Release 2022: Hardened Kubernetes for hosting user-supplied Interactive Applications

Why we provide OpenScienceLabs

Scientists, academic staff and IT staff require a place to host applications to wider audiences. Sometimes for short times (e.g. summer schools), sometimes for longer (Paper Companions after publication). Applications vary from teaching content to bespoke HPC code bases.
We want to provide scientists with a templated approach to getting their codes "hostable" and packaging all bespoke dependencies HowTo: Publish updated content to my HPC App running in my OpenScienceLab.

We also provide methods to share hosted applications with collaborators using various types of controls. It is envisioned to make this as self-service as possible, however, certain data-governance (**) requirements may be applicable.

What it is -> Automation Templates

Our blueprints are a collection of automation templates to create a cloud platform service (PaaS) including a tailored WebEnvironment (Jupyter) that is integrated with IdentityMangement in such a way that a university can use (adapt) it.

To allow digital sovereignty, the templates can be translated to most Cloud Providers (CSP), our choice presented here (Openstack) are due to the associated cost-savings and especially for those HPC facilities where data gravity prohibits the use of public cloud.

We want to give a university an up-to-date and tested set of software stacks to enable OpenScience.
Security concerns are a key differentiator and we are working to include features like IDS and SIEM in the future.

Goal: Lowering the entrance barrier and cognitive friction in using High Performance Compute

see this pre-print for details.
OpenScienceLabs_I_EffectiveSharing.pdf

What a university (or HPC center) gets

An integrated and opinionated set of instructions that bootstrap an ContainerOrchestrator with a chosen Profile that will configure everything from network, dns to the application for a dedicated use-case so that a User can Single Sign On and start using their cluster or their lab.

UseCases: OpenScience-HPC, Jupyter-for-Teaching, Jupyter-for-Testing
User Storage: Home and Group Directories
Identity: Azure Active Directory (central) and LDAP (local)
Platform: Kubernetes (RKE2)

Should a university decide to replace individual layers or elements, this is possible due to how the repository is structured in layers as well as in submodules.

This requires:

How to use these blueprints (UNDER CONSTRUCTION):

Clone/Fork them into your own AzureDevOps Tenant, fill out the #EDIT HERE blanks , go through the bootstrapping steps in this HowTo and optionally reach out to us on slack for support.

How to get support:

Support is planned to be provided on a case-by-case basis starting in 2023. Interested research groups may reach out to support@austrianopencloudcommunity.org

Openstack runtime infrastructure is currently not provided beyond PoC level, for strategic questions please reach out to the maintainer. The Openstack configuration is currently not included in this repo, but can be made available to interested parties.

Contributions are welcome

Maintained by
C. Roedig

Funding Acknowledgment

This project is funded by the Austrian Ministry (BMBWF) under the Digitalization Call "Austrian DataLAB and Services". The project is stricty non-profit. Participating universities are: Technical University of Vienna (TUW-Lead), University of Innsbruck (UIBK), Technical University of Graz (TUG), University of Vienna (UniVie), University of Economics Vienna (WU), University of Natural Resources and Life Sciences (BOKU), Medical University of Vienna (MedUVie) and Johannes Kepler University of Linz (JKU).