<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Scalable and multi-tenant Kubernetes ingress infrastructure :: DevConf.CZ :: pretalx</title> <meta name="title" content="Scalable and multi-tenant Kubernetes ingress infrastructure - DevConf.CZ pretalx"> <meta name="description" content="CERN, the European Organization for Nuclear Research, is one of the world&#x27;s largest centres for scientific research. Not only is it home to the world&#x27;s largest particle accelerator (Large Hadron Collider, LHC), but it also the birthplace of the Web in 1989. Since 2016, CERN has been using the OpenShift Kubernetes Distribution to host a private platform-as-a-service (PaaS). This service is optimized for hosting web applications and has grown to tens of thousands of individual websites. By now, we have established on a reliable framework that deals with various use cases: thousands of websites per ingress controller (8K+ routes), dealing with long-lived connections (30K+ concurrent sessions) and high traffic applications (25TB+ per day). This session will discuss: * CERN&#x27;s web hosting infrastructure based on OpenShift Kubernetes clusters; * usage of open source and in-house developed software for providing a seamless user experience; * integrations for registering hostnames (local DNS, LanDB, external) * provisioning of certificates (automatic with external-dns / ACME HTTP-01, manual provisioning) * access control policies and &quot;connecting&quot; different components with OpenPolicyAgent * enforcing unique hostnames across multiple Kuberenetes clustes * strategies for setting up Kubernetes Ingress Controllers for multi-tenant clusters; * methods for scaling and sharding ingress controllers according to the application&#x27;s requirements (specifically HAProxy ingress controllers);"> <meta name="application-name" content="pretalx"> <meta name="generator" content="pretalx"> <meta name="keywords" content="DevConf.CZ, devconf-cz-2024, 2024, schedule, talks, cfp, call for papers, conference, submissions, organizer"> <meta name="robots" content="index, follow"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="theme-color" content="#8E83E4"> <meta name="HandheldFriendly" content="True"/> <meta property="thumbnail" content="https://pretalx.com/devconf-cz-2024/talk/PXU8PP/og-image"> <meta property="og:image" content="https://pretalx.com/devconf-cz-2024/talk/PXU8PP/og-image"> <meta property="og:title" content="Scalable and multi-tenant Kubernetes ingress infrastructure DevConf.CZ"> <meta property="og:description" content="CERN, the European Organization for Nuclear Research, is one of the world&#x27;s largest centres for scientific research. Not only is it home to the world&#x27;s largest particle accelerator (Large Hadron Collider, LHC), but it also the birthplace of the Web in 1989. Since 2016, CERN has been using the OpenShift Kubernetes Distribution to host a private platform-as-a-service (PaaS). This service is optimized for hosting web applications and has grown to tens of thousands of individual websites. By now, we have established on a reliable framework that deals with various use cases: thousands of websites per ingress controller (8K+ routes), dealing with long-lived connections (30K+ concurrent sessions) and high traffic applications (25TB+ per day). This session will discuss: * CERN&#x27;s web hosting infrastructure based on OpenShift Kubernetes clusters; * usage of open source and in-house developed software for providing a seamless user experience; * integrations for registering hostnames (local DNS, LanDB, external) * provisioning of certificates (automatic with external-dns / ACME HTTP-01, manual provisioning) * access control policies and &quot;connecting&quot; different components with OpenPolicyAgent * enforcing unique hostnames across multiple Kuberenetes clustes * strategies for setting up Kubernetes Ingress Controllers for multi-tenant clusters; * methods for scaling and sharding ingress controllers according to the application&#x27;s requirements (specifically HAProxy ingress controllers);"> <meta property="og:url" content="https://pretalx.com/devconf-cz-2024/talk/PXU8PP/"> <meta property="twitter:card" content="summary"> <link rel="icon" type="image/png" sizes="16x16" href="/static/common/img/icons/favicon.f79e2b95f18d.ico"> <link rel="apple-touch-icon" href="/static/common/img/icons/apple-touch-icon-180x180.9cd0735ee8ec.png"> <link rel="stylesheet" href="/static/CACHE/css/output.fab3de35605a.css" type="text/css"> <link rel="stylesheet" type="text/css" href="/devconf-cz-2024/static/event.css" /> <link rel="stylesheet" type="text/css" href="/media/devconf-cz-2024/css/devconf-cz-2024_pvoerV8.css"/> <script src="/static/CACHE/js/output.0532a5e7f2ae.js" defer></script> <link rel="alternate" type="application/json" title="DevConf.CZ API" href="https://pretalx.com/api/events/devconf-cz-2024/talks/PXU8PP" /> <script id="pretalx-messages" data-logged-in="false" src="/devconf-cz-2024/schedule/widget/messages.js"></script> <script src="/static/CACHE/js/output.d57d8f7dee0e.js" defer></script> <link rel="stylesheet" href="/static/CACHE/css/output.6bc945171b81.css" type="text/css"> </head> <body data-datetimeformat="YYYY-MM-DD HH:mm:ss" data-dateformat="YYYY-MM-DD" data-datetimelocale="en"> <div id="top-bg" class="header bg-primary"> <img src="/media/devconf-cz-2024/img/background_hrIqg8J.svg" id="header-image" alt="DevConf.CZ"> </div> <div class="container" id="main-container"> <header> <h1> <a href=" /devconf-cz-2024/schedule/ "> <img loading="lazy" src="/media/devconf-cz-2024/img/devconf-cz-inverse_F9CbOHg.png" id="event-logo" alt="The event’s logo"> </a> </h1> <div class="header-wrapper"> <div id="header-tabs"> <a href="/devconf-cz-2024/schedule/" class="header-tab "> <i class="fa fa-calendar"></i> Schedule </a> <a href="/devconf-cz-2024/talk/" class="header-tab active"> <i class="fa fa-comments-o"></i> Sessions </a> <a href="/devconf-cz-2024/speaker/" class="header-tab "> <i class="fa fa-group"></i> Speakers </a> </div> <div class="header-row-right"> <a href="/devconf-cz-2024/login/?next=/devconf-cz-2024/talk/PXU8PP/">login</a> </div> </div> </header> <div class="card" id="main-card"> <main> <article> <h3 class="talk-title"> <div class="heading-with-buttons"> <span> Scalable and multi-tenant Kubernetes ingress infrastructure <button class="btn btn-xs btn-link d-none" id="fav-button"> <i class="fa fa-star-o d-none" title="Favourite this session"></i> <i class="fa fa-star d-none" title="Remove this session from your favourites"></i> </button> </span> <div class="buttons d-flex justify-content-end" id="talk-buttons"> <a class="btn btn-outline-primary ml-2" href="/devconf-cz-2024/talk/PXU8PP.ics"> <i class="fa fa-calendar"></i> .ical </a> <a href="/devconf-cz-2024/talk/PXU8PP/feedback/" class="btn btn-success"> <i class="fa fa-comments"></i> </a> </div> </div> <small class="text-muted"> <span class="timerange-block">2024-06-14 <time datetime="2024-06-14 11:00" date-timezone="Europe/Prague" data-isodatetime="2024-06-14T11:00:00+02:00" title="Europe/Prague" data-toggle="tooltip" data-placement="bottom">11:00</time>–<time datetime="2024-06-14 11:35" date-timezone="Europe/Prague" data-isodatetime="2024-06-14T11:35:00+02:00" title="Europe/Prague" data-toggle="tooltip" data-placement="bottom">11:35</time></span>, D105 (capacity 300) </small> </h3> <div class="talk row"> <div class="talk-content"> <div class="embed-responsive embed-responsive-16by9"><iframe src="https://www.youtube-nocookie.com/embed/7h4kV5XKunY" frameborder="0" allowfullscreen></iframe></div> <section class="abstract"> <p>CERN, the European Organization for Nuclear Research, is one of the world's largest centres for scientific research. Not only is it home to the world's largest particle accelerator (Large Hadron Collider, LHC), but it also the birthplace of the Web in 1989.<br> Since 2016, CERN has been using the OpenShift Kubernetes Distribution to host a private platform-as-a-service (PaaS). This service is optimized for hosting web applications and has grown to tens of thousands of individual websites.<br> By now, we have established on a reliable framework that deals with various use cases: thousands of websites per ingress controller (8K+ routes), dealing with long-lived connections (30K+ concurrent sessions) and high traffic applications (25TB+ per day).</p> <p>This session will discuss:<br> * CERN's web hosting infrastructure based on OpenShift Kubernetes clusters;<br> * usage of open source and in-house developed software for providing a seamless user experience;<br> * integrations for registering hostnames (local DNS, LanDB, external)<br> * provisioning of certificates (automatic with external-dns / ACME HTTP-01, manual provisioning)<br> * access control policies and "connecting" different components with OpenPolicyAgent<br> * enforcing unique hostnames across multiple Kuberenetes clustes<br> * strategies for setting up Kubernetes Ingress Controllers for multi-tenant clusters;<br> * methods for scaling and sharding ingress controllers according to the application's requirements (specifically HAProxy ingress controllers);</p> </section> <section class="description"> </section> </section> <section class="resources"> See also: <ul> <li> <a href="https://cds.cern.ch/record/2900715/files/kubernetes-ingress-infrastructure-devconf-cz.pdf"> <i class="fa fa-link"></i> Presentation Slides </a> </li> <li> <a href="https://matrix.to/#/#d105:devconf.cz"> <i class="fa fa-link"></i> Matrix Chat and YouTube Stream </a> </li> <li> <a href="https://youtube.com/live/f3TiTqe66QU?feature=share"> <i class="fa fa-link"></i> YouTube Stream Only </a> </li> </ul> </section> <section> </section> </div> </div> <div class="pretalx-session"> <div class="pretalx-session-time-box avatar"> <a href="/devconf-cz-2024/speaker/MDETJ9/"> <div class="avatar-wrapper"> <img loading="lazy" src="/media/avatars/MDETJ9_YPCapK0_thumbnail.jpeg" alt="The speaker’s profile picture"> </div> </a> </div> <div class="pretalx-session-info"> <div class="title"> <a href="/devconf-cz-2024/speaker/MDETJ9/">Jack Henschel</a> </div> <div class="abstract"><p><a href="https://blog.cubieserver.de" rel="nofollow" target="_blank">Jack Henschel</a> is a Cloud Computing Engineer at <a href="https://home.cern" rel="nofollow" target="_blank">CERN</a> where he develops and administrates several Kubernetes cluster, ensuring all components integrate smoothly with the rest of CERN's computing environment. His special areas of interest are systems performance, observability and efficiency. In his free time he likes exploring the French and Swiss Alps by foot and bike.</p></div> </div> </div> </article> </main> </div> <footer> powered by <a href="https://pretalx.com" target="_blank" rel="noopener">pretalx</a> · <a href="mailto:info@devconf.cz">Contact us</a> · <a href="https://www.devconf.info/coc/" target="_blank" rel="noopener">Imprint</a> · <a href="/devconf-cz-2024/privacy">Privacy</a> </footer> </div> </body> </html>