awi-infra-guard
SDK/GRPC service to fetch infrastructure resource information and push updates to multiple infrastructure provider such as AWS, GCP, AZURE, VMWare and ACI.
Supported infrastructure providers
Currently supported providers:
- AWS
- Google Cloud Platform (GCP).
Kubernetes support
Kubernetes clusters operations are supported. Optionally, clusters information can be provided in kube config file present in
HOME/.kube/config. EKS and GKE clusters should be discovered automatically.
awi-infra-guard as a library or as a service
awi-infra-guard can be used an imported Go library or as a standalone GRPC service.
Credentials configuration
AWS credentials
Setup .aws/configuration file in your home directory or specify environment variables based on instruction from AWS
guide.
Multiple accounts are supported, they can be configured using profiles in credentials file, instructions can be found in
"Specifying profiles" section in guide.
GCP credentials
Setup application default credentials based on instructions from GCP guide.
Multiple projects are supported, for instructions how to specify them check "awi-infra-guard as a library" and "awi-infra-guard as a service"
sections.
awi-infra-guard as a library
To use awi-infra-guard as a library import github.com/app-net-interface/awi-infra-guard package:
go get github.com/app-net-interface/awi-infra-guard@develop
Initialize provider strategy and use it for calling requests as in an example below:
package main
import (
"context"
"fmt"
"github.com/sirupsen/logrus"
"github.com/app-net-interface/awi-infra-guard/provider"
)
func main() {
ctx := context.Background()
providerStrategy := provider.NewRealProviderStrategy(ctx, logrus.New(), "")
awsProvider, err := providerStrategy.GetProvider(context.TODO(), "aws")
if err != nil {
panic(err)
}
instances, err := awsProvider.ListInstances(context.TODO(), &infrapb.ListInstancesRequest{})
if err != nil {
panic(err)
}
fmt.Println("Instances in AWS:")
for _, instance := range instances {
fmt.Println(instance.VPCID, instance.Name)
}
gcpProvider, err := providerStrategy.GetProvider(context.TODO(), "gcp")
if err != nil {
panic(err)
}
instances, err = gcpProvider.ListInstances(context.TODO(), &infrapb.ListInstancesRequest{})
if err != nil {
panic(err)
}
fmt.Println("Instances in GCP:")
for _, instance := range instances {
fmt.Println(instance.VPCID, instance.Name)
}
}
awi-infra-guard as a service
To run awi-infra-guard as a separate service you can start it using make run
command.
Example:
$ make run
go run main.go
INFO[0000] server listening at [::]:50052
You can connect to this server using grpc_cli tool.
Example:
$ grpc_cli call localhost:50052 ListInstances "provider: 'aws', vpc_id: 'vpc-04a1eaad3aa81310f'"
connecting to localhost:50052
instances {
id: "i-07cedcd7c771da56e"
name: "machine-learning-dataset-vm-1"
privateIP: "10.60.1.186"
subnetID: "subnet-0fac44e425b433ef4"
vpcId: "vpc-04a1eaad3aa81310f"
}
instances {
id: "i-0ea4ada9d758c0d4a"
name: "dataset-database"
privateIP: "10.60.1.193"
subnetID: "subnet-0fac44e425b433ef4"
vpcId: "vpc-04a1eaad3aa81310f"
}
Rpc succeeded with OK status
$ grpc_cli call localhost:50052 ListClusters ""
connecting to localhost:50052
clusters {
name: "gke-demo-cluster"
}
clusters {
name: "eks-awi-demo"
}
clusters {
name: "kind-awi"
}
$ grpc_cli call localhost:50052 ListPods "cluster_name: 'eks-awi-demo'"
connecting to localhost:50052
pods {
cluster: "eks-awi-demo"
namespace: "kube-system"
name: "coredns-6ff9c46cd8-m8lwv"
labels {
key: "eks.amazonaws.com/component"
value: "coredns"
}
labels {
key: "k8s-app"
value: "kube-dns"
}
labels {
key: "pod-template-hash"
value: "6ff9c46cd8"
}
}
pods {
cluster: "eks-awi-demo"
namespace: "kube-system"
name: "coredns-6ff9c46cd8-s4b95"
labels {
key: "eks.amazonaws.com/component"
value: "coredns"
}
labels {
key: "k8s-app"
value: "kube-dns"
}
labels {
key: "pod-template-hash"
value: "6ff9c46cd8"
}
}
Rpc succeeded with OK status
Example Go client usage can be found in example/client directory:
$ cd example/client
$ go run main.go
connecting to localhost:50052
connected
instance ID:"4894037167304189131" Name:"development-dashboard-1" PublicIP:"35.212.252.162" PrivateIP:"10.150.0.2" SubnetID:"development-subnet-1" VPCID:"development"
instance ID:"8825713928722555929" Name:"development-database-1" PublicIP:"35.212.129.188" PrivateIP:"10.150.0.3" SubnetID:"development-subnet-1" VPCID:"development"
instance ID:"7411617185127835047" Name:"development-database-2" PublicIP:"35.212.176.237" PrivateIP:"10.150.0.4" SubnetID:"development-subnet-1" VPCID:"development"
instance ID:"258418092159915173" Name:"development-database-3" PublicIP:"35.212.218.134" PrivateIP:"10.150.0.7" SubnetID:"development-subnet-1" VPCID:"development"
adding inbound rule to instances in development VPC with label app_type:database
rule id 3114023319057261683
matched instances IDs [8825713928722555929 7411617185127835047 258418092159915173]
Docker instructions
Building and pushing image
To build your image:
make docker-build IMG=<your-repo>/<name>
To push it to your repository:
make docker-push IMG=<your-repo>/<name>
ℹ️ Info: You can also do both steps at once with
make docker-build docker-push IMG=<your-repo>/<name>
Running docker image
The awi-infra-guard accepts following files:
/root/config/config.yaml
- the configuration file
/root/.aws/credentials
- the credentials for AWS
/app/gcp-key/gcp-key.json
- the credentials for GCP
/root/.kube/config
- configuration and credentials for k8s cluster
In order tp configure and gain access for different providers for awi-infra-guard
one need to mount these files while starting container.
Contributing
Thank you for interest in contributing! Please refer to our
contributing guide.
License
awi-infra-guard is released under the Apache 2.0 license. See
LICENSE.
awi-infra-guard is also made possible thanks to
third party open source projects.