-
Notifications
You must be signed in to change notification settings - Fork 19
Home
Welcome to the Hyades wiki!
Spike is a load balancer based on Google's Maglev. For performance reasons, packets are randomly disperse packets to a set of Spike nodes (equal-cost multi-path routing), which then route the packets to containers over flannel. To ensure session coherency, Spike ensures that packets from the same client get routed to the same container.
To achieve this, Spikes on different machines need to coordinate data on which container each client is assigned to. However, coordinating data is hard. Maglev solves this by hashing the client data deterministically (along with a lookup cache) and using this to determine how to assign clients to containers, so no communication between Spikes are required.
This is however problematic because this set of containers can change (and by the very nature of Hyades, does so quite often). This is solved by using a hashing algorithm that preserves most of the client-container assignments.
TLS is used to authenticate connections. This means that everything must have their set of keys. A keyserver is used to manage key creation and distribution. This raises the question of how you could distribute keys without existing keys.
When an administrator creates a new node, the keyserver gives the administrator a token that he can give the node that it can use to authenticate with the keyserver, which will then give the node an initial set of keys.
First, build Go. The Go 1.8.3 compiler is written in Go, so it is necessary to bootstrap by building Go 1.4, which is written in C. The compiled binary can then be used to build Go 1.8.3.
Next, build acbuild. It's a tool used to build App Container Images. No idea what that is. Also the project appears to be unmaintained. Presumably for rkt, which uses ACI.
Now, we need to build a whole set of upstream packages. Homeworld does this using Debian packaging. No idea how that works. Or why you need to "set up an sbuild chroot".
The packages are:
- admin-tools, or Spire. These are a set of custom tools written in Python used to manage the cluster.
- apt-setup. Used to make output packages work with apt, I think. Not sure exactly what it does, probably something to do with Debian packaging.
- bootstrap-registry. "This hostname exists to provide a location for autodiscovery of rkt ACIs for homeworld clusters." No idea. Probably a skeleton configuration for servers?
- etcd. Used by Kubernetes to coordinate information between nodes.
- hyperkube. An all-in-one Kubernetes executable, which is actually composed of many smaller component programs. Kubernetes manages container lifecycle and provisioning -- Hyades' core feature.
- keysystem. Custom Go code. Manages Kerberos authentication. Not sure if it manages other stuff too, looks like a lot of code. Seems to do some RSA stuff, possibly to give Kerberos-authenticated clients SSH access to containers.
- knc, or Kerberised NetCat. netcat is a tool that transfers data over TCP/IP. Presumably knc is just that except with Kerberos authentication. Not sure where this feature is used in homeworld.
- rkt. The container system to be used by Kubernetes. Apparently it's Better and More Secure than Docker.
- services. Not sure. As far as I can tell, it just contains scripts to start all the relevant services (components of Kubernetes and etcd) with the correct configuration.
build-all.sh calls build-package.sh for each package, which sets up the environment with functions from common/package-build-helpers.sh, then calls build(), also from common/package-build-helpers.sh. This calls sbuild, which presumably creates debs according to instructions in the debian directory.
Most of the time, a build procedure is provided in inner-build.sh. sbuild is told to run that in debian/rules. The deb provides instructions to copy files to various locations in the system according to debian/install.
You need Kerberos tickets.