ibenrodriguez

8 commits over 2 days 14 changed files  with 170 additions and 73 deletions.
  31  terraform/aws_compute.tf 

 @@ -39,11 +39,9 @@ resource "aws_instance" "vm2a" {
  user_data                   = "${data.template_file.install_ubuntu_deps_vm2a.rendered}"

  vpc_security_group_ids = [
    "${aws_security_group.aws-allow-icmp.id}",
    "${aws_security_group.aws-allow-ssh.id}",
    "${aws_security_group.aws-allow-nginx.id}",

ibenrodriguez

apoctl api update hookpolicy 5d93638b36063 \
--api https://api.console.aporeto.com \
--namespace /namespace \
--data '{
  "ID": "5d93638b311ddc0036063",
  "annotations": {},
  "associatedTags": [],
  "certificateAuthority": "",
  "clientCertificate": "",
  "clientCertificateKey": "",

ibenrodriguez

$ gcloud container clusters get-credentials k8s1a-vl7h --region asia-northeast1-a
Fetching cluster endpoint and auth data.
kubeconfig entry generated for k8s1a-vl7h.
$ kubectl get nodes
NAME                                                STATUS   ROLES    AGE    VERSION
gke-k8s1a-vl7h-k8s1a-node-pool-vl7h-817a4e41-2qv6   Ready    <none>   154m   v1.14.6-gke.2
gke-k8s1a-vl7h-k8s1a-node-pool-vl7h-817a4e41-sgq0   Ready    <none>   154m   v1.14.6-gke.2
gke-k8s1a-vl7h-k8s1a-node-pool-vl7h-817a4e41-wn5c   Ready    <none>   113m   v1.14.6-gke.2
gke-k8s1a-vl7h-k8s1a-node-pool-vl7h-817a4e41-xt9l   Ready    <none>   154m   v1.14.6-gke.2
$ kubectl get services

ibenrodriguez

# from trusted box:
$ nmap -A -Pn  34.84.71.162

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-06 01:18 UTC
Nmap scan report for 162.71.84.34.bc.googleusercontent.com (34.84.71.162)
Host is up (0.10s latency).
Not shown: 998 filtered ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 

ibenrodriguez

cat vpn_check.log 

Testing connection from vm1a-m17u to vm1b-m17u
ssh -o 'StrictHostKeyChecking no' -i ~/ssh_private_key auser@10.241.2.100 hostname
PASS: Hostname on vm1b-m17u(IP:10.241.2.100): matches vm1b-m17u
curl http://10.241.2.100:80
PASS: NGINX running on vm1b-m17u(IP:10.241.2.100 and can be accessed at http://34.89.70.9:80

Testing connection from vm1a-m17u to vm1c-m17u
ssh -o 'StrictHostKeyChecking no' -i ~/ssh_private_key auser@10.241.1.200 hostname

ibenrodriguez

ubuntu@ip-172-31-12-153:~/j19mct$ ssh -o 'StrictHostKeyChecking no' -i /home/ubuntu/multi-cloud-test-logs/2019-10-03-01.35.51-ios8/id_rsa ubuntu@vm1a-public-ip-address

Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.15.0-1042-gcp x86_64)

ubuntu@vm1a-ios8:~$ nmap 10.241.1.0/24

Starting Nmap 7.01 ( https://nmap.org ) at 2019-10-06 00:25 UTC
Nmap scan report for gke-k8s1a-ios8-k8s1a-node-pool-ios8-fc2766f8-pqrn.asia-northeast1-a.c.gcp-proj.internal (10.241.1.
Host is up (0.040s latency).
Not shown: 999 closed ports

ibenrodriguez

# output of curl test showing allowed and rejected traffic flows
# the first curl session works and you see the results. 
# the second session fails and no output is returned.

curl http://34.84.11.239:80
    
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">

ibenrodriguez

Deployment log showing initiated deployments with hexid, region, and time stamp - some fail and are restarted with new hexid
Sep 19 09:46 2019-09-19-09.46.08-yzdi
Sep 25 12:23 2019-09-19-10.17.55-7ezy
Sep 19 11:34 2019-09-19-11.34.03-hbz6
Sep 19 12:10 2019-09-19-11.34.10-32w0
Sep 19 13:26 2019-09-19-12.44.49-if1q
Sep 19 15:56 2019-09-19-15.15.40-lrau
Sep 19 20:02 2019-09-19-20.02.16-ub1a
Sep 19 20:51 2019-09-19-20.50.45-pqcb
Sep 19 21:09 2019-09-19-21.09.21-xlr9

ibenrodriguez

Keybase proof

I hereby claim:

• I am ibenrodriguez on github.
• I am iben (https://keybase.io/iben) on keybase.
• I have a public key whose fingerprint is C3E0 0E81 BE7F C64A DEBE 9D07 79FF 2842 8805 C7E0

To claim this, I am signing this object: