Self-Service Access to Open Source Infrastructure using NATS & Huma
Our session, titled 'Using NATS and Huma to Enhance Open Source Infrastructure', was designed to empower both B2B and European research communities with robust self-service access.
Jon Ander Novella de Miguel
Safespring Engineer
I recently had the opportunity to present at OpenInfra Day Sweden 2024, and I'm excited to share the insights and developments from our team at Safespring.
Over the past three months, we’ve been working on a new tool designed to enhance self-service access to open source infrastructure for our B2B and European research community customers. This tool leverages the power of NATS and Huma technologies.
Safespring’s Mission
Safespring aims to become the platform of choice for European cloud computing. We are dedicated to providing secure, compliant cloud services across multiple data centers in the Nordics, including Oslo, Stockholm, and Luleå. Our offerings adhere to GDPR and European security standards, ensuring top-notch security for our users.
Our project addresses the need for automated provisioning of resources such as projects, users, networks, and access control lists across multiple open stack installations. We developed a self-service API using two key technologies:
NATS - A messaging system for microservices.
Huma - An HTTP framework in Golang that facilitates the creation of OpenAPI specifications.
Goals of the Self-Service API
Distributed Management: Enable efficient distributed management of customer resources, reducing operational costs and allowing customers to provision projects on demand.
Infrastructure Federation: Support infrastructure federation for projects involving multiple organizations, such as our ongoing collaboration with the European Commission.
Controlled Resource Provisioning: Implement a control layer to manage customer requests for resources, ensuring compliance with predefined quotas and access levels.
Technical Details
Huma Framework
Compatibility with popular routers.
Use of generic HTTP handler signatures for maintainability.
Annotated struct types for input and output models, facilitating automatic OpenAPI specification generation.
Huma, the HTTP framework we chose, is integrated into the Golang ecosystem.
NATS Microservices
Fire and Forget Messaging: Efficient message publishing without awaiting responses.
Subject-Based Messaging: Allowing targeted communication with multiple services simultaneously.
Built-In Load Balancing: Ensuring high availability and efficient resource distribution.
To overcome the limitations of HTTP in dynamic service discovery and load balancing, we incorporated NATS for message middleware.
Architecture
Our architecture comprises:
Self-Service HTTP API: The main interface for user interactions.
NATS Microservices: Distributed across various data centers, listening to subjects and performing operations like creating projects and users.
Central Services: Including a quota and ACL controller to manage resource allocation and access control.
Messaging Patterns
We implemented several NATS messaging patterns, including:
Fan-In and Fan-Out: Distributing messages from the self-service API to multiple services.
Scatter and Gather: Aggregating responses from multiple services to provide comprehensive results to the client.
Challenges and Solutions
Unified API for OKD and OpenStack: Developing an abstraction that works across different platforms while managing user and group complexities.
Integration Testing: Ensuring robust testing against recyclable OpenStack and OKD environments, despite challenges with nested virtualization.
Conclusion
This project represents a significant step forward in providing scalable, self-service access to open source infrastructure for our customers. By leveraging NATS and Huma, we have created a robust, efficient, and secure tool that meets the growing demands of our B2B and European research communities.
Feel free to reach out if you have any questions or would like more detailed information about our project!
Safespring offers flexible and high-performance cloud infrastructure services.
Our Nordic solution provides you with the confidence that you can meet legal and regulatory requirements, such as GDPR, with ease.