26TH INTERNATIONAL CONFERENCE ON COMPUTING IN HIGH ENERGY & NUCLEAR PHYSICS (CHEP2023)

K8s@CNAF and federations with INFN Cloud

Not scheduled

1h

Hampton Roads Ballroom and Foyer Area (Norfolk Waterside Marriott)

Poster Poster Poster Session

Speaker

Michelotto, Diego (INFN)

Description

INFN-CNAF is one of the Worldwide LHC Computing Grid (WLCG) Tier-1 data centers, providing computing, networking and storage resources also to a wide variety of scientific collaborations, ranging from physics to bioinformatics and industrial engineering.
Due to the massive adoption of containerised services and the increasing efficiency for application deployment of the recent virtualization technologies, raised the need at INFN-CNAF to have a management tool able to orchestrate containers on different resources at a scale.

In such respect, we are implementing a highly available, distributed Kubernetes cluster designed to deal with zero-downtime services by leveraging two different virtualization infrastructures also designed to be highly reliable. Services deployed on this infrastructure can be easily replicated between these infrastructures through specific scheduling policies to enhance service resilience..

The services deployed in the distributed K8S cluster will be managed by automatic tools that can be identified in ArgoCD for local services and INDIGO-ORCHESTRATOR for federated ones.

In order to federate the cluster with the INFN Cloud infrastructures, we have integrated the INDIGO-IAM as Identity Provider (IdP), implementing the OpenID Connect (OIDC) mechanism already adopted as AuthN/AuthZ mechanism within WLCG and the European Open Science Cloud (EOSC).

The K8S cluster federated with the INFN Cloud infrastructure offers a comprehensive and integrated set of Cloud services made available for the INFN users.
Such services, in fact, are orchestrated via the INDIGO-ORCHESTRATOR, as mentioned above, and deployed as easy-to-use web applications directly on the K8S cluster making use of the different resources available on it.
Moreover, thanks to the highly available and distributed nature of the K8S cluster, services can also inherit resiliency and redundancy.

In this contribution we will present the infrastructure, its implementation, the technological choices adopted and the use case running on it able to exploit the kubernetes cluster.