Table of Contents
User hosting overview
This page provides an overview of how we do user hosting, and all of the resources available. If you're looking for how to take advantage of these services, instead see the guides in howto.
Kubernetes
Our kubernetes cluster is built on k0s and runs on several VMs. We use namespace isolation to allow for multi-tenancy, and the tardis console is able to create/destroy namespaces for users.
Ingress (HTTP)
Generally, a user's things will be hosted at <username>.tardis.ac/<optional prefix>
. Traefik is the reverse proxy we use this.
It is configured so that:
- HTTP connections are always upgraded to HTTPS
- SSL connections with a HostSNI not matching
*.tardis.ac
are forwarded to gitlab pages, without terminating TLS. This allows custom gitlab pages domains. Source - The Tardis Console generates routers for each page hosted with gitlab pages, reverse proxying them to gitlab pages (this overrides the previous point).
- Similarly, it generates routes for 'endpoints' added by users using the tardis console.
As well as this, some admin-maintained services use .on.tardis.ac
as a prefix, such as minio. This is done using kubernetes ingress routes, which also works if users want to do it that way.
User Databases
Currently, we run the Percona operator for MySQL (based on PXC) in the Kubernetes cluster. This gives us effectively a MySQL server instance, with the convenience of zero-downtime upgrades, an integrated backup solution, and some other benefits.
The Tardis console has credentials to this database, and manages creating and dropping users/databases as requested: Just check the Web UI.
MinIO
We run a MinIO object storage server, which is used for some of our services (Loki, Gitlab Runners).
It's also available for user projects, as described here.