Speaker
Description
Due to the increasing interest in cloud-oriented services and the need to provide reliable and resilient applications, we decided to explore and integrate some of recent cloud-enabled technologies.
For this reason, we have been focused on the design and the implementation of a cloud-oriented platform based on Kubernetes, which has become a de facto standard for container orchestration. Thanks to its functionalities, Kubernetes offers significant advantages in terms of configuration, flexibility and resilience, make it possible to integrate and operate with other different services and components, including those made available via OpenStack.
Moving to the next abstraction level, we developed the RKE2 + Puppet combination, used for fast deployment and maintenance of the desired state of the Kubernetes cluster. RKE2 was chosen because it is supported by an active community, which continuously updates the software, periodically fixes any vulnerabilities and, moreover, offers a good user guide. By design, RKE2 considers the security aspects by implementing the Center for Internet Security benchmarks, a set of controls and best practices aimed at securing the cluster. The cluster has been integrated with different tools and technologies: Kyverno to automatically define limits on resources and consequently preserves the state of the cluster; Harbor used as repository and image caching; CephFS to provide a dynamic storage to the cluster; ArgoCD used as a continuous delivery tool; backup and monitoring tools to check the status of the services as well as the load of the resources.
The purpose of the talk is to present the work done to design and implement a multi-purpose Kubernetes cluster, together with the different services integrated, ranging from the infrastructure level up to the high-level abstraction applications. As an added value, the multi-purpose Kubernetes cluster will act as a model to provide a cloud-oriented platform within the DARE project, the broader Italian and European economic recovery plan aimed at defining solutions for surveillance, prevention, health promotion and health safety. In this collaboration, INFN has the task of making available for the purposes of the project both computational resources and expertise gained in the technological field. The nature of the project, the research area in which it works, involves the handling and elaboration of medical data.
