dependencies

« Previous section Next section »

UCloud Developer Guide / Core / Monitoring, Alerting and Procedures / Third-Party Dependencies (Risk Assessment)

Third-Party Dependencies (Risk Assessment)

In this document we cover the core 3rd party dependencies we have in UCloud and assess risk based on the following factors:

  • How essential is the dependency for UCloud?

    • Scale: 1 (low) - 5 (high)

  • How essential is knowledge of the system to develop UCloud (while keeping it stable and secure)?

    • Scale: 1 (low) - 5 (high)

    • The assessment will include if the knowledge is only essential for a single component or system-wide

  • Difficulty of migrating to an alternative technology

    • Scale: 1 (low) - 5 (high)

  • Likelihood of the dependency getting discontinued in the coming 5 years

    • Scale: 1 (low) - 5 (high)

We consider a 3rd party dependency to be anything not created by the SDU eScience Center, examples include:

  • Software library

  • Tool

  • Hosted software (e.g. a database server)

  • Technical specifications

We use the following format:

### Dependency name

- __Website:__ https://example.com
- __Short description:__ Lorem ipsum dolor sit amet, consectetur adipisicing elit.
- __Described in:__ [Article 1](#), [Article 2](#), [Article 3](#)

__Assessment:__

- __How essential is the dependency for UCloud?__ 1 (low) - 5 (high)
- __How essential is knowledge of the system to develop UCloud?__ 1 (low) - 5 (high)
- __Difficulty of migrating to an alternative technology:__ 1 (low) - 5 (high)
- __Alternative technologies:__ (If relevant) We could use ...
- __Likelihood of the dependency getting discontinued in the coming 5 years:__ 1 (low) - 5 (high)

Notes and explanation go here

Backend

Kotlin

  • Website: https://kotlinlang.org/

  • Short description: The Kotlin programming language is a modern programming language which runs on various platforms, including the JVM. In UCloud we run the JVM variant. All micro-services of UCloud are written in Kotlin.

  • Described in: Indirectly in the following documents: Structure of a micro-service, Getting started

Assessment:

  • How essential is the dependency for UCloud? 5

  • How essential is knowledge of the system to develop UCloud? 5

  • Difficulty of migrating to an alternative technology: 5

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

kotlinx.coroutines

  • Website: https://github.com/Kotlin/kotlinx.coroutines

  • Short description: Coroutine support library for Kotlin. Used by large chunks of UCloud for all threading needs. Ktor also depends on this library.

  • Described in: Indirectly in the following documents: Structure of a micro-service, Getting started

Assessment:

  • How essential is the dependency for UCloud? 5

  • How essential is knowledge of the system to develop UCloud? 4 (system-wide)

  • Difficulty of migrating to an alternative technology: 4

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

kotlinx.coroutines is listed as an official JetBrains product making it roughly as reliable as the Kotlin programming language itself.

Ktor

  • Website: https://ktor.io

  • Short description: Provides the web-server and web-client for UCloud.

  • Described in: HTTP Implementation

Assessment:

  • How essential is the dependency for UCloud? 4

  • How essential is knowledge of the system to develop UCloud? 2 (system-wide)

  • Difficulty of migrating to an alternative technology: 2

  • Alternative technologies: Both client and server could be replaced by another lightweight alternative

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Ktor is listed as an official JetBrains product making it roughly as reliable as the Kotlin programming language itself.

Migration is a fairly straight-forward process since most of the code is wrapped by UCloud code. Business logic would most likely not be significantly affected by the migration.

HTTP and WebSockets

Assessment:

  • How essential is the dependency for UCloud? 5

  • How essential is knowledge of the system to develop UCloud? 5 (system-wide)

  • Difficulty of migrating to an alternative technology: 5

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Kubernetes

  • Website: https://kubernetes.io/

  • Short description: Container orchestration. This is used both for the deployment of UCloud and scheduling of user jobs.

  • Described in: app-kubernetes

Assessment:

  • How essential is the dependency for UCloud? 4

  • How essential is knowledge of the system to develop UCloud? 4 (few components), 2 (rest of system)

  • Difficulty of migrating to an alternative technology: 3

  • Alternative technologies: Nomad. Bare-metal deployment and compute on different platform (e.g. slurm).

  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Docker

  • Website: https://www.docker.com/

  • Short description: Container runtime.

  • Described in: Getting started

Assessment:

  • How essential is the dependency for UCloud? 3

  • How essential is knowledge of the system to develop UCloud? 2 (system-wide)

  • Difficulty of migrating to an alternative technology: 3

  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Docker is natively supported by all large cloud providers, including AWS and Azure. Docker is unlikely to be discontinued without an alternative in place.

PostgreSQL

  • Website: https://www.postgresql.org/

  • Short description: PostgreSQL is an open source object-relational database system.

  • Described in: PostgreSQL

Assessment:

  • How essential is the dependency for UCloud? 5

  • How essential is knowledge of the system to develop UCloud? 5 (system-wide)

  • Difficulty of migrating to an alternative technology: 3

  • Alternative technologies: A different SQL database.

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

PostgreSQL has had active development since 1986 with many large companies using it in production as well as sponsoring development.

Redis

  • Website: https://redis.io/

  • Short description: Provides an in-memory data structure store. UCloud uses it primarily as a message broker.

  • Described in: Event streams, Distributed locks

Assessment:

  • How essential is the dependency for UCloud? 4

  • How essential is knowledge of the system to develop UCloud? 2 (system-wide)

  • Difficulty of migrating to an alternative technology: 3

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Redis has been in active development since 2009. According to DB-engines ranking Redis is the most popular key-value database.

Most of the code in UCloud never interfaces directly with Redis. All micro-services of UCloud should instead interface with the abstractions provided by service-lib. This makes significant knowledge of redis mostly irrelevant.

ElasticSearch

  • Website: https://www.elastic.co/elasticsearch/

  • Short description: ElasticSearch is a database which provides powerful free-text search. UCloud uses it for storing logs and limited file meta-data.

  • Described in: Internal of a UCloud micro-service, Micro features

Assessment:

  • How essential is the dependency for UCloud? 3

  • How essential is knowledge of the system to develop UCloud? 4 (few component), 1 (rest of system)

  • Difficulty of migrating to an alternative technology: 2

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

ElasticSearch has been in active development since 2010. According to DB-engines ranking ElasticSearch is the most popular search engine database.

Gradle

  • Website: https://gradle.org

  • Short description: Build tools used in UCloud for all micro-services.

  • Described in: Getting started

Assessment:

  • How essential is the dependency for UCloud? 4

  • How essential is knowledge of the system to develop UCloud? 3

  • Difficulty of migrating to an alternative technology: 4

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Gradle is a build tool which is recommended in many parts of the official Kotlin documentation.

Jenkins

  • Website: https://www.jenkins.io/

  • Short description: Automation server which powers our CI/CD system

  • Described in: CI/CD

Assessment:

  • How essential is the dependency for UCloud? 3

  • How essential is knowledge of the system to develop UCloud? 1

  • Difficulty of migrating to an alternative technology: 2

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Rancher

  • Website: https://rancher.com/

  • Short description: Manages our Kubernetes clusters

  • Described in: Deployment procedures

Assessment:

  • How essential is the dependency for UCloud? 2

  • How essential is knowledge of the system to develop UCloud? 2

  • Difficulty of migrating to an alternative technology: 3

  • Alternative technologies: Bare-metal Kubernetes deployment/OpenShift

  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Frontend

Styled Components

  • Website: https://styled-components.com/

  • Short description: CSS in JavaScript. Used by all components in the frontend of UCloud.

  • Described in: Not currently described

Assessment:

  • How essential is the dependency for UCloud? 4

  • How essential is knowledge of the system to develop UCloud? 4

  • Difficulty of migrating to an alternative technology: 3

  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Styled components is a hugely popular JavaScript library for CSS in JS. Their webpage lists many large companies as their users, including: Reddit, GitHub and Lego.

ReactJS

  • Website: https://reactjs.org/

  • Short description: A JavaScript library for building user interfaces.

  • Described in: Frontend README

Assessment:

  • How essential is the dependency for UCloud? 5

  • How essential is knowledge of the system to develop UCloud? 5

  • Difficulty of migrating to an alternative technology: 5

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Developed by Facebook and used in many different companies and websites.

NPM

  • Website: https://www.npmjs.com/

  • Short description: Node package manager. Used internally in the frontend to manage dependencies.

  • Described in: Frontend README

Assessment:

  • How essential is the dependency for UCloud? 4

  • How essential is knowledge of the system to develop UCloud? 4

  • Difficulty of migrating to an alternative technology: 3

  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Webpack

  • Website: https://webpack.js.org/

  • Short description: Static module bundler for JavaScript applications.

  • Described in: Frontend README

Assessment:

  • How essential is the dependency for UCloud? 4

  • How essential is knowledge of the system to develop UCloud? 3

  • Difficulty of migrating to an alternative technology: 3

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

WebPack development is sponsered by several large companies.

TypeScript

  • Website: https://www.typescriptlang.org/

  • Short description: The entire frontend of UCloud is developed in the TypeScript.

  • Described in: Frontend README

Assessment:

  • How essential is the dependency for UCloud? 5

  • How essential is knowledge of the system to develop UCloud? 5

  • Difficulty of migrating to an alternative technology: 5

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Redux

  • Website: https://redux.js.org/

  • Short description: State container for JavaScript applications.

  • Described in: Frontend README

Assessment:

  • How essential is the dependency for UCloud? 5

  • How essential is knowledge of the system to develop UCloud? 5

  • Difficulty of migrating to an alternative technology: 3

  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

Redux is a commonly used library for state management in React-based applications. It has more than 3.5 million weekly downloads on NPM.

Tools

IntelliJ IDEA (and other relevant JetBrains IDEs)

  • Website: https://www.jetbrains.com/idea/

  • Short description: Integrated Development Environment (IDE) for many different languages. It is used internally to develop the software for UCloud.

  • Described in: Postgres Tutorial

Assessment:

  • How essential is the dependency for UCloud? 2

  • How essential is knowledge of the system to develop UCloud? 2

  • Difficulty of migrating to an alternative technology: 1

  • Alternative technologies: Any other text editor. IntelliJ IDEA is not a requirement to develop UCloud.

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

Developed by JetBrains who has also developed several of our other dependencies.

Git

  • Website: https://git-scm.com/

  • Short description: Distributed version control system. Used to keep track of changes and merge changes from multiple developers.

  • Described in: Infrastructure README

Assessment:

  • How essential is the dependency for UCloud? 5

  • How essential is knowledge of the system to develop UCloud? 4

  • Difficulty of migrating to an alternative technology: 3

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

GitHub

  • Website: https://github.com

  • Short description: GitHub provides hosting of our git repository along with issue tracking.

  • Described in: Infrastructure README

Assessment:

  • How essential is the dependency for UCloud? 3

  • How essential is knowledge of the system to develop UCloud? 3

  • Difficulty of migrating to an alternative technology: 3

  • Alternative technologies: Any other hosting platform for Git repositories

  • Likelihood of the dependency getting discontinued in the coming 5 years: 1

ZenHub

  • Website: https://www.zenhub.com/

  • Short description:

  • Described in: Not currently described in the UCloud documentation.

Assessment:

  • How essential is the dependency for UCloud? 4

  • How essential is knowledge of the system to develop UCloud? 5

  • Difficulty of migrating to an alternative technology: 2

  • Alternative technologies: If required, we could fallback to using just the issues in our GitHub issue tracker. ZenHub stores all issues directly in GitHub.

  • Likelihood of the dependency getting discontinued in the coming 5 years: 2

PreviousauditingNextdeployment

Last updated