Skip to content
This repository has been archived by the owner on Aug 19, 2021. It is now read-only.

Release 07/24/2020

Latest
Latest
Compare
Choose a tag to compare
@mawinkler mawinkler released this 24 Jul 12:13
· 66 commits to master since this release
v.1.3
c75b4c3

Headline News

  • Big update on the Wiki which now includes MOADSD-NG-SERVER and the CONFIGURATOR.
  • The CONFIGURATOR now supports GCP, AWS and the ESX variant.
  • The kubernetes configuration within Jenkins is now persistent and survives a pause-resume cycle.
  • OPA does include some test scenarios which can be deployed with deploy_opa_testcases.
  • Refactored Smart Check Deployment which is now idempotent.
  • You can now "deploy" a scheduled shutdown for instances to lower costs in case you forget to pause the environment after a busy session :-). It defaults to 240 minutes when deployed. To schedule the shutdown run the playbook pause_scheduled. Cancelling a scheduled shutdown is done by pause_schedule_cancel. To change the delay, overwrite the variable instance_shutdown_delay in your configuration.yml. The auto-pause is automatically activated after a resume.
  • Kubernetes Dashboard upgraded to v2
  • It is no longer required to set the variables aws_region, aws_zone, aws_access_key and aws_secret_key manually within the configuration, since they are now read from the aws configuration of the awscli. The aws_zone is set to the value of aws_region with an a appended.
  • It is no longer required to set the variables gcp_project_id, gcp_region and gcp_zone manually within the configuration, since they are now read from the gcloud configuration.
  • Bumped Jenkins to version 2.235.1
  • Multiple instances of MOADSD-NG are now possible within one AWS region. Add the flag moadsd_ng_user: <YOUR_NAME> to your configuration.yml

The "one more thing" thing

  • After the deployment of the software stack or a resume some ssh commands are now created within ./moadsd-ng to ease access to the jumphost and the Kubernetes master (only available for cloud environments).
    • ./ssh_jumphost - login to the jumphost as user ubuntu
    • ./ssh_master - login to the Kubernetes master as user ubuntu
    • ./ssh_master_pods - watch pods on the cluster
    • ./ssh_master_services - watch services on the cluster
    • ./ssh_master_deployments - watch deployments on the cluster
  • Moved the task configuration within the menu to the target environment specific second level. The configuration is then automatically executed after the update of the configuration.
  • Feature Testing: MOADSD-NG now reports the it's usage and high level configuration. This is done by a REST call whenever main playbooks of MOADSD-NG are called. For transparency, the following data is transmitted via https:
"datetime": {"S": "{{ lookup('pipe','date +%Y-%m-%d-%H-%M-%S') }}" },
"admin_email": {"S": "{{ admin_email | hash('sha256') }}" },
"type": {"S": "{{ type }}" },
"action": {"S": "{{ run_pb }}" },
"site_deploy_kubernetes": {"S": "{{ site_deploy_kubernetes }}" },
"site_deploy_openshift": {"S": "{{ site_deploy_openshift }}" },
"site_deploy_deepsecurity": {"S": "{{ site_deploy_deepsecurity }}" },
"site_deploy_smartcheck": {"S": "{{ site_deploy_smartcheck }}" },
"site_deploy_jenkins": {"S": "{{ site_deploy_jenkins }}" },
"site_deploy_gitlab": {"S": "{{ site_deploy_gitlab }}" },
"site_deploy_endpoints": {"S": "{{ site_deploy_endpoints }}" },
"site_deploy_linkerd": {"S": "{{ site_deploy_linkerd }}" },
"site_deploy_prometheus": {"S": "{{ site_deploy_prometheus }}" },
"site_deploy_grafana": {"S": "{{ site_deploy_grafana }}" },
"site_deploy_opa": {"S": "{{ site_deploy_opa }}" },
"site_deploy_jumphost": {"S": "{{ site_deploy_jumphost }}" }

Please note, that the admin_email is hashed. Resulting data collected:

"action": "deploy",
"admin_email": "ca8b7b30a5d9aa8782bd0f1926e388a631d075cbab0fac1138f3628ab7c8873c",
"datetime": "2020-06-09-16-52-59",
"site_deploy_deepsecurity": "False",
"site_deploy_endpoints": "False",
"site_deploy_gitlab": "False",
"site_deploy_grafana": "True",
"site_deploy_jenkins": "True",
"site_deploy_jumphost": "True",
"site_deploy_kubernetes": "True",
"site_deploy_linkerd": "False",
"site_deploy_opa": "True",
"site_deploy_openshift": "False",
"site_deploy_prometheus": "True",
"site_deploy_smartcheck": "True",
"type": "gcp"
  • Two new commands on the server:
    • copy_master <filename> copies the file to the master
    • fetch_master <filename> fetches the file from the master

Current Default Configuration Overview

Component Deployed
Kubernetes yes
Openshift 4 no (1)
Deep Security no
Deep Security Smart Check yes
Jenkins yes
GitLab no
Endpoints no
LinkerD no
Prometheus yes
Grafana yes
OPA no
Core Functionality Availability GCP AWS ESXi
Site Creation yes yes yes (2)
Jumphost Support yes yes no (3)
Site Deployment yes yes yes
Deployment of Endpoints yes yes no
Credential Creation in Jenkins yes yes yes
Pause Environment yes yes no
Schedule Pause Environment yes yes no
Resume Environment yes yes no
Site Termination yes yes no
Configurator yes yes yes
Kubernetes Default Configuration GCP AWS ESXi
Container Runtime Docker Docker Docker
Worker Nodes 3 3 3
Pod Network Flannel Flannel Flannel
Services URL URL NodePort

(1) - Upcoming feature on GCP only

(2) - Pre-existing VMs required, MOADSD-NG will take control of them

(3) - Directly access the services by IP and (Node-)port

Assets 2