Participants: NCSA staff who use Kubernetes in their work
Location: Zoom
Date: 2021/08/26
Links
- Slack channels
Overview
- NCSA KubeShop is a workshop designed to
- foster a collaborative spirit among the growing number of NCSA staff working with Kubernetes and to
- facilitate an exchange of knowledge and ideas related to the Kubernetes ecosystem.
- Presentations by speakers with time for questions and discussion
- Topical discussions with some guidance by conversation leaders
- Meeting will not be recorded
- The discussions should generate some kind of tangible output in the form of action items: plans for coordination/collaboration, documentation, implementing some concept.
Workshop action items and standing questions
Research storage options and generate a recommendation document
Where do we want to be along the spectrum between decentralized and centralized Kubernetes resources?
- Perhaps use Terraform system to have de facto centralization for most projects even though the clusters generated are independent
- Detail the concept of the shared ArgoCD instance for bootstrapping base services like ingress controller, ArgoCD, Longhorn, MetalLB
Construct a pattern for Keycloak deployment for NCSA services. Perhaps a Helm chart with declarative Keycloak configuration illustrating
- CILogon IdP
- NCSA LDAP IdP
- group and role mapping to auth token scope
- Consider how we could run an NCSA Keycloak server managed by a dedicated staff
Build a repo of Helm charts for common services in the context of the Terraform-provisioned Radiant Kubernetes cluster.
Agenda
- [10:00-10:15] Introduction
- [10:15-11:30] Presentations
- [11:30-12:00] Topical discussions
- [12:00-13:00] Lunch break
- [13:00-14:00] Presentations
- Brief coffee break (or tea if you must)
- [14:00-15:00] Topical discussions
Presentations
Format: Presentations will be 20 min talks with 10 min for questions and discussion, typically during the talk in context instead of at the end.
- Time: 10:15 Presenter: Rob Kooper
- Time: 10:40 Presenter: Andrew Manning
- Time: 11:00 Presenter: Mike Lambert
- Time: 13:00 Presenter: Michael Johnson
- Time: 13:30 Presenter: Ben Galewsky
Topical discussions
Topical discussions allow us to share information on topics in a less formal way than presentations yet with some focus provided by the discussion leaders. The duration of these discussions is flexible.
Topics
Checked topics were discussed at some point during the workshop.
- Infrastructure
- [x] Radiant
- [x] Terraform
- [x] Rancher
- GitOps
- [x] ArgoCD
- [x] Vault
- [x] Sealed Secrets
- [x] Helm
- [x] GitHub/GitLab CI/CD
- [ ] Keel
- Applications
- [x] databases
- [x] web services
- [ ] JupyterHub
- [x] Matrix
- [x] Nextcloud
- Production
- [ ] Resource management
- [ ] Scalability
- [x] High availability
- [x] Monitoring and alerts
- Authentication and Authorization
- [x] OAuth2/OpenID Connect
- [x] CILogon
- [x] GitHub/GitLab
- [x] LDAP
- Collaboration
- [ ] Communication channels (Slack, email list, etc)
- [ ] Shared documentation
- [x] Common methodologies and structures
- Security
- Kubernetes updates
- [x] Frequency of updating k8s version
- [ ] Methods and workflows for updating
- [x] Transition away from Docker for container runtime