l3_centralizedattackdetectorservice.yaml

# Copyright 2022-2023 ETSI TeraFlowSDN - TFS OSG (https://tfs.etsi.org/)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: l3-centralizedattackdetectorservice
spec:
  selector:
    matchLabels:
      app: l3-centralizedattackdetectorservice
  template:
    metadata:
      labels:
        app: l3-centralizedattackdetectorservice
    spec:
      terminationGracePeriodSeconds: 5
      containers:
        - name: server
          image: labs.etsi.org:5050/tfs/controller/l3_centralizedattackdetector:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 10001
            - containerPort: 9192
          env:
            - name: LOG_LEVEL
              value: "INFO"
            - name: BATCH_SIZE
              value: "256"
            - name: CAD_CLASSIFICATION_THRESHOLD
              value: "0.5"
            - name: MONITORED_KPIS_TIME_INTERVAL_AGG
              value: "60"
            - name: TEST_ML_MODEL
              value: "0"
          readinessProbe:
            exec:
              command: ["/bin/grpc_health_probe", "-addr=:10001"]
          livenessProbe:
            exec:
              command: ["/bin/grpc_health_probe", "-addr=:10001"]
          resources:
            requests:
              cpu: 250m
              memory: 512Mi
            limits:
              cpu: 700m
              memory: 1024Mi
---
apiVersion: v1
kind: Service
metadata:
  name: l3-centralizedattackdetectorservice
  labels:
    app: l3-centralizedattackdetectorservice
spec:
  type: ClusterIP
  selector:
    app: l3-centralizedattackdetectorservice
  ports:
    - name: metrics
      protocol: TCP
      port: 9192
      targetPort: 9192
    - name: grpc
      port: 10001
      targetPort: 10001

---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: l3-centralizedattackdetectorservice-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: l3-centralizedattackdetectorservice
  minReplicas: 1
  maxReplicas: 10
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: 80
  behavior:
    scaleDown:
      stabilizationWindowSeconds: 120
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: tfs-l3-centralizedattackdetectorservice-metric
  labels:
    app: l3-centralizedattackdetectorservice
    #release: prometheus
    #release: prom  # name of the release
    # ( VERY IMPORTANT: You need to know the correct release name by viewing
    #   the servicemonitor of Prometheus itself: Without the correct name,
    #   Prometheus cannot identify the metrics of the Flask app as the target.)
spec:
  selector:
    matchLabels:
      # Target app service
      #namespace: tfs
      app: l3-centralizedattackdetectorservice # same as above
      #release: prometheus # same as above
  endpoints:
    - port: metrics # named port in target app
      scheme: http
      path: /metrics # path to scrape
      interval: 5s # scrape interval
  namespaceSelector:
    any: false
    matchNames:
      - tfs # namespace where the app is running