Mesos Infra proposal

I wanted to document/get feedback on this before I started terraforming so it’s easy to understand how this all works. The current partinfra setup works but has some small issues that my quickly drawn out diagram addresses, such as using more than one AZ and multiple VPCs.

Note that the diagram shows only the bits that I think are the minimum to get Mesos set up with terraform so it’s missing some stuff (route 53 etc). The exception is the RDS instance, that’s just there as example.

https://yalam.co.uk/i/AWS.png

  • Mesos masters aren’t in an autoscaling group as they require a unique server ID (and we aren’t planning on changing them often)
  • Security groups will manage access to other security groups (not IPs)

cc @johngian @mrz for :ok_hand: and feedback

1 Like

Proposal looks good. We should have thought about multi-AZ deployment from scratch but it doesn’t require too much effort to fix it now. Just a couple of thoughts:

  • We should add at least 2 storage needs in 2 different AZs.
  • We also need to add to this architecture the openvpn/ssh bastion node or at least depict that all mesos internal stuff are behind our VPN.

Newer version which includes glusterfs. I’ve also added a shared VPC for the things it doesn’t make sense to replicate between staging and prod (vault, storage, maybe some databases) which is peered to staging/prod.

Now with added security groups! @tristor, could you take a quick look over it and let me know if there are any obvious errors or anything that doesn’t really make sense?