diff --git a/cert/ccd/private/danielbeck b/cert/ccd/private/danielbeck index 035d9a9..f1c8e0e 100644 --- a/cert/ccd/private/danielbeck +++ b/cert/ccd/private/danielbeck @@ -27,6 +27,7 @@ push "route 52.204.62.78 255.255.255.255" push "route 52.202.38.86 255.255.255.255" # aws.ci.jenkins.io VM push "route 3.146.166.108 255.255.255.255" -# EKS cluster "cijenkinsio-agents-2" (2 public IPs) +# EKS cluster "cijenkinsio-agents-2" public IP 1 push "route 3.146.156.247 255.255.255.255" +# EKS cluster "cijenkinsio-agents-2" public IP 2 push "route 3.130.164.212 255.255.255.255" diff --git a/cert/ccd/private/dduportal b/cert/ccd/private/dduportal index c209784..ba40c4b 100644 --- a/cert/ccd/private/dduportal +++ b/cert/ccd/private/dduportal @@ -27,6 +27,7 @@ push "route 52.204.62.78 255.255.255.255" push "route 52.202.38.86 255.255.255.255" # aws.ci.jenkins.io VM push "route 3.146.166.108 255.255.255.255" -# EKS cluster "cijenkinsio-agents-2" (2 public IPs) +# EKS cluster "cijenkinsio-agents-2" public IP 1 push "route 3.146.156.247 255.255.255.255" +# EKS cluster "cijenkinsio-agents-2" public IP 2 push "route 3.130.164.212 255.255.255.255" diff --git a/cert/ccd/private/jayfranco_cb b/cert/ccd/private/jayfranco_cb index 78d12fd..c63b948 100644 --- a/cert/ccd/private/jayfranco_cb +++ b/cert/ccd/private/jayfranco_cb @@ -5,6 +5,7 @@ push "route 10.248.1.5 255.255.255.255" push "route 10.206.0.0 255.255.252.0" # aws.ci.jenkins.io VM push "route 3.146.166.108 255.255.255.255" -# EKS cluster "cijenkinsio-agents-2" (2 public IPs) +# EKS cluster "cijenkinsio-agents-2" public IP 1 push "route 3.146.156.247 255.255.255.255" +# EKS cluster "cijenkinsio-agents-2" public IP 2 push "route 3.130.164.212 255.255.255.255" diff --git a/cert/ccd/private/kevingrdj b/cert/ccd/private/kevingrdj index 4807730..8aa05ee 100644 --- a/cert/ccd/private/kevingrdj +++ b/cert/ccd/private/kevingrdj @@ -27,6 +27,7 @@ push "route 52.204.62.78 255.255.255.255" push "route 52.202.38.86 255.255.255.255" # aws.ci.jenkins.io VM push "route 3.146.166.108 255.255.255.255" -# EKS cluster "cijenkinsio-agents-2" (2 public IPs) +# EKS cluster "cijenkinsio-agents-2" public IP 1 push "route 3.146.156.247 255.255.255.255" +# EKS cluster "cijenkinsio-agents-2" public IP 2 push "route 3.130.164.212 255.255.255.255" diff --git a/cert/ccd/private/markewaite b/cert/ccd/private/markewaite index 698cabe..f45b76d 100644 --- a/cert/ccd/private/markewaite +++ b/cert/ccd/private/markewaite @@ -27,6 +27,7 @@ push "route 52.204.62.78 255.255.255.255" push "route 52.202.38.86 255.255.255.255" # aws.ci.jenkins.io VM push "route 3.146.166.108 255.255.255.255" -# EKS cluster "cijenkinsio-agents-2" (2 public IPs) +# EKS cluster "cijenkinsio-agents-2" public IP 1 push "route 3.146.156.247 255.255.255.255" +# EKS cluster "cijenkinsio-agents-2" public IP 2 push "route 3.130.164.212 255.255.255.255" diff --git a/cert/ccd/private/notmyfault b/cert/ccd/private/notmyfault index 46e32d0..d9dfd28 100644 --- a/cert/ccd/private/notmyfault +++ b/cert/ccd/private/notmyfault @@ -27,6 +27,7 @@ push "route 52.204.62.78 255.255.255.255" push "route 52.202.38.86 255.255.255.255" # aws.ci.jenkins.io VM push "route 3.146.166.108 255.255.255.255" -# EKS cluster "cijenkinsio-agents-2" (2 public IPs) +# EKS cluster "cijenkinsio-agents-2" public IP 1 push "route 3.146.156.247 255.255.255.255" +# EKS cluster "cijenkinsio-agents-2" public IP 2 push "route 3.130.164.212 255.255.255.255" diff --git a/cert/ccd/private/smerle b/cert/ccd/private/smerle index 542ea36..7796a38 100644 --- a/cert/ccd/private/smerle +++ b/cert/ccd/private/smerle @@ -27,6 +27,7 @@ push "route 52.204.62.78 255.255.255.255" push "route 52.202.38.86 255.255.255.255" # aws.ci.jenkins.io VM push "route 3.146.166.108 255.255.255.255" -# EKS cluster "cijenkinsio-agents-2" (2 public IPs) +# EKS cluster "cijenkinsio-agents-2" public IP 1 push "route 3.146.156.247 255.255.255.255" +# EKS cluster "cijenkinsio-agents-2" public IP 2 push "route 3.130.164.212 255.255.255.255" diff --git a/cert/ccd/private/timja b/cert/ccd/private/timja index 15b28aa..baf79e4 100644 --- a/cert/ccd/private/timja +++ b/cert/ccd/private/timja @@ -27,6 +27,7 @@ push "route 52.204.62.78 255.255.255.255" push "route 52.202.38.86 255.255.255.255" # aws.ci.jenkins.io VM push "route 3.146.166.108 255.255.255.255" -# EKS cluster "cijenkinsio-agents-2" (2 public IPs) +# EKS cluster "cijenkinsio-agents-2" public IP 1 push "route 3.146.156.247 255.255.255.255" +# EKS cluster "cijenkinsio-agents-2" public IP 2 push "route 3.130.164.212 255.255.255.255" diff --git a/cert/ccd/private/wfollonier b/cert/ccd/private/wfollonier index a939505..6984512 100644 --- a/cert/ccd/private/wfollonier +++ b/cert/ccd/private/wfollonier @@ -27,6 +27,7 @@ push "route 52.204.62.78 255.255.255.255" push "route 52.202.38.86 255.255.255.255" # aws.ci.jenkins.io VM push "route 3.146.166.108 255.255.255.255" -# EKS cluster "cijenkinsio-agents-2" (2 public IPs) +# EKS cluster "cijenkinsio-agents-2" public IP 1 push "route 3.146.156.247 255.255.255.255" +# EKS cluster "cijenkinsio-agents-2" public IP 2 push "route 3.130.164.212 255.255.255.255" diff --git a/updatecli/updatecli.d/restricted-ips.yaml b/updatecli/updatecli.d/restricted-ips.yaml index ed7b2b7..e77e84e 100644 --- a/updatecli/updatecli.d/restricted-ips.yaml +++ b/updatecli/updatecli.d/restricted-ips.yaml @@ -39,9 +39,47 @@ sources: - azure-public-db-vnet-cidr spec: command: bash ./updatecli/scripts/netmask.sh {{ source "azure-public-db-vnet-cidr" }} + aws-ci-jenkins-io-agents-2-hostname: + kind: json + spec: + file: https://reports.jenkins.io/jenkins-infra-data-reports/aws-sponsorship.json + # Outbound IPs are also public "inbound" IPs for EC2 instances + # The 2nd element is the IPv4 (1st is IPv6) + key: .aws\.ci\.jenkins\.io.cijenkinsio-agents-2.cluster_endpoint + transformers: + # DNS only work on the hostname + - trimprefix: 'https://' + aws-ci-jenkins-io-agents-2-ip-1: + kind: shell + dependson: + - aws-ci-jenkins-io-agents-2-hostname + spec: + command: dig +short {{ source "aws-ci-jenkins-io-agents-2-hostname" }} | head -n1 + transformers: + - addsuffix: '/32' + aws-ci-jenkins-io-agents-2-ip-2: + kind: shell + dependson: + - aws-ci-jenkins-io-agents-2-hostname + spec: + command: dig +short {{ source "aws-ci-jenkins-io-agents-2-hostname" }} | tail -n1 + transformers: + - addsuffix: '/32' + aws-ci-jenkins-io-agents-2-netmask-1: + kind: shell + dependson: + - aws-ci-jenkins-io-agents-2-ip-1 + spec: + command: bash ./updatecli/scripts/netmask.sh {{ source "aws-ci-jenkins-io-agents-2-ip-1" }} + aws-ci-jenkins-io-agents-2-netmask-2: + kind: shell + dependson: + - aws-ci-jenkins-io-agents-2-ip-2 + spec: + command: bash ./updatecli/scripts/netmask.sh {{ source "aws-ci-jenkins-io-agents-2-ip-2" }} targets: - openvpn-cli-config: + openvpn-cli-config-aws.ci.jenkins.io: name: Update ci.jenkins.io public IP in the YAML configuration of our OpenVPN CLI kind: yaml sourceid: aws-ci-jenkins-io-cidr @@ -50,7 +88,7 @@ targets: # That is a rather fragile pattern. TODO: improve our CLI to use maps instead of arrays key: $.networks[0].routes[7] scmid: default - ccd-user-configs: + ccd-user-configs--aws.ci.jenkins.io: name: Update ci.jenkins.io public IP in the user CCD routing configurations kind: file disablesourceinput: true @@ -106,6 +144,68 @@ targets: # public-db vnet push "route {{ source "azure-public-db-vnet-netmask" }}" scmid: default + openvpn-cli-config-aws-ci-jenkins-io-agents-2-ip-1: + name: Update ci-jenkins-io-agents-2 EKS public IP 1 in the YAML configuration of our OpenVPN CLI + kind: yaml + sourceid: aws-ci-jenkins-io-agents-2-ip-1 + spec: + file: config.yaml + # That is a rather fragile pattern. TODO: improve our CLI to use maps instead of arrays + key: $.networks[0].routes[8] + scmid: default + ccd-user-configs-aws-ci-jenkins-io-agents-2-ip-1: + name: Update ci-jenkins-io-agents-2 EKS public IP 1 in the user CCD routing configurations + kind: file + disablesourceinput: true + spec: + files: + - cert/ccd/private/danielbeck + - cert/ccd/private/dduportal + - cert/ccd/private/jayfranco_cb + - cert/ccd/private/kevingrdj + - cert/ccd/private/markewaite + - cert/ccd/private/notmyfault + - cert/ccd/private/smerle + - cert/ccd/private/timja + - cert/ccd/private/wfollonier + matchpattern: | + # EKS cluster "cijenkinsio-agents-2" public IP 1 + push "route (.*) 255\.255\..*\..*" + replacepattern: | + # EKS cluster "cijenkinsio-agents-2" public IP 1 + push "route {{ source "aws-ci-jenkins-io-agents-2-netmask-1" }}" + scmid: default + openvpn-cli-config-aws-ci-jenkins-io-agents-2-ip-2: + name: Update ci-jenkins-io-agents-2 EKS public IP 2 in the YAML configuration of our OpenVPN CLI + kind: yaml + sourceid: aws-ci-jenkins-io-agents-2-ip-2 + spec: + file: config.yaml + # That is a rather fragile pattern. TODO: improve our CLI to use maps instead of arrays + key: $.networks[0].routes[9] + scmid: default + ccd-user-configs-aws-ci-jenkins-io-agents-2-ip-2: + name: Update ci-jenkins-io-agents-2 EKS public IP 2 in the user CCD routing configurations + kind: file + disablesourceinput: true + spec: + files: + - cert/ccd/private/danielbeck + - cert/ccd/private/dduportal + - cert/ccd/private/jayfranco_cb + - cert/ccd/private/kevingrdj + - cert/ccd/private/markewaite + - cert/ccd/private/notmyfault + - cert/ccd/private/smerle + - cert/ccd/private/timja + - cert/ccd/private/wfollonier + matchpattern: | + # EKS cluster "cijenkinsio-agents-2" public IP 2 + push "route (.*) 255\.255\..*\..*" + replacepattern: | + # EKS cluster "cijenkinsio-agents-2" public IP 2 + push "route {{ source "aws-ci-jenkins-io-agents-2-netmask-2" }}" + scmid: default actions: default: