Initial drop of tproxy-config init container
The tproxy-config init container sets up a pod's internal
network routing such that any traffic outbound from
the primary service is routed through the forward
proxy.
Change-Id: Ieca438fbed07db5fe7bce6162811634237c61b2a
Issue-ID: AAI-1664
Signed-off-by: Blackwell, Ian (ib733q) <ib733q@att.com>
diff --git a/sidecar/tproxy-config/License.txt b/sidecar/tproxy-config/License.txt
new file mode 100644
index 0000000..05117f8
--- /dev/null
+++ b/sidecar/tproxy-config/License.txt
@@ -0,0 +1,17 @@
+============LICENSE_START=======================================================
+org.onap.aaf
+================================================================================
+Copyright © 2018 European Software Marketing Ltd.
+================================================================================
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+============LICENSE_END=========================================================
\ No newline at end of file
diff --git a/sidecar/tproxy-config/pom.xml b/sidecar/tproxy-config/pom.xml
new file mode 100644
index 0000000..8ddf186
--- /dev/null
+++ b/sidecar/tproxy-config/pom.xml
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aaf
+ ================================================================================
+ Copyright © 2018 European Software Marketing Ltd.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.onap.aaf.cadi</groupId>
+ <artifactId>sidecar</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+ <relativePath />
+ </parent>
+
+ <artifactId>tproxy-config</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+ <packaging>jar</packaging>
+
+ <name>aaf-tproxy-config</name>
+ <description>ONAP AAF InitContainer For Pluggable Security</description>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ <version.io.fabric8.fabric8-maven-plugin>3.5.32</version.io.fabric8.fabric8-maven-plugin>
+ <docker.location>${basedir}/target</docker.location>
+ <skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>com.mycila</groupId>
+ <artifactId>license-maven-plugin</artifactId>
+ <version>3.0</version>
+ <configuration>
+ <header>License.txt</header>
+ <includes>
+ <include>src/main/bin/**</include>
+ <include>src/docker/bin/**</include>
+ <include>pom.xml</include>
+ </includes>
+ <skipExistingHeaders>true</skipExistingHeaders>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <!-- Set goal from "check" to "format" to auto update license headers -->
+ <goal>check</goal>
+ </goals>
+ <phase>validate</phase>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>3.0.2</version>
+ <executions>
+ <execution>
+ <id>copy-docker-file</id>
+ <phase>package</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>target</outputDirectory>
+ <overwrite>true</overwrite>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/main/docker</directory>
+ <filtering>true</filtering>
+ </resource>
+ <resource>
+ <directory>${basedir}/src/main/bin/</directory>
+ <filtering>true</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>com.spotify</groupId>
+ <artifactId>docker-maven-plugin</artifactId>
+ <version>0.4.11</version>
+ <dependencies>
+ <dependency>
+ <groupId>com.github.jnr</groupId>
+ <artifactId>jnr-unixsocket</artifactId>
+ <version>0.13</version>
+ </dependency>
+ </dependencies>
+ <configuration>
+ <verbose>true</verbose>
+ <serverId>docker-hub</serverId>
+ <imageName>${docker.push.registry}/onap/${project.artifactId}</imageName>
+ <dockerDirectory>${docker.location}</dockerDirectory>
+ <imageTags>
+ <imageTag>latest</imageTag>
+ </imageTags>
+ <forceTags>true</forceTags>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/sidecar/tproxy-config/src/main/bin/start.sh b/sidecar/tproxy-config/src/main/bin/start.sh
new file mode 100644
index 0000000..cbb003d
--- /dev/null
+++ b/sidecar/tproxy-config/src/main/bin/start.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2017-2018 European Software Marketing Ltd.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+set -x
+set -eo pipefail
+
+#iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-port 9080
+iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9999 -m owner '!' --uid-owner 1001
+#iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9999 -m owner '!' --uid-owner 100
+#iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9999 -m owner --uid-owner 0
+iptables -t nat --list
diff --git a/sidecar/tproxy-config/src/main/docker/.maven-dockerignore b/sidecar/tproxy-config/src/main/docker/.maven-dockerignore
new file mode 100644
index 0000000..f50f00a
--- /dev/null
+++ b/sidecar/tproxy-config/src/main/docker/.maven-dockerignore
@@ -0,0 +1 @@
+docker/**
diff --git a/sidecar/tproxy-config/src/main/docker/Dockerfile b/sidecar/tproxy-config/src/main/docker/Dockerfile
new file mode 100644
index 0000000..b95cf74
--- /dev/null
+++ b/sidecar/tproxy-config/src/main/docker/Dockerfile
@@ -0,0 +1,6 @@
+FROM alpine:3.6
+RUN apk add --update iptables curl bash
+COPY start.sh /start.sh
+RUN chmod 755 /start.sh
+#CMD start.sh
+ENTRYPOINT ["/start.sh"]