-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathbom.yaml
274 lines (274 loc) · 7.36 KB
/
bom.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
apiVersion: cloud.ibm.com/v1alpha1
kind: BillOfMaterial
metadata:
name: 120-ibm-fs-management-vpc
labels:
type: infrastructure
platform: ibm
code: 120
annotations:
displayName: Management VPC
description: Management VPC and Tools
spec:
modules:
- name: ibm-access-group
alias: ibm-access-group
version: v3.1.7
- name: ibm-activity-tracker
alias: ibm-activity-tracker
version: v2.4.17
dependencies:
- name: resource_group
ref: at_resource_group
- name: ibm-cloud-monitoring
alias: sysdig
version: v4.1.3
variables:
- name: provision
value: false
- name: name_prefix
alias: cs_name_prefix
scope: global
dependencies:
- name: resource_group
ref: cs_resource_group
- name: ibm-flow-logs
alias: ibm-flow-logs
version: v1.0.3
dependencies:
- name: target
ref: ibm-vpc
- name: cos_bucket
ref: flow_log_bucket
- name: ibm-iam-service-authorization
alias: flow-log-auth
version: v1.2.14
variables:
- name: source_service_name
value: is
- name: source_resource_type
value: flow-log-collector
- name: roles
value:
- Writer
dependencies:
- name: target_resource_group
ref: ibm-resource-group
- name: target_resource
ref: cos
- name: ibm-kms
alias: kms
version: v0.3.6
variables:
- name: provision
value: false
- name: region
alias: kms_region
- name: name_prefix
alias: kms_name_prefix
scope: global
value: ''
dependencies:
- name: resource_group
ref: kms_resource_group
- name: ibm-kms-key
alias: kms-key
version: v1.5.3
variables:
- name: provision
value: true
dependencies:
- name: kms
ref: kms
- name: ibm-object-storage-bucket
alias: flow_log_bucket
version: v0.8.4
variables:
- name: label
value: flow-logs
- name: allowed_ip
value:
- 0.0.0.0/0
- name: ibm-resource-group
alias: kms_resource_group
version: v3.3.4
- name: ibm-resource-group
alias: at_resource_group
version: v3.3.4
- name: ibm-resource-group
alias: resource_group
version: v3.3.4
variables: &ref_0
- name: resource_group_name
alias: mgmt_resource_group_name
scope: global
- name: ibm-resource-group
alias: cs_resource_group
version: v3.3.4
variables: *ref_0
- name: ibm-object-storage
alias: cos
version: v4.1.0
variables:
- name: provision
value: false
- name: name_prefix
alias: cs_name_prefix
scope: global
dependencies:
- name: resource_group
ref: cs_resource_group
- name: ibm-vpc
alias: ibm-vpc
version: v1.17.0
variables:
- name: address_prefix_count
value: 3
- name: address_prefixes
value:
- 10.10.0.0/18
- 10.20.0.0/18
- 10.30.0.0/18
- name: ibm-vpc-gateways
alias: ibm-vpc-gateways
version: v1.10.0
- name: ibm-vpc-subnets
alias: worker-subnets
version: v1.14.0
variables:
- name: _count
value: 3
- name: label
value: worker
- name: ipv4_cidr_blocks
value:
- 10.10.10.0/24
- 10.20.10.0/24
- 10.30.10.0/24
- name: acl_rules
value:
- name: allow-vpn-ingress
action: allow
direction: inbound
source: 0.0.0.0/0
destination: 10.0.0.0/8
- name: allow-vpn-egress
action: allow
direction: outbound
source: 10.0.0.0/8
destination: 0.0.0.0/0
dependencies:
- name: gateways
ref: ibm-vpc-gateways
- name: ibm-vpc-subnets
alias: vpe-subnets
version: v1.14.0
variables:
- name: _count
value: 3
- name: label
value: vpe
- name: ipv4_cidr_blocks
value:
- 10.10.20.0/24
- 10.20.20.0/24
- 10.30.20.0/24
- name: ibm-vpc-subnets
alias: ingress-subnets
version: v1.14.0
variables:
- name: _count
value: 3
- name: label
value: ingress
- name: ipv4_cidr_blocks
value:
- 10.10.30.0/24
- 10.20.30.0/24
- 10.30.30.0/24
- name: ibm-vpc-vpn-gateway
alias: ibm-vpc-vpn-gateway
version: v1.1.6
dependencies:
- name: subnets
ref: vpn-subnets
- name: ibm-vpe-gateway
alias: vpe-cos
version: v1.6.2
dependencies:
- name: resource
ref: cos
- name: subnets
ref: vpe-subnets
- name: ibm-transit-gateway
alias: ibm-transit-gateway
version: v0.2.3
variables:
- name: provision
value: false
- name: name_prefix
alias: cs_name_prefix
scope: global
dependencies:
- name: resource-group
ref: cs_resource_group
- name: ibm-vpc-subnets
alias: vpn-subnets
version: v1.14.0
variables:
- name: ibmcloud_api_key
type: string
description: The api key used to access IBM Cloud
- name: region
type: string
- name: cs_name_prefix
type: string
description: >-
The prefix name for the service. If not provided it will default to the
resource group name
defaultValue: ''
- name: kms_region
type: string
description: Geographic location of the resource (e.g. us-south, us-east)
- name: kms_service
type: string
description: The name of the KMS provider that should be used (keyprotect or hpcs)
defaultValue: keyprotect
- name: mgmt_name_prefix
type: string
description: >-
The name_prefix used to build the name if one is not provided. If used
the name will be `{name_prefix}-{label}`
defaultValue: base
- name: kms_resource_group_name
type: string
description: The name of the resource group
- name: at_resource_group_name
type: string
description: The name of the resource group
- name: mgmt_resource_group_name
type: string
description: The name of the resource group
- name: cs_resource_group_name
type: string
description: The name of the resource group
- name: common_tags
type: list(string)
description: Common tags that should be added to the instance
defaultValue: []
- name: worker-subnets__count
type: number
description: The number of subnets that should be provisioned
defaultValue: 3
- name: vpe-subnets__count
type: number
description: The number of subnets that should be provisioned
defaultValue: 3
- name: ingress-subnets__count
type: number
description: The number of subnets that should be provisioned
defaultValue: 3
- name: vpn-subnets__count
type: number
description: The number of subnets that should be provisioned
defaultValue: 3