...
- A Central-deployed DMaaP component muse be able to route to an Edge-deployed component, and distinguish between the same component deployed at different Edge sites. Examples include:
- dr-prov periodically sends provisioning info to each dr-node
- A centrally-deployed dr-node may transfer a file to an Edge-deployed dr-node for delivery to a subscriber in that Edge, based on an egress rule
- A central mirrormaker subscribes to an Edge-deployed message-router kafka
- An Edge-deployed DMaaP component must be able to route to a central-deployed service. Examples include:
- dr-node periodically syncs with dr-prov
- dr-node authenticates publish requests using aaf
- message-router authenticates client requests using aaf
- dbc-client makes request to dmaap-bc API during post-install provisioning
- Edge mirrormaker subscribes to central message-router kafka
- Localized DR Routing between a Data File Collector (DFC) and a PM Mapper deployed in the same Edge X.
- Localized DR Routing means DR Node is deployed in the same Edge site so data doesn't need to leave the site.
- DFC will be a publisher to a feed provisioned at deployment time.
- PM Mapper will be a subscriber provisioned at deployment time.
- The feed should be unique per site so that when there are multiple sites, PM Mapper only receives its locally produced data.
- Localized messaging from PM Mapper and DFC. This will signal DFC that a file was processed.
- Localized messaging implies a Message Router instance in the same edge location.
- PM Mapper will a publisher provisioned at deployment time
- DFC will be a subscriber provisioned at deployment time.
- Communication will utilize an authenticated topic in the MR deployed in the same edge site.
- PM Mapper and DFC will use AAF credentials to authenticate.
- PM Mapper identity will be authorized to publish on the topic
- DFC identity will be authorized to subscribe on the topic
- Inter-site messaging from PM Mapper to VES perf3gpp
- Inter-site messaging means sending a message from an edge location publisher to a central location subscriber.
- PM Mapper, deployed at Edge, will be a publisher using AAF credentials
- VES perf3gpp, deployed in Central, will be a subscriber using AAF credentials
- Communication will utilize an authenticated topic on the MR deployed in the same edge site.
- PM Mapper and DFC will use AAF credentials to authenticate.
- PM Mapper identity will be authorized to publish on the topic
- VES perf3gpp identity will be authorized to subscribe on the topic
- Furthermore, messages on this topic will be replicated to the central MR instance.
- Are there any other subscribers? (esp, are there any other at edge?)
Solution Options for Dublin
This section is based on a discussion with Jack Lucas about possible approaches that we might consider within the Dublin feature set.
Ways to route to a k8s service in another k8s cluster:
- Extend the configuration of the Jack's proxy to include DMaaP services. Note: Current capability will route from edge to central. (See Jack's demo)
- Include central deployed DMaaP services with existing node ports in proxy config: dr-prov, message-router, dmaap-bc
- Expose central deployed DMaaP service on node port and add to proxy configuration: dr-node
- K8S External Service. Deploy services at Edge which map to central services.
- Add entries for central services into /etc/hosts on Edge pods so they can route properly
- Provision some external DNS service that is able to resolve to required IP addresses in other k8s cluster
- Determine how clients can specify FQDN (service name) but designate IP address to use.
- See --resolve option in curl for example of how this might work.
- Apply k8s thinking to DMaaP component design:
- Abandon the DR publish redirect protocol and simply use dr-node service instead.
- if dr-node is local to the cluster, then client will route to local dr-node pod for publishing (which is desired)
- if dr-node isn't local to cluster, then client will route to central dr-node via proxy (fallback)
- Change dr-prov algorithm for distributing prov data to dr-node so dr-prov doesn't need to know how to address every pod
- Abandon the DR publish redirect protocol and simply use dr-node service instead.
Open Issues
REF | Status | Discussion | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
1 | Open | DNS Update for inter-site routing We have several examples of an edge component which needs to communicate to a central service. Mike suggested that edge DNS might be updated such that edge clients could resolve to central services. This might satisfy a common need across several components. e.g. access to central AAF comes to mind 05/02: Another alternative was demoed by DCAE where an nginx container is deployed at edge site which proxies service traffic to the relevant NodePort on the central k8s cluster. This may be suitable for some of DMaaP components (as a POC) but not a preferred solution. Work is ongoing in OOM to provide this (with input from the community)
| ||||||||
2 | Open | Location discovery Bus Controller manages dcaeLocations as the name of different sites. What mechanism can be used to: a) register dcaeLocations when each k8s cluster is deployed. b) serve as an attribute when MR and DR clients are provisioned. Current expectation is that there is some k8s info in A&AI API that might be useful. 05/02: Agreement from DCAE on requirement to involve all ONAP components (AAI, OOF, etc) to find a suitable solution here. Defined use-case defined here
| ||||||||
3 | Closed | Relying on Helm chart enabled flag 2/12: "Mike, Last week we discussed using a helm configuration override file to control which components get deployed at edge. The idea being we would set enabled: false for a component that shouldn’t be deployed. But dmaap chart actually consists of several sub-charts, each of these sub-charts correspond to a specific dmaap component which we may want to deploy at edge or not. So, curious if you know the syntax for this – I haven’t been able to find a reference for how enabled is actually used, and I don’t see that value referenced in our charts so not clear what is reading it. Wondering if our edge config override would be something like: dmaap: dmaap-message-router: enabled: true dmaap-bus-controller: enabled: false dmaap-dr-prov: enabled: false dmaap-dr-node: enabled: true or, do charts for our individual components need to be top level directories under oom/kubernetes in order to use the enabled flag?" 2/13: From Mike Elliot: "I’ve been trying to allow for the conditional control over the dr-prov and dr-node as well, with no success. Still investigating options for this. Hope to have a solution on this by EOD." 05/02: Current chart structure allows deployment of individual components. (BC, MR, DR). One caveat to this is a dependency on AAF being reachable by BC & MR. (DR soon to follow) See the DMaaP Deployment Guide - Dublin for more details. | ||||||||
4 | Open | 05/02: Helm chart edge deploy.
"edge charts" may require several override params to cater for the following.
| ||||||||
5 | Open | 05/02: Need to identify if all of the required services (logstash, AAF, dr-node, mr-kafka, etc) have exposed NodePorts available for bi-directional traffic between sites. |
...