separate repository machine

hitachienergy · Sep 21, 2020 · 0e8b8ac · 0e8b8ac
1 parent 3c856a6
commit 0e8b8ac
Show file tree

Hide file tree

Showing 4 changed files with 127 additions and 3 deletions.
diff --git a/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml b/core/src/epicli/data/aws/defaults/infrastructure/virtual-machine.yml
@@ -845,3 +845,56 @@ specification:
        destination_port_range: "0"
        source_address_prefix: "0.0.0.0/0"
        destination_address_prefix: "0.0.0.0/0"       
+---
+kind: infrastructure/virtual-machine
+title: "Virtual Machine Infra"
+provider: aws
+name: repository-machine
+specification:
+  size: t3.medium
+  authorized_to_efs: true
+  mount_efs: true
+  security:
+    rules:
+     - name: ssh
+       description: Allow ssh traffic
+       priority: 101
+       direction: Inbound
+       access: Allow
+       protocol: Tcp
+       source_port_range: "*"
+       destination_port_range: "22"
+       source_address_prefix: "0.0.0.0/0"
+       destination_address_prefix: "0.0.0.0/0"
+     - name: repository
+       description: Allow repository traffic
+       priority: 302
+       direction: Inbound
+       access: Allow
+       protocol: Tcp
+       source_port_range: "*"
+       destination_port_range: "80"
+       source_address_prefix: "10.1.0.0/20"
+       destination_address_prefix: "0.0.0.0/0"
+     - name: subnet-traffic
+       description: Allow subnet traffic
+       priority: 102
+       direction: Inbound
+       access: Allow
+       protocol: ALL
+       source_port_range: "*"
+       destination_from_port: 0
+       destination_to_port: 65536
+       destination_port_range: "0"
+       source_address_prefix: "10.1.1.0/24"
+       destination_address_prefix: "0.0.0.0/0"
+     - name: out
+       description: Allow out
+       priority: 101
+       direction: Egress
+       access: Allow
+       protocol: "all"
+       source_port_range: "*"
+       destination_port_range: "0"
+       source_address_prefix: "0.0.0.0/0"
+       destination_address_prefix: "0.0.0.0/0"
diff --git a/core/src/epicli/data/azure/defaults/infrastructure/virtual-machine.yml b/core/src/epicli/data/azure/defaults/infrastructure/virtual-machine.yml
@@ -781,3 +781,64 @@ specification:
   #      destination_port_range: "0"
   #      source_address_prefix: "10.1.4.0/24"
   #      destination_address_prefix: "0.0.0.0/0"        
+---
+kind: infrastructure/virtual-machine
+title: "Virtual Machine Infra"
+provider: azure
+name: repository-machine
+specification:
+  size: Standard_DS2_v2
+  security:
+    rules:
+      - name: ssh
+        description: Allow SSH
+        priority: 100
+        direction: Inbound
+        access: Allow
+        protocol: Tcp
+        source_port_range: "*"
+        destination_port_range: "22"
+        source_address_prefix: "0.0.0.0/0"
+        destination_address_prefix: "0.0.0.0/0"
+      - name: out
+        description: Allow out
+        priority: 101
+        direction: Outbound
+        access: Allow
+        protocol: "*"
+        source_port_range: "*"
+        destination_port_range: "0"
+        source_address_prefix: "0.0.0.0/0"
+        destination_address_prefix: "0.0.0.0/0"
+      - name: subnet-traffic
+        description: Allow subnet traffic
+        priority: 201
+        direction: Inbound
+        access: Allow
+        protocol: "*"
+        source_port_range: "*"
+        destination_from_port: 0
+        destination_to_port: 65536
+        destination_port_range: "0"
+        source_address_prefix: "10.1.1.0/24"
+        destination_address_prefix: "0.0.0.0/0"
+      - name: package_repository
+        description: Allow package repository traffic
+        priority: 205
+        direction: Inbound
+        access: Allow
+        protocol: Tcp
+        source_port_range: "*"
+        destination_port_range: "80"
+        source_address_prefix: "10.1.0.0/20"
+        destination_address_prefix: "0.0.0.0/0"
+      - name: image_repository
+        description: Allow image repository traffic
+        priority: 206
+        direction: Inbound
+        access: Allow
+        protocol: Tcp
+        source_port_range: "*"
+        destination_port_range: "5000"
+        source_address_prefix: "10.1.0.0/20"
+        destination_address_prefix: "0.0.0.0/0"
diff --git a/core/src/epicli/data/common/defaults/configuration/feature-mapping.yml b/core/src/epicli/data/common/defaults/configuration/feature-mapping.yml
@@ -116,9 +116,7 @@ specification:
       - postgresql
       - firewall
     kubernetes_master:
-      - image-registry
       - kubernetes-master
-      - repository
       - helm
       - applications
       - node-exporter
@@ -140,4 +138,7 @@ specification:
       - node-exporter
       - filebeat
       - firewall
-
+    repository:
+      - repository
+      - image-registry
+      - firewall
diff --git a/core/src/epicli/data/common/defaults/epiphany-cluster.yml b/core/src/epicli/data/common/defaults/epiphany-cluster.yml
@@ -20,6 +20,15 @@ specification:
     network:
       use_network_security_groups: True
   components:
+    repository:
+      count: 1
+      machine: repository-machine
+      configuration: default
+      subnets:
+        - availability_zone: eu-west-2a
+          address_pool: 10.1.1.0/24
+        - availability_zone: eu-west-2b
+          address_pool: 10.1.2.0/24
     kubernetes_master:
       count: 1
       machine: kubernetes-master-machine