Multi Cluster Logical Cloud Manager(WIP)
Background
Design Overview
API
RESTful North API (with examples)
Logical Cloud CRUD
Interface API to Controllers (with examples)
Resource Controllers (Such as namespace, K8S users, Generic-ISTIO, ISTIO-CA-Cert etc..) interface
Namespace controller
User controller
Generic-ISTIO controller
OAuth-config controller
ISTIO-CA-Cert controller
This controller runs as a micro-service exposing API's. This controller will generate intermediate CA key for each edge which is signed by an root or intermediate key. The controller comes up and register's with DCM and brings up the backend with given root or intermediate key. Updates the database with bundle containing signed intermediate key, cert and chain. This bundle is later used to configure Citadel to bring up with intermediate key and cert and chain for issuing workload certs.
Internal Design details
Guidelines that need to kept in mind
Support for metrics that can be retrieved by Prometheus
Support for Jaeger distributed tracing by including opentracing libraries around HTTP calls.
Support for logging that is understood by fluentd
Mutual exclusion of database operations (keeping internal modules accessing database records simultaneously and also by replication entities of the scheduler micro-service).
Resilience - ensure that the information returned by controllers is not lost as the synchronization of resources to remote edge clouds can take hours or even days when the edge is not up and running and possibility of restart of scheduler micro service in the meantime.
Concurrency - Support multiple operations at a time and even synchronizing resources in various edge clouds in parallel.
Performance - Avoiding file system operations as much as possible.
Modules (Description, internal structures etc..)
....