issue there is a issue "No module named google.protobuf", when trying to run the services docker. Add the protobuf in services Dockerfile. Change-Id: I280dc1d5908bcec784e9e1e7c4d07e145f092cdb Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-06-15Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Fix typo of Jaeger port" - Fix typo of Jaeger port Change-Id: I70b766fe26e750fef6a622344d69ad4f6e2b8962 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-06-15Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Fix error in logging installation" - Fix error in logging installation It must be done in two steps otherwise the mixer adapter may not be initialized correctly. Change-Id: Ie59e811fc287fbd52a007be45f0f9c74983149b3 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-05-24Update git submodulesAric Gardner1-0/+0
* Update docs/submodules/clover from branch 'master' - Remove INFO file, we only need to maintain INFO.yaml Change-Id: I51fbdaf6991cb43a7cb1b2ce01099e0ed385df13 Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2018-04-27Update git submodulesEddie Arrage1-0/+0
* Update docs/submodules/clover from branch 'master' - Update docs with edits and proper release tag - Incorporated feedback from doc reviews - Fix some rendering issues - Add redis inspect section - Update SDC deploy instructions using Fraser release tag Change-Id: I573dcd04066ad83b9c659fae645c65ab4aaa2007 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-26Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Write A-B configuration guide and align with SDC guide" - Write A-B configuration guide and align with SDC guide - Document A-B sample validation script - Remove redundant TOC in docs - Provide reference links in SDC guide - Additional edits to SDC guide Change-Id: Id4135c99df688f7de1af18017c847a6546082bfc Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-26Update git submodulesEddie Arrage1-0/+0
* Update docs/submodules/clover from branch 'master' - Updated user guide with edits and reference links - Provided some overall edits to user guide - Fixed titles of index files for release notes and user guide - Added links to SDC, A-B configuration guides and logging, tracing and monitoring install/validation docs Change-Id: I9a0e1e0a2c12b20400eec5a5642f7c5de2dbd7bf Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-25Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Experimental commit for A-B testing with Clover Fraser release and on the SDC application" - Experimental commit for A-B testing with Clover Fraser release and on the SDC application Change-Id: I6e1bd84a6d674a2c4c4484722b20415f5402a59c Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
2018-04-25Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Created config guide for SDC sample app" - Created config guide for SDC sample app - Overview with micro-service diagram - Source diagram file in GIMP with layers for editing by others - Deploying the sample - Using the sample - Exposing Jaeger Tracing and Prometheus monitoring browser interfaces - Modifying run-time micro-service configuration including modifying load balancer server list and adding a custom snort rule - Uninstalling the sample - Updated overview with service description, table and traffic flow description, general edits - Link to A/B configuration guide and doc index file - Additional edits - Diagram for Jaeger UI with SDC Change-Id: I5d851316c05a9e1bd48c8aab5511a98116e6893d Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-24Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Simplification of Clover Fraser official docs (Double commit from master:I89adbef74aa74071a055dcdf62aa0925e263ffe3, gerrit 56167) Change-Id: I86f12d5ba67f09177eca758c184c614ee9d6dd9d Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
2018-04-24Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Fix snort rule with blank content & WR packet in alert" - Fix snort rule with blank content & WR packet in alert - Fix bug with addition of content field in rule definition that causes rules with a blank content fields to inhibit snort from starting successfully. - Write more of the packet data for snort alert into Redis - Above includes X-Real-IP, X-Forwarded-For header fields for http traffic from proxy that shows source IP Some packet data is missing in alerts from snort. Change-Id: I2c5c29e514d1ca9e8e5b9b3f7990afa87c6311b9 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-24Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Fraser official docs simplification [TBD]: link to configguide for sample VNF, link to A-B testing configguide Change-Id: I89adbef74aa74071a055dcdf62aa0925e263ffe3 Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
2018-04-19Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Add section to help user understand how logging works" - Add section to help user understand how logging works Change-Id: Iebfb747450cc08e930eabd36a87670236b23ffff Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-04-19Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Cover validation of elasticsearch cluster" - Cover validation of elasticsearch cluster - cluster health is not red - indics found - log entry created by istio found - requests in and out http load balance matches pytest is used as the test runner and wrapped in `validate.py` Change-Id: Iad540b69d05118fadc97df679cf3424513c15e38 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-04-19Update git submodulesrpaik1-0/+0
* Update docs/submodules/clover from branch 'master' - Minor edits to release notes and user guides Change-Id: I093fb995f108194367334c4215780b5884d0207a Signed-off-by: rpaik <rpaik@linuxfoundation.org>
2018-04-17Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Remove unused argument" - Remove unused argument `BRANCH` is no longer required since we copy source code from working directory instead of remote git repository. Change-Id: I44776538a9efbca72e8d165e7790603cdafbe395 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-04-17Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Added dependent python packages to Clover container" - Added dependent python packages to Clover container - Added pip grpcio and argparse packages to docker build - Allows service (nginx/snort) client sample scripts to be executed using the Clover container without having to clone the repo Change-Id: Ifeda6d58a9a381cb80372255f41ad703a089ea4b Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-17Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Extended snort rule add to allow content field" - Extended snort rule add to allow content field - Exposed the 'content' field in the GRPC server AddRules method - Allows the 'MALWARE-CNC User-Agent ASafaWeb Scan' signature in the community rules to be copied to local rules - Above ensures more deterministic alerts by snort each time the signature is hit - Added here to support the SDC configuration guide, which details how to add this scan rule via GRPC client script Change-Id: I6945c1e500075444134543bb9eb6003a03f1d5cc Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-15Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Add SDC deploy/clean scripts" - Add SDC deploy/clean scripts - Added deploy/clean scripts for use in Clover container - Deployment of entire SDC scenario - Deployment includes istio install for manual sidecar injection without TLS authentication (deploy.sh) - Added Jaeger tracing and Prometheus monitoring install (view.sh) - Exposes NodePort for monitoring/tracing to access UIs outside of cluster - Clean.sh attempts to remove all of the above Change-Id: Id9548a77d71465a814a6e0cb1cbdf02d37235590 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-14Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Add support for install istio of specified version" - Add support for install istio of specified version Change-Id: Ibfe0002daff58d30e7fffbb8828d8853a7e963a6 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-04-13Update git submodulesCédric Ollivier1-0/+0
* Update docs/submodules/clover from branch 'master' - Updated from global requirements Change-Id: Ieeaf87ab920f1862e3a1b9ac3316d387ff64954f Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2018-04-12Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Update from requirements" - Update from requirements Pipfile.lock ensures a consistent environment Change-Id: Id2e544c77a67ce8fa010fba9c357735496f62a26 Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-04-12Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Create index to be included in opnfvdocs site" - Create index to be included in opnfvdocs site Change-Id: Icbfe547697a8d879f4af8d9f9fbde2211b63129c Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-04-12Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Modified validation script for tracing to support CI" - Modified validation script for tracing to support CI - Changed default Jaeger ports to 16686 for use with basic kubernetes port-forward and CI scripts - Added CLI to validate script to disable istio service check by default. This requires at least a single http request to istio-ingress after Jaeger deployment. It can be enabled with 'python validate.py -s'. Port and IP address for Jaeger can optionally be specified with '-ip' and '-port' options - Modified tracing doc to add k8s port-forward example in addition to k8s expose Change-Id: I10fb4d3cccfa50370d44ed7446f67a49c538bba9 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-11Update git submodulesCédric Ollivier1-0/+0
* Update docs/submodules/clover from branch 'master' - Updated from global requirements Change-Id: I9e6c925744ed928f7a5c6fbe54942e8b3895b1b9 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2018-04-05Update git submodulesEddie Arrage1-0/+0
* Update docs/submodules/clover from branch 'master' - Add existing public redis pod/service - Use a community yaml for redis in k8s as simple data store - Redis can be used for tracing and also by the snort-ids to store alerts that can be processed by other services - If flannel is used, the redis CLI can be accessed on the host OS with redis-cli -h <flannel ip> - Within the k8s cluster, the redis service can be accessed with DNS using name 'redis' - The same yaml for redis is also included in toplevel manifest for SDC scenario. Included here if intention is to use separately (tracing only) Change-Id: Ibad283a4cc8938fe01f5de6b7743bdb5511be3af Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-05Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Fix Nginx lb in k8s/istio" - Fix Nginx lb in k8s/istio - Provide workaround to make nginx lb work properly - nginx_client sample can modify default load balancing from three to two servers at runtime - Ensure port 9180 is used for default deploy for lb and servers - Modify render_yaml to specify deploy_name so that clover-server1, 2, 3 can be used for default lb config - Ensure proxy template is aligned to lb to allow the source IP from originating host to be propagated to final destination - Fix default nginx proxy server_name to 'proxy-access-control' and change default proxy destination to 'http-lb' - Split lb service_type to 'lbv1' and 'lbv2' to provide an example of how to modify the run-time configuration of the load balancer after deployment - modify http-lb-v2 to use clover-server4/5 instead of the defualt clover-server1/2/3 - modify http-lb-v1 to use clover-server1/2 instead of 1/2/3 - Aligned pod IP retrival method with nginx_client.py Change-Id: I73fa60a69c93ae1e82a477ef6283c00f67a21360 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-05Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Added toplevel manifests for SDC sample scenario" - Added toplevel manifests for SDC sample scenario - Added missing k8s manifest yaml files for overall service delivery controller scenario - cannot be deployed coherently without this manifest - One file for private docker registry and one for opnfv public registry - Outlined in JIRA ticket CLOVER-16 and validated per description - Includes ingress rule, community redis pod/service and deployments for http-lb (v1/v2), snort-ids, proxy-access-controller, and clover-server1-5 - All above pod/deployment naming matches default container configuration - Tested with istio manual injection Change-Id: Ia03782b38020d744ab00c99adbf4832d15bbd9f3 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-05Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Aligned snort-ids default config for SDC scenario" - Aligned snort-ids default config for SDC scenario - Modified snort-ids alert process to use k8s DNS name 'proxy-access-control' to align with SDC scenario naming - Added default port 50054 to the manifest yaml template and rendering script for communication with proxy-access-control Change-Id: Ib04ee75e5d8ea9921b16b3b4469bed87b1cd2018 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-04-05Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Move design document to dedicated folder" - Move design document to dedicated folder Change-Id: I20c85b7116cd2b29d0efcaae5ee0b0381a685bbb Signed-off-by: Yujun Zhang <zhang.yujunz@zte.com.cn>
2018-04-04Update git submodulesQiLiang1-0/+0
* Update docs/submodules/clover from branch 'master' - Add clover initial docker image build script - install dependent deb/pip packages - install basic tools istioctl, kubectl - install clover source code - build/upload docker image script - update requirements.txt - update module import path - To use this image use need setup kube-config file. e.g. `docker run -v /root/config:/root/.kube/config -it clover bash` Change-Id: I91044bb99ce8e2b785ef03212d961a97b3d42233 Signed-off-by: QiLiang <liangqi1@huawei.com>
2018-03-31Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Clover initial commit for servicemesh/route_rules, orchestration/kube_client, and tools/clover_validate_rr" - Clover initial commit for servicemesh/route_rules, orchestration/kube_client, and tools/clover_validate_rr Add an 'orchestration' directory. Please note that 'orchestration' does NOT mean Clover does any orchestration --- similar to how Clover doesn't by itself implement tracing or logging, orchestration is a directory for code related to Docker orchestration client --- such as k8s client kube_client utilizes the Kubernetes python client (a dependency) to perform tasks against Kubernetes API server. For this commit, it is only tested for weighted route rule verification, it does three tasks: (1) get a list of pods under a namespace --- pod dictionary now only contains pod name and label dictionary: used to match pod name with the node name in traces from OpenTracing (2) check to see if a particular pod is up in a particular namespace: used to check if Istio pods are running in istio-system namespace (3) check if a container exists in a list of pods under a namespace: used to check if application pods have istio-proxy container running route_rule directly invokes istioctl as there isn't any Istio Python client yet. Currently it reads and parses routerules from Istio, and validates if a particular trace result matches the routerules Finally, a sample tool clover_validate_rr is provided. This tool assumes a previous test has been ran (with an id with both the route-rule-under-test and corresponding traces are stored --- currently the assumption is tests were ran with redis-master running on system). The tool can be invoked: python clover_validate_rr.py -t <test-id> -s <service name> where test-id is the ID of the test (most likely uuid) and service name is the name of the service running in the Kubernetes cluster upon which test traces should be fetched against Change-Id: Ic8ab6efc23c71ac4643bee796ef986a86f6fc7dd Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
2018-03-31Update git submodulesStephen Wong1-0/+0
* Update docs/submodules/clover from branch 'master' - Merge "Added initial nginx services" - Added initial nginx services - Proxy allows ingress traffic to be sent to another element in service mesh - Mirroring is also in the default configuration - Default configuration is to proxy to a clover-server and mirror to snort-ids - A location_path (URI in HTTP requests) can be reconfigured to restrict proxing; default to '/' - A proxy_path can be reconfigured to specify an alternate destination - A mirror path can be reconfigured to specify where traffic will be spanned - The default server_port (listen port) for the proxy is 9180 but can be reconfigured - The default server_name is http-proxy but can be reconfigured - Reconfiguration is done over GRPC with jinja2 template for nginx - Currently snort ids sends alerts to proxy with stub code in GRPC - Refactored the code to have a nginx base with subservices - Proxy, Load Balancer (lb), and Server can share code - mainly GRPC server - Nginx subservices have separate docker builds - Improved build scripts for CI - Render yaml manifests dynamically - Improve nginx_client for runtime modifications (but not really useful yet) Change-Id: Icbff6890021bcc8a8da4690c9261205d6e1ca43a Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
2018-03-31Update git submodulesEddie Arrage1-0/+0
* Update docs/submodules/clover from branch 'master' - Develop snort IDS and content inspect service - Initial commit to show potential structure of a sample service - This wil be part of a larger sample application currently dubbed Service Delivery Controller - Docker container needs to be built and employs open-source Linux packages - Service is deployable in Istio service mesh using provided yaml - Control snort daemon and add custom rules with GRPC messaging - Process snort alerts actively and send to redis and upstream service mesh components - Integrates a web server for better HTTP signature detection - Improved build script for CI with variables - Render k8s yaml snort manifest dynamically with command line options - Improve snort_client sample script for runtime modifications including passing args on CLI, error checking - Update nginx proxy interface - Added logging to snort server and alert process Change-Id: Ic56f9fcd9ed21f64b84b85ac8ee280d69af7b7c9 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>