/
2019-07-03 Kubernetes Subgroup Meeting notes

2019-07-03 Kubernetes Subgroup Meeting notes

Aug 14, 2019

Date

Jul 3, 2019

Location

https://zoom.us/j/116073082

Attendees

  • @VBar

  • @Robert Douglas

  • @Anton Emelianov (Deactivated)

  • @Ian Hardy

  • @John Malconian

  • @jroot (Unlicensed)

  • @Wayne Schneider

  • @Jakub Skoczen

Goals

Discussion items

Time

Item

Who

Notes

Time

Item

Who

Notes

25 min

EKS cluster network design for FOLIO

@John Malconian

 

Meeting notes

  • Kubernetes ingress on AWS is complex, especially when certificate management is taken into account

  • New domain: ci.folio.org, with wildcard cert

  • Ingress design – ALB load-balancer managed by pod within cluster, routing to nginx within the cluster

  • Next up – set up ingress for Okapi for testing

  • Ansible role has been created to generate correct VPC configuration

    • Jenkins – TAMU alternative for automation

  • Rancher can help manage Route 53 with "global DNS" – similar functionality to Kubernetes' external DNS controller

  • Q: how close is this to a cookbook?

    • Some internal documentation has been added to the (private) folio-infrastructure repo

    • AWS permissions policies are very much a work in progress

  • VPC architecture as created by Ansible role

    • Worker nodes in private subnets across 2+ availability zone

    • RDS in separate private subnet

    • One public subnet for each availability zone.

      • Only thing in public subnet is ALB and NAT gateways (requiring elastic IPs)

  • Next piece will be diagram for ingress architecture

 

Topics for 10 July

@Wayne Schneider

 

Meeting notes

Next week @Ian Hardy will talk about Okapi deployment

Action items