Yuhki Hanada yuhkih

## test workload for autoscaler
$ oc new-project work-queue

$ echo 'apiVersion: batch/v1
kind: Job
metadata:
  generateName: work-queue-
spec:
  template:
    spec:
      containers:

## temp-rosa-ssm-bastion.yaml
# This will create a SSM bastion server.
# You can use this template with the following template which export necessary variables for this template.
#
#   1) rosa-awsfw-pnFW-saz.yaml  Tested OK
#   2) rosa-awsfw-pFWn-saz.yaml
#
#    Three Endpoints will be craeted in NATGW subnet.
#
# History
# 2023/01/13 yuhkih fix ImportValue

## temp-rosa-PRV_FW_NAT-sz.yaml
# The following will be deployed with this CF
# 1. Three subnets for each AZ. (Thins template is for single AZ)
# 2. AWS firewall deployed with a policy which allow all the domains listed on the ROSA document as prerequistes for egress.
#
# This template will create the following Network Firewall rules
#
#    1) singleaz-DomainAllow-RuleGroup  based on ROSA requirments
#    2) singleaz-SplunkAllow-RuleGroup  based on ROSA requiremnts (Splunk)
#    3) singleaz-DomainAllow-RuleGroup-For-Application   For test perpose +  RHOAM (based on blocked logs)
#    4) singleaz-IcmpAlert-RuleGroup    This crates alert when someone uses ICMP ping in VPC.

## delete-rosa-privatelink-cluster.sh
#!/bin/bash

# ------------------------------------------------------
# Make sure aws cli is configured properly before run this shell
# ------------------------------------------------------
# History
# 2023/01/16 yuhkih initial creation

# ------------------------------------------------------
# Basic Information

## create-rosa-privatelink-cluster.sh
#!/bin/bash

# ------------------------------------------------------
# Make sure aws cli is configured properly before run this shell
# ------------------------------------------------------
# History
# 2023/01/16 yuhkih initial creation

# ------------------------------------------------------
# Basic Information

## ROSA PrivateLink + AWS FW + bastion for Multi AZ
# 1. Three subnets for each AZ.
#    Privarte subnet - NATGW subent - FW (Public) subnet - Internet Gateway
# 2. AWS firewall deployed with a policy which allow all the domains listed on the ROSA document as prerequistes for egress.
# 3. one bation server will be deployed on which oc and git command are already installed. This can be access directly from AWS console.
#
# you can choose the default IP ranges and the AZs. Please be aware the network will be deployed in Japan as default.
# 2023/01/14 yuhkih Added allow domains to setup an EC2 for Let's Encrypt (needed in case you put the EC2 in ROSA VPC)
#              - "dl.fedoraproject.org"          # Added to setup EC2 for Let's Encrypt
#              - "mirrors.fedoraproject.org"     # Added to setup EC2 for Let's Encrypt
#              - "d2lzkl7pfhq30w.cloudfront.net" # Added to setup EC2 for Let's Encrypt

## ROSA PrivateLink + AWS FW + bastion for Single AZ
# The following will be deployed with this CF
# 1. Three subnets for each AZ. (Thins template is for single AZ)
#    Privarte subnet - NATGW subent - FW (Public) subnet - Internet Gateway
# 2. AWS firewall deployed with a policy which allow all the domains listed on the ROSA document as prerequistes for egress.
# 3. one bation server will be deployed on which oc and git command are already installed.
#
# you can choose the default IP ranges and the AZs. Please be aware the network will be deployed in Japan as default.
# 2023/01/14 Added allow domains to setup an EC2 for Let's Encrypt (needed in case you put the EC2 in ROSA VPC)
#              - "dl.fedoraproject.org"          # Added to setup EC2 for Let's Encrypt
#              - "mirrors.fedoraproject.org"     # Added to setup EC2 for Let's Encrypt

## CloudFormation ROSA Single AZ Network Template (10.8.0.0-16)
Description:  This template deploys a VPC, with a pair of public and private subnets spread
  across two Availability Zones. It deploys an internet gateway, with a default
  route on the public subnets. It deploys a pair of NAT gateways (one in each AZ),
  and default routes for them in the private subnets.


# -------------------------------------------
# ここはパラメーター
Parameters:
  EnvironmentName:

## CloudFormation ROSA Single AZ Network Template (10.7.0.0-16)
Description:  This template deploys a VPC, with a pair of public and private subnets spread
  across two Availability Zones. It deploys an internet gateway, with a default
  route on the public subnets. It deploys a pair of NAT gateways (one in each AZ),
  and default routes for them in the private subnets.


# -------------------------------------------
# ここはパラメーター
Parameters:
  EnvironmentName:

## CloudFormation ROSA Multi AZ Network template
Description:  This template deploys a VPC, with a pair of public and private subnets spread
  across two Availability Zones. It deploys an internet gateway, with a default
  route on the public subnets. It deploys a pair of NAT gateways (one in each AZ),
  and default routes for them in the private subnets.


Parameters:
  EnvironmentName:
    Description: An environment name that is prefixed to resource names
    Type: String
	$ oc new-project work-queue

	$ echo 'apiVersion: batch/v1
	kind: Job
	metadata:
	generateName: work-queue-
	spec:
	template:
	spec:
	containers:
	# This will create a SSM bastion server.
	# You can use this template with the following template which export necessary variables for this template.
	#
	# 1) rosa-awsfw-pnFW-saz.yaml Tested OK
	# 2) rosa-awsfw-pFWn-saz.yaml
	#
	# Three Endpoints will be craeted in NATGW subnet.
	#
	# History
	# 2023/01/13 yuhkih fix ImportValue
	# The following will be deployed with this CF
	# 1. Three subnets for each AZ. (Thins template is for single AZ)
	# 2. AWS firewall deployed with a policy which allow all the domains listed on the ROSA document as prerequistes for egress.
	#
	# This template will create the following Network Firewall rules
	#
	# 1) singleaz-DomainAllow-RuleGroup based on ROSA requirments
	# 2) singleaz-SplunkAllow-RuleGroup based on ROSA requiremnts (Splunk)
	# 3) singleaz-DomainAllow-RuleGroup-For-Application For test perpose + RHOAM (based on blocked logs)
	# 4) singleaz-IcmpAlert-RuleGroup This crates alert when someone uses ICMP ping in VPC.
	#!/bin/bash

	# ------------------------------------------------------
	# Make sure aws cli is configured properly before run this shell
	# ------------------------------------------------------
	# History
	# 2023/01/16 yuhkih initial creation

	# ------------------------------------------------------
	# Basic Information
	# 1. Three subnets for each AZ.
	# Privarte subnet - NATGW subent - FW (Public) subnet - Internet Gateway
	# 2. AWS firewall deployed with a policy which allow all the domains listed on the ROSA document as prerequistes for egress.
	# 3. one bation server will be deployed on which oc and git command are already installed. This can be access directly from AWS console.
	#
	# you can choose the default IP ranges and the AZs. Please be aware the network will be deployed in Japan as default.
	# 2023/01/14 yuhkih Added allow domains to setup an EC2 for Let's Encrypt (needed in case you put the EC2 in ROSA VPC)
	# - "dl.fedoraproject.org" # Added to setup EC2 for Let's Encrypt
	# - "mirrors.fedoraproject.org" # Added to setup EC2 for Let's Encrypt
	# - "d2lzkl7pfhq30w.cloudfront.net" # Added to setup EC2 for Let's Encrypt
	Description: This template deploys a VPC, with a pair of public and private subnets spread
	across two Availability Zones. It deploys an internet gateway, with a default
	route on the public subnets. It deploys a pair of NAT gateways (one in each AZ),
	and default routes for them in the private subnets.


	# -------------------------------------------
	# ここはパラメーター
	Parameters:
	EnvironmentName: