Merge branch 'feat/86-testing-configurations-for-ddos-protection' into 'develop' (3d676eaf) · Commits · TFS / controller

deploy/all.sh

+48 −5

Original line number	Diff line number	Diff line
		@@ -27,7 +27,44 @@ export TFS_REGISTRY_IMAGES=${TFS_REGISTRY_IMAGES:-"http://localhost:32000/tfs/"}

		# If not already set, set the list of components, separated by spaces, you want to build images for, and deploy.
		# By default, only basic components are deployed
		export TFS_COMPONENTS=${TFS_COMPONENTS:-"context device ztp monitoring pathcomp service slice nbi webui load_generator"}
		export TFS_COMPONENTS=${TFS_COMPONENTS:-"context device pathcomp service slice nbi webui load_generator"}

		# Uncomment to activate Monitoring
		#export TFS_COMPONENTS="${TFS_COMPONENTS} monitoring"

		# Uncomment to activate BGP-LS Speaker
		#export TFS_COMPONENTS="${TFS_COMPONENTS} bgpls_speaker"

		# Uncomment to activate Optical Controller
		# To manage optical connections, "service" requires "opticalcontroller" to be deployed
		# before "service", thus we "hack" the TFS_COMPONENTS environment variable prepending the
		# "opticalcontroller" only if "service" is already in TFS_COMPONENTS, and re-export it.
		#if [[ "$TFS_COMPONENTS" == "service" ]]; then
		# BEFORE="${TFS_COMPONENTS% service*}"
		# AFTER="${TFS_COMPONENTS#* service}"
		# export TFS_COMPONENTS="${BEFORE} opticalcontroller service ${AFTER}"
		#fi

		# Uncomment to activate ZTP
		#export TFS_COMPONENTS="${TFS_COMPONENTS} ztp"

		# Uncomment to activate Policy Manager
		#export TFS_COMPONENTS="${TFS_COMPONENTS} policy"

		# Uncomment to activate Optical CyberSecurity
		#export TFS_COMPONENTS="${TFS_COMPONENTS} dbscanserving opticalattackmitigator opticalattackdetector opticalattackmanager"

		# Uncomment to activate L3 CyberSecurity
		#export TFS_COMPONENTS="${TFS_COMPONENTS} l3_attackmitigator l3_centralizedattackdetector"

		# Uncomment to activate TE
		#export TFS_COMPONENTS="${TFS_COMPONENTS} te"

		# Uncomment to activate Forecaster
		#export TFS_COMPONENTS="${TFS_COMPONENTS} forecaster"

		# Uncomment to activate E2E Orchestrator
		#export TFS_COMPONENTS="${TFS_COMPONENTS} e2e_orchestrator"

		# If not already set, set the tag you want to use for your images.
		export TFS_IMAGE_TAG=${TFS_IMAGE_TAG:-"dev"}
		@@ -67,8 +104,6 @@ export CRDB_PASSWORD=${CRDB_PASSWORD:-"tfs123"}
		export CRDB_DATABASE=${CRDB_DATABASE:-"tfs"}

		# If not already set, set CockroachDB installation mode. Accepted values are: 'single' and 'cluster'.
		# "YES", the database pointed by variable CRDB_NAMESPACE will be dropped while
		# checking/deploying CockroachDB.
		# - If CRDB_DEPLOY_MODE is "single", CockroachDB is deployed in single node mode. It is convenient for
		# development and testing purposes and should fit in a VM. IT SHOULD NOT BE USED IN PRODUCTION ENVIRONMENTS.
		# - If CRDB_DEPLOY_MODE is "cluster", CockroachDB is deployed in cluster mode, and an entire CockroachDB cluster
		@@ -80,7 +115,7 @@ export CRDB_DEPLOY_MODE=${CRDB_DEPLOY_MODE:-"single"}

		# If not already set, disable flag for dropping database, if it exists.
		# WARNING: ACTIVATING THIS FLAG IMPLIES LOOSING THE DATABASE INFORMATION!
		# If CRDB_DROP_DATABASE_IF_EXISTS is "YES", the database pointed by variable CRDB_NAMESPACE will be dropped while
		# If CRDB_DROP_DATABASE_IF_EXISTS is "YES", the database pointed by variable CRDB_DATABASE will be dropped while
		# checking/deploying CockroachDB.
		export CRDB_DROP_DATABASE_IF_EXISTS=${CRDB_DROP_DATABASE_IF_EXISTS:-""}

		@@ -102,6 +137,14 @@ export NATS_EXT_PORT_CLIENT=${NATS_EXT_PORT_CLIENT:-"4222"}
		# If not already set, set the external port NATS HTTP Mgmt GUI interface will be exposed to.
		export NATS_EXT_PORT_HTTP=${NATS_EXT_PORT_HTTP:-"8222"}

		# If not already set, set NATS installation mode. Accepted values are: 'single' and 'cluster'.
		# - If NATS_DEPLOY_MODE is "single", NATS is deployed in single node mode. It is convenient for
		# development and testing purposes and should fit in a VM. IT SHOULD NOT BE USED IN PRODUCTION ENVIRONMENTS.
		# - If NATS_DEPLOY_MODE is "cluster", NATS is deployed in cluster mode, and an entire NATS cluster
		# with 3 replicas (set by default) will be deployed. It is convenient for production and
		# provides scalability features.
		export NATS_DEPLOY_MODE=${NATS_DEPLOY_MODE:-"single"}

		# If not already set, disable flag for re-deploying NATS from scratch.
		# WARNING: ACTIVATING THIS FLAG IMPLIES LOOSING THE MESSAGE BROKER INFORMATION!
		# If NATS_REDEPLOY is "YES", the message broker will be dropped while checking/deploying NATS.

deploy/crdb.sh

+5 −7

Original line number	Diff line number	Diff line
		@@ -37,8 +37,6 @@ export CRDB_PASSWORD=${CRDB_PASSWORD:-"tfs123"}
		export CRDB_DATABASE=${CRDB_DATABASE:-"tfs"}

		# If not already set, set CockroachDB installation mode. Accepted values are: 'single' and 'cluster'.
		# "YES", the database pointed by variable CRDB_NAMESPACE will be dropped while
		# checking/deploying CockroachDB.
		# - If CRDB_DEPLOY_MODE is "single", CockroachDB is deployed in single node mode. It is convenient for
		# development and testing purposes and should fit in a VM. IT SHOULD NOT BE USED IN PRODUCTION ENVIRONMENTS.
		# - If CRDB_DEPLOY_MODE is "cluster", CockroachDB is deployed in cluster mode, and an entire CockroachDB cluster
		@@ -48,7 +46,7 @@ export CRDB_DATABASE=${CRDB_DATABASE:-"tfs"}
		# Ref: https://www.cockroachlabs.com/docs/stable/recommended-production-settings.html
		export CRDB_DEPLOY_MODE=${CRDB_DEPLOY_MODE:-"single"}

		# If not already set, disable flag for dropping database if exists.
		# If not already set, disable flag for dropping database, if it exists.
		# WARNING: ACTIVATING THIS FLAG IMPLIES LOOSING THE DATABASE INFORMATION!
		# If CRDB_DROP_DATABASE_IF_EXISTS is "YES", the database pointed by variable CRDB_DATABASE will be dropped while
		# checking/deploying CockroachDB.
		@@ -79,7 +77,7 @@ function crdb_deploy_single() {
		kubectl create namespace ${CRDB_NAMESPACE}
		echo

		echo "CockroachDB (single-node)"
		echo "CockroachDB (single-mode)"
		echo ">>> Checking if CockroachDB is deployed..."
		if kubectl get --namespace ${CRDB_NAMESPACE} statefulset/cockroachdb &> /dev/null; then
		echo ">>> CockroachDB is present; skipping step."
		@@ -139,7 +137,7 @@ function crdb_deploy_single() {
		}

		function crdb_undeploy_single() {
		echo "CockroachDB"
		echo "CockroachDB (single-mode)"
		echo ">>> Checking if CockroachDB is deployed..."
		if kubectl get --namespace ${CRDB_NAMESPACE} statefulset/cockroachdb &> /dev/null; then
		echo ">>> Undeploy CockroachDB"
		@@ -223,7 +221,7 @@ function crdb_deploy_cluster() {
		kubectl create namespace ${CRDB_NAMESPACE}
		echo

		echo "CockroachDB"
		echo "CockroachDB (cluster-mode)"
		echo ">>> Checking if CockroachDB is deployed..."
		if kubectl get --namespace ${CRDB_NAMESPACE} statefulset/cockroachdb &> /dev/null; then
		echo ">>> CockroachDB is present; skipping step."
		@@ -319,7 +317,7 @@ function crdb_undeploy_cluster() {
		fi
		echo

		echo "CockroachDB"
		echo "CockroachDB (cluster-mode)"
		echo ">>> Checking if CockroachDB is deployed..."
		if kubectl get --namespace ${CRDB_NAMESPACE} statefulset/cockroachdb &> /dev/null; then
		echo ">>> Undeploy CockroachDB"

deploy/nats.sh

+106 −6

Original line number	Diff line number	Diff line
		@@ -27,6 +27,14 @@ export NATS_EXT_PORT_CLIENT=${NATS_EXT_PORT_CLIENT:-"4222"}
		# If not already set, set the external port NATS HTTP Mgmt GUI interface will be exposed to.
		export NATS_EXT_PORT_HTTP=${NATS_EXT_PORT_HTTP:-"8222"}

		# If not already set, set NATS installation mode. Accepted values are: 'single' and 'cluster'.
		# - If NATS_DEPLOY_MODE is "single", NATS is deployed in single node mode. It is convenient for
		# development and testing purposes and should fit in a VM. IT SHOULD NOT BE USED IN PRODUCTION ENVIRONMENTS.
		# - If NATS_DEPLOY_MODE is "cluster", NATS is deployed in cluster mode, and an entire NATS cluster
		# with 3 replicas (set by default) will be deployed. It is convenient for production and
		# provides scalability features.
		export NATS_DEPLOY_MODE=${NATS_DEPLOY_MODE:-"single"}

		# If not already set, disable flag for re-deploying NATS from scratch.
		# WARNING: ACTIVATING THIS FLAG IMPLIES LOOSING THE MESSAGE BROKER INFORMATION!
		# If NATS_REDEPLOY is "YES", the message broker will be dropped while checking/deploying NATS.
		@@ -37,6 +45,14 @@ export NATS_REDEPLOY=${NATS_REDEPLOY:-""}
		# Automated steps start here
		########################################################################################################################

		# Constants
		TMP_FOLDER="./tmp"
		NATS_MANIFESTS_PATH="manifests/nats"

		# Create a tmp folder for files modified during the deployment
		TMP_MANIFESTS_FOLDER="${TMP_FOLDER}/${NATS_NAMESPACE}/manifests"
		mkdir -p $TMP_MANIFESTS_FOLDER

		function nats_deploy_single() {
		echo "NATS Namespace"
		echo ">>> Create NATS Namespace (if missing)"
		@@ -47,17 +63,85 @@ function nats_deploy_single() {
		helm3 repo add nats https://nats-io.github.io/k8s/helm/charts/
		echo

		echo "Install NATS (single-mode)"
		echo ">>> Checking if NATS is deployed..."
		if kubectl get --namespace ${NATS_NAMESPACE} statefulset/${NATS_NAMESPACE} &> /dev/null; then
		echo ">>> NATS is present; skipping step."
		else
		echo ">>> Deploy NATS"
		helm3 install ${NATS_NAMESPACE} nats/nats --namespace ${NATS_NAMESPACE} --set nats.image=nats:2.9-alpine --set config.cluster.enabled=true --set config.cluster.tls.enabled=true


		echo ">>> Waiting NATS statefulset to be created..."
		while ! kubectl get --namespace ${NATS_NAMESPACE} statefulset/${NATS_NAMESPACE} &> /dev/null; do
		printf "%c" "."
		sleep 1
		done

		# Wait for statefulset condition "Available=True" does not work
		# Wait for statefulset condition "jsonpath='{.status.readyReplicas}'=3" throws error:
		# "error: readyReplicas is not found"
		# Workaround: Check the pods are ready
		#echo ">>> NATS statefulset created. Waiting for readiness condition..."
		#kubectl wait --namespace ${NATS_NAMESPACE} --for=condition=Available=True --timeout=300s statefulset/nats
		#kubectl wait --namespace ${NATS_NAMESPACE} --for=jsonpath='{.status.readyReplicas}'=3 --timeout=300s \
		# statefulset/nats
		echo ">>> NATS statefulset created. Waiting NATS pods to be created..."
		while ! kubectl get --namespace ${NATS_NAMESPACE} pod/${NATS_NAMESPACE}-0 &> /dev/null; do
		printf "%c" "."
		sleep 1
		done
		kubectl wait --namespace ${NATS_NAMESPACE} --for=condition=Ready --timeout=300s pod/${NATS_NAMESPACE}-0
		fi
		echo

		echo "NATS Port Mapping"
		echo ">>> Expose NATS Client port (4222->${NATS_EXT_PORT_CLIENT})"
		NATS_PORT_CLIENT=$(kubectl --namespace ${NATS_NAMESPACE} get service ${NATS_NAMESPACE} -o 'jsonpath={.spec.ports[?(@.name=="client")].port}')
		PATCH='{"data": {"'${NATS_EXT_PORT_CLIENT}'": "'${NATS_NAMESPACE}'/'${NATS_NAMESPACE}':'${NATS_PORT_CLIENT}'"}}'
		kubectl patch configmap nginx-ingress-tcp-microk8s-conf --namespace ingress --patch "${PATCH}"

		PORT_MAP='{"containerPort": '${NATS_EXT_PORT_CLIENT}', "hostPort": '${NATS_EXT_PORT_CLIENT}'}'
		CONTAINER='{"name": "nginx-ingress-microk8s", "ports": ['${PORT_MAP}']}'
		PATCH='{"spec": {"template": {"spec": {"containers": ['${CONTAINER}']}}}}'
		kubectl patch daemonset nginx-ingress-microk8s-controller --namespace ingress --patch "${PATCH}"
		echo

		echo ">>> Expose NATS HTTP Mgmt GUI port (8222->${NATS_EXT_PORT_HTTP})"
		NATS_PORT_HTTP=$(kubectl --namespace ${NATS_NAMESPACE} get service ${NATS_NAMESPACE} -o 'jsonpath={.spec.ports[?(@.name=="monitor")].port}')
		PATCH='{"data": {"'${NATS_EXT_PORT_HTTP}'": "'${NATS_NAMESPACE}'/'${NATS_NAMESPACE}':'${NATS_PORT_HTTP}'"}}'
		kubectl patch configmap nginx-ingress-tcp-microk8s-conf --namespace ingress --patch "${PATCH}"

		PORT_MAP='{"containerPort": '${NATS_EXT_PORT_HTTP}', "hostPort": '${NATS_EXT_PORT_HTTP}'}'
		CONTAINER='{"name": "nginx-ingress-microk8s", "ports": ['${PORT_MAP}']}'
		PATCH='{"spec": {"template": {"spec": {"containers": ['${CONTAINER}']}}}}'
		kubectl patch daemonset nginx-ingress-microk8s-controller --namespace ingress --patch "${PATCH}"
		echo
		}


		function nats_deploy_cluster() {
		echo "NATS Namespace"
		echo ">>> Create NATS Namespace (if missing)"
		kubectl create namespace ${NATS_NAMESPACE}
		echo

		echo "Add NATS Helm Chart"
		helm3 repo add nats https://nats-io.github.io/k8s/helm/charts/
		echo

		echo "Upgrade NATS Helm Chart"
		helm3 repo update nats
		echo

		echo "Install NATS (single-node)"
		echo "Install NATS (cluster-mode)"
		echo ">>> Checking if NATS is deployed..."
		if kubectl get --namespace ${NATS_NAMESPACE} statefulset/${NATS_NAMESPACE} &> /dev/null; then
		echo ">>> NATS is present; skipping step."
		else
		echo ">>> Deploy NATS"
		helm3 install ${NATS_NAMESPACE} nats/nats --namespace ${NATS_NAMESPACE} --set nats.image=nats:2.9-alpine
		cp "${NATS_MANIFESTS_PATH}/cluster.yaml" "${TMP_MANIFESTS_FOLDER}/nats_cluster.yaml"
		helm3 install ${NATS_NAMESPACE} nats/nats --namespace ${NATS_NAMESPACE} -f "${TMP_MANIFESTS_FOLDER}/nats_cluster.yaml"

		echo ">>> Waiting NATS statefulset to be created..."
		while ! kubectl get --namespace ${NATS_NAMESPACE} statefulset/${NATS_NAMESPACE} &> /dev/null; do
		@@ -78,7 +162,17 @@ function nats_deploy_single() {
		printf "%c" "."
		sleep 1
		done
		while ! kubectl get --namespace ${NATS_NAMESPACE} pod/${NATS_NAMESPACE}-1 &> /dev/null; do
		printf "%c" "."
		sleep 1
		done
		while ! kubectl get --namespace ${NATS_NAMESPACE} pod/${NATS_NAMESPACE}-2 &> /dev/null; do
		printf "%c" "."
		sleep 1
		done
		kubectl wait --namespace ${NATS_NAMESPACE} --for=condition=Ready --timeout=300s pod/${NATS_NAMESPACE}-0
		kubectl wait --namespace ${NATS_NAMESPACE} --for=condition=Ready --timeout=300s pod/${NATS_NAMESPACE}-1
		kubectl wait --namespace ${NATS_NAMESPACE} --for=condition=Ready --timeout=300s pod/${NATS_NAMESPACE}-2
		fi
		echo

		@@ -110,7 +204,7 @@ function nats_deploy_single() {
		echo
		}

		function nats_undeploy_single() {
		function nats_undeploy() {
		echo "NATS"
		echo ">>> Checking if NATS is deployed..."
		if kubectl get --namespace ${NATS_NAMESPACE} statefulset/${NATS_NAMESPACE} &> /dev/null; then
		@@ -128,7 +222,13 @@ function nats_undeploy_single() {
		}

		if [ "$NATS_REDEPLOY" == "YES" ]; then
		nats_undeploy_single
		nats_undeploy
		fi

		if [ "$NATS_DEPLOY_MODE" == "single" ]; then
		nats_deploy_single
		elif [ "$NATS_DEPLOY_MODE" == "cluster" ]; then
		nats_deploy_cluster
		else
		echo "Unsupported value: NATS_DEPLOY_MODE=$NATS_DEPLOY_MODE"
		fi
		No newline at end of file

deploy/qdb.sh

+1 −1

Original line number	Diff line number	Diff line
		@@ -44,7 +44,7 @@ export QDB_TABLE_SLICE_GROUPS=${QDB_TABLE_SLICE_GROUPS:-"tfs_slice_groups"}

		# If not already set, disable flag for dropping tables if they exist.
		# WARNING: ACTIVATING THIS FLAG IMPLIES LOOSING THE TABLE INFORMATION!
		# If QDB_DROP_TABLES_IF_EXIST is "YES", the table pointed by variables
		# If QDB_DROP_TABLES_IF_EXIST is "YES", the tables pointed by variables
		# QDB_TABLE_MONITORING_KPIS and QDB_TABLE_SLICE_GROUPS will be dropped
		# while checking/deploying QuestDB.
		export QDB_DROP_TABLES_IF_EXIST=${QDB_DROP_TABLES_IF_EXIST:-""}

manifests/cockroachdb/cluster.yaml

+10 −15

Original line number	Diff line number	Diff line
		@@ -52,18 +52,13 @@ spec:
		# disabled by default. To enable please see the operator.yaml file.

		# The affinity field will accept any podSpec affinity rule.
		# affinity:
		# podAntiAffinity:
		# preferredDuringSchedulingIgnoredDuringExecution:
		# - weight: 100
		# podAffinityTerm:
		# labelSelector:
		# matchExpressions:
		# - key: app.kubernetes.io/instance
		# operator: In
		# values:
		# - cockroachdb
		# topologyKey: kubernetes.io/hostname
		topologySpreadConstraints:
		- maxSkew: 1
		topologyKey: kubernetes.io/hostname
		whenUnsatisfiable: ScheduleAnyway
		labelSelector:
		matchLabels:
		app.kubernetes.io/instance: cockroachdb

		# nodeSelectors used to match against
		# nodeSelector: