|
| From: | Jeremy T. Bouse |
| Subject: | [Sks-devel] Operational question for all |
| Date: | Wed, 14 Mar 2018 01:26:22 -0400 |
| User-agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 |
I've been running my SKS cluster under Docker for awhile now and my current Docker cluster is currently Tango Uniform it would appear (hence sks.undergrid.net being offline still). I've got an ECS (Docker-based) cluster already running and operational in AWS that I could move the service over to however the issue that has kept me from doing so is the operational difference it would incur. Looking to get some opinions and see if I'm overthinking it or if I'd be good to go. First of all the cluster is in a private subnet with no direct internet so it gets NAT'd outbound from an IP address that would not match the inbound IP address to be used. Second is the fact that because of it being in a private subnet I'd have to use a LB (ELB or NLB given the multiple ports required and only about to apply to one LB for all) in a public subnet. The way AWS does their LB it doesn't necessarily have a static IP address as they may change it for DDoS prevention but my hostnames would be able to resolve to IP addresses using Route53 ALIAS records. As I understand it the gossip port (11370/tcp) is not HTTP based so it couldn't go through an ALB (application) and would need to be pass-thru so that would mean NLB (network) or ELB (classic). The HKP port (11371/tcp) could still be ran through any LB but since you can only have a container configured to join one LB that would likely mean needing to use an ELB so I could perform pass-thru for gossip and HTTP/HTTPS for HKP port wheere the NLB would just pass-thru both to the container. The other likely result of this move would be I'd go from actually have 2 nodes running to only 1 node but it would be able to restart immediately if it crashed.
| [Prev in Thread] | Current Thread | [Next in Thread] |