...
Kubernetes uses Docker containers. A container is a “lightweight” "lightweight" abstraction layer on top of the host operating system. Multiple containers share the machine’s operating system kernel and do not require the overhead of associating an operating system within each application. In comparison with VMs, containers bring reduced start-up time, more compute capacity, more flexibility, fault isolation, ease of management, simplified security and reduced costs. The operational benefits for Delft-FEWS systems are also in line with the Roadmap plans for automation of installations with less needless customization, better auto-scaling and more flexible testing. We prefer using linux containers as much as possible. Whether linux containers can be used may depend on the requirements of the forecast model. Any Windows-based forecast models can be separately run on Windows hardware, Windows VMs (or in a Windows docker container).
Delft-FEWS Software: A cloud agnostic approach
Delft-FEWS system installation on regular hardware / VMS is currently done by unzipping the binaries, setting OS environment variables and starting a launcher service. For installation in Kubernetes this is not be much different. Usually this is controlled using data driven yaml / json configuration file to apply the needed actions.
| component | cloud readiness status | Improvements |
|---|---|---|
| Database | Both db docker containers as well as managed instances are already possible. Managed instances require minor adjustments of the db scripts. | Support one set of database scripts for all db flavors managed and unmanaged. |
Master Controller | Yes |
| Enable service replication |
Admin Interface | Yes | |
Operator Client / SA | Use Azure Virtual Desktop or Database proxy | |
Config Manager | Use Azure Virtual Desktop or Database proxy or API | |
Forecasting Shell Server | Yes | Facilitate auto scaling. |
WebServices | Yes | |
DatabaseProxy | Yes | |
OpenArchive | Yes | |
Fileshares | cloud-specific |
Delft-FEWS in the cloud: reference architectures
...
Best practices & recommendations
https://cheatsheetseries.owasp.org/cheatsheets/Kubernetes_Security_Cheat_Sheet.html
https://cloudsecdocs.com/container_security/defensive/kubernetes/k8s_production_checklist/
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
- Project references
- Technical knowledge Deltares has successfully completed Delft-FEWS projects with Azure ARM templates and AWS Elastic Beanstalk. For practical reasons, will keep our requirements / installation instructions as cloud neutral as possible.
- Involved people
- More info / Deltares contact(s)
...