Abstract
The infrastructure behind home.cern and 1000 other Drupal websites serves more than 15,000 unique visitors daily. To best serve the site owners, a small engineering team needs development speed to adapt to their evolving needs and operational velocity to troubleshoot emerging problems rapidly. We designed a new Web Frameworks platform by extending Kubernetes to replace the ageing physical infrastructure and reduce the dependency on homebrew components. The new platform is modular, built around standard components and thus less complex to operate. Some requirements are covered solely by upstream open source projects, whereas others by components shared across CERN’s web hosting platforms. We leverage the Operator framework and the Kubernetes API to get observability, policy enforcement, access control and auditing, and high availability for free. Thanks to containers and namespaces, websites are isolated. This isolation clarifies security boundaries and minimizes attack surface, while empowering site owners. In this work we present the new system’s open-source design contrasted with the one it replaces, demonstrating how we drastically reduced our technical debt.
Highlights
Google rewrites most of their software every few years [1]
Despite the much slower pace at which services evolve, CERN lives in the same dynamic technological environment
Kubernetes is for cloud native applications an extension of what the operating system is for traditional applications
Summary
Google rewrites most of their software every few years [1] Despite the cost, they consider it crucial to long-term success, because software requirements change as technologies evolve – and with them, user expectations. They consider it crucial to long-term success, because software requirements change as technologies evolve – and with them, user expectations This practice typically reduces complexity and transfers knowledge into the new generation of engineers. The main purpose of this work is to pay back technical debt in CERN’s Content Management Systems by modernizing the software architecture and making the service more secure and flexible (see section 4.1)
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call