Authors: Alan Mutschelknaus (HPE), Jeremy Duckworth (HPE)
Abstract: Traditional managed nodes on HPE Cray EX systems dedicated to user compilations and job launch, have not supported user interaction beyond the standard SSH shell environment. This model works for many use cases, but it does not provide for the flexibility that industry solutions around container orchestration have. While User Access Instances (UAIs) are available as containerized login environments, they currently run in the Cray System Management Kubernetes cluster and would be better suited to run alongside other user processes.
This paper will show how a cluster of managed nodes running K3s and MetalLB can be used to host a suite of new experiences for users. K3s is a lightweight, API compatible distribution of Kubernetes. Using rootless podman for container execution and HAProxy to route SSH connections, users can have a fully customizable UAI experience. The HAProxy load balancer for SSH can run as a “DaemonSet” across the managed nodes for resiliency. A type of Broker UAI on the managed nodes can then forward users into a customizable, rootless podman container. To illustrate how K3s and MetalLB opens the door to other user interactions, the paper will also show how JupyterHub can be deployed to the K3s cluster with Helm.
Long Description: Traditional managed nodes on HPE Cray EX systems dedicated to user compilations and job launch, have not supported user interaction beyond the standard SSH shell environment. This model works for many use cases, but it does not provide for the flexibility that industry solutions around container orchestration have. While User Access Instances (UAIs) are available as containerized login environments, they currently run in the Cray System Management Kubernetes cluster and would be better suited to run alongside other user processes.
This paper will show how a cluster of managed nodes running K3s and MetalLB can be used to host a suite of new experiences for users. K3s is a lightweight, API compatible distribution of Kubernetes. Using rootless podman for container execution and HAProxy to route SSH connections, users can have a fully customizable UAI experience. The HAProxy load balancer for SSH can run as a “DaemonSet” across the managed nodes for resiliency. A type of Broker UAI on the managed nodes can then forward users into a customizable, rootless podman container. To illustrate how K3s and MetalLB opens the door to other user interactions, the paper will also show how JupyterHub can be deployed to the K3s cluster with Helm.
Paper: PDF