[Other] Setup test SCS cluster at Cloud&Heat with Yaook on virtual machines #414
Comments
|
The Openstack cluster is already set up, we now need to check what exactly is necessary to make it compliant. |
Renamed the file to better match its actual intention. Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
This commit adds the standard for K8s robustness features, including Kube-API rate limiting, ETCD compaction as well as CA expiration avoidance. Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Renamed the file to better match its actual intention. Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Renamed the file to better match its actual intention. Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
This commit adds the standard for K8s robustness features, including Kube-API rate limiting, ETCD compaction as well as CA expiration avoidance. Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Renamed the file to better match its actual intention. Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Renamed the file to better match its actual intention. Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
Renamed the file to better match its actual intention. Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com>
* Kubernetes High Security setup (#415) This commit adds a standard for high security setups, which should increase the overall of a Kubernetes cluster. Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com> * Grammar / spelling fixes. Signed-off-by: Kurt Garloff <kurt@garloff.de> * Fix small mistakes Added some notes for the ports and shortened the motivation. Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com> * Baseline cluster security (#414) Renamed the file to better match its actual intention. Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com> --------- Signed-off-by: Hannes Baum <hannes.baum@cloudandheat.com> Signed-off-by: Kurt Garloff <kurt@garloff.de> Co-authored-by: Kurt Garloff <kurt@garloff.de>
|
We already setup a Yaook cluster on f1a, but its dormant for ~1,5 months now, since we're having problems with the network. To explain this a bit, it seems like a second network is needed to connect the virtual cluster to the provider network of f1a. This is required to setup an own internal provider network. I already talked with @horazont about this, but I personally had no idea that a second network was needed, so it wasn't created during my initial setup. I already setup the new network, but it still needs to be integrated correctly. The next step therefore would be to adapt this network to have a provider network in this Yaook test cluster. Also sorry for the incosistent updates on this, I had quite a few things to do in the meantime... |
|
Had some help from @markus-hentsch with the networking part and I'm working on it again now. |
|
Progress report: I will see how the deployment is running after this. |
|
Deployment didn't come back up in a correct state, so I'm resetting the underlying K8s cluster right now in order to get the state of the Openstack cluster back. |
|
Thanks to @markus-hentsch and another colleague, I was able to setup a Yaook OpenStack cluster which is able to be pinged from outside over the internal provider network. |
|
If someone needs access to the cluster, just reach out to me (Matrix or mail) and I arrange something. Closing for now, future work will be done in the follow up issues. |
anjastrunk
changed the title
anjastrunk
changed the title
anjastrunk
changed the title
Provide an SCS cluster for testing purposes as well as a playground to evaluate costs to make existing Openstack and K8S clusters SCS compliant. The test cluster MUST be set up with the open source Lifecycle Management Tool for OpenStack and K8S Yaook to be not SCS compliant.
SCS test cluster is set up on virtual machines.
The text was updated successfully, but these errors were encountered: