From 98b93b77f43c2bd09b89b6bcc9102bb6e8e1d7af Mon Sep 17 00:00:00 2001
From: "Blackwell, Ian (ib733q)" <ib733q@att.com>
Date: Thu, 20 Sep 2018 15:56:25 +0100
Subject: Initial drop of tproxy-config init container

The tproxy-config init container sets up a pod's internal
network routing such that any traffic outbound from
the primary service is routed through the forward
proxy.

Change-Id: Ieca438fbed07db5fe7bce6162811634237c61b2a
Issue-ID: AAI-1664
Signed-off-by: Blackwell, Ian (ib733q) <ib733q@att.com>
---
 sidecar/tproxy-config/License.txt                  |  17 +++
 sidecar/tproxy-config/pom.xml                      | 134 +++++++++++++++++++++
 sidecar/tproxy-config/src/main/bin/start.sh        |  29 +++++
 .../src/main/docker/.maven-dockerignore            |   1 +
 sidecar/tproxy-config/src/main/docker/Dockerfile   |   6 +
 5 files changed, 187 insertions(+)
 create mode 100644 sidecar/tproxy-config/License.txt
 create mode 100644 sidecar/tproxy-config/pom.xml
 create mode 100644 sidecar/tproxy-config/src/main/bin/start.sh
 create mode 100644 sidecar/tproxy-config/src/main/docker/.maven-dockerignore
 create mode 100644 sidecar/tproxy-config/src/main/docker/Dockerfile

(limited to 'sidecar/tproxy-config')

diff --git a/sidecar/tproxy-config/License.txt b/sidecar/tproxy-config/License.txt
new file mode 100644
index 0000000..05117f8
--- /dev/null
+++ b/sidecar/tproxy-config/License.txt
@@ -0,0 +1,17 @@
+============LICENSE_START=======================================================
+org.onap.aaf
+================================================================================
+Copyright © 2018 European Software Marketing Ltd.
+================================================================================
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+============LICENSE_END=========================================================
\ No newline at end of file
diff --git a/sidecar/tproxy-config/pom.xml b/sidecar/tproxy-config/pom.xml
new file mode 100644
index 0000000..8ddf186
--- /dev/null
+++ b/sidecar/tproxy-config/pom.xml
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    ============LICENSE_START=======================================================
+    org.onap.aaf
+    ================================================================================
+    Copyright © 2018 European Software Marketing Ltd.
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>org.onap.aaf.cadi</groupId>
+		<artifactId>sidecar</artifactId>
+		<version>1.0.0-SNAPSHOT</version>
+		<relativePath />
+	</parent>
+
+	<artifactId>tproxy-config</artifactId>
+	<version>1.0.0-SNAPSHOT</version>
+	<packaging>jar</packaging>
+
+	<name>aaf-tproxy-config</name>
+	<description>ONAP AAF InitContainer For Pluggable Security</description>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<version.io.fabric8.fabric8-maven-plugin>3.5.32</version.io.fabric8.fabric8-maven-plugin>
+		<docker.location>${basedir}/target</docker.location>
+		<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
+	</properties>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>com.mycila</groupId>
+				<artifactId>license-maven-plugin</artifactId>
+				<version>3.0</version>
+				<configuration>
+					<header>License.txt</header>
+					<includes>
+						<include>src/main/bin/**</include>
+						<include>src/docker/bin/**</include>
+						<include>pom.xml</include>
+					</includes>
+					<skipExistingHeaders>true</skipExistingHeaders>
+				</configuration>
+				<executions>
+					<execution>
+						<goals>
+							<!-- Set goal from "check" to "format" to auto update license headers -->
+							<goal>check</goal>
+						</goals>
+						<phase>validate</phase>
+					</execution>
+				</executions>
+			</plugin>
+
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-resources-plugin</artifactId>
+				<version>3.0.2</version>
+				<executions>
+					<execution>
+						<id>copy-docker-file</id>
+						<phase>package</phase>
+						<goals>
+							<goal>copy-resources</goal>
+						</goals>
+						<configuration>
+							<outputDirectory>target</outputDirectory>
+							<overwrite>true</overwrite>
+							<resources>
+								<resource>
+									<directory>${basedir}/src/main/docker</directory>
+									<filtering>true</filtering>
+								</resource>
+								<resource>
+									<directory>${basedir}/src/main/bin/</directory>
+									<filtering>true</filtering>
+								</resource>
+							</resources>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>com.spotify</groupId>
+				<artifactId>docker-maven-plugin</artifactId>
+				<version>0.4.11</version>
+				<dependencies>
+					<dependency>
+						<groupId>com.github.jnr</groupId>
+						<artifactId>jnr-unixsocket</artifactId>
+						<version>0.13</version>
+					</dependency>
+				</dependencies>
+				<configuration>
+					<verbose>true</verbose>
+					<serverId>docker-hub</serverId>
+					<imageName>${docker.push.registry}/onap/${project.artifactId}</imageName>
+					<dockerDirectory>${docker.location}</dockerDirectory>
+					<imageTags>
+						<imageTag>latest</imageTag>
+					</imageTags>
+					<forceTags>true</forceTags>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-deploy-plugin</artifactId>
+				<configuration>
+					<skip>true</skip>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+</project>
diff --git a/sidecar/tproxy-config/src/main/bin/start.sh b/sidecar/tproxy-config/src/main/bin/start.sh
new file mode 100644
index 0000000..cbb003d
--- /dev/null
+++ b/sidecar/tproxy-config/src/main/bin/start.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2017-2018 European Software Marketing Ltd.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+set -x
+set -eo pipefail
+
+#iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-port 9080
+iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9999 -m owner '!' --uid-owner 1001
+#iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9999 -m owner '!' --uid-owner 100
+#iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9999 -m owner --uid-owner 0
+iptables -t nat --list
diff --git a/sidecar/tproxy-config/src/main/docker/.maven-dockerignore b/sidecar/tproxy-config/src/main/docker/.maven-dockerignore
new file mode 100644
index 0000000..f50f00a
--- /dev/null
+++ b/sidecar/tproxy-config/src/main/docker/.maven-dockerignore
@@ -0,0 +1 @@
+docker/**
diff --git a/sidecar/tproxy-config/src/main/docker/Dockerfile b/sidecar/tproxy-config/src/main/docker/Dockerfile
new file mode 100644
index 0000000..b95cf74
--- /dev/null
+++ b/sidecar/tproxy-config/src/main/docker/Dockerfile
@@ -0,0 +1,6 @@
+FROM alpine:3.6
+RUN apk add --update iptables curl bash
+COPY start.sh /start.sh
+RUN chmod 755 /start.sh
+#CMD start.sh
+ENTRYPOINT ["/start.sh"]
-- 
cgit 1.2.3-korg