Notes from 7/27 discussion about NDS-341 and NDS-377:

Beta Cluster

  • DNS:  beta.labs.nationaldataservice.org (NDS-404)
  • OpenStack:
    • Deploy in NDSLabs project space
    • Ask Chris to rebuild project (due to IP conflict problem) (NDS-403)
    • Jeff Tierstrip node
    • Add CoreOS image to NDSLabs
  • External monitoring (NDS-405)
    • Setup Naggio or similar
    • Determine support coverage (M-F 8-5, who?)
  • Backup etcd and GFS in the event of major failure
  • Discuss moving ndslabs.org ownership? (NDS-404)
  • Get name on outbound for Docker registry (NDS-404)
  • Deploy beta cluster (NDS-406)
    • 3-4 compute nodes, expect to grow
  • Implement reliable etcd support (NDS-393)
  • Account creation workflow  (NDS-409)
    • Who gets approved for beta access and how do we track them
    • How do we create accounts
  • Communication plan (NDS-409)
    • How to notify users if system goes down (beta mailing list)
    • How are we announcing the beta?
  • Documentation (NDS-327)
  • EULA?

Integration Test Cluster

  • DNS: test.labs.nationaldatabservice.org (NDS-404)
  • OpenStack
    • Deploy in NDSLAbsDev project space
    • Ask Chris to rebuild project (due to IP conflict problem) (NDS-403)
  • Deploy cluster with 3-4 compute nodes

TLS

  • Discussed two options; Wildcard cert or using Letsencrypt (via Kubelego?)
  • Setup test cluster with approved test wildcard certificate (NDS-407)
  • Schedule security review (NDS-410)
  • Prototype Kubelego or similar for per-service certs (NDS-408)
  • No labels