We want to restrict access of the nomad-masters (leader) to the internet. That's why they are inside a subnet that has only access to AWS services. This restriction is made by allowing only routes to AWS services a specified at: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
Problem - binaries/ images from non ECR sources.
The fabio binary is loaded directly from github. But there is no route that allows egress access to GH.
Why
We want to restrict access of the nomad-masters (leader) to the internet. That's why they are inside a subnet that has only access to AWS services. This restriction is made by allowing only routes to AWS services a specified at: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
Problem - binaries/ images from non ECR sources.
The fabio binary is loaded directly from github. But there is no route that allows egress access to GH.