• Created a Google Cloud Platform account for SQuaRE (creds in 1Password)
• Got the node.js tutorial to work but had issues with tutorials hosted by Google itself, such as the Wordpress with persistent storage tutorial. I think now that I was having trouble getting my pods scheduled on the cluster.

Question of how to do TLS termination in a Kubernetes service load balancer. Options are:

1. Use a Compute Engine load balancer with HTTPS - https://cloud.google.com/compute/docs/load-balancing/http/
2. Add an Nginx pod that does TLS termination - e.g. https://github.com/GoogleCloudPlatform/kube-jenkins-imager
3. Use the new Ingress Resource features of Kubernetes 1.2 - http://kubernetes.io/docs/user-guide/ingress/ Here the Ingress resource would sit in front of the load balancing service.

If the Ingress resource living on a node dies and get’s rescheduled, will the new Ingress resource have a different external IP? How can this be made to work with AWS Route 53 DNS (e.g., for a ltd-keeper.lsst.io domain to serve the API)

The documentation is notes that the TLS ingress controller will use a "static" IP. https://github.com/kubernetes/contrib/blob/master/ingress/controllers/gce/BETA_LIMITATIONS.md#static-and-ephemeral-ips I presume that means the IP will persistence across controller restarts?

My preference would be to go the pure kubernetes path, if feasible. On the basis that, In theory, it should be fairly painless to move between kubernetes clusters. My second choice would be to use a GCE loadbalancer, as this would likely require less fiddling than a DIY solution.

There are two branches to look at here:

1. https://github.com/lsst-sqre/ltd-keeper/pull/5 for the main Kubernetes deployment
2. https://github.com/lsst-sqre/nginx-python-docker/pull/1 for the uWSGI container

We can talk about this at the Thursday meeting so I can run you through it.

This ticket was presented at the SQuaRE group meeting and signed-off. Future tickets will touch upon code improvements to the deployment practices or codebase.