added poseidon with aws to k8s changes

docs/resources/OverviewPoseidonNomadMapping.drawio

@@ -0,0 +1 @@
+<mxfile host="app.diagrams.net" modified="2021-07-29T09:10:40.306Z" agent="5.0 (X11)" etag="xc0NA0uUuogw2a5ns6QW" version="14.9.2" type="device"><diagram id="_cTqiwv0DkfbUgT-qijx" name="Page-1">7Vxbc+I2FP41PCZjyxfgMckm23bSTtpkp7uPCha2urZFbUGgv76SLeGLDDEYEE4gmcE6ulg+3/mOdGSJgXUXLb8mcBb8TjwUDoDhLQfWlwEApg3AgP8b3iqXDF07F/gJ9kShQvCM/0NCaAjpHHsorRSkhIQUz6rCCYljNKEVGUwS8lYtNiVh9a4z6CNF8DyBoSr9G3s0yKUjMCzkvyDsB/LOpjvOcyIoC4snSQPokbeSyLofWHcJITS/ipZ3KOTKk3rJ6z1syF13LEExbVNh/P3XW/LtzwUdBuljtHiYPl75V6KVBQzn4oEHwA1Ze7dTwpplvaYroQr33zmRGVdpBtQNK8C6sCwy2ZUvvrNWXqXgiaQIeySWGayfr/XCTJbfVYpBpQMgIfPYQ/xxDJb9FmCKnmdwwnPfmPUxWUCjkKVMdrlACcUMx5sQ+zGTUTJbt8nz0HKjHs01OsysEYkQTVasyFuBP3AEqEEJ+6FEGgqb89d1C1jYhUBmB5TARpQUHXaD7Q8SQW8jHE3InRdEogJwBRIlyBx3eErIrM7EMl2GUKb2OkgwQmmm1FPwJsKexxu6neIwvCMhSbJGranD/5g8pQn5iUo5bvYRD1SS5x8hF57edA+DuD1y8ipimGkwABM0cNY9Fv5DBQXksYFFJElCA+KTGIb3hfS2ilNR5pFwYmTo/IMoXQndwTklVezQEtPvvPq1I1I/RGP8+suynFjJRMwet1SJJ3/I9niiqJalZL06iCj2bvh4y9IehhGJvZcAx3nGA+bKE43IQR4Ya+i5arYDzzRJ5skEbdG4mFdQmPiIvsdM1ZASFEKKF9V+HNwsbMUt/EZe08/IWDA0Kow1Rw0+u2mYBdaxOOsq4LygaMbMgnlag+HUDaa6DjfCdgDluk5VuWudafOHpqlo7wQOcYuTmoQwTfGk4qDMioNyO3jHfTzxAX3hqKUvdDr6QlH1ieBsTiOszxpXrc8yalaV90vUKgyLQQNXpWIzXiDdch9QHfQtsxYBvdevanl2kfegsPK1TjoYvtFPw9drwONTGvCudmfbPbC7sTKYXV9f92cEs42azoA6go1POoCpQfgLTH8yyVemxNllDsdBawCpcQ43PhpKatx9E4ZkwrwBiT8nRu7ouuquHP0oqWEQ59LnxKfGIVc7OgDomLEcYR2i3UzngLMW0205bXE7Tlu6sU+NcycknmK/P7ODNUnkwGM5emcHQEt4+yE4M2zJGVMvaYYfjjSudtJYF9LsSZq2Czx6OTNSOOOhKZyH9MrnMVN/qDM8u/HGuVBnT+q0XVoqbdLQwR11/UZyh2bLDn2ljv5Rx75QZz/qSCTfn6qNdFJHdrNEHbheA+ovcRzdxLEuxNmXOG3XBfTypv/rAmB0bvM0PfuAPgJn2oY4QGuMA9QYp++k0T5Dsy7Bzb6kaRvcdB1o9ntvXtuvId/xbnxvvr38cd6bg82BV88WLaxzGwzlJrQLr3fltSWPvry7uVXr7lbZzd4vWtSpo39IBBfq7Ekdq+08cqyVOurGlT4uWtSJo3/RQnMAVqZNiUW7EycmMaqwxlBY48E0yHrNu5BvbpFnFsGBSdV2QUPvcKQuaMgjUx5eyONSz5QfAS2OUpWyGkrvfIoLNJ2ze0qIN5/k1GbPZvA+4NjPE9k+za1H8F6ThkN5lU528Rf93EflntkBMFvzjpAP6njaBrhaF4UsNYa8X6LJPCe8cR8vcELiCInjD5+bqfrPJjkKWn0992VZxpnp1ta8x2c3N1hxZN184lHdoA1aukGtMY3s5fb511/zOEbJZSKzwT02HXw5LYXVNxwSsn45x/p7jiMeKWLJ4odd8pXp4udxrPv/AQ==</diagram></mxfile>

docs/resources/client.example.hcl

@@ -0,0 +1,17 @@
+client {
+    enabled = true
+    servers = [
+        "server domain 1",
+        "server domain 2"
+    ]
+    cni_path = "/usr/lib/cni"
+}
+
+plugin "docker" {
+    config {
+        allow_runtimes = ["runsc"]
+        gc {
+            image_delay = "0s"
+        }
+    }
+}

docs/resources/docker.daemon.json

@@ -0,0 +1,17 @@
+{
+  "dns": [
+    "8.8.8.8",
+    "8.8.4.4"
+  ],
+  "dns-search": [
+    "codeocean.internal"
+  ],
+  "default-runtime": "runsc",
+  "runtimes": {
+    "runsc": {
+      "path": "/usr/bin/runsc",
+      "runtimeArgs": [
+      ]
+    }
+  }
+}

docs/resources/nomad.example.hcl

@@ -0,0 +1,28 @@
+# Full configuration options can be found at https://www.nomadproject.io/docs/configuration
+
+data_dir = "/opt/nomad/data"
+bind_addr = "0.0.0.0"
+
+limits {
+    http_max_conns_per_client = 0
+}
+
+# Require TLS
+tls {
+  http = true
+  rpc  = true
+
+  ca_file   = "/home/ubuntu/ca.crt"
+  cert_file = "/home/ubuntu/cert.crt"
+  key_file  = "/home/ubuntu/cert-key.pem"
+
+  verify_server_hostname = true
+  verify_https_client    = true
+}
+
+# telemetry {
+#     collection_interval = "10s"
+#     prometheus_metrics = true
+#     publish_allocation_metrics = true
+#     publish_node_metrics = true
+# }

docs/resources/poseidon_policy.hcl

@@ -0,0 +1,30 @@
+// Allow-all access policy
+
+namespace "*" {
+  policy       = "write"
+  capabilities = ["alloc-node-exec", "read-job"]
+}
+
+agent {
+  policy = "write"
+}
+
+operator {
+  policy = "write"
+}
+
+quota {
+  policy = "write"
+}
+
+node {
+  policy = "write"
+}
+
+host_volume "*" {
+  policy = "write"
+}
+
+plugin {
+  policy = "read"
+}

docs/resources/secure-bridge.conflist

@@ -0,0 +1,105 @@
+{
+    "cniVersion": "0.4.0",
+    "name": "secure-bridge",
+    "plugins": [
+        {
+            "type": "loopback"
+        },
+        {
+            "type": "bridge",
+            "bridge": "nomad-filtered",
+            "ipMasq": true,
+            "isGateway": true,
+            "forceAddress": true,
+            "dns":{
+                "nameservers":[
+                    "8.8.8.8",
+                    "8.8.4.4",
+                    "2001:4860:4860::8888",
+                    "2001:4860:4860::8844"
+                ],
+                "domain": "poseidon.internal",
+                "search": [
+                    "poseidon.internal"
+                ]
+            },
+            "ipam": {
+                "type": "host-local",
+                "ranges": [
+                    [
+                        {
+                            "subnet": "10.151.16.0/20"
+                        }
+                    ],
+                    [
+                        {
+                            "subnet": "fd00:2::/64"
+                        }
+                    ]
+                ],
+                "routes": [
+                   { "dst": "0.0.0.0/5" },
+                   { "dst": "8.0.0.0/7" },
+                   { "dst": "11.0.0.0/8" },
+                   { "dst": "12.0.0.0/6" },
+                   { "dst": "16.0.0.0/4" },
+                   { "dst": "32.0.0.0/3" },
+                   { "dst": "64.0.0.0/2" },
+                   { "dst": "128.0.0.0/3" },
+                   { "dst": "160.0.0.0/5" },
+                   { "dst": "168.0.0.0/8" },
+                   { "dst": "169.0.0.0/9" },
+                   { "dst": "169.128.0.0/10" },
+                   { "dst": "169.192.0.0/11" },
+                   { "dst": "169.224.0.0/12" },
+                   { "dst": "169.240.0.0/13" },
+                   { "dst": "169.248.0.0/14" },
+                   { "dst": "169.252.0.0/15" },
+                   { "dst": "169.255.0.0/16" },
+                   { "dst": "170.0.0.0/8" },
+                   { "dst": "171.0.0.0/12" },
+                   { "dst": "171.32.0.0/11" },
+                   { "dst": "171.64.0.0/10" },
+                   { "dst": "171.128.0.0/9" },
+                   { "dst": "172.0.0.0/6" },
+                   { "dst": "176.0.0.0/4" },
+                   { "dst": "192.0.0.0/9" },
+                   { "dst": "192.128.0.0/11" },
+                   { "dst": "192.160.0.0/13" },
+                   { "dst": "192.169.0.0/16" },
+                   { "dst": "192.170.0.0/15" },
+                   { "dst": "192.172.0.0/14" },
+                   { "dst": "192.176.0.0/12" },
+                   { "dst": "192.192.0.0/10" },
+                   { "dst": "193.0.0.0/8" },
+                   { "dst": "194.0.0.0/7" },
+                   { "dst": "196.0.0.0/6" },
+                   { "dst": "200.0.0.0/5" },
+                   { "dst": "208.0.0.0/4" },
+                   { "dst": "224.0.0.0/3" },
+                   { "dst": "::/1" },
+                   { "dst": "8000::/2" },
+                   { "dst": "c000::/3" },
+                   { "dst": "e000::/4" },
+                   { "dst": "f000::/5" },
+                   { "dst": "f800::/6" },
+                   { "dst": "fe00::/9" },
+                   { "dst": "fec0::/10" },
+                   { "dst": "ff00::/8" }
+                ]
+            }
+        },
+        {
+            "type": "firewall",
+            "backend": "iptables",
+            "iptablesAdminChainName": "NOMAD-ADMIN-FILTERED"
+        },
+        {
+            "type": "portmap",
+            "capabilities": {
+                "portMappings": true
+            },
+            "snat": true
+        }
+    ]
+}

docs/resources/server.example.hcl

@@ -0,0 +1,15 @@
+server {
+    enabled = true
+    bootstrap_expect = 2
+    server_join {
+        retry_join = ["<<other servers domain>>"]
+        retry_max = 3
+        retry_interval = "15s"
+    }
+
+    # https://www.nomadproject.io/docs/configuration/server
+    default_scheduler_config {
+        scheduler_algorithm = "spread"
+        memory_oversubscription_enabled = true
+    }
+}