Architecture Diagram:

Tasks Accomplished

• OpenID Authentication (Google login)
• Setup HAProxy for Blue-Green deployment
• Setup CI/CD to automate Blue-Green deployment

OpenID Authentication (Google login)

Users are able to log in either with username/password or with their Google accounts. We have integrated Google OpenID connect with our existing authentication system. We use the unique identifier given by Google to bind users with the rest of the system. First-time user logs in using Google a new account will be created tracking his tweets and relationships, so that next time he logs in, he can see all his activity in the system.

Setup HAProxy for IU & TACC

We have setup HAProxy for Blue-Green deployment. In haproxy.cfg we mark one of the clouds as a backup. Whenever a new change is to be pushed, we first deploy it on the backup cloud. If everything seems to work fine then we update the haproxy.cfg file marking the current backup cloud as the live one. Clouds alternated between backup and live when changes are pushed.

The proxy is setup on a separate node outside both kubernetes networks which ensures proxy server stays alive even if one of the networks goes down.

Setup CI/CD to automate Blue-Green deployment

There are 2 main pipelines, one associated with IU and other with TACC (blue and green) which deploy the entire service using kubernetes. Each pipeline is composed of several Jenkins project each dedicated to deploying individual microservice, such that there are two Jenkins projects for each microservice.

Another pipeline looks into haproxy.cfg file and takes decision on which pipeline to execute, and on successful deployment updated the file to point to updated deployment.

Addresses

• UI: http://js-169-38.jetstream-cloud.org:3000/login
• Jenkins: http://149.165.156.122:8080/login
• HAproxy stats: http://149.165.168.159:32700: someuser - password
• Kubemaster IU: 149.165.169.214
• Kubemaster TACC: 129.114.16.91