Loading expose_ingress_grpc.sh +1 −1 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ export TFS_K8S_NAMESPACE=${TFS_K8S_NAMESPACE:-"tfs"} # If not already set, set the list of components you want to build images for, and deploy. export TFS_COMPONENTS=${TFS_COMPONENTS:-"context device automation policy service compute monitoring dbscanserving opticalattackmitigator opticalcentralizedattackdetector webui"} export TFS_COMPONENTS=${TFS_COMPONENTS:-"context device automation policy service compute monitoring dbscanserving opticalattackmitigator opticalcentralizedattackdetector l3_attackmitigator l3_centralizedattackdetector webui"} ######################################################################################################################## # Automated steps start here Loading manifests/l3_attackmitigatorservice.yaml +59 −0 Original line number Diff line number Diff line Loading @@ -32,6 +32,7 @@ spec: imagePullPolicy: Always ports: - containerPort: 10002 - containerPort: 9192 env: - name: LOG_LEVEL value: "DEBUG" Loading @@ -53,11 +54,69 @@ apiVersion: v1 kind: Service metadata: name: l3-attackmitigatorservice labels: app: l3-attackmitigatorservice spec: type: ClusterIP selector: app: l3-attackmitigatorservice ports: - name: metrics protocol: TCP port: 9192 targetPort: 9192 - name: grpc port: 10002 targetPort: 10002 --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: l3-attackmitigatorservice-hpa spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: l3-attackmitigatorservice minReplicas: 1 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 80 behavior: scaleDown: stabilizationWindowSeconds: 120 --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: tfs-l3-attackmitigatorservice-metric labels: app: l3-attackmitigatorservice #release: prometheus #release: prom # name of the release # ( VERY IMPORTANT: You need to know the correct release name by viewing # the servicemonitor of Prometheus itself: Without the correct name, # Prometheus cannot identify the metrics of the Flask app as the target.) spec: selector: matchLabels: # Target app service #namespace: tfs app: l3-attackmitigatorservice # same as above #release: prometheus # same as above endpoints: - port: metrics # named port in target app scheme: http path: /metrics # path to scrape interval: 5s # scrape interval namespaceSelector: any: false matchNames: - tfs # namespace where the app is running manifests/l3_centralizedattackdetectorservice.yaml +58 −0 Original line number Diff line number Diff line Loading @@ -32,6 +32,7 @@ spec: imagePullPolicy: Always ports: - containerPort: 10001 - containerPort: 9192 env: - name: LOG_LEVEL value: "DEBUG" Loading @@ -53,11 +54,68 @@ apiVersion: v1 kind: Service metadata: name: l3-centralizedattackdetectorservice labels: app: l3-centralizedattackdetectorservice spec: type: ClusterIP selector: app: l3-centralizedattackdetectorservice ports: - name: metrics protocol: TCP port: 9192 targetPort: 9192 - name: grpc port: 10001 targetPort: 10001 --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: l3-centralizedattackdetectorservice-hpa spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: l3-centralizedattackdetectorservice minReplicas: 1 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 80 behavior: scaleDown: stabilizationWindowSeconds: 120 --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: tfs-l3-centralizedattackdetectorservice-metric labels: app: l3-centralizedattackdetectorservice #release: prometheus #release: prom # name of the release # ( VERY IMPORTANT: You need to know the correct release name by viewing # the servicemonitor of Prometheus itself: Without the correct name, # Prometheus cannot identify the metrics of the Flask app as the target.) spec: selector: matchLabels: # Target app service #namespace: tfs app: l3-centralizedattackdetectorservice # same as above #release: prometheus # same as above endpoints: - port: metrics # named port in target app scheme: http path: /metrics # path to scrape interval: 5s # scrape interval namespaceSelector: any: false matchNames: - tfs # namespace where the app is running my_deploy.sh +1 −1 Original line number Diff line number Diff line Loading @@ -20,7 +20,7 @@ export TFS_REGISTRY_IMAGES="http://localhost:32000/tfs/" # Set the list of components, separated by spaces, you want to build images for, and deploy. export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui load_generator" export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui load_generator l3_attackmitigator l3_centralizedattackdetector" # Set the tag you want to use for your images. export TFS_IMAGE_TAG="dev" Loading proto/l3_attackmitigator.proto +22 −12 Original line number Diff line number Diff line Loading @@ -17,10 +17,12 @@ syntax = "proto3"; import "context.proto"; service L3Attackmitigator{ // Sends a greeting rpc SendOutput (L3AttackmitigatorOutput) returns (context.Empty) {} // Sends another greeting // Perform Mitigation rpc PerformMitigation (L3AttackmitigatorOutput) returns (context.Empty) {} // Get Mitigation rpc GetMitigation (context.Empty) returns (context.Empty) {} // Get Configured ACL Rules rpc GetConfiguredACLRules (context.Empty) returns (ACLRules) {} } Loading @@ -28,12 +30,20 @@ message L3AttackmitigatorOutput { float confidence = 1; string timestamp = 2; string ip_o = 3; string tag_name = 4; int32 tag = 5; string flow_id = 6; string protocol = 7; string port_d = 8; string ml_id = 9; float time_start = 10; float time_end = 11; string ip_d = 4; string tag_name = 5; int32 tag = 6; string flow_id = 7; string protocol = 8; string port_o = 9; string port_d = 10; string ml_id = 11; context.ServiceId service_id = 12; context.EndPointId endpoint_id = 13; float time_start = 14; float time_end = 15; } message ACLRules { repeated context.ConfigRule acl_rules = 1; } Loading
expose_ingress_grpc.sh +1 −1 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ export TFS_K8S_NAMESPACE=${TFS_K8S_NAMESPACE:-"tfs"} # If not already set, set the list of components you want to build images for, and deploy. export TFS_COMPONENTS=${TFS_COMPONENTS:-"context device automation policy service compute monitoring dbscanserving opticalattackmitigator opticalcentralizedattackdetector webui"} export TFS_COMPONENTS=${TFS_COMPONENTS:-"context device automation policy service compute monitoring dbscanserving opticalattackmitigator opticalcentralizedattackdetector l3_attackmitigator l3_centralizedattackdetector webui"} ######################################################################################################################## # Automated steps start here Loading
manifests/l3_attackmitigatorservice.yaml +59 −0 Original line number Diff line number Diff line Loading @@ -32,6 +32,7 @@ spec: imagePullPolicy: Always ports: - containerPort: 10002 - containerPort: 9192 env: - name: LOG_LEVEL value: "DEBUG" Loading @@ -53,11 +54,69 @@ apiVersion: v1 kind: Service metadata: name: l3-attackmitigatorservice labels: app: l3-attackmitigatorservice spec: type: ClusterIP selector: app: l3-attackmitigatorservice ports: - name: metrics protocol: TCP port: 9192 targetPort: 9192 - name: grpc port: 10002 targetPort: 10002 --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: l3-attackmitigatorservice-hpa spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: l3-attackmitigatorservice minReplicas: 1 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 80 behavior: scaleDown: stabilizationWindowSeconds: 120 --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: tfs-l3-attackmitigatorservice-metric labels: app: l3-attackmitigatorservice #release: prometheus #release: prom # name of the release # ( VERY IMPORTANT: You need to know the correct release name by viewing # the servicemonitor of Prometheus itself: Without the correct name, # Prometheus cannot identify the metrics of the Flask app as the target.) spec: selector: matchLabels: # Target app service #namespace: tfs app: l3-attackmitigatorservice # same as above #release: prometheus # same as above endpoints: - port: metrics # named port in target app scheme: http path: /metrics # path to scrape interval: 5s # scrape interval namespaceSelector: any: false matchNames: - tfs # namespace where the app is running
manifests/l3_centralizedattackdetectorservice.yaml +58 −0 Original line number Diff line number Diff line Loading @@ -32,6 +32,7 @@ spec: imagePullPolicy: Always ports: - containerPort: 10001 - containerPort: 9192 env: - name: LOG_LEVEL value: "DEBUG" Loading @@ -53,11 +54,68 @@ apiVersion: v1 kind: Service metadata: name: l3-centralizedattackdetectorservice labels: app: l3-centralizedattackdetectorservice spec: type: ClusterIP selector: app: l3-centralizedattackdetectorservice ports: - name: metrics protocol: TCP port: 9192 targetPort: 9192 - name: grpc port: 10001 targetPort: 10001 --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: l3-centralizedattackdetectorservice-hpa spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: l3-centralizedattackdetectorservice minReplicas: 1 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 80 behavior: scaleDown: stabilizationWindowSeconds: 120 --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: tfs-l3-centralizedattackdetectorservice-metric labels: app: l3-centralizedattackdetectorservice #release: prometheus #release: prom # name of the release # ( VERY IMPORTANT: You need to know the correct release name by viewing # the servicemonitor of Prometheus itself: Without the correct name, # Prometheus cannot identify the metrics of the Flask app as the target.) spec: selector: matchLabels: # Target app service #namespace: tfs app: l3-centralizedattackdetectorservice # same as above #release: prometheus # same as above endpoints: - port: metrics # named port in target app scheme: http path: /metrics # path to scrape interval: 5s # scrape interval namespaceSelector: any: false matchNames: - tfs # namespace where the app is running
my_deploy.sh +1 −1 Original line number Diff line number Diff line Loading @@ -20,7 +20,7 @@ export TFS_REGISTRY_IMAGES="http://localhost:32000/tfs/" # Set the list of components, separated by spaces, you want to build images for, and deploy. export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui load_generator" export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui load_generator l3_attackmitigator l3_centralizedattackdetector" # Set the tag you want to use for your images. export TFS_IMAGE_TAG="dev" Loading
proto/l3_attackmitigator.proto +22 −12 Original line number Diff line number Diff line Loading @@ -17,10 +17,12 @@ syntax = "proto3"; import "context.proto"; service L3Attackmitigator{ // Sends a greeting rpc SendOutput (L3AttackmitigatorOutput) returns (context.Empty) {} // Sends another greeting // Perform Mitigation rpc PerformMitigation (L3AttackmitigatorOutput) returns (context.Empty) {} // Get Mitigation rpc GetMitigation (context.Empty) returns (context.Empty) {} // Get Configured ACL Rules rpc GetConfiguredACLRules (context.Empty) returns (ACLRules) {} } Loading @@ -28,12 +30,20 @@ message L3AttackmitigatorOutput { float confidence = 1; string timestamp = 2; string ip_o = 3; string tag_name = 4; int32 tag = 5; string flow_id = 6; string protocol = 7; string port_d = 8; string ml_id = 9; float time_start = 10; float time_end = 11; string ip_d = 4; string tag_name = 5; int32 tag = 6; string flow_id = 7; string protocol = 8; string port_o = 9; string port_d = 10; string ml_id = 11; context.ServiceId service_id = 12; context.EndPointId endpoint_id = 13; float time_start = 14; float time_end = 15; } message ACLRules { repeated context.ConfigRule acl_rules = 1; }
