Updated L3 components + scalability

• Migrated L3 Cybersecurity to TFS Release 2 architecture
• Implemented creation of ACL rules when an attack is detected
• Improved logic to load AI/ML model
• Updated AI/ML model to detect cybersecurity attacks
• Added new RPC method to inform the name of the features needs by the model
• Added new RPC methods to allow exporting ACL rules created by AM to other components.
• Added logic to measure performance of the L3 Cybersecurity framework
• Implemented horizontal scalability in L3 Centralized Attack Detector and Attack Mitigator
• Added Cybersecurity Grafana dashboard
• Added Service Monitors to export metrics to Prometheus
• Added multiple helper scripts
• Multiple bug fixes and code cleanup

manifests/l3_attackmitigatorservice.yaml

@@ -32,6 +32,7 @@ spec:
         imagePullPolicy: Always
         ports:
         - containerPort: 10002
+        - containerPort: 9192
         env:
         - name: LOG_LEVEL
           value: "DEBUG"
@@ -53,11 +54,69 @@ apiVersion: v1
 kind: Service
 metadata:
   name: l3-attackmitigatorservice
+  labels:
+    app: l3-attackmitigatorservice
 spec:
   type: ClusterIP
   selector:
     app: l3-attackmitigatorservice
   ports:
+  - name: metrics
+    protocol: TCP
+    port: 9192
+    targetPort: 9192
   - name: grpc
     port: 10002
     targetPort: 10002
+
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: l3-attackmitigatorservice-hpa
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: l3-attackmitigatorservice
+  minReplicas: 1
+  maxReplicas: 10
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 80
+  behavior:
+    scaleDown:
+      stabilizationWindowSeconds: 120
+
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: tfs-l3-attackmitigatorservice-metric
+  labels:
+    app: l3-attackmitigatorservice
+    #release: prometheus
+    #release: prom  # name of the release 
+    # ( VERY IMPORTANT: You need to know the correct release name by viewing 
+    #   the servicemonitor of Prometheus itself: Without the correct name, 
+    #   Prometheus cannot identify the metrics of the Flask app as the target.)
+spec:
+  selector:
+    matchLabels:
+      # Target app service
+      #namespace: tfs
+      app: l3-attackmitigatorservice # same as above
+      #release: prometheus # same as above
+  endpoints:
+  - port: metrics # named port in target app
+    scheme: http
+    path: /metrics # path to scrape
+    interval: 5s # scrape interval
+  namespaceSelector:
+    any: false
+    matchNames:
+    - tfs # namespace where the app is running