Date

03 Jul 2019

Location

Time	Item	Who
25 min	EKS cluster network design for FOLIO	John Malconian
Meeting notes Kubernetes ingress on AWS is complex, especially when certificate management is taken into account New domain: ci.folio.org, with wildcard cert Ingress design – ALB load-balancer managed by pod within cluster, routing to nginx within the cluster Next up – set up ingress for Okapi for testing Ansible role has been created to generate correct VPC configuration Jenkins – TAMU alternative for automation Rancher can help manage Route 53 with "global DNS" – similar functionality to Kubernetes' external DNS controller Q: how close is this to a cookbook? Some internal documentation has been added to the (private) folio-infrastructure repo AWS permissions policies are very much a work in progress VPC architecture as created by Ansible role Worker nodes in private subnets across 2+ availability zone RDS in separate private subnet One public subnet for each availability zone. Only thing in public subnet is ALB and NAT gateways (requiring elastic IPs) Next piece will be diagram for ingress architecture
	Topics for 10 July	Wayne Schneider
Meeting notes Next week Ian Hardy will talk about Okapi deployment