Kuniaki Shimizu kun432

centos7で確認

$ sudo yum install -y epel-release
$ sudo yum install -y fail2ban

ディレクトリ構成

トポロジを意識したservice転送

Topology-aware service routing
- クラスタがリージョンやAZにまたがっていてもserviceは意識せずに転送する
- またがるとレイテンシーやパフォーマンスの低下
- ノード数が多いと起きやすい
externalTrafficPolicy: Localでリスクは下げれるが・・・
- ClusterIPでは不可
- 同一ノード内でしか転送できない、同一ノード内にpodがいなければタイムアウト
Topology-aware service routingにより回避できる

	resource "aws_customer_gateway" "cgw-main" {
	bgp_asn = 65000
	ip_address = var.cgw1
	type = "ipsec.1"

	tags = {
	Name = "cgw-main"
	}
	}

	"elasticfilesystem:DescribeMountTargetSecurityGroups",
	"elasticfilesystem:DescribeMountTargets",
	"sns:ListSubscriptions",
	"s3:GetAccountPublicAccessBlock",
	"ce:GetCostAndUsage",
	"ce:GetCostForecast",
	"ce:GetUsageForecast",
	"eks:List*",
	"detective:ListGraphs",
	"ec2:SearchTransitGatewayRoutes",

	---
	AWSTemplateFormatVersion: '2010-09-09'
	Description: Template to create AWS resources for onboarding an account with Sophos Optix


	# ExternalId and CustomerId come from the Sophos Optix UI.

	Parameters:
	ExternalId:
	Type: String

	#!/bin/bash

	parallel=3
	subcmds="$@"

	vagrant status --machine-readable \| \
	perl -wnlaF"," -e 'print $F[1] if $F[2] =~ /metadata/;' \| \
	xargs -P${parallel} -I {} vagrant $subcmds {}

	#!/bin/bash

	# Specify the desired volume size in GiB as a command line argument. If not specified, default to 20 GiB.
	SIZE=${1:-20}

	# Get the ID of the environment host Amazon EC2 instance.
	INSTANCEID=$(curl http://169.254.169.254/latest/meta-data/instance-id)

	# Get the ID of the Amazon EBS volume associated with the instance.
	VOLUMEID=$(aws ec2 describe-instances \