Architecture Reference

As already mentioned, ScienceBox is a software bundle packaged as a Helm Chart to deploy CERN IT services on Kubernetes. These services in itself are complex softwares that are deployed independently here at CERN. (Side note: not all of the services offered by ScienceBox run on Kubernetes natively at CERN)

ScienceBox was created so that all the services, namely CERNBox, EOS, CVMFS and SWAN could be deployed outside CERN with ease. Helm Charts proved to be the most hassle free way to ship all of these services in a package that could be easily deployed on kubernetes cluster and hence it was chosen to be the solution to package all the mentioned services. Along with the ease of deployment, HELM chart also proves to be highly configurable enabling one to configure the deployment as per their liking.

ScienceBox is a single helm chart that contains multiple subcharts, which in turn functions as a whole. As per the Helm community this practice is referred to as “Umbrella” Chart and is the de-facto standard to embed each component into a single package. The ScienceBox chart expresses dependencies on the CERNBox, EOS, and SWAN “sub-charts”. This can be easily visualized with the architecture below:

As seen in the above architecture, ScienceBox embeds all the individual components and configures them to run together. Along with all the major components, ScienceBox also requires some “satellite components” to glue all the services together. The detailed working of each service and the corresponding glue component is mentioned in their subsections.

To summarize, the ScienceBox umbrella consists of following sub-charts:

• CERNBox Charts:
  • Revad Charts - Backbone of CERNBox, interoperability platform for sync and share systems.
    • 3 StorageProviders - Interface to EOS
    • AuthProvider - Revad Authentication service
  • CERNBox Web - Nginx server that serves CERNBox web.
  • OwnCloud Infinite Scale Charts - oCIS charts to run OCIS extenstions - IDP and Proxy. IDP - Identity Provider used for authentication.
• EOS Charts:
  • 1 MGM - headnode of the cluster
  • 4 FST - storage daemons to write files’ payload
  • 3 QDB - highly available namespace and instance configuration
• SWAN Charts
  • Fusex - EOS Client
  • JupyterHub - Upstream JupyterHub charts
• CVMFS Charts

Satellite Components:

• MariaDB Charts - Database to store CERNBox share information.
• OpenLDAP Charts - OpenLDAP server for user and group management.
• LDAP instance config - Kubernetes job to instantiate users in the LDAP server.
• EOS instance config - Kubernetes job to populate the LDAP users in EOS
• EOS cache refresher - Kubernetes job to refresh the EOS cache to convert UIDs to Unames.