Skip to content

Commit

Permalink
use ingress in favor of istio
Browse files Browse the repository at this point in the history
  • Loading branch information
ekneg54 committed Jul 17, 2024
1 parent 75e7f2e commit 5de7804
Show file tree
Hide file tree
Showing 7 changed files with 89 additions and 221 deletions.
30 changes: 0 additions & 30 deletions charts/logprep/templates/gateway.yaml

This file was deleted.

36 changes: 0 additions & 36 deletions charts/logprep/templates/virtual-service.yaml

This file was deleted.

19 changes: 0 additions & 19 deletions charts/logprep/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -167,22 +167,3 @@ configurations:
# admin
# admin2
artifacts: []

# The ingress configuration
# If enabled, an istio based ingress will be deployed. This option is only useful
# if the logprep configuration has a http_input configured.
ingress:
enabled: false
domain: "localhost"
certificate:
name: "istio-gateway-certificate"
response_headers:
Cache-Control: no-cache
Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self';
Cross-Origin-Resource-Policy: same-site
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubdomains
Permissions-Policy: geolocation=(), camera=(), microphone=()
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
66 changes: 36 additions & 30 deletions doc/source/examples/minikube.rst
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ with the following commands:
minikube config set driver docker
minikube config set cpus 16
minikube config set memory 16GB
minikube addons enable ingress
minikube start
Deploy the example
Expand All @@ -64,51 +65,56 @@ At first you have to install the prometheus PodMonitor CRD:
kubectl apply -f https://raw.githubusercontent.com/prometheus-community/helm-charts/main/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml
Then install istio (for details see: `https://istio.io/latest/docs/setup/install/helm/`_. ):
Then you have to update and build the helm subcharts repository:

.. code-block:: bash
:caption: Install istio
:caption: Add the bitnami helm repository
kubectl create namespace istio-system
helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update
helm install istio-base istio/base -n istio-system --set defaultRevision=opensiem --wait
helm install istiod istio/istiod -n istio-system --wait
helm dependencies update ./examples/k8s
helm dependencies build ./examples/k8s
Next you are ready to install the opensiem example using:

.. code-block:: bash
:caption: Install istio ingress gateway
kubectl create namespace istio-ingress
helm install istio-ingress istio/gateway -n istio-ingress
:caption: Install opensiem
.. code-block:: bash
:caption: Verifiy the istio installation
helm install opensiem examples/k8s
❯ helm ls -n istio-system
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
istio-base istio-system 1 2024-07-15 14:54:54.029747408 +0200 CEST deployed base-1.22.2 1.22.2
istiod istio-system 1 2024-07-15 14:57:41.496783572 +0200 CEST deployed istiod-1.22.2 1.22.2
Make the cluster locally resolvable:

❯ kubectl get deployments -n istio-system --output wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
istiod 1/1 1 1 24m discovery docker.io/istio/pilot:1.22.2 istio=pilot
.. code-block:: bash
:caption: add hosts entry to resolve the cluster
❯ kubectl get pods -n istio-ingress
NAME READY STATUS RESTARTS AGE
istio-ingress-7f5f6f58b8-sv6gk 1/1 Running 0 16m
echo "$( minikube ip ) connector.opensiem dashboards.opensiem grafana.opensiem" | sudo tee -a /etc/hosts
Then you have to update and build the helm subcharts repository:
Test the defined ingresses:

.. code-block:: bash
:caption: Add the bitnami helm repository
:caption: Test the opensiem example ingress
helm dependencies update ./examples/k8s
helm dependencies build ./examples/k8s
curl -v http://connector.opensiem/health
curl -v http://dashboards.opensiem
Next you are ready to install the opensiem example using:
Test the opensiem connector:

.. code-block:: bash
:caption: Install opensiem
:caption: Test the opensiem example connector
helm install opensiem examples/k8s
❯ logprep generate http --input-dir ./examples/exampledata/input_logdata/ --target-url http://connector.opensiem --events 100 --batch-size 10
2024-07-17 11:15:35 301643 Generator INFO : Log level set to 'NOTSET'
2024-07-17 11:15:35 301643 Generator INFO : Started Data Processing
2024-07-17 11:15:35 301643 Input INFO : Reading input dataset and creating temporary event collections in: '/tmp/logprep_a51e1vh6'
2024-07-17 11:15:35 301643 Input INFO : Preparing data took: 0.0042 seconds
2024-07-17 11:15:35 301643 Input INFO : Cleaned up temp dir: '/tmp/logprep_a51e1vh6'
2024-07-17 11:15:35 301643 Generator INFO : Completed with following statistics: {
"Number of failed events": 0,
"Number of successfull events": 100,
"Requests Connection Errors": 0,
"Requests Timeouts": 0,
"Requests http status 200": 10,
"Requests total": 10
}
2024-07-17 11:15:35 301643 Generator INFO : Execution time: 0.067013 seconds
open your browser and go to `http://dashboards.opensiem`_ to see the generated data in the opensearch dashboards.
53 changes: 53 additions & 0 deletions examples/k8s/templates/ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: connector-ingress
spec:
ingressClassName: nginx
rules:
- host: connector.opensiem
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: opensiem-connector-http-input
port:
number: 9000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard-ingress
spec:
ingressClassName: nginx
rules:
- host: dashboards.opensiem
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: opensiem-opensearch-dashboards
port:
number: 5601
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana-ingress
spec:
ingressClassName: nginx
rules:
- host: grafana.opensiem
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: opensiem-grafana
port:
number: 3000
28 changes: 0 additions & 28 deletions tests/unit/charts/test_ingress_gateway.py

This file was deleted.

78 changes: 0 additions & 78 deletions tests/unit/charts/test_virtual_service.py

This file was deleted.

0 comments on commit 5de7804

Please sign in to comment.