TARDIS Project

User Tools

Site Tools

Trace:
hosts:user_hosting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
hosts:user_hosting [2023/08/30 18:39] – created tcmalhosts:user_hosting [2023/08/30 21:06] (current) tcmal
Line 1: Line 1:
 ====== User hosting overview ====== ====== User hosting overview ======
  
-This page provides an overview of how we do user hosting, and all of the resources available.+This page provides an overview of how we do user hosting, and all of the resources available. If you're looking for how to take advantage of these services, instead see the guides in howto.
  
-TODO+===== Kubernetes =====
  
-===== Ingress (traefik) =====+Our [[hosts:k8s:start|kubernetes cluster]] is built on k0s and runs on several VMs. We use namespace isolation to allow for multi-tenancy, and the tardis console is able to create/destroy namespaces for users.  
 + 
 +===== Ingress (HTTP) ===== 
 + 
 +Generally, a user's things will be hosted at ''<username>.tardis.ac/<optional prefix>''. [[hosts:k8s:traefik|Traefik]] is the reverse proxy we use this. 
 +It is configured so that: 
 + 
 +  * HTTP connections are always upgraded to HTTPS 
 +  * SSL connections with a HostSNI not matching ''*.tardis.ac'' are forwarded to gitlab pages, //without terminating TLS//. This allows custom gitlab pages domains. [[https://git.tardisproject.uk/tardis/k8s/-/blob/main/gitlab-pages.tf?ref_type=heads|Source]] 
 +  * By default, ''*.tardis.ac'' is reverse proxied to the [[hosts:virtual_machines:web:userhomes_hosting|userhomes hosting server]]. [[https://git.tardisproject.uk/tardis/k8s/-/blob/main/userhomes.tf?ref_type=heads|Source]] 
 +  * The Tardis Console generates routers for each page hosted with gitlab pages, reverse proxying them to gitlab pages (this overrides the previous point). 
 +  * Similarly, it generates routes for 'endpoints' added by users using the tardis console. 
 + 
 +As well as this, some admin-maintained services use ''.on.tardis.ac'' as a prefix, such as [[hosts:k8s:minio|minio]]. This is done using [[https://git.tardisproject.uk/tardis/k8s/-/blob/main/minio.tf?ref_type=heads|kubernetes ingress routes]], which also works if users want to do it that way.
  
 ===== User Databases ===== ===== User Databases =====
 +
 +Currently, we run the [[https://docs.percona.com/percona-operator-for-mysql/pxc/index.html#|Percona operator for MySQL (based on PXC)]] in the [[hosts:k8s:percona_mysql|Kubernetes cluster]]. This gives us effectively a MySQL server instance, with the convenience of zero-downtime upgrades, an integrated backup solution, and some other benefits.
 +
 +The Tardis console has credentials to this database, and manages creating and dropping users/databases as requested: Just check the Web UI. 
  
 ===== MinIO ===== ===== MinIO =====
  
-===== Kubernetes =====+We run a MinIO object storage server, which is used for some of our services ([[hosts:virtual_machines:monitoring:loki|Loki]], [[hosts:k8s:gitlab-runners|Gitlab Runners]]). 
 + 
 +It's also available for user projects, as described [[hosts:k8s:minio|here]].
  
hosts/user_hosting.1693420779.txt.gz · Last modified: 2023/08/30 18:39 by tcmal