Chiradeep Vittal chiradeep

## idling.py
import argparse
import boto3
import datetime
from dateutil.tz import tzutc


def is_in_autoscale_group(region, instance_id):
    asg = boto3.client('autoscaling', region_name=region)
    instances = \
        asg.describe_auto_scaling_instances(InstanceIds=[instance_id])

## install_kuberenetes_centos.sh
#!/bin/bash

set -x

install_docker() {
   curl -fsSL https://get.docker.com/ | sh
   systemctl start docker
}

install_etcd() {

## configure_kubernetes_centos.sh
#!/bin/bash

set -x

master_ip=$1
ipaddr=$(ip addr show dev eth0 | grep "inet " | cut -d ' ' -f 6  | cut -f 1 -d '/')
is_master=${2:-"true"}

[ -n "$master_ip" ] || exit 1

## generate_haproxy_cfg.py
from jinja2 import Environment, FileSystemLoader

def render_haproxy_cfg(services):
     env = Environment(loader=FileSystemLoader ('templates'), trim_blocks=True)
     templ = env.get_template('haproxy.jinja2.cfg')
     outp = templ.render(services=services)
     outp = templ.render(services=services)
     with open('haproxy.cfg', 'wb') as f:
          f.write(outp)

## README_ref_arch.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                chiradeep
                / README_ref_arch.md
            
            
              Last active
              December 15, 2017 17:40
            
          
    Integrate a Next Gen Firewall with Citrix NetScaler VPX in AWS

Overview

Quickly deploy a single tier webserver farm solution integrating the Citrix NetScaler loadbalancer and a Next Generation firewall.
Solution components include:

a CloudFormation template (vpc_2azs.json) to deploy a VPC across 2 zones. There are 2 subnets in each zone: a Public Subnet and a Private Subnet. Internet facing appliances such as the NetScaler and NG FW are deployed in the Public Subnet while the web server farm is deployed in the private subnet.
a CloudFormation template (ns.1nic.json) to deploy a single NetScaler VPX appliance in the Public Subnet in one zone
a CloudFormation template (webservers.json)to deploy 2 web servers in the Private Subnet in the same zone as the NetScaler VPX
a CloudFormation template (pa-fw.json) to deploy a single Next Gen Firewall (Palo Alto VM Series) in the Public Subnet with a network interface in the Private Subnet (same zone as above).


## index.html
<!DOCTYPE html>
<meta charset="utf-8">
<link rel="stylesheet" href="http://cmx.io/v/0.1/cmx.css">
<script src="http://cmx.io/v/0.1/cmx.js" charset="utf-8"></script>
<style>.cmx-user-scene4 .cmx-text-border .cmx-path {stroke: orange}</style>
<body>
  <div style="max-width:900px; -webkit-transform:rotate(0deg)">

    <scene id="scene1">
      <label t="translate(0,346)">

## policy_export.py
import requests
from collections import OrderedDict
import yaml
import yamlloader

cs_vserver = 'test_csvserver'
ns_host = 'localhost:32769'
ns_login = 'nsroot'
ns_password= 'nsroot'
url = 'http://%s/nitro/v1/config/csvserver_cspolicy_binding/%s' % (ns_host, cs_vserver)

## slo.json
{
  "$schema": "https://vega.github.io/schema/vega/v4.json",
  "width": 720,
  "height": 720,
  "padding": 5,
  "autosize": "none",

  "signals": [
    {
      "name": "labels", "value": true,

## gist:80a76a661309b193a458351814bf398f
from kubernetes import client, config, watch

config.load_kube_config()
api_v1 = client.CoreV1Api()

def watch_endpoints():
    w = watch.Watch()
    for event in w.stream(api_v1.list_namespaced_endpoints, "default"):
        print(event)


## citrix-k8s-cpx-ingress.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: cpx-ingress-k8s-role
rules:
  - apiGroups: [""]
    resources: ["services", "endpoints", "ingresses", "pods", "secrets"]
    verbs: ["*"]

  - apiGroups: ["extensions"]
	import argparse
	import boto3
	import datetime
	from dateutil.tz import tzutc


	def is_in_autoscale_group(region, instance_id):
	asg = boto3.client('autoscaling', region_name=region)
	instances = \
	asg.describe_auto_scaling_instances(InstanceIds=[instance_id])
	#!/bin/bash

	set -x

	install_docker() {
	curl -fsSL https://get.docker.com/ \| sh
	systemctl start docker
	}

	install_etcd() {
	#!/bin/bash

	set -x

	master_ip=$1
	ipaddr=$(ip addr show dev eth0 \| grep "inet " \| cut -d ' ' -f 6 \| cut -f 1 -d '/')
	is_master=${2:-"true"}

	[ -n "$master_ip" ] \|\| exit 1
	from jinja2 import Environment, FileSystemLoader

	def render_haproxy_cfg(services):
	env = Environment(loader=FileSystemLoader ('templates'), trim_blocks=True)
	templ = env.get_template('haproxy.jinja2.cfg')
	outp = templ.render(services=services)
	outp = templ.render(services=services)
	with open('haproxy.cfg', 'wb') as f:
	f.write(outp)
	<!DOCTYPE html>
	<meta charset="utf-8">
	<link rel="stylesheet" href="http://cmx.io/v/0.1/cmx.css">
	<script src="http://cmx.io/v/0.1/cmx.js" charset="utf-8"></script>
	<style>.cmx-user-scene4 .cmx-text-border .cmx-path {stroke: orange}</style>
	<body>
	<div style="max-width:900px; -webkit-transform:rotate(0deg)">

	<scene id="scene1">
	<label t="translate(0,346)">
	import requests
	from collections import OrderedDict
	import yaml
	import yamlloader

	cs_vserver = 'test_csvserver'
	ns_host = 'localhost:32769'
	ns_login = 'nsroot'
	ns_password= 'nsroot'
	url = 'http://%s/nitro/v1/config/csvserver_cspolicy_binding/%s' % (ns_host, cs_vserver)
	{
	"$schema": "https://vega.github.io/schema/vega/v4.json",
	"width": 720,
	"height": 720,
	"padding": 5,
	"autosize": "none",

	"signals": [
	{
	"name": "labels", "value": true,
	from kubernetes import client, config, watch

	config.load_kube_config()
	api_v1 = client.CoreV1Api()

	def watch_endpoints():
	w = watch.Watch()
	for event in w.stream(api_v1.list_namespaced_endpoints, "default"):
	print(event)
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: cpx-ingress-k8s-role
	rules:
	- apiGroups: [""]
	resources: ["services", "endpoints", "ingresses", "pods", "secrets"]
	verbs: ["*"]

	- apiGroups: ["extensions"]