DevOps Overview
This page provides a high-level overview of how EBRAINS services are deployed, operated, and managed. For detailed implementation guides, authorized teams can access internal technical documentation.
New to EBRAINS development? Start with Developer Onboarding to understand the complete development workflow.
Looking for detailed operational guides? Visit the EBRAINS DevOps Handbook for in-depth documentation on Kubernetes, GitOps, monitoring, and infrastructure management.
Our Technology Stack
EBRAINS infrastructure is built on modern, open-source technologies that prioritize security, scalability, and reproducibility.
Core Technologies
Container Orchestration
- Kubernetes - Container orchestration platform
- Rancher - Kubernetes cluster management
- RKE2 - Kubernetes distribution
Deployment & Configuration
- ArgoCD - GitOps-based continuous deployment
- Helm - Kubernetes package management
- HashiCorp Vault - Secrets management integrated with EBRAINS IAM
Storage & Networking
- Longhorn - Distributed block storage
- Cert-manager - Automatic TLS certificate management
- Ingress controllers - External service exposure
Monitoring & Observability
- Open Metrics Framework (OMF) - End-to-end analytics platform
- Prometheus - Metrics collection
- Grafana - Visualization and dashboards
- Matomo - Privacy-friendly web analytics
Deployment Environments
EBRAINS offers three main deployment options, each optimized for different use cases.
Kubernetes Clusters
Best for:
- Web applications and REST APIs
- Microservices architectures
- User-facing EBRAINS services
- Services requiring high availability
Key features:
- Declarative deployments via GitOps
- Automatic secret injection from Vault
- Integrated monitoring and alerting
- Automatic TLS certificates
- Persistent storage with snapshots
- Horizontal and vertical autoscaling
Infrastructure: EBRAINS Kubernetes clusters are distributed across multiple European cloud providers:
- Jülich Supercomputing Centre (JSC Cloud)
- CINECA (ADA Cloud)
- CEA (TGCC)
Virtual Machines
Best for:
- Legacy applications not yet containerized
- Services requiring specific kernel modules
- Workloads with special OS requirements
- Stateful applications in transition
Key features:
- Full control over operating system
- Integration with central monitoring
- Automated OS updates where applicable
- Backup and snapshot capabilities
Provisioning: VMs are provisioned by the EBRAINS Operations team. Service owners are responsible for application-level configuration and maintenance.
EBRAINS Software Distribution (ESD)
Best for:
- Scientific simulations and analysis
- Jupyter notebook workflows
- HPC batch jobs
- Research software requiring specific libraries
Key features:
- Curated, versioned software stack
- Multi-site availability (local, cloud, HPC)
- Reproducible computational environments
- Integration with EBRAINS services
Learn more: EBRAINS Software Distribution
Infrastructure Services
EBRAINS provides several platform-wide services that all applications can leverage.
Domain Names
User-facing services typically use *.ebrains.eu hostnames.
Domain naming guidelines:
- Use clear, descriptive names
- Follow kebab-case convention (e.g.,
forms.ebrains.eu,knowledge-graph.ebrains.eu) - Avoid abbreviations unless widely recognized
- Request domains through the appropriate TC process
DNS and TLS:
- DNS records are managed centrally
- TLS certificates are automatically provisioned and renewed
- HTTPS is enforced for all public services
Email Relay
Services sending email as @ebrains.eu must use the central EBRAINS email relays.
Benefits:
- Proper SPF, DKIM, and DMARC configuration
- Deliverability monitoring
- Rate limiting and spam protection
- Centralized logging
Eligible services:
- Official EBRAINS platform services
- Automated notifications and alerts
- User communication (password resets, confirmations)
Not allowed:
- Personal email
- Marketing campaigns
- Third-party services
GitOps and Continuous Deployment
EBRAINS uses GitOps principles for Kubernetes deployments, enabling declarative, version-controlled infrastructure.
How GitOps Works at EBRAINS
- Declare desired state in Git (Kubernetes manifests, Helm charts)
- ArgoCD monitors Git repositories for changes
- Automatic synchronization applies changes to clusters
- Self-healing detects and corrects drift from desired state
Benefits:
- Audit trail: Every change tracked in Git
- Rollback capability: Revert to any previous state
- Consistency: Same deployment process across all environments
- Collaboration: Code review for infrastructure changes
Deployment Workflow
Monitoring and Observability
The Open Metrics Framework (OMF) provides comprehensive observability across EBRAINS infrastructure.
What OMF Monitors
Infrastructure metrics:
- Cluster health (node status, resource usage)
- Network performance
- Storage capacity and performance
Service metrics:
- Request rates and latencies
- Error rates
- Resource consumption (CPU, memory)
- Custom application metrics
Business metrics:
- User activity
- API usage
- Feature adoption
- Service-specific KPIs
For Service Owners
You are responsible for:
- Exposing Prometheus metrics from your service
- Defining relevant service-level indicators (SLIs)
- Setting appropriate alerting thresholds
- Responding to alerts and incidents
EBRAINS Ops provides:
- Metric collection infrastructure
- Standardized dashboards
- Alerting and notification system
- Long-term metric storage
Getting Help
Detailed Technical Documentation
This overview provides the conceptual foundation for EBRAINS DevOps practices.
For authorized service owners and operators, detailed implementation guides covering specific configurations, access procedures, and operational runbooks are available through:
- EBRAINS DevOps Handbook - Comprehensive operational documentation for Kubernetes clusters, GitOps workflows, monitoring, and infrastructure management
- Internal Technical Coordination documentation
- Team-specific onboarding materials
Contact tc@ebrains.eu to request access to detailed technical documentation relevant to your role.