l3_centralizedattackdetectorservice.yaml

# Copyright 2022-2023 ETSI TeraFlowSDN - TFS OSG (https://tfs.etsi.org/)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: l3-centralizedattackdetectorservice
spec:
  selector:
    matchLabels:
      app: l3-centralizedattackdetectorservice
  template:
    metadata:
      labels:
        app: l3-centralizedattackdetectorservice
    spec:
      terminationGracePeriodSeconds: 5
      containers:
      - name: server
        image: labs.etsi.org:5050/tfs/controller/l3_centralizedattackdetector:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 10001
        - containerPort: 9192
        env:
        - name: LOG_LEVEL
          value: "DEBUG"
        - name: BATCH_SIZE
          value: "256"
        - name: CAD_CLASSIFICATION_THRESHOLD
          value: "0.5"
        - name: MONITORED_KPIS_TIME_INTERVAL_AGG
          value: "60"
        readinessProbe:
          exec:
            command: ["/bin/grpc_health_probe", "-addr=:10001"]
        livenessProbe:
          exec:
            command: ["/bin/grpc_health_probe", "-addr=:10001"]
        resources:
          requests:
            cpu: 250m
            memory: 512Mi
          limits:
            cpu: 700m
            memory: 1024Mi
---
apiVersion: v1
kind: Service
metadata:
  name: l3-centralizedattackdetectorservice
  labels:
    app: l3-centralizedattackdetectorservice
spec:
  type: ClusterIP
  selector:
    app: l3-centralizedattackdetectorservice
  ports:
  - name: metrics
    protocol: TCP
    port: 9192
    targetPort: 9192
  - name: grpc
    port: 10001
    targetPort: 10001

---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: l3-centralizedattackdetectorservice-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: l3-centralizedattackdetectorservice
  minReplicas: 1
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 80
  behavior:
    scaleDown:
      stabilizationWindowSeconds: 120
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: tfs-l3-centralizedattackdetectorservice-metric
  labels:
    app: l3-centralizedattackdetectorservice
    #release: prometheus
    #release: prom  # name of the release 
    # ( VERY IMPORTANT: You need to know the correct release name by viewing 
    #   the servicemonitor of Prometheus itself: Without the correct name, 
    #   Prometheus cannot identify the metrics of the Flask app as the target.)
spec:
  selector:
    matchLabels:
      # Target app service
      #namespace: tfs
      app: l3-centralizedattackdetectorservice # same as above
      #release: prometheus # same as above
  endpoints:
  - port: metrics # named port in target app
    scheme: http
    path: /metrics # path to scrape
    interval: 5s # scrape interval
  namespaceSelector:
    any: false
    matchNames:
    - tfs # namespace where the app is running