Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Background

Design Overview

API

RESTful North API (with examples)

Logical Cloud CRUD


Interface API to Controllers (with examples)

Resource Controllers (Such as namespace, K8S users, Generic-ISTIO, ISTIO-CA-Cert etc..) interface

Namespace controller

User controller

Generic-ISTIO controller

OAuth-config controller

ISTIO-CA-Cert controller

This controller runs as a micro-service exposing API's. This controller will generate intermediate CA key for each edge which is signed by an root or intermediate key. The controller comes up and register's with DCM and brings up the backend with given root or intermediate key. Updates the database with bundle containing signed intermediate key, cert and chain.   This bundle is later used to configure Citadel to bring up with intermediate key and cert and chain for issuing workload certs.


Internal Design details

Guidelines that need to kept in mind

  • Support for metrics that can be retrieved by Prometheus
  • Support for Jaeger distributed tracing by including opentracing libraries around HTTP calls.
  • Support for logging that is understood by fluentd
  • Mutual exclusion of database operations (keeping internal modules accessing database records simultaneously and also by replication entities of the scheduler micro-service).
  • Resilience - ensure that the information returned by controllers is not lost as the synchronization of resources to remote edge clouds can take hours or even days when the edge is not up and running and possibility of restart of scheduler micro service in the meantime.
  • Concurrency - Support multiple operations at a time and even synchronizing resources in various edge clouds in parallel.
  • Performance - Avoiding file system operations as much as possible.

Modules (Description, internal structures etc..)

....


Sequence flows


Test cases