Comments (15)
Part of epic #172.
from platform-services.
Ready when you are. Just name a date/time you'd like this applied.
Needs a PR to https://github.com/bcgov-c/devops-platform-operations-docs/blob/master/custom-projects/RSBC.md as well.
from platform-services.
Great I will confirm the date and time.
FYI I don't have access to the devops-platform-operations-docs repo. Let me know if you'd like me to create a PR.. I think I will need view access to it. I'm already in the bcgov-c org.
from platform-services.
@agahchen, @mitovskaol this looks like an extension (to production) of a specific security initiative that leveraged Aporeto for intra-namespace policy controls. With Aporeto currently disabled in the Pathfinder cluster, joining the namespaces would remove the existing intra-namespace security controls, with no replacement available.
Is there a documented design in place to push this initiative forward without the additional security policies available through aporeto that I'm not aware of?
from platform-services.
Hi @sbarre-esit we're ready to apply this in jik2hd-prod environment on May 14 (tomorrow.) I've scheduled a time with you for May 14 @ 3:30pm. Let me know if this will work for you.
I've booked 1/2 hr for the following tasks:
- Steve to update VLAN config for jik2hd-prod and iowaey-prod
- Steve to update jik2hd-prod static egress IP
- Ayo (RSI ops lead) to verify that the production environment is back to functioning state.
- Steve to assist with troubleshoot / revert the changes if required
FYI @vesselofgold (Ayo.)
Thank you,
David
from platform-services.
Let me know if this will work for you.
It does.
oc get netnamespaces | grep -E "jik2hd|iowaey" | grep prod
oc adm pod-network join-projects --to=jik2hd-prod iowaey-prod
oc get netnamespaces | grep -E "jik2hd|iowaey" | grep prod
oc patch netnamespace jik2hd-prod -p '{"egressIPs": ["142.34.143.190"]}'
from platform-services.
As discussed with @agahchen RoadSafetyBC will re-confirm their decision to implement the connection between the namesapces in the absence of Aporeto protection and will work with @sbarre-esit to pick a time to implement the change in production.
from platform-services.
Hi @mitovskaol and @sbarre-esit, we have completed our internal discussion last week with endorsement from Jennifer Dowd to go forward with this request. FYI, there are two alternative options identified in our design decision ticket JHI-1355 (Approach to enabling and securing the Hub to BI API connection in PROD without Aporeto on OpenShift 3 Platform (for RSI-1402)), but this is the preferred option. I can forward a copy of our design decision ticket to you if required.
We are hoping to implement this production change as soon as possible. I've scheduled a half-hour block with Steve (cc Olena) for 4pm today (May 26). Let me know if there's a scheduling conflict. We will require Steve's availability to apply the change and to be available until we can verify that production is back to operating mode.
Thanks,
David
from platform-services.
Thank you for the update @agahchen
from platform-services.
@sbarre-esit can you please confirm that 4pm today works for you?
from platform-services.
Confirmed
from platform-services.
Great thank you both. Chat with you at 4pm @sbarre-esit via Skype. We can begin once our production system has been gracefully stopped.
from platform-services.
This has been completed and validated successfully. Thank you @sbarre-esit.
from platform-services.
Protip for the future, remove the externalIP from the project before joining, then add back to both projects after, else OCP gets confused.
from platform-services.
Completed
from platform-services.
Related Issues (20)
- Update description on status page to include section titles / examples.
- Request resolution of DNS lookup error for burden.idir.bcgov (JHI-1282) HOT 4
- RC no longer sending emails for missed messages HOT 1
- Add new Facebook Cares emoji to RC HOT 1
- Newly built Patroni images will not run
- Change StatusPage Auth to DevHub Realm
- Status Page Showing Incorrect Data HOT 6
- Investigate PV monitoring HOT 11
- netapp-file-standard not reporting utillization to kubernetes. HOT 6
- ARO (pathfinder): Pod logs are truncated at the head on large streams HOT 1
- Sysdig alert on PV firing with unidentified scope HOT 4
- Repoint Sysdig, status page, ARO, and Aporeto @ new SSO URL HOT 1
- SysdigTeams Error provisioning user account
- Default Dashboard Failing in SysdigTeams Operator
- Sysdig Teams Operator - email should not be case sensitivie HOT 1
- Sysdig Teams Operator - track issues found HOT 1
- Sysdig App Check custom configurations HOT 1
- Devhub Issue: OpenShift User Guide to Creating and Using a Sysdig Team for Monitoring [short description here] HOT 1
- Issue found in patroni:12-latest image
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from platform-services.