Notes from 7/27 discussion about NDS-341 and NDS-377:
Beta Cluster
- DNS: beta.labs.nationaldataservice.org (NDS-404)
- OpenStack:
- Deploy in NDSLabs project space
- Ask Chris to rebuild project (due to IP conflict problem) (NDS-403)
- Jeff Tierstrip node
- Add CoreOS image to NDSLabs
- External monitoring (NDS-405)
- Setup Naggio or similar
- Determine support coverage (M-F 8-5, who?)
- Backup etcd and GFS in the event of major failure
- Discuss moving ndslabs.org ownership? (NDS-404)
- Get name on outbound for Docker registry (NDS-404)
- Deploy beta cluster (NDS-406)
- 3-4 compute nodes, expect to grow
- Implement reliable etcd support (NDS-393)
- Account creation workflow (NDS-409)
- Who gets approved for beta access and how do we track them
- How do we create accounts
- Communication plan (NDS-409)
- How to notify users if system goes down (beta mailing list)
- How are we announcing the beta?
- Documentation (NDS-327)
- EULA?
Integration Test Cluster
- DNS: test.labs.nationaldatabservice.org (NDS-404)
- OpenStack
- Deploy in NDSLAbsDev project space
- Ask Chris to rebuild project (due to IP conflict problem) (NDS-403)
- Deploy cluster with 3-4 compute nodes
TLS
- Discussed two options; Wildcard cert or using Letsencrypt (via Kubelego?)
- Setup test cluster with approved test wildcard certificate (NDS-407)
- Schedule security review (NDS-410)
- Prototype Kubelego or similar for per-service certs (NDS-408)