...
- Main DCM Microservice (contains the Logical Cloud Controller, User Controller and Namespace Controller)
- Istio DCM Controller (Create the Istio Control planes for the logical clouds)
- CA Key Distribution Controller ( Generate intermediate CA key for each edge which is signed by an root or intermediate key)
- Quota Controller (Limits resources available to each logical cloud)
Design Overview
draw.io Diagram | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Fig 1: DCM Components
Fig 2: Showing Logical Clouds spanning multiple edge location. Istio Replicated Control planes are used and in each cluster, there is an istio control plane per logical cloud
API
1. Create Logical Cloud
Code Block | ||||
---|---|---|---|---|
| ||||
URL: /v2/projects/<project-name>/logical-clouds POST BODY: { "name": "lc-1", //unique name for the record "logical-cloud-name" : "logical-cloud-1", "namespace" : "ns-1", // one namespace per logical cloud "description": "logical cloud for walmart finance department", //description for the logical cloud "user" : { "user-name" : "user-1", //name of user for this cloud "type" : "certificate", //type of authentication credentials used by user (certificate, Token, UNPW) "user-key" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA+mQXMRYV4H6/YhLQHTQ7brwP9AhRgU87HweU9TJ7+iJsFfAh\nOGWkURUPriF5dZYRqO451HyizZ5gWGFgvPhRexiBv1OB7FbVa6PSHkn5UhqmONFo\nGG4bqsEe7vr8ZU/cJIaUIGu9IdQ4ww3JyUQ9dB2O8YdnGELeWcmcc9VdHh/J/dg5\n1noP4lFTMZoHNIrFZ0MtvMQrz+SE6Xd1nDK0BaRjllzqta0lqkdweEYUwtQUKq6m\n6XcC8latnnICNimb9h7jHo0MS+sQVFAwgAzu2Z4ryt9lRAC8qmBPDPpRRcutyJAF\n2Lv4UMHI41evHh8q37BCPZn8SXZ3mVlVRkkWRQIDAQABAoIBAQCNxWxIM7wRT1Kn\nggVp87APA9Z4ktkrQSQ1boKNzpbZyvGt/jehChPegPFO4880n9LB9pix0hwQFjNw\n9znh5SulafvUy8CNg6D1gF0xHytWrJYfJ5or8vQhW5VbNKsB5hS8baKjNL1y0QmO\nj1kIZ2XwP+g2ozbhSsNAzWGTSGSf77sljH1UfR8rU1DloSTGOcDv+PHfFtZ/ICbC\n/jwHW9Gzej7ZRVfX7W5bLQjPlHq4p0pD02L26byaYLZEC/KA6ZX/ZtAbR8ZsUAw4\ngCTkIKgwzPMooyxbp7bjwMl7BebhLmFkZL9FlDLOT6ldh07CWKsMgYNxklgOQqMq\n+wHb2shBAoGBAP7xgqNOZPtQ5a2Lt+OuVj/mFGgbwHxhx2oKimc+xkwUvPN4GW5x\nHbbS3XoZc7UgxAyGmikNly+ZzrOCyDKeR6M/wkGxAn8/DlNZ7IPM+8X0IHCNmZc7\nGbR16Yzj/dclDxwD9j29RId6U33IveH64PsdYHMZvOHhDX7/QnPLXMfxAoGBAPtt\nwBFI+XBEG3j9yGcf6twvZXDDt9yQPQi/CDeaVeMrGOM0B04QRWe0KFGcpfhASJFE\nhJgrYxFmuFylzomHQW0gKKg6yUyUKyCjBK/ZthWTgLnQaVy05Ks5bS5Z3N+hvtlY\nqJNLHxN9trpVrAiGwCyXWRauipLIpVdMvmxfAyeVAoGBAPRstjQ96AEvWVUe/IoU\nzmpq+6uo184orNjVDEbaX6H3zASdY7yIRNXQqzjyCAZjSLM9pbWwav/fNdbTj39A\nUyyH54W14NAAs4pkT6c5szXhzew7RkNBDW8AEY/b0rYfuLHCdqZQvNArDrss6Cgt\nsN/xFVSlG3twmtDXBXBEG3jYYREWO89REwkjleOPLmnjleOPLmnFZaqlLrB+1K4u\n1niUx6K77SGlEnqNV1caqfzl7tkKPfdnL7NCQPWZS9VRok/S/GiSoislNnpNXOmQ\nNCVgp3gLCw+k0R/2WgnZLpGCAmaaLkmjwm9nXsOcZaHnti9x3pGb5CCwvFfECOLz\nF6NaMBUCgYBvvQ0/eLqlHj1YXBEG3jYYREWO89REwkjleOPLmn1fQsa4vZBXN8yN\nZBHj6mPaIm9s+Ca/a1kfAo/Kv5aqaNN5A0GmHOaUNZaYnJ46aH/Qieoa5ICs02J/\n/jHwoXzvehtr3b8ncDXq9PS+4eDfHwJjIDbmQ0FRcH4wmZLg45zlwg==\n-----END RSA PRIVATE KEY-----\n", "user-csr" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICajCCAVICAQAwJTERMA8GA1UEAwwIZW1wbG95ZWUxEDAOBgNVBAoMB2JpdG5h\nbWkwggEiMXBEG3jYYREWO89REwkjleOPLmnAwggEKAoIBAQD6ZBcxFhXgr9iEtAd\nNDtuvA/0CFGBTzsfB5T1Mnv6ImwV8CE4ZaRRFQ+uIXl1lhGo7jnUfKLNnmBYYWC8\n+FF7GIG/U4HsVteeeeeeflSGqY40WgYbhruqwR7u+vxlT9wkhpQga70h1DjDDcnJ\nRD10HY7xh2cYQt5ZyZxz1V0123jldoewjg/iUVMxmgc0isVnQy28xCvP5ITpd3Wc\nMrQFpGOWXOq1rSWqR3B4RhTC1BQqrqbpdwLyVq2ecgI2KZv2HuMejQxL6xBUUDCA\nDO7ZnivK32VEALyqYE8M+lFFy63IkAXYu/hQwcjjV68eHyrfsEI9mfxJdneZWVVG\nSRZFAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAyuTVpshvkTo9bQkhMHFaPSdU\neqNM8NF/SZAdM/nWE5Q9wIeQLxu7FFP1UGz+b/bmxGp/o4bfrjC/4yjUWA4zUAfP\nBf7kUvJFSCdcTClyD5u9oL0ZGDc3ZZM3BgFT2PjXdr8cufkh3OjY6IVExA365NFP\nVyk7Bo13FhORHgVZUinK7s2COylidSOEMnwg71Rxf1S2UMm8sV4duWdVqep6ic31\nK8ghF27F5XBEG3jYYREWO89REwkjleOPLmnaN+n2I4nSD0JkD3w1v6XUQqXSV9WC\n3cNAmRWv0JJVRXvXk5x5Etr0oza2BDPrrZzKw94dsjsu5fWvWeeqtovWzUboiw==\n-----END CERTIFICATE REQUEST-----\n", "cloud-ca-key" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA+mQXMRYV4H6/YhLQHTQ7brwP9AhRgU87HweU9TJ7+iJsFfAh\nOGWkURUPriF5dZYRqO451HyizZ5gWGFgvPhRexiBv1OB7FbVa6PSHkn5UhqmONFo\nGG4bqsEe7vr8ZU/cJIaUIGu9IdQ4ww3JyUQ9dB2O8YdnGELeWcmcc9VdHh/J/dg5\n1noP4lFTMZoXBEG3jYYREWO89REwkjleOPLmnllzqta0lqkdwXBEG3jYYREWO89R\n6XcC8latnnICNimb9h7jHo0MS+sQVFAwgAzu2Z4ryt9lRAC8qmBPDPpRRcutyJAF\n2Lv4UMHI41evHh8XBEG3jYYREWO89REwkjleOPLmnQABAoIBAQCNxWxIM7wRT1Kn\nggVp87APA9Z4ktkrQSQ1boKNzpbZyvGt/jehChPegPFO4880n9LB9pix0hwQFjNw\n9znh5SulafvUy8CNg6D1gF0xHytWrJYfJ5or8vQhW5VbNKsB5hS8baKjNL1y0QmO\nj1kIZ2XwP+g2ozbhSsNAzWGTSGSf77sljH1UfR8rU1DloSTGOcDv+PHfFtZ/ICbC\n/jwHW9Gzej7ZRVfX7W5bLQjPlHq4p0pD02L26byaYLZEC/KA6ZX/ZtAbR8ZsUAw4\ngCTkIKgwzPMooyXBEG3jYYREWO89REwkjleOPLmnFlDLOT6ldKsMgYNxklgOQqMq\n+wHb2shBAoGBAP7xgqNOZPtQ5a2Lt+OuVj/mFGgbwHxhx2oKimc+xkwUvPN4GW5x\nHbbS3XoZc7UgxAyGmikNly+ZzrOCyDKeR6M/wkGxAn8/DlNZ7IPM+8X0IHCNmZc7\nGbR16Yzj/dclDxwD9j29RId6U33IveH64PsdYHMZvOHhDX7/QnPLXMfxAoGBAPtt\nwBFI+XBEG3jYYREWO89REwkjleOPLmn/CDeaVeMrGOM0B04QRWe0KFGcpfhASJFE\nhJgrYxFmuFylzomHQW0gKKg6yUyUKyCjBK/ZthWTgLnQaVy05Ks5bS5Z3N+hvtlY\nqJNLHxN9trpVrAiGwCyXWRauipLIpVdMvmxfAyeVAoGBAPRstjQ96AEvWVUe/IoU\nzmpq+6uo1XBEG3jYYREWO89REwkjleOPLmnRNXQqzjyCAZjSLM9pbW/fNdbTj39A\nUyyH54W14NAAs4pkT6c5szXhzew7RkNBDW8AEY/b0rYfuLHCdqZQvNArDrss6Cgt\nsN/xFVSlG3twmtDkiGCeW/DxAoGAVhAWO5RwFZaqlLrB+1K4kNAEeBn2eKBC1BiX\n1niUx6K77SGlEnqNV1caqXBEG3jYYREWO89REwkjleOPLmn/S/GiSislNnpNXOmQ\nNCVgp3gLCw+k0R/2WgnZLpGCAmaaLkmjwm9nXsOcZaHnti9x3pGb5CCwvFfECOLz\nF6NaMBUCgYBvvQ0/eLqlHj1Yj5GvetLJmMtc25fsyP4xily1fQsa4vZBqTNXN8yN\nZBHj6mPaIm9s+Ca/a1kfAo/Kv5aqaNN5A0GmHOaUNZaYnJ46aH/Qieoa5ICs02J/\n/jHwoXzvehtr3b8ncDXq9PS+4eDfHwJjIDbmQ0FRcH4wmZLg45zlwg==\n-----END RSA PRIVATE KEY-----\n", "cloud-ca-crt" : "-----BEGIN CERTIFICATE-----\nYYECyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl\ncm5lAf8UUUUwjeiikoRtEWVFgQADggEBAHFByNTQyMloXDTMwMDExMzIyNTQyMlo\nAxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvy\nZR2kGgm58rmEF1gAf8UUUUwjeiikoRtEWVFgQADggEBAHFBGrjw1f8dpZkMI7TXn\nvVCbaJnPpFoVsH211LEV1kZjCdYjH+Bp8UCZtZNfrakZ5MOuEn41yil4qU1qFpXr\nuuIVFWKI74o7XJ+9WeT6fu0RtF4c+Zz+r3mf7aagzopxJ5O727MtZCyo2GicIw82\nMnJe+lpg47Du3p+Bs9VxpCMV8TLPCYaqUFGefuSnsLzB9aGPbZ2/dZS+BYzTbuub\ngJsnlJwZ6gZ+VBJXkqpSxfbSXQ7WeKGPd2JmbM8Lqmwe1pKH2sgTK4rpn3wJw95S\nysMKejyi/SrfVr/YvdMCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB\n/wQFMAMBAf8UUUUwjeiikoRtEWVFgQADggEBAHFBwUBkDNz05wpiUVHZzWwgBVY8\nLTHWdYaIbi6sx+oEwuoIPWQw098/0OJVfsMW5wvzWSXM9wo3Gim2V16pl7A7etd/\n79fbOAZM8tmAG1YkhYIn7474ohNFV8Kv1jcvHQ+HDFYE4Gu0WQxAAOlFhvICJsUC\ndk7nfDJLE20kQ43VH2w7RH7rQUqEMVxUSeSMgbwLDBk9maP6o7F7lOFjBrbnhZVX\n407Svvi1Q3Lzx+nnIactbvFZPaAf8UUUUwjeiikoRtEWVFgQADggEBAHFBK13upx\nf+qHHV/0uUWf3obiICSOOjR1yVpwywHTW+Lxr3PYqt9oCSEq+b+OP16IUyk=\n-----END CERTIFICATE-----\n", "permissions" : [ { "permission-name" : "permission-1", "apiGroups" : ["stable.example.com"], "resources" : ["secrets", "pods"], "verbs" : ["get", "watch", "list", "create"] }, { "permission-name" : "permission-2", "apiGroups" : [""], "resources" : ["configmaps"], "verbs" : ["*"] } ] } } Return Status: 201 Return Body: { "name" : "logical-cloud-1", "logical-cloud-name" : "logical-cloud-1", "namespace" : "ns-1", "user-name" : "user-1" } |
...