Self-Service Access to Open Source Infrastructure using NATS & Huma

Our session, titled 'Using NATS and Huma to Enhance Open Source Infrastructure', was designed to empower both B2B and European research communities with robust self-service access.

Jon Ander Novella de Miguel

Jon Ander Novella de Miguel

Safespring Engineer

I recently had the opportunity to present at OpenInfra Day Sweden 2024, and I'm excited to share the insights and developments from our team at Safespring.

Over the past three months, we’ve been working on a new tool designed to enhance self-service access to open source infrastructure for our B2B and European research community customers. This tool leverages the power of NATS and Huma technologies.

Safespring’s Mission Safespring aims to become the platform of choice for European cloud computing. We are dedicated to providing secure, compliant cloud services across multiple data centers in the Nordics, including Oslo, Stockholm, and Luleå. Our offerings adhere to GDPR and European security standards, ensuring top-notch security for our users.

Download presentation
Click here to download the presentation as a PDF.

Project Overview

Our project addresses the need for automated provisioning of resources such as projects, users, networks, and access control lists across multiple open stack installations. We developed a self-service API using two key technologies:

  1. NATS - A messaging system for microservices.
  2. Huma - An HTTP framework in Golang that facilitates the creation of OpenAPI specifications.

Goals of the Self-Service API

  1. Distributed Management: Enable efficient distributed management of customer resources, reducing operational costs and allowing customers to provision projects on demand.
  2. Infrastructure Federation: Support infrastructure federation for projects involving multiple organizations, such as our ongoing collaboration with the European Commission.
  3. Controlled Resource Provisioning: Implement a control layer to manage customer requests for resources, ensuring compliance with predefined quotas and access levels.

Technical Details

Huma Framework

  • Compatibility with popular routers.
  • Use of generic HTTP handler signatures for maintainability.
  • Annotated struct types for input and output models, facilitating automatic OpenAPI specification generation.

Huma, the HTTP framework we chose, is integrated into the Golang ecosystem.

NATS Microservices

  • Fire and Forget Messaging: Efficient message publishing without awaiting responses.
  • Subject-Based Messaging: Allowing targeted communication with multiple services simultaneously.
  • Built-In Load Balancing: Ensuring high availability and efficient resource distribution.

To overcome the limitations of HTTP in dynamic service discovery and load balancing, we incorporated NATS for message middleware.

Architecture

Our architecture comprises:

  1. Self-Service HTTP API: The main interface for user interactions.
  2. NATS Microservices: Distributed across various data centers, listening to subjects and performing operations like creating projects and users.
  3. Central Services: Including a quota and ACL controller to manage resource allocation and access control.

Messaging Patterns

We implemented several NATS messaging patterns, including:

Challenges and Solutions

  1. Unified API for OKD and OpenStack: Developing an abstraction that works across different platforms while managing user and group complexities.
  2. Integration Testing: Ensuring robust testing against recyclable OpenStack and OKD environments, despite challenges with nested virtualization.

Conclusion

This project represents a significant step forward in providing scalable, self-service access to open source infrastructure for our customers. By leveraging NATS and Huma, we have created a robust, efficient, and secure tool that meets the growing demands of our B2B and European research communities.

Feel free to reach out if you have any questions or would like more detailed information about our project!