"Standard_E2_v3",
"Standard_D1",
"Standard_D4_v3",
+ "Standard_D4s_v3",
"Standard_D8S_v3",
"Standard_D32s_v3",
+ "Standard_D64s_v3",
"Standard_D16s_v3",
"Standard_E16_v3",
- "Standard_E64_v3"],
+ "Standard_F8s_v2",
+ "Standard_E64_v3",
+ "Standard_E64s_v3"],
"metadata": { "description": "VM size" }}
},
"variables": {
"tags": { "displayName": "NSG" },
"properties": {
"securityRules": [
- {
- "name": "port_10249-10255_172",
- "properties": {
- "description": "port_10249-10255_172",
- "protocol": "*",
- "sourcePortRange": "*",
- "destinationPortRange": "10249-10255",
- "sourceAddressPrefix": "172.17.0.1/32",
- "destinationAddressPrefix": "*",
- "access": "Allow",
- "priority": 120,
- "direction": "Inbound"
- }
- },
- {
- "name": "port_10249-10255_127",
- "properties": {
- "description": "port_10249-10255_127",
- "protocol": "*",
- "sourcePortRange": "*",
- "destinationPortRange": "10249-10255",
- "sourceAddressPrefix": "127.0.0.1/32",
- "destinationAddressPrefix": "*",
- "access": "Allow",
- "priority": 122,
- "direction": "Inbound"
- }
- },
- {
- "name": "Port_10249-10255-block",
- "properties": {
- "description": "Port_10249-10255-block",
- "protocol": "Tcp",
- "sourcePortRange": "*",
- "destinationPortRange": "10249-10255",
- "sourceAddressPrefix": "Internet",
- "destinationAddressPrefix": "*",
- "access": "Deny",
- "priority": 130,
- "direction": "Inbound"
- }
- },
{
"name": "in-rule",
"properties": {
"description": "All in",
- "protocol": "Tcp",
+ "protocol": "Any",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "Internet",
"direction": "Inbound"
}
},
- {
- "name": "block-8080",
- "properties": {
- "description": "block-8080",
- "protocol": "Tcp",
- "sourcePortRange": "8080",
- "destinationPortRange": "*",
- "sourceAddressPrefix": "Internet",
- "destinationAddressPrefix": "*",
- "access": "Deny",
- "priority": 104,
- "direction": "Outbound"
- }
- },
{
"name": "out-rule",
"properties": {
"description": "All out",
- "protocol": "Tcp",
+ "protocol": "Any",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "Internet",
"scriptURL": { "value": "https://git.onap.org/logging-analytics/plain/deploy/rancher/oom_entrypoint.sh"},
"onapBranch": { "value": "master" },
"onapEnvironment": { "value": "onap"},
- "vmName": { "value": "a-replace-this-0" },
+ "vmName": { "value": "replace-this" },
"sshKeyData": {
- "value": "ssh-rsa AA-add-your-public-key-obrienbiometrics"
+ "value": "ssh-rsa AAA-your-key yourmail@mail"
},
- "dnsLabelPrefix": { "value": "replacethis0" },
- "vmSize": { "value": "Standard_D32s_v3" },
+ "dnsLabelPrefix": { "value": "replace-this-as-well" },
+ "vmSize": { "value": "Standard_E64s_v3" },
"scriptName": { "value": "oom_entrypoint.sh"},
"osType": { "value": "Linux" },
"adminUsername": { "value": "ubuntu"}
# Amsterdam
# Rancher 1.6.10, Kubernetes 1.7.7, Kubectl 1.7.7, Helm 2.3.0, Docker 1.12
# master
-# Rancher 1.6.14, Kubernetes 1.8.6, Kubectl 1.8.6, Helm 2.6.1, Docker 17.03
+# Rancher 1.6.22, Kubernetes 1.11.2, Kubectl 1.11.2, Helm 2.9.2, Docker 17.03
# run as root - because of the logout that would be required after the docker user set
+# 10249-10255 security is provided by rancher oauth via github - use this instead of port level control in the NSG
+# https://wiki.onap.org/display/DW/Cloud+Native+Deployment#CloudNativeDeployment-Security
usage() {
cat <<EOF
Usage: $0 [PARAMs]
Code Review / logging-analytics.git / commitdiff