ThomasObenaus
commented
6 years ago Tasks
- Rewrite nomad-jobs to take binaries from internal artefact-repo (i.e. artifactory).
- Provide the nomad-leaders access to internal artefact-repo.
Open ThomasObenaus opened 6 years ago
ThomasObenaus
commented
6 years ago
Why
We want to restrict access of the nomad-masters (leader) to the internet. That's why they are inside a subnet that has only access to AWS services. This restriction is made by allowing only routes to AWS services a specified at: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
Problem - binaries/ images from non ECR sources.
The fabio binary is loaded directly from github. But there is no route that allows egress access to GH.