aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael O'Brien <michael@obrienlabs.org>2018-11-12 18:46:46 -0500
committerMichael O'Brien <michael@obrienlabs.org>2018-11-12 19:00:37 -0500
commit670c212c4c587b93e85af86143a209e3f5386646 (patch)
treee9f1ec0075c4057299cb3143bb0ff3aad4ae0255
parentb188d0aa86d5176f2393a835be7bd4675e0d2ed9 (diff)
azure oom k8s install security update
Change-Id: I4ff48d3e13144d533c23839a73583b9ab3ec180f Issue-ID: LOG-321 Signed-off-by: Michael O'Brien <michael@obrienlabs.org>
-rw-r--r--deploy/azure/_arm_deploy_onap_cd.json66
-rw-r--r--deploy/azure/_arm_deploy_onap_cd_z_parameters.json8
-rwxr-xr-xdeploy/azure/oom_deployment.sh4
3 files changed, 14 insertions, 64 deletions
diff --git a/deploy/azure/_arm_deploy_onap_cd.json b/deploy/azure/_arm_deploy_onap_cd.json
index de3d5a0..4a8d6b0 100644
--- a/deploy/azure/_arm_deploy_onap_cd.json
+++ b/deploy/azure/_arm_deploy_onap_cd.json
@@ -19,11 +19,15 @@
"Standard_E2_v3",
"Standard_D1",
"Standard_D4_v3",
+ "Standard_D4s_v3",
"Standard_D8S_v3",
"Standard_D32s_v3",
+ "Standard_D64s_v3",
"Standard_D16s_v3",
"Standard_E16_v3",
- "Standard_E64_v3"],
+ "Standard_F8s_v2",
+ "Standard_E64_v3",
+ "Standard_E64s_v3"],
"metadata": { "description": "VM size" }}
},
"variables": {
@@ -62,52 +66,10 @@
"properties": {
"securityRules": [
{
- "name": "port_10249-10255_172",
- "properties": {
- "description": "port_10249-10255_172",
- "protocol": "*",
- "sourcePortRange": "*",
- "destinationPortRange": "10249-10255",
- "sourceAddressPrefix": "172.17.0.1/32",
- "destinationAddressPrefix": "*",
- "access": "Allow",
- "priority": 120,
- "direction": "Inbound"
- }
- },
- {
- "name": "port_10249-10255_127",
- "properties": {
- "description": "port_10249-10255_127",
- "protocol": "*",
- "sourcePortRange": "*",
- "destinationPortRange": "10249-10255",
- "sourceAddressPrefix": "127.0.0.1/32",
- "destinationAddressPrefix": "*",
- "access": "Allow",
- "priority": 122,
- "direction": "Inbound"
- }
- },
- {
- "name": "Port_10249-10255-block",
- "properties": {
- "description": "Port_10249-10255-block",
- "protocol": "Tcp",
- "sourcePortRange": "*",
- "destinationPortRange": "10249-10255",
- "sourceAddressPrefix": "Internet",
- "destinationAddressPrefix": "*",
- "access": "Deny",
- "priority": 130,
- "direction": "Inbound"
- }
- },
- {
"name": "in-rule",
"properties": {
"description": "All in",
- "protocol": "Tcp",
+ "protocol": "Any",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "Internet",
@@ -117,25 +79,11 @@
"direction": "Inbound"
}
},
- {
- "name": "block-8080",
- "properties": {
- "description": "block-8080",
- "protocol": "Tcp",
- "sourcePortRange": "8080",
- "destinationPortRange": "*",
- "sourceAddressPrefix": "Internet",
- "destinationAddressPrefix": "*",
- "access": "Deny",
- "priority": 104,
- "direction": "Outbound"
- }
- },
{
"name": "out-rule",
"properties": {
"description": "All out",
- "protocol": "Tcp",
+ "protocol": "Any",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "Internet",
diff --git a/deploy/azure/_arm_deploy_onap_cd_z_parameters.json b/deploy/azure/_arm_deploy_onap_cd_z_parameters.json
index 19ebd8b..653d028 100644
--- a/deploy/azure/_arm_deploy_onap_cd_z_parameters.json
+++ b/deploy/azure/_arm_deploy_onap_cd_z_parameters.json
@@ -5,12 +5,12 @@
"scriptURL": { "value": "https://git.onap.org/logging-analytics/plain/deploy/rancher/oom_entrypoint.sh"},
"onapBranch": { "value": "master" },
"onapEnvironment": { "value": "onap"},
- "vmName": { "value": "a-replace-this-0" },
+ "vmName": { "value": "replace-this" },
"sshKeyData": {
- "value": "ssh-rsa AA-add-your-public-key-obrienbiometrics"
+ "value": "ssh-rsa AAA-your-key yourmail@mail"
},
- "dnsLabelPrefix": { "value": "replacethis0" },
- "vmSize": { "value": "Standard_D32s_v3" },
+ "dnsLabelPrefix": { "value": "replace-this-as-well" },
+ "vmSize": { "value": "Standard_E64s_v3" },
"scriptName": { "value": "oom_entrypoint.sh"},
"osType": { "value": "Linux" },
"adminUsername": { "value": "ubuntu"}
diff --git a/deploy/azure/oom_deployment.sh b/deploy/azure/oom_deployment.sh
index 3c4196c..6093563 100755
--- a/deploy/azure/oom_deployment.sh
+++ b/deploy/azure/oom_deployment.sh
@@ -25,8 +25,10 @@
# Amsterdam
# Rancher 1.6.10, Kubernetes 1.7.7, Kubectl 1.7.7, Helm 2.3.0, Docker 1.12
# master
-# Rancher 1.6.14, Kubernetes 1.8.6, Kubectl 1.8.6, Helm 2.6.1, Docker 17.03
+# Rancher 1.6.22, Kubernetes 1.11.2, Kubectl 1.11.2, Helm 2.9.2, Docker 17.03
# run as root - because of the logout that would be required after the docker user set
+# 10249-10255 security is provided by rancher oauth via github - use this instead of port level control in the NSG
+# https://wiki.onap.org/display/DW/Cloud+Native+Deployment#CloudNativeDeployment-Security
usage() {
cat <<EOF
Usage: $0 [PARAMs]