SDK/GRPC service to fetch infrastructure resource information and push updates to multiple infrastructure provider such as AWS, GCP, AZURE, VMWare and ACI.
Currently supported providers:
- AWS
- Google Cloud Platform (GCP).
Kubernetes clusters operations are supported. Optionally, clusters information can be provided in kube config file present in HOME/.kube/config. EKS and GKE clusters should be discovered automatically.
awi-infra-guard can be used an imported Go library or as a standalone GRPC service.
Setup .aws/configuration file in your home directory or specify environment variables based on instruction from AWS guide.
Multiple accounts are supported, they can be configured using profiles in credentials file, instructions can be found in "Specifying profiles" section in guide.
Setup application default credentials based on instructions from GCP guide. Multiple projects are supported, for instructions how to specify them check "awi-infra-guard as a library" and "awi-infra-guard as a service" sections.
To use awi-infra-guard as a library import github.com/app-net-interface/awi-infra-guard package:
go get github.com/app-net-interface/awi-infra-guard@develop
Initialize provider strategy and use it for calling requests as in an example below:
package main
import (
"context"
"fmt"
"github.com/sirupsen/logrus"
"github.com/app-net-interface/awi-infra-guard/provider"
)
func main() {
ctx := context.Background()
providerStrategy := provider.NewRealProviderStrategy(ctx, logrus.New(), "")
awsProvider, err := providerStrategy.GetProvider(context.TODO(), "aws")
if err != nil {
panic(err)
}
instances, err := awsProvider.ListInstances(context.TODO(), &infrapb.ListInstancesRequest{})
if err != nil {
panic(err)
}
fmt.Println("Instances in AWS:")
for _, instance := range instances {
fmt.Println(instance.VPCID, instance.Name)
}
gcpProvider, err := providerStrategy.GetProvider(context.TODO(), "gcp")
if err != nil {
panic(err)
}
instances, err = gcpProvider.ListInstances(context.TODO(), &infrapb.ListInstancesRequest{})
if err != nil {
panic(err)
}
fmt.Println("Instances in GCP:")
for _, instance := range instances {
fmt.Println(instance.VPCID, instance.Name)
}
}
To run awi-infra-guard as a separate service you can start it using make run
command.
Example:
$ make run
go run main.go
INFO[0000] server listening at [::]:50052
You can connect to this server using grpc_cli tool. Example:
$ grpc_cli call localhost:50052 ListInstances "provider: 'aws', vpc_id: 'vpc-04a1eaad3aa81310f'"
connecting to localhost:50052
instances {
id: "i-07cedcd7c771da56e"
name: "machine-learning-dataset-vm-1"
privateIP: "10.60.1.186"
subnetID: "subnet-0fac44e425b433ef4"
vpcId: "vpc-04a1eaad3aa81310f"
}
instances {
id: "i-0ea4ada9d758c0d4a"
name: "dataset-database"
privateIP: "10.60.1.193"
subnetID: "subnet-0fac44e425b433ef4"
vpcId: "vpc-04a1eaad3aa81310f"
}
Rpc succeeded with OK status
$ grpc_cli call localhost:50052 ListClusters ""
connecting to localhost:50052
clusters {
name: "gke-demo-cluster"
}
clusters {
name: "eks-awi-demo"
}
clusters {
name: "kind-awi"
}
$ grpc_cli call localhost:50052 ListPods "cluster_name: 'eks-awi-demo'"
connecting to localhost:50052
pods {
cluster: "eks-awi-demo"
namespace: "kube-system"
name: "coredns-6ff9c46cd8-m8lwv"
labels {
key: "eks.amazonaws.com/component"
value: "coredns"
}
labels {
key: "k8s-app"
value: "kube-dns"
}
labels {
key: "pod-template-hash"
value: "6ff9c46cd8"
}
}
pods {
cluster: "eks-awi-demo"
namespace: "kube-system"
name: "coredns-6ff9c46cd8-s4b95"
labels {
key: "eks.amazonaws.com/component"
value: "coredns"
}
labels {
key: "k8s-app"
value: "kube-dns"
}
labels {
key: "pod-template-hash"
value: "6ff9c46cd8"
}
}
Rpc succeeded with OK status
Example Go client usage can be found in example/client directory:
$ cd example/client
$ go run main.go
connecting to localhost:50052
connected
instance ID:"4894037167304189131" Name:"development-dashboard-1" PublicIP:"35.212.252.162" PrivateIP:"10.150.0.2" SubnetID:"development-subnet-1" VPCID:"development"
instance ID:"8825713928722555929" Name:"development-database-1" PublicIP:"35.212.129.188" PrivateIP:"10.150.0.3" SubnetID:"development-subnet-1" VPCID:"development"
instance ID:"7411617185127835047" Name:"development-database-2" PublicIP:"35.212.176.237" PrivateIP:"10.150.0.4" SubnetID:"development-subnet-1" VPCID:"development"
instance ID:"258418092159915173" Name:"development-database-3" PublicIP:"35.212.218.134" PrivateIP:"10.150.0.7" SubnetID:"development-subnet-1" VPCID:"development"
adding inbound rule to instances in development VPC with label app_type:database
rule id 3114023319057261683
matched instances IDs [8825713928722555929 7411617185127835047 258418092159915173]
To build your image:
make docker-build IMG=<your-repo>/<name>
To push it to your repository:
make docker-push IMG=<your-repo>/<name>
ℹ️ Info: You can also do both steps at once with
make docker-build docker-push IMG=<your-repo>/<name>
The awi-infra-guard accepts following files:
/root/config/config.yaml
- the configuration file/root/.aws/credentials
- the credentials for AWS/app/gcp-key/gcp-key.json
- the credentials for GCP/root/.kube/config
- configuration and credentials for k8s cluster
In order tp configure and gain access for different providers for awi-infra-guard one need to mount these files while starting container.
Thank you for interest in contributing! Please refer to our contributing guide.
awi-infra-guard is released under the Apache 2.0 license. See LICENSE.
awi-infra-guard is also made possible thanks to third party open source projects.