Skip to content

Infrastructure

Jump to bottom
rgaudin edited this page Feb 7, 2022 · 2 revisions

This is an overview with high level information. Actual implementation may defer and Helm Charts or k8s manifests (in that order) should be trusted.

Kosmos control plane

  • Managed by Scaleway
  • scw.k8s.kiwix.org CNAME to {uuid}.nodes.k8s.fr-par.scw.cloud
  • k8s.kiwix.org CNAME to scw.k8s.kiwix.org

Using two CNAME would allow us to redirect k8s.kiwix.org to a different host in case we need to move all services at once.

  • All user-facing services (except those mentioned below) uses a CNAME pointing to k8s.kiwix.org which serves as the HTTP Load Balancer.
    • stats.kiwix.org -> k8s.kiwix.org
    • farm.openzim.org -> k8s.kiwix.org
    • api.cardshop.kiwix.org -> k8s.kiwix.org
    • etc.

Note: Kosmos is a paid service.

Bastion

  • Single entry point for SSH access to our nodes: all nodes only accepts connections from its IP.
  • Not part of the k8s cluster
  • bastion.kiwix.org

Stats node

  • Registered node on the Cluster
  • Runs non-user-facing services which may be demanding:
  • matomo for our stats
  • metrics
  • zimfarm watcher
  • stats.k8s.kiwix.org CNAME to {stats-node-id}.nodes.k8s.fr-par.scw.cloud

Services node

  • Registered node on the Cluster

  • Runs all user-facing services that don't need access to ZIM files:

    • Kiwix Wiki
    • openZIM Wiki
    • watcherbot
    • Kiwix JS PWA
    • CMS
    • Cardshop
    • Youzim.it
    • Zimfarm
    • Zimfarm drive
    • Offspot drive
    • Kiwix tmp
    • dev-library

  • Runs all services without a specific node affinity.

  • services.k8s.kiwix.org CNAME to {svc-node-id}.nodes.k8s.fr-par.scw.cloud

Storage node

  • Registered node on the Cluster
  • Runs all services requiring ZIM file access
    • Kiwix download
    • openZIM download
    • Zimfarm receiver
    • Library
    • dev-library
    • mirrorbrain
  • storage.k8s.kiwix.org CNAME to {storage-node-id}.nodes.k8s.fr-par.scw.cloud

Clone this wiki locally