Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Main DCM Microservice (contains the service mesh Module(formally Logical Cloud Controller), User Module and Namespace Module, Quota Module(Limits resources available to each logical cloud))
  2. CA Key Distribution Controller Generate intermediate CA key for each edge which is signed by an root or intermediate key)

...

Drawio
bordertrue
viewerToolbartrue
fitWindowfalse
diagramDisplayName
lboxtrue
revision17
diagramNameDCM
simpleViewerfalse
width1000
linksauto
tbstyletop
diagramWidth721

Fig 1: DCM Components


DCM Sequence

  1. Client creates logical cloud using logical cloud creation API and the following documents are created in the DCM collection
    • The core module parses the Json and creates a new document for the logical cloud in the mongodb DCM collection.
    • The core module also creates a cluster document in the DCM collection
    • The user module parses the Json and creates a new document for user 
    • The namespace module parses the Json and creates a new document for namespace
  2. Associates logical cloud with clusters (this API is called multiple times)
    • Updates the cluster document with the cluster name, loadbalancer ip every time its called
  3. Add quota for logical cloud
    • The
    client talks to the core module  and at each step the core module calls the specific modules which then take the information and store it in the required section in the database. For examle, the namespace module will store the namespace for the logical cloud in the DB.
    • quota module creates a quota document containing the quota details
  4. Apply API is called
    • Service mesh module gets CA bundle from CA controller via gRPC
    • Service mesh module gets names of logical cloud and creates a new namespace name using name of logical cloud name
    • Service mesh module creates helm template/istioctl manifest
    and stores it in the database with the namespace to use
    • (WIP)
    • Service mesh module creates
    k8s coredns file for coredns of control plane for each cluster i.e, there is a coredns deployment file, configmap, service account etc for each cluster per control plane (logical cloud)
    • service mesh document in the DCM collection and stores the above (CA bundle contents, istio namespace, istioctl manifest) in the document
  5. DCM informs the resource synchronizer to start the logical cloud creation via gRPC and the resource synchronizer starts reading from the DB
  6. The DCM gets status from the resource synchronizer via gRPC
  7.  When the logical cloud creation is complete, the resource synchronizer will store the modified kubeconfig file for each cluster in the cluster document of the logical cloud


The details of the DCM Data Model can be found in DCM MongoDB Data Model

DCM Source Code Directory Structure

...

Code Block
languagejs
titlePUT Logical Cloud
URL: /v2/projects/<project-name>/logical-clouds/<name><logical-cloud-name>
PUT BODY:
{
 "metadata" : {
	"name": "lc-1",
    "description": "logical cloud for walmart finance department",  //description for the logical cloud 
    "userData1":"<user data>",
    "userData2":"<user data>"
   },
 "spec" : {
	"namespace" : "ns-1", // one namespace per logical cloud
 	"user" : {
    "user-name" : "user-1",  //name of user for this cloud  (username and logical cloud name would be used as subject for the user key)
    "type" : "certificate",   //type of authentication credentials used by user (certificate, Token, UNPW)
    "user-permissions" : [
       { "permission-name" : "permission-1",
         "apiGroups" : ["stable.example.com"],
         "resources" : ["secrets", "pods"],
         "verbs" : ["get", "watch", "list", "create"]
       },
       { "permission-name" : "permission-2",
         "apiGroups" : [""],
         "resources" : ["configmaps"],
         "verbs" : ["*"]
       }
    ]
  }
 }
}

Return Status: 200 (OK)
Return Body:
{
  "name" : "logical-cloud-1",
  "logical-cloud-name" : "logical-cloud-1",
  "namespace" : "ns-1",
  "user" : "user-1"
}

...

Code Block
languagejs
titleGET Logical Cloud
GET
URL: /v2/projects/<project-name>/logical-clouds/<name><logical-cloud-name>
RESPONSE BODY:
{
 "metadata" : {
 	"name": "lc-1",   //unique name for the record
    "description": "logical cloud for walmart finance department",  //description for the logical cloud 
    "userData1":"<user data>",
    "userData2":"<user data>"
   },
 "spec" : {
	"namespace" : "ns-1", // one namespace per logical cloud
 	"user" : {
    "user-name" : "user-1",  //name of user for this cloud  (username and logical cloud name would be used as subject for the user key)
    "type" : "certificate",   //type of authentication credentials used by user (certificate, Token, UNPW)
    "user-permissions" : [
       { "permission-name" : "permission-1",
         "apiGroups" : ["stable.example.com"],
         "resources" : ["secrets", "pods"],
         "verbs" : ["get", "watch", "list", "create"]
       },
       { "permission-name" : "permission-2",
         "apiGroups" : [""],
         "resources" : ["configmaps"],
         "verbs" : ["*"]
       }
    ],
    "clusters" : ["cluster-1", "cluster-2", "cluster-3]
  }
 }
}
  

...

Code Block
languagejs
titleDELETE Logical Cloud
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<name><logical-cloud-name>

Logical Cloud Cluster API

...

cloud with cluster
Code Block
languagejs
titleAssociate logical cloud with cluster
URL: /v2/projects/<project-name>/logical
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/cluster-references/
POST BODY:
{

 -clouds/<logical-cloud-name>/cluster-references/
POST BODY:
{
 "metadata" : {
 	"name": "lc-cl-1",
    "description": "desc",
    "userData1":"<user data>",
    "userData2":"<user data>"
   },

 "spec" : {
	"cluster-provider": "cp-1",
	"cluster-name": "c1", //name of the cluster,
 	"loadbalancer-ip" : "0.0.0.0"  //IP address of the istio loadbalancer for the logical cloud control plane in the cluster
  }
}



 
}
Return Status: 200 (OK)
Return Body:
{
  "cluster-name" : "cluster-1"
  "loadbalancer-ip" : "0.0.0.0"
}

...

Code Block
languagejs
titleDelete Cluster from logical cloud
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/cluster-references/cluster<cluster-namename>
RESPONSE STATUS: 204
}

Logical Cloud User Permissions API

...

Code Block
languagejs
titleUpdate KV pair
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kv-pairs/<name><kv-pair-name>
PUT BODY
{
   "metadata":{
      "description":"<description>",
      "userData1":"<user data>",
      "userData2":"<user data>"
   },
   "spec":{
      "kv":[
         {
            "key1":"val3"
         },
         {
            "key2":"val4"
         }
      ]
   }
}
RETURN STATUS: 201
RETURN BODY:
{
   "metadata":{
      "description":"<description>",
      "userData1":"<user data>",
      "userData2":"<user data>"
   },
   "spec":{
      "kv":[
         {
            "key1":"val3"
         },
         {
            "key2":"val4"
         }
      ]
   }
}

...

Code Block
languagejs
titleGet KV pair
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kv-pairs/<name><kv-pair-name>

RETURN STATUS: 200
RETURN BODY:
{
   "metadata":{
      "name":"<name>",
      "description":"<description>",
      "userData1":"<user data>",
      "userData2":"<user data>"
   },
   "spec":{
      "kv":[
         {
            "key1":"val1"
         },
         {
            "key2":"val2"
         }
      ]
   }
}

...

Code Block
languagejs
titleDelete KV pair
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kv-pairs/<name><kv-pair-name>

RETURN STATUS: 204

...

Kubeconfig API (WORK IN PROGRESS)

Important points to Note

  • cluster CA and cluster CRT will be gotten when a cluster is registered and this will be used to create the user crt after the user csr and user key are created

...

Code Block
languagejs
titleGet Logical cloud kubeconfig
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kubeconfig?cluster-reference=cluster-1
GET
Return Status: 201
Return Body :
  {
    "apiVersion": "v1",
    "clusters": [
        {
            "cluster": {
                "certificate-authority-data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01ERXhOakl5TlRReU1sb1hEVE13TURFeE16SXlOVFF5TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXZ5ClpSMmtHZ201OHJtRUYxZ0VVNDlwR281TjR5WlZzbUtsemJxeitHcmp3MWY4ZHBaa01JN1RYbm1xaXdjbmpiZksKdlZDYmFKblBwRm9Wc0gyMTFMRVYxa1pqQ2RZakgrQnA4VUNadFpOZnJha1o1TU91RW40MXlpbDRxVTFxRnBYcgpvMnAvTTJNSTc0bzdYSis5V2VUNmZ1MFJ0RjRjK1p6K3IzbWY3YWFnem9weEo1TzcyN010WkN5bzJHaWNJdzgyCk1uSmUrbHBnNDdEdTNwK0JzOVZ4cENNVjhUTFBDWWFxVUZHZWZ1U25zTHpCOWFHUGJaMi9kWlMrQll6VGJ1dWIKZ0pzbmxKd1o2Z1orVkJKWGtxcFN4ZmJTWFE3V2VLR1BkMkptYk04THFtd2UxcEtIMnNnVEs0cnBuM3dKdzk1Uwp5c01LZWp5aS9TcmZWci9ZdmRNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFIRkJ3VUJrRE56MDV3cGlVVkhaeld3Z0JWWTgKTFRIV2RZYUliaTZzeCthTUhIOFF3cERhSUIvME9KUlZmc01XNXd2eldTWE05d28zR2ltMlYxNnBsN0E3ZXRkLwo3OWZiT0FaTTh0bUFHMVlraFlJbjc0NzRvaE5GZjhLdjFqY3ZIUStIREZZRTRHdTBXUXhBQU9sRmh2SUNKc1VDCmRrN25mREpMRTIwa1E0M1ZIMnc3Ukg3clFVcUVNVnhVU2VTTWdid0xEQms5bWFQNm83RjdsT0ZqQnJibmhaVlgKNDA3U3Z2aTFRM0x6eCtubklhY3RidkZaUGFDRlpPMlkvS0dpcFpYM3o0R3hiR0sxM3VweExuSllHZEI4eFBrRApmK3FISFYvMHVVV2Yzb2JpSUNTT09qUjF5VnB3eXdIVFcrTHhyM1BZcXQ5b0NTRXErYitPUDE2SVV5az0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
                "server": "https://1.2.3.4:6443"
            },
            "name": "kubernetes"
        }
    ],
    "contexts": [
        {
            "context": {
                "cluster": "cluster-1",
                "user": "user-1"
            },
            "name": "user-1-context"
        }
    ],
    "current-context": "user-1-context",
    "kind": "Config",
    "users": [
        {
            "name": "user-1",
            "user": {
                "client-certificate-data" : "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJZVovY05tQVE5NGd3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TURBeE1UWXlNalUwTWpKYUZ3MHlNVEF4TVRVeU1qVTBNamhhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW0zblA0eTdURjNrZldaZFoKaFdaV2RTSWZlNlpkbTdWK1BpcER6UWFHMTVuU0ZNSVRSeFVyYkhHdWlzakZQRlAzbUIyT09yN3BSQjJab3VDegppOFlYS21iYjJ6K2tjeWZxT1drcHhmTzlHQlV6SlYxL1BoUGU2dGRaSEp3c3FtNlhYZ2xkcTEvNjBSTWNwUVUxCi9LOXNZNHhWQ1djSkN4SEkvTnp4VDY0TU5zQlF3VldONXZWTTJOUDJtZDFOa2x2S3J2bnFRUERXTGxVWEx2THIKK2NESk50VytxcFc4dzVreXF5YWp1ZHQ4ZGw0dzZSY3FnL3VnbXRVMHRnVEdxcFdSYm5yZlFMSzBsaGJKejVMTgpmK1pNTjRCYllxWGRBZ2hFMTNEeHhYd2tHUHdnL3h0aFhManBaQzhjeTNlV0hCenV2cWY1aWJ2S0hRQ20zRmFjCjhBTlVpUUlEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDV3BuY1RhTWowOWZDL25CQTF1NWhkbFQrQmdhc3NZSFVEeQplM2tQUXJlUXdseUhYTGtWdDdiSkIxT0l6Y1V3K2M5MVF6Mm9lRFBaNzZGNGlQMTd5RUgrUFZrMVVUSzBLRU9jCjM2cVpXTUdMK0ptZy9wTnFBNXRsNG1EUTVneFhHTENpa2JiYzRTM0oxL0FicmFVakRtM1FEOTd6UEhSUkZnN2oKN2VXMnB2V3ZEakRTWDZGejY0dEorRHB2NUpGZGRHNU5lQVErZ0hNOWFPVUdCVG1oZlYzZnl1NzkzV0cyUGlxMgpMMlZQU0YycU5DRG96Y3Z3am84VHkxbUpXSzIvTkVjN2ZMd24wbml3UTd3aXpMWHU0N1hvL3Frb2pBMUN6MW9YCkhid1JQMjZXdVNDTGpnNnpHVUh3VnBZWmV4Z3pkY05CRERQTnlPem94RTFwUVlXRXkrZz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
				"client-key-data" : "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbTNuUDR5N1RGM2tmV1pkWmhXWldkU0lmZTZaZG03VitQaXBEelFhRzE1blNGTUlUClJ4VXJiSEd1aXNqRlBGUDNtQjJPT3I3cFJCMlpvdUN6aThZWEttYmIyeitrY3lmcU9Xa3B4Zk85R0JVekpWMS8KUGhQZTZ0ZFpISndzcW02WFhnbGRxMS82MFJNY3BRVTEvSzlzWTR4VkNXY0pDeEhJL056eFQ2NE1Oc0JRd1ZXTgo1dlZNMk5QMm1kMU5rbHZLcnZucVFQRFdMbFVYTHZMcitjREpOdFcrcXBXOHc1a3lxeWFqdWR0OGRsNHc2UmNxCmcvdWdtdFUwdGdUR3FwV1JibnJmUUxLMGxoYkp6NUxOZitaTU40QmJZcVhkQWdoRTEzRHh4WHdrR1B3Zy94dGgKWExqcFpDOGN5M2VXSEJ6dXZxZjVpYnZLSFFDbTNGYWM4QU5VaVFJREFRQUJBb0lCQURSeCs3RTd5MU1ndFhXSQpPMWRuZFFTZ0ZSU2x3dS9TWWhwZ01XeklwZFcyZW9vc0NVcXlGbXJIVWtSWWcwZmRYeWk5MTR0emVNWlVZYzN5CmxENHkvUDk5b080dFlyREJweDNrbm9XNnVXK1ZQeUo4am42SFAydmlacG5qQ0tJWkdoQkxnb0JicVFTN3VLN2wKdWhkWnFXdFBIQ1JHMEdNZWhiamVZcndwRHMrc3V5Y0tUNlh2OGR0am9PRGlSenpodTBBWjErSDBMbC9MaUp5NgpubUF1M3IzUDN2dGt1ZndoOXB2SjA2TjhHVWhRZFlvVENBMHQ4c0lEN0Q0ZUZGcXdjM2FVTmlyVGdtcllmcVFkCnJQMnRUMkYxbEE5bEJ1bUJmNDBCUFMrejR0MS92Tk5XSEtseFFzaDRkTnNJczlFbHB1YkVTMlovbmJkUHpEOXUKUHlmWmNCMENnWUVBemZEZ21TVVZ2REpJMEZWWnNENWszNWxRWFpmQ3ZLZWpaaU5ScTZzaDlROUhBcTdaN3dESwo3RmNHSGZFQVhNZ1YyQ2VibUtkbFZ4aFJMQUVQb0todzNCbG94RlhiNC9ESytYdmV0ek4vUnQzQ0VGN29jZTFECko0eXVTS0pYR25RVW82NXV6RVBJMmVVdi81Njh5dEdDdXlNRmdIZDNTRHBxeUZqSjhlVXp3RGNDZ1lFQXdVU2kKVVpkMTEzVnFWeEpUQytSeTlsRzNIeGZFekhBbUdkMXNQNFdmYm9nZ3hjbmZrZk9ndU1ua0dzVVNnNGZjN3BKNworVDd2dFg2QVRXQkUzeUV1SHdMcytJd2VQT2RFeDNBZytSYnBKU25pTEc2WmUxdER0K2NtdTdObGZGRWRuR0l2CkUvTkt1c3FLdmduN3FzK216OHR5UmwxZ0pYMGdjT3J1TFVnbnNUOENnWUVBaGlUdUY3TnBXZ0lqSGRsS3A1dXMKMTEwbFZTR2lqb0pmMUFzVGlzL1pPYWh1NTlkL1M4aG5aZFUxdmRFYkhGU1VyZ3oydEZQdGxmTFlCT0xZREIxTQpEb0phbFBFY1gzaWNyaSs2bmZqa1lnUFhBaFRnTWoyTExicmNWNkd2UFNMNXdyaS9vVHhTRzJUSGhDa2c3cmZVCkFSUEo1S2xzd0ZhVThkV3NEVzN2N0xjQ2dZQlhlZGc2TStLcmpjSisvSlZJR2JPTEY3dFp3R2xiMnhyenRBdk4KeUk0NytqTlRNcWNWcVg3Q2hPYlEwd2dwTG5KcUxUVWR3RVhCRVN2RFdlSnlWOU5IU0F5NEJydWM5MVJqTExaUAo1L1hJMDJkQ2t5QzIrN3p2M1JqajlqUG1DOVRxTm1wMmpqVHh6TUQxZVJGRzQ4dnQyM2l5cm9yWkRRU0U5MkNzCmNDOC9Bd0tCZ1FDamRrVTNOcWFPZHUzMlpkWm5IK0cxY0NwbGtRK1VFZXNmTlcrWjdiWWtocng2Z2l6eCtjY0UKS3FhNTRxTmJkQVdLQXRzSU5lZ3pQU0toV0g0eXFnaWYrNmQ1aVVZUlFoUUhNVG0yTHpEQ2xGQ001N2FPdmQ3YQpNUEZxR3BNV2tqVmlnZjlwdHV3YW1qWkYwbm5MUVE5dWIzMlB3Zjk0Yzl4NFBEdkpmdTQrUHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo="
            }
        }
    ]
}

...



Apply API

When the API is called, the resource synchronizer is called  and the resource creation in the cluster begins

...

Code Block
languagejs
titleApply configuration
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/apply

Return Status: 200 (OK)
Return Body:
{
 "logical-cloud-name" : "logical-cloud-1",
 "namespace" : "ns-1", // one namespace per logical cloud
 "description": "logical cloud for walmart finance department",  //description for the logical cloud
 "user" : "user-1",
 "clusters" : ["cluster1", "cluster2", "cluster3"]
 "quota-name" : "quota-1"
}


...


Status API

GET (Check status of operation)

...