# Autosecurite Design Review Session ## Items to cover during session - Lack of resources DC1 - Could scale-down AVI controller amount - Ok for Autosecurité & Devs (to 1) - Can also scale down Supervisor Clusters - Scale Down to Small seems feasible, to be checked by Robert - Also a concern regarding vCPUs... - How is resources DC2? - Start in DC2 - Same design in DC2, keep it consistent - Ingress path.. we can control network for workloads, so seperate ingress network is possible - Which network to use? - k8s-mgmt for K8s API (for Dev Access - so means Supervisor Cluster + WL Cluster K8s API) - k8s for Workload (so means Production Workload VIP for Pods + Production Cluster Nodes) - DC SEC for Workload in DMZ (so means DMZ Workload VIP for DMZ Apps / Pods + DMZ Cluster Nodes) - Use existing, or create new networks? - Mgmt Network = New Network (only for Tanzu) - Workload Network = New Network (only for Tanzu) - DMZ DC SEC (for DMZ Workload Pods) = Existing Networks + lot of IP space available - IP Range: Provided - Is IP space in existing networks suffictient? Yes - All Networks are stretched - Storage migration support - SuperVisorControlVM support not clear (probably owrks, must test! - Persistant Volume migration CSI not supoorted. ) - Naming Convention: - DC01- - DC02- - L7 Ingress using AKO is supported - - Cover pre-reqs / sheet - Do the developers like the AVI Ingress for L7 ? ## To Do: - ITQ to complete Prereq sheet based on info of this meeting - ITQ to update Network Design - ITQ to test vMotion to another Data Store of TKGs Clusters - Autosecurité Infra team to check on SAN install & deployment (SAN is not ready before 06/03) - Get Approval from Autosecurité regarding the updated Design - Decide on Deployment Date (no need to wait on SAN if Migrate / vMotion is possible)