in src/ccf/caci-ccf-provider/CAciNodeProvider.cs [917:1087]
private ContainerGroupData CreateContainerGroupData(
string location,
string networkName,
string nodeName,
string dnsNameLabel,
string tgzConfigData,
string instanceId,
ContainerGroupSecurityPolicy securityPolicy)
{
return new ContainerGroupData(
new AzureLocation(location),
new ContainerInstanceContainer[]
{
new(
AciConstants.ContainerName.CcHost,
securityPolicy.Images[AciConstants.ContainerName.CcHost],
new ContainerResourceRequirements(
new ContainerResourceRequestsContent(1.5, 1)))
{
Ports =
{
new ContainerPort(Ports.RpcMainPort),
new ContainerPort(Ports.NodeToNodePort),
new ContainerPort(Ports.RpcDebugPort)
},
EnvironmentVariables =
{
new ContainerEnvironmentVariable("CONFIG_DATA_TGZ")
{
Value = tgzConfigData
}
}
},
new(
AciConstants.ContainerName.CcrAttestation,
securityPolicy.Images[AciConstants.ContainerName.CcrAttestation],
new ContainerResourceRequirements(
new ContainerResourceRequestsContent(0.5, 0.2)))
{
Command =
{
"app",
"-socket-address",
"/mnt/uds/sock"
},
VolumeMounts =
{
new ContainerVolumeMount("uds", "/mnt/uds")
}
},
new(
AciConstants.ContainerName.CcfRecoveryAgent,
securityPolicy.Images[AciConstants.ContainerName.CcfRecoveryAgent],
new ContainerResourceRequirements(
new ContainerResourceRequestsContent(0.5, 0.2)))
{
EnvironmentVariables =
{
new ContainerEnvironmentVariable("CCF_ENDPOINT")
{
Value = $"localhost:{Ports.RpcMainPort}"
},
new ContainerEnvironmentVariable("CCF_ENDPOINT_SKIP_TLS_VERIFY")
{
Value = "true"
},
new ContainerEnvironmentVariable("ASPNETCORE_URLS")
{
Value = $"http://+:{Ports.RecoveryAgentPort}"
}
},
VolumeMounts =
{
new ContainerVolumeMount("uds", "/mnt/uds"),
new ContainerVolumeMount("shared", "/app/service")
}
},
new(
AciConstants.ContainerName.CcrProxy,
securityPolicy.Images[AciConstants.ContainerName.CcrProxy],
new ContainerResourceRequirements(
new ContainerResourceRequestsContent(0.5, 0.2)))
{
Ports =
{
new ContainerPort(Ports.EnvoyPort)
},
Command =
{
"/bin/sh",
"https-http/bootstrap.sh"
},
EnvironmentVariables =
{
new ContainerEnvironmentVariable("CCR_ENVOY_DESTINATION_PORT")
{
Value = Ports.RecoveryAgentPort.ToString()
},
new ContainerEnvironmentVariable("CCR_ENVOY_SERVICE_CERT_OUTPUT_FILE")
{
Value = ServiceCertPemFilePath
}
},
VolumeMounts =
{
new ContainerVolumeMount("shared", ServiceFolderMountPath)
}
},
},
ContainerInstanceOperatingSystemType.Linux)
{
RestartPolicy = ContainerGroupRestartPolicy.Never,
Sku = ContainerGroupSku.Confidential,
ConfidentialComputeCcePolicy = securityPolicy.ConfidentialComputeCcePolicy,
Tags =
{
{
AciConstants.CcfNetworkNameTag,
networkName
},
{
AciConstants.CcfNetworkTypeTag,
"node"
},
{
AciConstants.CcfNetworkResourceNameTag,
nodeName
},
{
AciConstants.CcfNetworkInstanceIdTag,
instanceId
}
},
IPAddress = new ContainerGroupIPAddress(
new ContainerGroupPort[]
{
new(Ports.RpcMainPort)
{
Protocol = ContainerGroupNetworkProtocol.Tcp,
},
new(Ports.NodeToNodePort)
{
Protocol = ContainerGroupNetworkProtocol.Tcp,
},
new(Ports.RpcDebugPort)
{
Protocol = ContainerGroupNetworkProtocol.Tcp,
},
new(Ports.EnvoyPort)
{
Protocol = ContainerGroupNetworkProtocol.Tcp,
}
},
ContainerGroupIPAddressType.Public)
{
DnsNameLabel = dnsNameLabel,
AutoGeneratedDomainNameLabelScope = DnsNameLabelReusePolicy.Unsecure
},
Volumes =
{
new ContainerVolume("uds")
{
EmptyDir = BinaryData.FromObjectAsJson(new Dictionary<string, object>())
},
new ContainerVolume("shared")
{
EmptyDir = BinaryData.FromObjectAsJson(new Dictionary<string, object>())
}
}
};
}