User hosting overview
This page provides an overview of how we do user hosting, and all of the resources available. If you're looking for how to take advantage of these services, instead see the guides in howto.
Our kubernetes cluster is built on k0s and runs on several VMs. We use namespace isolation to allow for multi-tenancy, and the tardis console is able to create/destroy namespaces for users.
Generally, a user's things will be hosted at
<username>.tardis.ac/<optional prefix>. Traefik is the reverse proxy we use this.
It is configured so that:
- HTTP connections are always upgraded to HTTPS
- SSL connections with a HostSNI not matching
*.tardis.acare forwarded to gitlab pages, without terminating TLS. This allows custom gitlab pages domains. Source
- The Tardis Console generates routers for each page hosted with gitlab pages, reverse proxying them to gitlab pages (this overrides the previous point).
- Similarly, it generates routes for 'endpoints' added by users using the tardis console.
Currently, we run the Percona operator for MySQL (based on PXC) in the Kubernetes cluster. This gives us effectively a MySQL server instance, with the convenience of zero-downtime upgrades, an integrated backup solution, and some other benefits.
The Tardis console has credentials to this database, and manages creating and dropping users/databases as requested: Just check the Web UI.