Background
The DCM is one of the components of ONAP4K8s. It will run as a microservice exposing Rest APIs, external components will use REST to communicate with the DCM while other microservices will use gRPC. The DCM will perform the following functions;
...
- Main DCM Microservice (contains the service mesh controller Module(formally Logical Cloud Controller), User Controller Module and Namespace ControllerModule, Quota Controller Module(Limits resources available to each logical cloud))
- CA Key Distribution Controller ( Generate intermediate CA key for each edge which is signed by an root or intermediate key)
Design Overview
| draw.io Diagram |
|---|
| border | true |
|---|
| viewerToolbar | true |
|---|
| |
|---|
| fitWindow | false |
|---|
| diagramDisplayName | |
|---|
| lbox | true |
|---|
| revision | 717 |
|---|
| diagramName | DCM |
|---|
| simpleViewer | false |
|---|
| width | 1000 |
|---|
| links | auto |
|---|
| tbstyle | top |
|---|
| diagramWidth | 1131721 |
|---|
|
Fig 1: DCM ComponentsSample
DCM
...
Sequence
- Client creates logical cloud using logical cloud creation API and the following documents are created in the DCM collection
- The core module parses the Json and creates a new document for the logical cloud in the mongodb DCM collection.
- The core module also creates a cluster document in the DCM collection
- The user module parses the Json and creates a new document for user
The namespace module parses the Json and creates a new document for namespace
- Associates logical cloud with clusters (this API is called multiple times)
- Updates the cluster document with the cluster name, loadbalancer ip every time its called
- Add quota for logical cloud
- The quota module creates a quota document containing the quota details
- Apply API is called
- Service mesh module gets CA bundle from CA controller via gRPC
- Service mesh module gets names of logical cloud and creates a new namespace name using name of logical cloud name
- Service mesh module creates helm template/istioctl manifest (WIP)
- Service mesh module creates service mesh document in the DCM collection and stores the above (CA bundle contents, istio namespace, istioctl manifest) in the document
- DCM informs the resource synchronizer to start the logical cloud creation via gRPC and the resource synchronizer starts reading from the DB
- The DCM gets status from the resource synchronizer via gRPC
- When the logical cloud creation is complete, the resource synchronizer will store the modified kubeconfig file for each cluster in the cluster document of the logical cloud
The details of the DCM Data Model can be found in DCM MongoDB Data Model
DCM Source Code Directory Structure
dcm
├── core
│ └── main.go
├── namespace-controller
│ └── namespace.go
├── quota-controller
│ └── quota.go
├── service-mesh-controller
│ └── service-mesh.go
└── user-controller
└── user.go
GO API
| Code Block |
|---|
|
func createNamespace(logicalCloudName Namespace string) error //Stores the namespace for the logical cloud in the database
func createUser(user logicalCloudName string permissions []map[string]map[string][]string) error //Stores the user details |
...
Image Removed
Fig 2: Showing Logical Clouds spanning multiple edge location. Istio Replicated Control planes are used and in each cluster, there is an istio control plane per logical cloud
API
1. Create Logical Cloud
| Code Block |
|---|
| language | js |
|---|
| title | Logical Cloud Creation API |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds
POST BODY:
{
"name": "lc-1", //unique name for the record
"logical-cloud-name" : "logical-cloud-1",
"namespace" : "ns-1", // one namespace per logical cloud
"description": "logical cloud for walmart finance department", //description for the logical cloud
"user"in :the {database
func createKVpair(name description string "user-name" : "user-1",userData map[string]string kvPair []map[string]string) error //nameStores ofa usernew forkey thisvalue cloud
pair in the "type" : "certificate", //type of authentication credentials used by user (certificate, Token, UNPW)
"user-key" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA+mQXMRYV4H6/YhLQHTQ7brwP9AhRgU87HweU9TJ7+iJsFfAh\nOGWkURUPriF5dZYRqO451HyizZ5gWGFgvPhRexiBv1OB7FbVa6PSHkn5UhqmONFo\nGG4bqsEe7vr8ZU/cJIaUIGu9IdQ4ww3JyUQ9dB2O8YdnGELeWcmcc9VdHh/J/dg5\n1noP4lFTMZoHNIrFZ0MtvMQrz+SE6Xd1nDK0BaRjllzqta0lqkdweEYUwtQUKq6m\n6XcC8latnnICNimb9h7jHo0MS+sQVFAwgAzu2Z4ryt9lRAC8qmBPDPpRRcutyJAF\n2Lv4UMHI41evHh8q37BCPZn8SXZ3mVlVRkkWRQIDAQABAoIBAQCNxWxIM7wRT1Kn\nggVp87APA9Z4ktkrQSQ1boKNzpbZyvGt/jehChPegPFO4880n9LB9pix0hwQFjNw\n9znh5SulafvUy8CNg6D1gF0xHytWrJYfJ5or8vQhW5VbNKsB5hS8baKjNL1y0QmO\nj1kIZ2XwP+g2ozbhSsNAzWGTSGSf77sljH1UfR8rU1DloSTGOcDv+PHfFtZ/ICbC\n/jwHW9Gzej7ZRVfX7W5bLQjPlHq4p0pD02L26byaYLZEC/KA6ZX/ZtAbR8ZsUAw4\ngCTkIKgwzPMooyxbp7bjwMl7BebhLmFkZL9FlDLOT6ldh07CWKsMgYNxklgOQqMq\n+wHb2shBAoGBAP7xgqNOZPtQ5a2Lt+OuVj/mFGgbwHxhx2oKimc+xkwUvPN4GW5x\nHbbS3XoZc7UgxAyGmikNly+ZzrOCyDKeR6M/wkGxAn8/DlNZ7IPM+8X0IHCNmZc7\nGbR16Yzj/dclDxwD9j29RId6U33IveH64PsdYHMZvOHhDX7/QnPLXMfxAoGBAPtt\nwBFI+XBEG3j9yGcf6twvZXDDt9yQPQi/CDeaVeMrGOM0B04QRWe0KFGcpfhASJFE\nhJgrYxFmuFylzomHQW0gKKg6yUyUKyCjBK/ZthWTgLnQaVy05Ks5bS5Z3N+hvtlY\nqJNLHxN9trpVrAiGwCyXWRauipLIpVdMvmxfAyeVAoGBAPRstjQ96AEvWVUe/IoU\nzmpq+6uo184orNjVDEbaX6H3zASdY7yIRNXQqzjyCAZjSLM9pbWwav/fNdbTj39A\nUyyH54W14NAAs4pkT6c5szXhzew7RkNBDW8AEY/b0rYfuLHCdqZQvNArDrss6Cgt\nsN/xFVSlG3twmtDXBXBEG3jYYREWO89REwkjleOPLmnjleOPLmnFZaqlLrB+1K4u\n1niUx6K77SGlEnqNV1caqfzl7tkKPfdnL7NCQPWZS9VRok/S/GiSoislNnpNXOmQ\nNCVgp3gLCw+k0R/2WgnZLpGCAmaaLkmjwm9nXsOcZaHnti9x3pGb5CCwvFfECOLz\nF6NaMBUCgYBvvQ0/eLqlHj1YXBEG3jYYREWO89REwkjleOPLmn1fQsa4vZBXN8yN\nZBHj6mPaIm9s+Ca/a1kfAo/Kv5aqaNN5A0GmHOaUNZaYnJ46aH/Qieoa5ICs02J/\n/jHwoXzvehtr3b8ncDXq9PS+4eDfHwJjIDbmQ0FRcH4wmZLg45zlwg==\n-----END RSA PRIVATE KEY-----\n",
"user-csr" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICajCCAVICAQAwJTERMA8GA1UEAwwIZW1wbG95ZWUxEDAOBgNVBAoMB2JpdG5h\nbWkwggEiMXBEG3jYYREWO89REwkjleOPLmnAwggEKAoIBAQD6ZBcxFhXgr9iEtAd\nNDtuvA/0CFGBTzsfB5T1Mnv6ImwV8CE4ZaRRFQ+uIXl1lhGo7jnUfKLNnmBYYWC8\n+FF7GIG/U4HsVteeeeeeflSGqY40WgYbhruqwR7u+vxlT9wkhpQga70h1DjDDcnJ\nRD10HY7xh2cYQt5ZyZxz1V0123jldoewjg/iUVMxmgc0isVnQy28xCvP5ITpd3Wc\nMrQFpGOWXOq1rSWqR3B4RhTC1BQqrqbpdwLyVq2ecgI2KZv2HuMejQxL6xBUUDCA\nDO7ZnivK32VEALyqYE8M+lFFy63IkAXYu/hQwcjjV68eHyrfsEI9mfxJdneZWVVG\nSRZFAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAyuTVpshvkTo9bQkhMHFaPSdU\neqNM8NF/SZAdM/nWE5Q9wIeQLxu7FFP1UGz+b/bmxGp/o4bfrjC/4yjUWA4zUAfP\nBf7kUvJFSCdcTClyD5u9oL0ZGDc3ZZM3BgFT2PjXdr8cufkh3OjY6IVExA365NFP\nVyk7Bo13FhORHgVZUinK7s2COylidSOEMnwg71Rxf1S2UMm8sV4duWdVqep6ic31\nK8ghF27F5XBEG3jYYREWO89REwkjleOPLmnaN+n2I4nSD0JkD3w1v6XUQqXSV9WC\n3cNAmRWv0JJVRXvXk5x5Etr0oza2BDPrrZzKw94dsjsu5fWvWeeqtovWzUboiw==\n-----END CERTIFICATE REQUEST-----\n",
"cloud-ca-key" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA+mQXMRYV4H6/YhLQHTQ7brwP9AhRgU87HweU9TJ7+iJsFfAh\nOGWkURUPriF5dZYRqO451HyizZ5gWGFgvPhRexiBv1OB7FbVa6PSHkn5UhqmONFo\nGG4bqsEe7vr8ZU/cJIaUIGu9IdQ4ww3JyUQ9dB2O8YdnGELeWcmcc9VdHh/J/dg5\n1noP4lFTMZoXBEG3jYYREWO89REwkjleOPLmnllzqta0lqkdwXBEG3jYYREWO89R\n6XcC8latnnICNimb9h7jHo0MS+sQVFAwgAzu2Z4ryt9lRAC8qmBPDPpRRcutyJAF\n2Lv4UMHI41evHh8XBEG3jYYREWO89REwkjleOPLmnQABAoIBAQCNxWxIM7wRT1Kn\nggVp87APA9Z4ktkrQSQ1boKNzpbZyvGt/jehChPegPFO4880n9LB9pix0hwQFjNw\n9znh5SulafvUy8CNg6D1gF0xHytWrJYfJ5or8vQhW5VbNKsB5hS8baKjNL1y0QmO\nj1kIZ2XwP+g2ozbhSsNAzWGTSGSf77sljH1UfR8rU1DloSTGOcDv+PHfFtZ/ICbC\n/jwHW9Gzej7ZRVfX7W5bLQjPlHq4p0pD02L26byaYLZEC/KA6ZX/ZtAbR8ZsUAw4\ngCTkIKgwzPMooyXBEG3jYYREWO89REwkjleOPLmnFlDLOT6ldKsMgYNxklgOQqMq\n+wHb2shBAoGBAP7xgqNOZPtQ5a2Lt+OuVj/mFGgbwHxhx2oKimc+xkwUvPN4GW5x\nHbbS3XoZc7UgxAyGmikNly+ZzrOCyDKeR6M/wkGxAn8/DlNZ7IPM+8X0IHCNmZc7\nGbR16Yzj/dclDxwD9j29RId6U33IveH64PsdYHMZvOHhDX7/QnPLXMfxAoGBAPtt\nwBFI+XBEG3jYYREWO89REwkjleOPLmn/CDeaVeMrGOM0B04QRWe0KFGcpfhASJFE\nhJgrYxFmuFylzomHQW0gKKg6yUyUKyCjBK/ZthWTgLnQaVy05Ks5bS5Z3N+hvtlY\nqJNLHxN9trpVrAiGwCyXWRauipLIpVdMvmxfAyeVAoGBAPRstjQ96AEvWVUe/IoU\nzmpq+6uo1XBEG3jYYREWO89REwkjleOPLmnRNXQqzjyCAZjSLM9pbW/fNdbTj39A\nUyyH54W14NAAs4pkT6c5szXhzew7RkNBDW8AEY/b0rYfuLHCdqZQvNArDrss6Cgt\nsN/xFVSlG3twmtDkiGCeW/DxAoGAVhAWO5RwFZaqlLrB+1K4kNAEeBn2eKBC1BiX\n1niUx6K77SGlEnqNV1caqXBEG3jYYREWO89REwkjleOPLmn/S/GiSislNnpNXOmQ\nNCVgp3gLCw+k0R/2WgnZLpGCAmaaLkmjwm9nXsOcZaHnti9x3pGb5CCwvFfECOLz\nF6NaMBUCgYBvvQ0/eLqlHj1Yj5GvetLJmMtc25fsyP4xily1fQsa4vZBqTNXN8yN\nZBHj6mPaIm9s+Ca/a1kfAo/Kv5aqaNN5A0GmHOaUNZaYnJ46aH/Qieoa5ICs02J/\n/jHwoXzvehtr3b8ncDXq9PS+4eDfHwJjIDbmQ0FRcH4wmZLg45zlwg==\n-----END RSA PRIVATE KEY-----\n",
"cloud-ca-crt" : "-----BEGIN CERTIFICATE-----\nYYECyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl\ncm5lAf8UUUUwjeiikoRtEWVFgQADggEBAHFByNTQyMloXDTMwMDExMzIyNTQyMlo\nAxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvy\nZR2kGgm58rmEF1gAf8UUUUwjeiikoRtEWVFgQADggEBAHFBGrjw1f8dpZkMI7TXn\nvVCbaJnPpFoVsH211LEV1kZjCdYjH+Bp8UCZtZNfrakZ5MOuEn41yil4qU1qFpXr\nuuIVFWKI74o7XJ+9WeT6fu0RtF4c+Zz+r3mf7aagzopxJ5O727MtZCyo2GicIw82\nMnJe+lpg47Du3p+Bs9VxpCMV8TLPCYaqUFGefuSnsLzB9aGPbZ2/dZS+BYzTbuub\ngJsnlJwZ6gZ+VBJXkqpSxfbSXQ7WeKGPd2JmbM8Lqmwe1pKH2sgTK4rpn3wJw95S\nysMKejyi/SrfVr/YvdMCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB\n/wQFMAMBAf8UUUUwjeiikoRtEWVFgQADggEBAHFBwUBkDNz05wpiUVHZzWwgBVY8\nLTHWdYaIbi6sx+oEwuoIPWQw098/0OJVfsMW5wvzWSXM9wo3Gim2V16pl7A7etd/\n79fbOAZM8tmAG1YkhYIn7474ohNFV8Kv1jcvHQ+HDFYE4Gu0WQxAAOlFhvICJsUC\ndk7nfDJLE20kQ43VH2w7RH7rQUqEMVxUSeSMgbwLDBk9maP6o7F7lOFjBrbnhZVX\n407Svvi1Q3Lzx+nnIactbvFZPaAf8UUUUwjeiikoRtEWVFgQADggEBAHFBK13upx\nf+qHHV/0uUWf3obiICSOOjR1yVpwywHTW+Lxr3PYqt9oCSEq+b+OP16IUyk=\n-----END CERTIFICATE-----\n",
"permissions" : [
{ "permission-name" : "permission-1",
"apiGroups" : ["stable.example.com"],
"resources" : ["secrets", "pods"],
"verbs" : ["get", "watch", "list", "create"]
},
{ "permission-name" : "permission-2",
"apiGroups" : [""],
"resources" : ["configmaps"],
"verbs" : ["*"]
}
]
}
}
Return Status: 201
Return Body:
{
"name" : "logical-cloud-1",
"logical-cloud-name" : "logical-cloud-1",
"namespace" : "ns-1",
"user-name" : "user-1"
} |
Kubeconfig will be generated for the logical cloud
2. Get Logical Cloud kubeconfig
database
func addCluster(cluster logicalCloudName string) error //Associates a new cluster with the logical cloud
func addUserPermissions(user permissionName string apiGroups resources verbs []string) error
func applyConfig(logicalCloudName string) error //Talks to the Resource Synchronizer to start the actual creation of all the resources for the logical cloud
func getKVPair(name string) ([]map[string]string error)
func getClusterConfig(cluster logicalCloudName string) ([]byte, error) //Returns Kubeconfig for the cluster in JSON format
func getNamespace(logicalCloudName string) (string error)
func getUser(logicalCloudName string) (string error)
func getClusters(logicalCloudName string) ([]string error)
func getUserPermissions(user string) (([]map[string]map[string][]string) error) //Sample output [{"permission-1": {"apiGroups": ["stable.example.com"], "resources" : ["secrets", "pods"], "verbs" : ["get", "watch", "list", "create"] }},
{"permission-2": {"apiGroups": [""], "resources" : ["configmaps"], "verbs" : ["*"] }}]
|
Service Mesh API
| Code Block |
|---|
| language | vb |
|---|
| title | Service Mesh API |
|---|
|
func create_mesh () {
func get_lc_clusters() (map[string]string) //Returns a map containing a mapping of cluster names to load balancer ip address
func create_mesh_namespace(logical-cloud-name, []clusters)
func create_ca_secrets(logical-cloud-name){
func get_ca_certs(url)
}
func install_helm([] clusters) (or install istioctl)
func create_helm_chart() (or istioctl manifest)
}
|
REST API
API to Create Logical Cloud Name and Associate some components
Create Logical cloud name for new logical cloud, add user name, namespace and user permissions
| Code Block |
|---|
| language | js |
|---|
| title | Logical Cloud Creation API |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds
POST BODY:
{
"metadata" : {
"name": "lc-1", //unique name for the record
"description": "logical cloud for walmart finance department", //description for the logical cloud
"userData1":"<user data>",
"userData2":"<user data>"
},
"spec" : {
"namespace" : "ns-1", // one namespace per logical cloud
"user" : {
"user-name" : "user-1", //name of user for this cloud (username and logical cloud name would be used as subject for the user key)
"type" : "certificate", //type of authentication credentials used by user (certificate, Token, UNPW)
"user-permissions" : [
{ "permission-name" : "permission-1",
"apiGroups" : ["stable.example.com"],
"resources" : ["secrets", "pods"],
"verbs" : ["get", "watch", "list", "create"]
},
{ "permission-name" : "permission-2", |
| Code Block |
|---|
| language | js |
|---|
| title | Get Logical cloud kubeconfig |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kubeconfig?cluster-reference=cluster-1
GET
Return Status: 201
Return Body :
{
"apiVersion": "v1",
"clusters": [
{
"cluster": {
"apiGroups" : [""],
"certificate-authority-dataresources" : ["LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01ERXhOakl5TlRReU1sb1hEVE13TURFeE16SXlOVFF5TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXZ5ClpSMmtHZ201OHJtRUYxZ0VVNDlwR281TjR5WlZzbUtsemJxeitHcmp3MWY4ZHBaa01JN1RYbm1xaXdjbmpiZksKdlZDYmFKblBwRm9Wc0gyMTFMRVYxa1pqQ2RZakgrQnA4VUNadFpOZnJha1o1TU91RW40MXlpbDRxVTFxRnBYcgpvMnAvTTJNSTc0bzdYSis5V2VUNmZ1MFJ0RjRjK1p6K3IzbWY3YWFnem9weEo1TzcyN010WkN5bzJHaWNJdzgyCk1uSmUrbHBnNDdEdTNwK0JzOVZ4cENNVjhUTFBDWWFxVUZHZWZ1U25zTHpCOWFHUGJaMi9kWlMrQll6VGJ1dWIKZ0pzbmxKd1o2Z1orVkJKWGtxcFN4ZmJTWFE3V2VLR1BkMkptYk04THFtd2UxcEtIMnNnVEs0cnBuM3dKdzk1Uwp5c01LZWp5aS9TcmZWci9ZdmRNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFIRkJ3VUJrRE56MDV3cGlVVkhaeld3Z0JWWTgKTFRIV2RZYUliaTZzeCthTUhIOFF3cERhSUIvME9KUlZmc01XNXd2eldTWE05d28zR2ltMlYxNnBsN0E3ZXRkLwo3OWZiT0FaTTh0bUFHMVlraFlJbjc0NzRvaE5GZjhLdjFqY3ZIUStIREZZRTRHdTBXUXhBQU9sRmh2SUNKc1VDCmRrN25mREpMRTIwa1E0M1ZIMnc3Ukg3clFVcUVNVnhVU2VTTWdid0xEQms5bWFQNm83RjdsT0ZqQnJibmhaVlgKNDA3U3Z2aTFRM0x6eCtubklhY3RidkZaUGFDRlpPMlkvS0dpcFpYM3o0R3hiR0sxM3VweExuSllHZEI4eFBrRApmK3FISFYvMHVVV2Yzb2JpSUNTT09qUjF5VnB3eXdIVFcrTHhyM1BZcXQ5b0NTRXErYitPUDE2SVV5az0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=configmaps"],
"verbs" : "server": "https://1.2.3.4:6443"["*"]
},
]
}
}
}
Return Status: 201
Return Body:
{
"name" : "kuberneteslogical-cloud-1",
"logical-cloud-name" }: "logical-cloud-1",
"namespace" : ]"ns-1",
"user-name" : "contexts": [
{
"context": {
"cluster": "cluster-1",
"user-1"
} |
PUT (Change logical cloud contents)
| Code Block |
|---|
| language | js |
|---|
| title | PUT Logical Cloud |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>
PUT BODY:
{
"metadata" : {
"name": "lc-1",
"description": "logical cloud for walmart finance department", //description for the logical cloud
"userData1":"<user data>",
"userData2":"<user data>"
},
"spec" : {
"namespace" : "ns-1", // one namespace per logical cloud
"user" : {
"user-name" user": "user-1"
, //name of user for this cloud (username and logical cloud name },
would be used as subject for the user key)
"nametype" : "user-1-context"
certificate", //type of authentication credentials used }
by user (certificate, Token, ],UNPW)
"currentuser-contextpermissions" : "user-1-context",[
"kind" { "permission-name" : "Configpermission-1",
"usersapiGroups" : ["stable.example.com"],
{
"resources" : ["secrets", "pods"],
"nameverbs" : ["user-1get",
"watch", "list", "create"]
},
"user": {
{ "permission-name" : "permission-2",
"client-certificate-dataapiGroups" : ["LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJZVovY05tQVE5NGd3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TURBeE1UWXlNalUwTWpKYUZ3MHlNVEF4TVRVeU1qVTBNamhhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW0zblA0eTdURjNrZldaZFoKaFdaV2RTSWZlNlpkbTdWK1BpcER6UWFHMTVuU0ZNSVRSeFVyYkhHdWlzakZQRlAzbUIyT09yN3BSQjJab3VDegppOFlYS21iYjJ6K2tjeWZxT1drcHhmTzlHQlV6SlYxL1BoUGU2dGRaSEp3c3FtNlhYZ2xkcTEvNjBSTWNwUVUxCi9LOXNZNHhWQ1djSkN4SEkvTnp4VDY0TU5zQlF3VldONXZWTTJOUDJtZDFOa2x2S3J2bnFRUERXTGxVWEx2THIKK2NESk50VytxcFc4dzVreXF5YWp1ZHQ4ZGw0dzZSY3FnL3VnbXRVMHRnVEdxcFdSYm5yZlFMSzBsaGJKejVMTgpmK1pNTjRCYllxWGRBZ2hFMTNEeHhYd2tHUHdnL3h0aFhManBaQzhjeTNlV0hCenV2cWY1aWJ2S0hRQ20zRmFjCjhBTlVpUUlEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDV3BuY1RhTWowOWZDL25CQTF1NWhkbFQrQmdhc3NZSFVEeQplM2tQUXJlUXdseUhYTGtWdDdiSkIxT0l6Y1V3K2M5MVF6Mm9lRFBaNzZGNGlQMTd5RUgrUFZrMVVUSzBLRU9jCjM2cVpXTUdMK0ptZy9wTnFBNXRsNG1EUTVneFhHTENpa2JiYzRTM0oxL0FicmFVakRtM1FEOTd6UEhSUkZnN2oKN2VXMnB2V3ZEakRTWDZGejY0dEorRHB2NUpGZGRHNU5lQVErZ0hNOWFPVUdCVG1oZlYzZnl1NzkzV0cyUGlxMgpMMlZQU0YycU5DRG96Y3Z3am84VHkxbUpXSzIvTkVjN2ZMd24wbml3UTd3aXpMWHU0N1hvL3Frb2pBMUN6MW9YCkhid1JQMjZXdVNDTGpnNnpHVUh3VnBZWmV4Z3pkY05CRERQTnlPem94RTFwUVlXRXkrZz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
"client-key-data"],
"resources" : ["LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbTNuUDR5N1RGM2tmV1pkWmhXWldkU0lmZTZaZG03VitQaXBEelFhRzE1blNGTUlUClJ4VXJiSEd1aXNqRlBGUDNtQjJPT3I3cFJCMlpvdUN6aThZWEttYmIyeitrY3lmcU9Xa3B4Zk85R0JVekpWMS8KUGhQZTZ0ZFpISndzcW02WFhnbGRxMS82MFJNY3BRVTEvSzlzWTR4VkNXY0pDeEhJL056eFQ2NE1Oc0JRd1ZXTgo1dlZNMk5QMm1kMU5rbHZLcnZucVFQRFdMbFVYTHZMcitjREpOdFcrcXBXOHc1a3lxeWFqdWR0OGRsNHc2UmNxCmcvdWdtdFUwdGdUR3FwV1JibnJmUUxLMGxoYkp6NUxOZitaTU40QmJZcVhkQWdoRTEzRHh4WHdrR1B3Zy94dGgKWExqcFpDOGN5M2VXSEJ6dXZxZjVpYnZLSFFDbTNGYWM4QU5VaVFJREFRQUJBb0lCQURSeCs3RTd5MU1ndFhXSQpPMWRuZFFTZ0ZSU2x3dS9TWWhwZ01XeklwZFcyZW9vc0NVcXlGbXJIVWtSWWcwZmRYeWk5MTR0emVNWlVZYzN5CmxENHkvUDk5b080dFlyREJweDNrbm9XNnVXK1ZQeUo4am42SFAydmlacG5qQ0tJWkdoQkxnb0JicVFTN3VLN2wKdWhkWnFXdFBIQ1JHMEdNZWhiamVZcndwRHMrc3V5Y0tUNlh2OGR0am9PRGlSenpodTBBWjErSDBMbC9MaUp5NgpubUF1M3IzUDN2dGt1ZndoOXB2SjA2TjhHVWhRZFlvVENBMHQ4c0lEN0Q0ZUZGcXdjM2FVTmlyVGdtcllmcVFkCnJQMnRUMkYxbEE5bEJ1bUJmNDBCUFMrejR0MS92Tk5XSEtseFFzaDRkTnNJczlFbHB1YkVTMlovbmJkUHpEOXUKUHlmWmNCMENnWUVBemZEZ21TVVZ2REpJMEZWWnNENWszNWxRWFpmQ3ZLZWpaaU5ScTZzaDlROUhBcTdaN3dESwo3RmNHSGZFQVhNZ1YyQ2VibUtkbFZ4aFJMQUVQb0todzNCbG94RlhiNC9ESytYdmV0ek4vUnQzQ0VGN29jZTFECko0eXVTS0pYR25RVW82NXV6RVBJMmVVdi81Njh5dEdDdXlNRmdIZDNTRHBxeUZqSjhlVXp3RGNDZ1lFQXdVU2kKVVpkMTEzVnFWeEpUQytSeTlsRzNIeGZFekhBbUdkMXNQNFdmYm9nZ3hjbmZrZk9ndU1ua0dzVVNnNGZjN3BKNworVDd2dFg2QVRXQkUzeUV1SHdMcytJd2VQT2RFeDNBZytSYnBKU25pTEc2WmUxdER0K2NtdTdObGZGRWRuR0l2CkUvTkt1c3FLdmduN3FzK216OHR5UmwxZ0pYMGdjT3J1TFVnbnNUOENnWUVBaGlUdUY3TnBXZ0lqSGRsS3A1dXMKMTEwbFZTR2lqb0pmMUFzVGlzL1pPYWh1NTlkL1M4aG5aZFUxdmRFYkhGU1VyZ3oydEZQdGxmTFlCT0xZREIxTQpEb0phbFBFY1gzaWNyaSs2bmZqa1lnUFhBaFRnTWoyTExicmNWNkd2UFNMNXdyaS9vVHhTRzJUSGhDa2c3cmZVCkFSUEo1S2xzd0ZhVThkV3NEVzN2N0xjQ2dZQlhlZGc2TStLcmpjSisvSlZJR2JPTEY3dFp3R2xiMnhyenRBdk4KeUk0NytqTlRNcWNWcVg3Q2hPYlEwd2dwTG5KcUxUVWR3RVhCRVN2RFdlSnlWOU5IU0F5NEJydWM5MVJqTExaUAo1L1hJMDJkQ2t5QzIrN3p2M1JqajlqUG1DOVRxTm1wMmpqVHh6TUQxZVJGRzQ4dnQyM2l5cm9yWkRRU0U5MkNzCmNDOC9Bd0tCZ1FDamRrVTNOcWFPZHUzMlpkWm5IK0cxY0NwbGtRK1VFZXNmTlcrWjdiWWtocng2Z2l6eCtjY0UKS3FhNTRxTmJkQVdLQXRzSU5lZ3pQU0toV0g0eXFnaWYrNmQ1aVVZUlFoUUhNVG0yTHpEQ2xGQ001N2FPdmQ3YQpNUEZxR3BNV2tqVmlnZjlwdHV3YW1qWkYwbm5MUVE5dWIzMlB3Zjk0Yzl4NFBEdkpmdTQrUHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=configmaps"],
"verbs" }: ["*"]
}
]
} |
3. PUT (Change logical cloud contents)
| Code Block |
|---|
| language | js |
|---|
| title | PUT Logical Cloud |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<name>
PUT BODY:
{
}
}
}
Return Status: 200 (OK)
Return Body:
{
"name" : "logical-cloud-1",
"logical-cloud-name" : "logical-cloud-1",
"namespace" : "ns-1", // one namespace per logical cloud
"description": "logical cloud for walmart financeuser" : "user-1"
}
|
GET Logical Cloud
| Code Block |
|---|
| language | js |
|---|
| title | GET Logical Cloud |
|---|
|
GET
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>
RESPONSE BODY:
{
"metadata" : {
"name": "lc department", //description for the logical cloud
"user" : {
"user-name" : "user-1", //unique name of user for thisthe cloudrecord
"typedescription" : "certificate",logical cloud for //type of authentication credentials used by user (certificate, Token, UNPW)
"user-keywalmart finance department", //description for the logical cloud
"userData1":"<user data>",
"userData2":"<user data>"
},
"spec" : {
"namespace" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA+mQXMRYV4H6/YhLQHTQ7brwP9AhRgU87HweU9TJ7+iJsFfAh\nOGWkURUPriF5dZYRqO451HyizZ5gWGFgvPhRexiBv1OB7FbVa6PSHkn5UhqmONFo\nGG4bqsEe7vr8ZU/cJIaUIGu9IdQ4ww3JyUQ9dB2O8YdnGELeWcmcc9VdHh/J/dg5\n1noP4lFTMZoHNIrFZ0MtvMQrz+SE6Xd1nDK0BaRjllzqta0lqkdweEYUwtQUKq6m\n6XcC8latnnICNimb9h7jHo0MS+sQVFAwgAzu2Z4ryt9lRAC8qmBPDPpRRcutyJAF\n2Lv4UMHI41evHh8q37BCPZn8SXZ3mVlVRkkWRQIDAQABAoIBAQCNxWxIM7wRT1Kn\nggVp87APA9Z4ktkrQSQ1boKNzpbZyvGt/jehChPegPFO4880n9LB9pix0hwQFjNw\n9znh5SulafvUy8CNg6D1gF0xHytWrJYfJ5or8vQhW5VbNKsB5hS8baKjNL1y0QmO\nj1kIZ2XwP+g2ozbhSsNAzWGTSGSf77sljH1UfR8rU1DloSTGOcDv+PHfFtZ/ICbC\n/jwHW9Gzej7ZRVfX7W5bLQjPlHq4p0pD02L26byaYLZEC/KA6ZX/ZtAbR8ZsUAw4\ngCTkIKgwzPMooyxbp7bjwMl7BebhLmFkZL9FlDLOT6ldh07CWKsMgYNxklgOQqMq\n+wHb2shBAoGBAP7xgqNOZPtQ5a2Lt+OuVj/mFGgbwHxhx2oKimc+xkwUvPN4GW5x\nHbbS3XoZc7UgxAyGmikNly+ZzrOCyDKeR6M/wkGxAn8/DlNZ7IPM+8X0IHCNmZc7\nGbR16Yzj/dclDxwD9j29RId6U33IveH64PsdYHMZvOHhDX7/QnPLXMfxAoGBAPtt\nwBFI+XBEG3j9yGcf6twvZXDDt9yQPQi/CDeaVeMrGOM0B04QRWe0KFGcpfhASJFE\nhJgrYxFmuFylzomHQW0gKKg6yUyUKyCjBK/ZthWTgLnQaVy05Ks5bS5Z3N+hvtlY\nqJNLHxN9trpVrAiGwCyXWRauipLIpVdMvmxfAyeVAoGBAPRstjQ96AEvWVUe/IoU\nzmpq+6uo184orNjVDEbaX6H3zASdY7yIRNXQqzjyCAZjSLM9pbWwav/fNdbTj39A\nUyyH54W14NAAs4pkT6c5szXhzew7RkNBDW8AEY/b0rYfuLHCdqZQvNArDrss6Cgt\nsN/xFVSlG3twmtDXBXBEG3jYYREWO89REwkjleOPLmnjleOPLmnFZaqlLrB+1K4u\n1niUx6K77SGlEnqNV1caqfzl7tkKPfdnL7NCQPWZS9VRok/S/GiSoislNnpNXOmQ\nNCVgp3gLCw+k0R/2WgnZLpGCAmaaLkmjwm9nXsOcZaHnti9x3pGb5CCwvFfECOLz\nF6NaMBUCgYBvvQ0/eLqlHj1YXBEG3jYYREWO89REwkjleOPLmn1fQsa4vZBXN8yN\nZBHj6mPaIm9s+Ca/a1kfAo/Kv5aqaNN5A0GmHOaUNZaYnJ46aH/Qieoa5ICs02J/\n/jHwoXzvehtr3b8ncDXq9PS+4eDfHwJjIDbmQ0FRcH4wmZLg45zlwg==\n-----END RSA PRIVATE KEY-----\n",
"user-csr" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICajCCAVICAQAwJTERMA8GA1UEAwwIZW1wbG95ZWUxEDAOBgNVBAoMB2JpdG5h\nbWkwggEiMXBEG3jYYREWO89REwkjleOPLmnAwggEKAoIBAQD6ZBcxFhXgr9iEtAd\nNDtuvA/0CFGBTzsfB5T1Mnv6ImwV8CE4ZaRRFQ+uIXl1lhGo7jnUfKLNnmBYYWC8\n+FF7GIG/U4HsVteeeeeeflSGqY40WgYbhruqwR7u+vxlT9wkhpQga70h1DjDDcnJ\nRD10HY7xh2cYQt5ZyZxz1V0123jldoewjg/iUVMxmgc0isVnQy28xCvP5ITpd3Wc\nMrQFpGOWXOq1rSWqR3B4RhTC1BQqrqbpdwLyVq2ecgI2KZv2HuMejQxL6xBUUDCA\nDO7ZnivK32VEALyqYE8M+lFFy63IkAXYu/hQwcjjV68eHyrfsEI9mfxJdneZWVVG\nSRZFAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAyuTVpshvkTo9bQkhMHFaPSdU\neqNM8NF/SZAdM/nWE5Q9wIeQLxu7FFP1UGz+b/bmxGp/o4bfrjC/4yjUWA4zUAfP\nBf7kUvJFSCdcTClyD5u9oL0ZGDc3ZZM3BgFT2PjXdr8cufkh3OjY6IVExA365NFP\nVyk7Bo13FhORHgVZUinK7s2COylidSOEMnwg71Rxf1S2UMm8sV4duWdVqep6ic31\nK8ghF27F5XBEG3jYYREWO89REwkjleOPLmnaN+n2I4nSD0JkD3w1v6XUQqXSV9WC\n3cNAmRWv0JJVRXvXk5x5Etr0oza2BDPrrZzKw94dsjsu5fWvWeeqtovWzUboiw==\n-----END CERTIFICATE REQUEST-----\n",
"cloud-ca-key" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA+mQXMRYV4H6/YhLQHTQ7brwP9AhRgU87HweU9TJ7+iJsFfAh\nOGWkURUPriF5dZYRqO451HyizZ5gWGFgvPhRexiBv1OB7FbVa6PSHkn5UhqmONFo\nGG4bqsEe7vr8ZU/cJIaUIGu9IdQ4ww3JyUQ9dB2O8YdnGELeWcmcc9VdHh/J/dg5\n1noP4lFTMZoXBEG3jYYREWO89REwkjleOPLmnllzqta0lqkdwXBEG3jYYREWO89R\n6XcC8latnnICNimb9h7jHo0MS+sQVFAwgAzu2Z4ryt9lRAC8qmBPDPpRRcutyJAF\n2Lv4UMHI41evHh8XBEG3jYYREWO89REwkjleOPLmnQABAoIBAQCNxWxIM7wRT1Kn\nggVp87APA9Z4ktkrQSQ1boKNzpbZyvGt/jehChPegPFO4880n9LB9pix0hwQFjNw\n9znh5SulafvUy8CNg6D1gF0xHytWrJYfJ5or8vQhW5VbNKsB5hS8baKjNL1y0QmO\nj1kIZ2XwP+g2ozbhSsNAzWGTSGSf77sljH1UfR8rU1DloSTGOcDv+PHfFtZ/ICbC\n/jwHW9Gzej7ZRVfX7W5bLQjPlHq4p0pD02L26byaYLZEC/KA6ZX/ZtAbR8ZsUAw4\ngCTkIKgwzPMooyXBEG3jYYREWO89REwkjleOPLmnFlDLOT6ldKsMgYNxklgOQqMq\n+wHb2shBAoGBAP7xgqNOZPtQ5a2Lt+OuVj/mFGgbwHxhx2oKimc+xkwUvPN4GW5x\nHbbS3XoZc7UgxAyGmikNly+ZzrOCyDKeR6M/wkGxAn8/DlNZ7IPM+8X0IHCNmZc7\nGbR16Yzj/dclDxwD9j29RId6U33IveH64PsdYHMZvOHhDX7/QnPLXMfxAoGBAPtt\nwBFI+XBEG3jYYREWO89REwkjleOPLmn/CDeaVeMrGOM0B04QRWe0KFGcpfhASJFE\nhJgrYxFmuFylzomHQW0gKKg6yUyUKyCjBK/ZthWTgLnQaVy05Ks5bS5Z3N+hvtlY\nqJNLHxN9trpVrAiGwCyXWRauipLIpVdMvmxfAyeVAoGBAPRstjQ96AEvWVUe/IoU\nzmpq+6uo1XBEG3jYYREWO89REwkjleOPLmnRNXQqzjyCAZjSLM9pbW/fNdbTj39A\nUyyH54W14NAAs4pkT6c5szXhzew7RkNBDW8AEY/b0rYfuLHCdqZQvNArDrss6Cgt\nsN/xFVSlG3twmtDkiGCeW/DxAoGAVhAWO5RwFZaqlLrB+1K4kNAEeBn2eKBC1BiX\n1niUx6K77SGlEnqNV1caqXBEG3jYYREWO89REwkjleOPLmn/S/GiSislNnpNXOmQ\nNCVgp3gLCw+k0R/2WgnZLpGCAmaaLkmjwm9nXsOcZaHnti9x3pGb5CCwvFfECOLz\nF6NaMBUCgYBvvQ0/eLqlHj1Yj5GvetLJmMtc25fsyP4xily1fQsa4vZBqTNXN8yN\nZBHj6mPaIm9s+Ca/a1kfAo/Kv5aqaNN5A0GmHOaUNZaYnJ46aH/Qieoa5ICs02J/\n/jHwoXzvehtr3b8ncDXq9PS+4eDfHwJjIDbmQ0FRcH4wmZLg45zlwg==\n-----END RSA PRIVATE KEY-----\n",
"cloud-ca-crt" : "-----BEGIN CERTIFICATE-----\nYYECyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl\ncm5lAf8UUUUwjeiikoRtEWVFgQADggEBAHFByNTQyMloXDTMwMDExMzIyNTQyMlo\nAxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvy\nZR2kGgm58rmEF1gAf8UUUUwjeiikoRtEWVFgQADggEBAHFBGrjw1f8dpZkMI7TXn\nvVCbaJnPpFoVsH211LEV1kZjCdYjH+Bp8UCZtZNfrakZ5MOuEn41yil4qU1qFpXr\nuuIVFWKI74o7XJ+9WeT6fu0RtF4c+Zz+r3mf7aagzopxJ5O727MtZCyo2GicIw82\nMnJe+lpg47Du3p+Bs9VxpCMV8TLPCYaqUFGefuSnsLzB9aGPbZ2/dZS+BYzTbuub\ngJsnlJwZ6gZ+VBJXkqpSxfbSXQ7WeKGPd2JmbM8Lqmwe1pKH2sgTK4rpn3wJw95S\nysMKejyi/SrfVr/YvdMCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB\n/wQFMAMBAf8UUUUwjeiikoRtEWVFgQADggEBAHFBwUBkDNz05wpiUVHZzWwgBVY8\nLTHWdYaIbi6sx+oEwuoIPWQw098/0OJVfsMW5wvzWSXM9wo3Gim2V16pl7A7etd/\n79fbOAZM8tmAG1YkhYIn7474ohNFV8Kv1jcvHQ+HDFYE4Gu0WQxAAOlFhvICJsUC\ndk7nfDJLE20kQ43VH2w7RH7rQUqEMVxUSeSMgbwLDBk9maP6o7F7lOFjBrbnhZVX\n407Svvi1Q3Lzx+nnIactbvFZPaAf8UUUUwjeiikoRtEWVFgQADggEBAHFBK13upx\nf+qHHV/0uUWf3obiICSOOjR1yVpwywHTW+Lxr3PYqt9oCSEq+b+OP16IUyk=\n-----END CERTIFICATE-----\n",
"user-permissions" : [
{ "permission-name" : "permission-1",
"apiGroups" : ["stable.example.com"],
"resources" : ["secrets", "pods"],
"verbs" : ["get", "watch", "list", "create"]
},
{ "permission-name" : "permission-2",
"apiGroups" : [""],
"resources" : ["configmaps"],
"verbs" : ["*"]
}
]
}
}
Return Status: 200 (OK)
Return Body:
{
"name" : "logical-cloud-1",
"logical-cloud-name" : "logical-cloud-1",
"namespace" : "ns-1",
"user" : "user-1"
}
ns-1", // one namespace per logical cloud
"user" : {
"user-name" : "user-1", //name of user for this cloud (username and logical cloud name would be used as subject for the user key)
"type" : "certificate", //type of authentication credentials used by user (certificate, Token, UNPW)
"user-permissions" : [
{ "permission-name" : "permission-1",
"apiGroups" : ["stable.example.com"],
"resources" : ["secrets", "pods"],
"verbs" : ["get", "watch", "list", "create"]
},
{ "permission-name" : "permission-2",
"apiGroups" : [""],
"resources" : ["configmaps"],
"verbs" : ["*"]
}
],
"clusters" : ["cluster-1", "cluster-2", "cluster-3]
}
}
}
|
DELETE Logical Cloud
| Code Block |
|---|
| language | js |
|---|
| title | DELETE Logical Cloud |
|---|
|
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>
|
Logical Cloud Cluster API
POST (Associate cluster with logical cloud )
| Code Block |
|---|
| language | js |
|---|
| title | Associate logical cloud with cluster |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/cluster-references/
POST BODY:
{
"metadata" : {
"name": "lc-cl-1",
"description": "desc",
"userData1":"<user data>",
"userData2":"<user data>"
},
"spec" : {
"cluster-provider": "cp-1",
"cluster-name": "c1", //name of the cluster,
"loadbalancer-ip" : "0.0.0.0" //IP address of the istio loadbalancer for the logical cloud control plane in the cluster
}
}
}
Return Status: 200 (OK)
Return Body:
{
"cluster-name" : "cluster-1"
"loadbalancer-ip" : "0.0.0.0"
}
|
PUT
| Code Block |
|---|
| language | js |
|---|
| title | Update cluster in logical cloud |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/cluster-references/cluster-name
PUT BODY:
{
"loadbalancer-ip" : "0.0.0.0" //IP address of the istio loadbalancer for the logical cloud control plane in the cluster
}
Return Status: 200 (OK)
Return Body:
{
"cluster-name" : "cluster-1"
"loadbalancer-ip" : "0.0.0.0"
} |
GET
| Code Block |
|---|
| language | js |
|---|
| title | Get Clusters Associated with logical clouds |
|---|
|
GET
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/cluster-references/
RESPONSE BODY:
{ cluster-references : [
{ "cluster-name" : "c1",
"loadbalancer-ip" : "0.0.0.0
},
{ "cluster-name" : "c2",
"loadbalancer-ip" : "x.x.x.x
}
]
}
|
DELETE (Delete cluster from Logical 4. POST (Associate cluster with logical cloud)
| Code Block |
|---|
| language | js |
|---|
| title | Associate Delete Cluster from logical cloud with cluster |
|---|
|
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/cluster-references/<cluster-name>
POSTRESPONSE BODYSTATUS: 204
{
"name": "cluster-reference-1", //cluster reference record
"description" : "edge a cluster", //cluster description
"cluster-name" : "cluster-1}
|
Logical Cloud User Permissions API
Add user permissions
| Code Block |
|---|
| language | js |
|---|
| title | Add User permissions |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/user-permissions
POST BODY:
{ "name" : "permission-3",
"apiGroups" : [""],
"resources" : ["jobs"],
"verbs" : ["list"]
}
" //Name of the cluster
}
Return Status: 200 (OK)
Return Body:
{
"name" : "clusterpermission-reference-13",
"cluster-nameapiGroups" : ["cluster-1""],
"resources" : ["jobs"],
"verbs" : ["list"]
}
|
5. GET Logical CloudUser Permissions
| Code Block |
|---|
| language | js |
|---|
| title | GET Logical Cloud | Get User permissions |
|---|
|
GET
URL: /v2/projects/<project-name>/logical-clouds/<name>
RESPONSE BODY:
{
"logical-cloud-name<logical-cloud-name>/user-permissions
GET:
Return Body:
{"permissions" : "logical-cloud-1",[
"namespace { "name" : "nspermission-1",
// one namespace per logical cloud
"descriptionapiGroups" : "logical cloud for walmart finance department", //description for the logical cloud
"user" : {
["stable.example.com"],
"resources" : ["secrets", "pods"],
"user-nameverbs" : ["user-1get", //name of user for this cloud
"type"watch", "list", "create"]
},
{ "name" : "certificatepermission-2",
//type of authentication credentials used by"apiGroups" user (certificate, Token, UNPW)
: [""],
"user-keyresources" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA+mQXMRYV4H6/YhLQHTQ7brwP9AhRgU87HweU9TJ7+iJsFfAh\nOGWkURUPriF5dZYRqO451HyizZ5gWGFgvPhRexiBv1OB7FbVa6PSHkn5UhqmONFo\nGG4bqsEe7vr8ZU/cJIaUIGu9IdQ4ww3JyUQ9dB2O8YdnGELeWcmcc9VdHh/J/dg5\n1noP4lFTMZoHNIrFZ0MtvMQrz+SE6Xd1nDK0BaRjllzqta0lqkdweEYUwtQUKq6m\n6XcC8latnnICNimb9h7jHo0MS+sQVFAwgAzu2Z4ryt9lRAC8qmBPDPpRRcutyJAF\n2Lv4UMHI41evHh8q37BCPZn8SXZ3mVlVRkkWRQIDAQABAoIBAQCNxWxIM7wRT1Kn\nggVp87APA9Z4ktkrQSQ1boKNzpbZyvGt/jehChPegPFO4880n9LB9pix0hwQFjNw\n9znh5SulafvUy8CNg6D1gF0xHytWrJYfJ5or8vQhW5VbNKsB5hS8baKjNL1y0QmO\nj1kIZ2XwP+g2ozbhSsNAzWGTSGSf77sljH1UfR8rU1DloSTGOcDv+PHfFtZ/ICbC\n/jwHW9Gzej7ZRVfX7W5bLQjPlHq4p0pD02L26byaYLZEC/KA6ZX/ZtAbR8ZsUAw4\ngCTkIKgwzPMooyxbp7bjwMl7BebhLmFkZL9FlDLOT6ldh07CWKsMgYNxklgOQqMq\n+wHb2shBAoGBAP7xgqNOZPtQ5a2Lt+OuVj/mFGgbwHxhx2oKimc+xkwUvPN4GW5x\nHbbS3XoZc7UgxAyGmikNly+ZzrOCyDKeR6M/wkGxAn8/DlNZ7IPM+8X0IHCNmZc7\nGbR16Yzj/dclDxwD9j29RId6U33IveH64PsdYHMZvOHhDX7/QnPLXMfxAoGBAPtt\nwBFI+XBEG3j9yGcf6twvZXDDt9yQPQi/CDeaVeMrGOM0B04QRWe0KFGcpfhASJFE\nhJgrYxFmuFylzomHQW0gKKg6yUyUKyCjBK/ZthWTgLnQaVy05Ks5bS5Z3N+hvtlY\nqJNLHxN9trpVrAiGwCyXWRauipLIpVdMvmxfAyeVAoGBAPRstjQ96AEvWVUe/IoU\nzmpq+6uo184orNjVDEbaX6H3zASdY7yIRNXQqzjyCAZjSLM9pbWwav/fNdbTj39A\nUyyH54W14NAAs4pkT6c5szXhzew7RkNBDW8AEY/b0rYfuLHCdqZQvNArDrss6Cgt\nsN/xFVSlG3twmtDXBXBEG3jYYREWO89REwkjleOPLmnjleOPLmnFZaqlLrB+1K4u\n1niUx6K77SGlEnqNV1caqfzl7tkKPfdnL7NCQPWZS9VRok/S/GiSoislNnpNXOmQ\nNCVgp3gLCw+k0R/2WgnZLpGCAmaaLkmjwm9nXsOcZaHnti9x3pGb5CCwvFfECOLz\nF6NaMBUCgYBvvQ0/eLqlHj1YXBEG3jYYREWO89REwkjleOPLmn1fQsa4vZBXN8yN\nZBHj6mPaIm9s+Ca/a1kfAo/Kv5aqaNN5A0GmHOaUNZaYnJ46aH/Qieoa5ICs02J/\n/jHwoXzvehtr3b8ncDXq9PS+4eDfHwJjIDbmQ0FRcH4wmZLg45zlwg==\n-----END RSA PRIVATE KEY-----\n",
"user-csr" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICajCCAVICAQAwJTERMA8GA1UEAwwIZW1wbG95ZWUxEDAOBgNVBAoMB2JpdG5h\nbWkwggEiMXBEG3jYYREWO89REwkjleOPLmnAwggEKAoIBAQD6ZBcxFhXgr9iEtAd\nNDtuvA/0CFGBTzsfB5T1Mnv6ImwV8CE4ZaRRFQ+uIXl1lhGo7jnUfKLNnmBYYWC8\n+FF7GIG/U4HsVteeeeeeflSGqY40WgYbhruqwR7u+vxlT9wkhpQga70h1DjDDcnJ\nRD10HY7xh2cYQt5ZyZxz1V0123jldoewjg/iUVMxmgc0isVnQy28xCvP5ITpd3Wc\nMrQFpGOWXOq1rSWqR3B4RhTC1BQqrqbpdwLyVq2ecgI2KZv2HuMejQxL6xBUUDCA\nDO7ZnivK32VEALyqYE8M+lFFy63IkAXYu/hQwcjjV68eHyrfsEI9mfxJdneZWVVG\nSRZFAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAyuTVpshvkTo9bQkhMHFaPSdU\neqNM8NF/SZAdM/nWE5Q9wIeQLxu7FFP1UGz+b/bmxGp/o4bfrjC/4yjUWA4zUAfP\nBf7kUvJFSCdcTClyD5u9oL0ZGDc3ZZM3BgFT2PjXdr8cufkh3OjY6IVExA365NFP\nVyk7Bo13FhORHgVZUinK7s2COylidSOEMnwg71Rxf1S2UMm8sV4duWdVqep6ic31\nK8ghF27F5XBEG3jYYREWO89REwkjleOPLmnaN+n2I4nSD0JkD3w1v6XUQqXSV9WC\n3cNAmRWv0JJVRXvXk5x5Etr0oza2BDPrrZzKw94dsjsu5fWvWeeqtovWzUboiw==\n-----END CERTIFICATE REQUEST-----\n",
"cloud-ca-key" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA+mQXMRYV4H6/YhLQHTQ7brwP9AhRgU87HweU9TJ7+iJsFfAh\nOGWkURUPriF5dZYRqO451HyizZ5gWGFgvPhRexiBv1OB7FbVa6PSHkn5UhqmONFo\nGG4bqsEe7vr8ZU/cJIaUIGu9IdQ4ww3JyUQ9dB2O8YdnGELeWcmcc9VdHh/J/dg5\n1noP4lFTMZoXBEG3jYYREWO89REwkjleOPLmnllzqta0lqkdwXBEG3jYYREWO89R\n6XcC8latnnICNimb9h7jHo0MS+sQVFAwgAzu2Z4ryt9lRAC8qmBPDPpRRcutyJAF\n2Lv4UMHI41evHh8XBEG3jYYREWO89REwkjleOPLmnQABAoIBAQCNxWxIM7wRT1Kn\nggVp87APA9Z4ktkrQSQ1boKNzpbZyvGt/jehChPegPFO4880n9LB9pix0hwQFjNw\n9znh5SulafvUy8CNg6D1gF0xHytWrJYfJ5or8vQhW5VbNKsB5hS8baKjNL1y0QmO\nj1kIZ2XwP+g2ozbhSsNAzWGTSGSf77sljH1UfR8rU1DloSTGOcDv+PHfFtZ/ICbC\n/jwHW9Gzej7ZRVfX7W5bLQjPlHq4p0pD02L26byaYLZEC/KA6ZX/ZtAbR8ZsUAw4\ngCTkIKgwzPMooyXBEG3jYYREWO89REwkjleOPLmnFlDLOT6ldKsMgYNxklgOQqMq\n+wHb2shBAoGBAP7xgqNOZPtQ5a2Lt+OuVj/mFGgbwHxhx2oKimc+xkwUvPN4GW5x\nHbbS3XoZc7UgxAyGmikNly+ZzrOCyDKeR6M/wkGxAn8/DlNZ7IPM+8X0IHCNmZc7\nGbR16Yzj/dclDxwD9j29RId6U33IveH64PsdYHMZvOHhDX7/QnPLXMfxAoGBAPtt\nwBFI+XBEG3jYYREWO89REwkjleOPLmn/CDeaVeMrGOM0B04QRWe0KFGcpfhASJFE\nhJgrYxFmuFylzomHQW0gKKg6yUyUKyCjBK/ZthWTgLnQaVy05Ks5bS5Z3N+hvtlY\nqJNLHxN9trpVrAiGwCyXWRauipLIpVdMvmxfAyeVAoGBAPRstjQ96AEvWVUe/IoU\nzmpq+6uo1XBEG3jYYREWO89REwkjleOPLmnRNXQqzjyCAZjSLM9pbW/fNdbTj39A\nUyyH54W14NAAs4pkT6c5szXhzew7RkNBDW8AEY/b0rYfuLHCdqZQvNArDrss6Cgt\nsN/xFVSlG3twmtDkiGCeW/DxAoGAVhAWO5RwFZaqlLrB+1K4kNAEeBn2eKBC1BiX\n1niUx6K77SGlEnqNV1caqXBEG3jYYREWO89REwkjleOPLmn/S/GiSislNnpNXOmQ\nNCVgp3gLCw+k0R/2WgnZLpGCAmaaLkmjwm9nXsOcZaHnti9x3pGb5CCwvFfECOLz\nF6NaMBUCgYBvvQ0/eLqlHj1Yj5GvetLJmMtc25fsyP4xily1fQsa4vZBqTNXN8yN\nZBHj6mPaIm9s+Ca/a1kfAo/Kv5aqaNN5A0GmHOaUNZaYnJ46aH/Qieoa5ICs02J/\n/jHwoXzvehtr3b8ncDXq9PS+4eDfHwJjIDbmQ0FRcH4wmZLg45zlwg==\n-----END RSA PRIVATE KEY-----\n",
"cloud-ca-crt" : "-----BEGIN CERTIFICATE-----\nYYECyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl\ncm5lAf8UUUUwjeiikoRtEWVFgQADggEBAHFByNTQyMloXDTMwMDExMzIyNTQyMlo\nAxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvy\nZR2kGgm58rmEF1gAf8UUUUwjeiikoRtEWVFgQADggEBAHFBGrjw1f8dpZkMI7TXn\nvVCbaJnPpFoVsH211LEV1kZjCdYjH+Bp8UCZtZNfrakZ5MOuEn41yil4qU1qFpXr\nuuIVFWKI74o7XJ+9WeT6fu0RtF4c+Zz+r3mf7aagzopxJ5O727MtZCyo2GicIw82\nMnJe+lpg47Du3p+Bs9VxpCMV8TLPCYaqUFGefuSnsLzB9aGPbZ2/dZS+BYzTbuub\ngJsnlJwZ6gZ+VBJXkqpSxfbSXQ7WeKGPd2JmbM8Lqmwe1pKH2sgTK4rpn3wJw95S\nysMKejyi/SrfVr/YvdMCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB\n/wQFMAMBAf8UUUUwjeiikoRtEWVFgQADggEBAHFBwUBkDNz05wpiUVHZzWwgBVY8\nLTHWdYaIbi6sx+oEwuoIPWQw098/0OJVfsMW5wvzWSXM9wo3Gim2V16pl7A7etd/\n79fbOAZM8tmAG1YkhYIn7474ohNFV8Kv1jcvHQ+HDFYE4Gu0WQxAAOlFhvICJsUC\ndk7nfDJLE20kQ43VH2w7RH7rQUqEMVxUSeSMgbwLDBk9maP6o7F7lOFjBrbnhZVX\n407Svvi1Q3Lzx+nnIactbvFZPaAf8UUUUwjeiikoRtEWVFgQADggEBAHFBK13upx\nf+qHHV/0uUWf3obiICSOOjR1yVpwywHTW+Lxr3PYqt9oCSEq+b+OP16IUyk=\n-----END CERTIFICATE-----\n",
"user-permissions" : [
{ "permission-name" : "permission-1",
"apiGroups" : ["stable.example.com"],
"resources" : ["secrets", "pods"],
"verbs" : ["get", "watch", "list", "create"]
["configmaps"],
"verbs" : ["*"]
},
{ "name" : "permission-3",
"apiGroups" : [""],
"resources" : ["jobs"],
"verbs" : ["list"]
}
]
}
|
PUT (Update User permissions)
| Code Block |
|---|
| language | js |
|---|
| title | Update User permissions |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/user-permissions/permission-3
POST BODY:
{
"apiGroups" : [""],
"resources" : ["pvc"],
"verbs" : ["list"]
}
Return Status: 200 (OK)
Return Body:
{ "name" : "permission-3",
"apiGroups" : [""],
"resources" : ["pvc"],
"verbs" : ["list"]
}
|
Delete User Permissions
| Code Block |
|---|
| language | js |
|---|
| title | Delete User permissions |
|---|
|
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/user-permissions/<permission-name>
RETURN STATUS: 204
|
Logical Cloud Quota API
Create logical cloud Quota ( quota will be applied to each cluster in the logical cloud)
This allows resources to be tuned for the logical cloud
| Code Block |
|---|
| language | js |
|---|
| title | Create Logical cloud quota |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/cluster-quotas
POST BODY:
{
"metadata" : {
"name" : "quota-1",
"description": "desc"
},
"spec" : {
"limits.cpu": "400",
"limits.memory": "1000Gi",
"requests.cpu": "300",
"requests.memory": "900Gi",
"requests.storage" : "500Gi",
"requests.ephemeral-storage": "",
"limits.ephemeral-storage": "",
"persistentvolumeclaims" : " ",
"pods": "500",
"configmaps" : "",
"replicationcontrollers": "",
"resourcequotas" : "",
"services": "",
"services.loadbalancers" : "",
"services.nodeports" : "",
"secrets" : "",
"count/replicationcontrollers" : "",
"count/deployments.apps" : "",
"count/replicasets.apps" : "",
"count/statefulsets.apps" : "",
"count/jobs.batch" : "",
"count/cronjobs.batch" : "",
"count/deployments.extensions" : ""
}
}
RETURN STATUS: 201 |
GET logical cloud Quota
| Code Block |
|---|
| language | js |
|---|
| title | Get Logical cloud quota |
|---|
|
GET
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/cluster-quotas/<quota-name>
RETURN BODY:
{
"metadata" : {
"name" : "quota-1",
"description": "desc"
},
"spec" : {
"cpu": "400",
"memory": "1000Gi",
"pods": "500"
}
}
|
Update Logical Cloud Quota
| Code Block |
|---|
| language | js |
|---|
| title | Update Logical cloud quota |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/cluster-quotas/<quota-name>
PUT BODY:
{
"metadata" : {
"description": "desc"
},
"spec" : {
"cpu": "400",
"memory": "1000Gi",
"pods": "500"
}
}
RETURN STATUS: 201 |
Delete Logical Cloud Quota
| Code Block |
|---|
| language | js |
|---|
| title | Update Logical cloud quota |
|---|
|
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/cluster-quotas/<quota-name>
RETURN STATUS: 204 |
Logical Cloud Key Value API
16. Add Key Value pair to logical cloud database
| Code Block |
|---|
| language | js |
|---|
| title | Add KV pair |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kv-pairs
POST BODY
{
"metadata":{
"name":"<name>",
"description":"<description>",
"userData1":"<user data>",
"userData2":"<user data>"
},
"spec":{
"kv":[
{
"key1":"val1" },
{ "permission-name" : "permission-2",
"apiGroups" : [""]},
"resources" : ["configmaps"],
{
"verbskey2" : ["*val2"]
}
]}
"clusters" : ["cluster-1", "cluster-2", "cluster-3]
}
}
|
6. DELETE Logical Cloud
| Code Block |
|---|
| language | js |
|---|
| title | DELETE Logical Cloud |
|---|
|
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<name>
RESPONSE
RETURN STATUS: 204
|
7. Add user permissions
| Code Block |
|---|
| language | js |
|---|
| title | Add User permissions |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/user-permissions
POST BODY: 201
RETURN BODY:
{
"metadata":{
"name":"<name>",
"description":"<description>",
"userData1":"<user
{ "name" : "permission-3",
"apiGroups" : [""],
"resources" : ["jobs"],
"verbs" : ["list"]
}
data>",
"userData2":"<user data>"
},
"spec":{
"kv":[
{
"key1":"val1"
},
{
Return Status: 200 (OK)
Return Body:
{ "namekey2" : "permission-3val2",
"apiGroups" : [""],
"resources" : ["jobs"],
"verbs" : ["list"]
}
|
...
17. PUT (Update kv pair)
| Code Block |
|---|
| language | js |
|---|
| title | Get User permissionsUpdate KV pair |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/user-permissions
GET:
Return Body:-name>/kv-pairs/<kv-pair-name>
PUT BODY
{
"metadata":{
"description":"<description>",
"userData1":"<user data>",
"userData2":"<user data>"
},
"spec":{
{"permissionskv" : [
{
"namekey1" : "permission-1val3",
"apiGroups" : ["stable.example.com"],},
{
"resources" : ["secretskey2", :"podsval4"],
}
"verbs" : ["get", "watch", "list", "create"]
}
}
RETURN STATUS: },201
RETURN BODY:
{
"metadata":{
{ "namedescription" : "permission-2<description>",
"apiGroupsuserData1" :"<user ["data>"],
"resourcesuserData2" :"<user ["configmaps"]data>"
},
"spec":{
"verbskv" : ["*"]
}, {
{ "namekey1" : "permission-3val3",
"apiGroups" : [""]},
"resources" : ["jobs"],
{
"verbskey2" : ["listval4"]
}
]
}
} |
...
18. GET KV pair
| Code Block |
|---|
| language | js |
|---|
| title | Update User permissionsGet KV pair |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/userkv-permissionspairs/permission-3
POST BODY:<kv-pair-name>
RETURN STATUS: 200
RETURN BODY:
{
"metadata":{
"name":"<name>",
"description":"<description>",
"userData1":"<user
{
data>",
"apiGroupsuserData2" :"<user [""]data>"
},
"resourcesspec" : ["pvc"],
"verbs" : ["list"]
}
:{
"kv":[
{
"key1":"val1"
},
{
Return Status: 200 (OK)
Return Body:
{ "name" : "permission-3",
"apiGroupskey2" : ["val2"],
"resources" : ["pvc"],
"verbs" : ["list"]
}
|
10. Delete Permissions
| Code Block |
|---|
| language | js |
|---|
| title | Delete User permissions |
|---|
|
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/user-permissions/<permission-name>
RETURN STATUS: 204
|
11. Create logical cloud Quota
...
19. DELETE KV pair
| Code Block |
|---|
| language | js |
|---|
| title | Create Logical cloud quotaDelete KV pair |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/quotas
POST BODY:
{
"cpu": "400",
"memory": "1000Gi",
"pods": "500"
}
RETURN STATUS: 201kv-pairs/<kv-pair-name>
RETURN STATUS: 204
|
Kubeconfig API (WORK IN PROGRESS)
Important points to Note
- cluster CA and cluster CRT will be gotten when a cluster is registered and this will be used to create the user crt after the user csr and user key are created
Kubeconfig will be put in the mongoDB
2. Get Logical Cloud kubeconfig12. GET logical cloud Quota
| Code Block |
|---|
| language | js |
|---|
| title | Get Logical cloud quotakubeconfig |
|---|
|
GET
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/quotas
RETURN BODY:
{
kubeconfig?cluster-reference=cluster-1
GET
Return Status: 201
Return Body :
{
"apiVersion": "v1",
"clusters": [
{
"cpu": "400",
"memorycluster": "1000Gi",{
"pods": "500"
}
|
13. Update Logical Cloud Quota
| Code Block |
|---|
| language | js |
|---|
| title | Update Logical cloud quota |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/quotas
PUT BODY:
{
"cpucertificate-authority-data": "400LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01ERXhOakl5TlRReU1sb1hEVE13TURFeE16SXlOVFF5TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXZ5ClpSMmtHZ201OHJtRUYxZ0VVNDlwR281TjR5WlZzbUtsemJxeitHcmp3MWY4ZHBaa01JN1RYbm1xaXdjbmpiZksKdlZDYmFKblBwRm9Wc0gyMTFMRVYxa1pqQ2RZakgrQnA4VUNadFpOZnJha1o1TU91RW40MXlpbDRxVTFxRnBYcgpvMnAvTTJNSTc0bzdYSis5V2VUNmZ1MFJ0RjRjK1p6K3IzbWY3YWFnem9weEo1TzcyN010WkN5bzJHaWNJdzgyCk1uSmUrbHBnNDdEdTNwK0JzOVZ4cENNVjhUTFBDWWFxVUZHZWZ1U25zTHpCOWFHUGJaMi9kWlMrQll6VGJ1dWIKZ0pzbmxKd1o2Z1orVkJKWGtxcFN4ZmJTWFE3V2VLR1BkMkptYk04THFtd2UxcEtIMnNnVEs0cnBuM3dKdzk1Uwp5c01LZWp5aS9TcmZWci9ZdmRNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFIRkJ3VUJrRE56MDV3cGlVVkhaeld3Z0JWWTgKTFRIV2RZYUliaTZzeCthTUhIOFF3cERhSUIvME9KUlZmc01XNXd2eldTWE05d28zR2ltMlYxNnBsN0E3ZXRkLwo3OWZiT0FaTTh0bUFHMVlraFlJbjc0NzRvaE5GZjhLdjFqY3ZIUStIREZZRTRHdTBXUXhBQU9sRmh2SUNKc1VDCmRrN25mREpMRTIwa1E0M1ZIMnc3Ukg3clFVcUVNVnhVU2VTTWdid0xEQms5bWFQNm83RjdsT0ZqQnJibmhaVlgKNDA3U3Z2aTFRM0x6eCtubklhY3RidkZaUGFDRlpPMlkvS0dpcFpYM3o0R3hiR0sxM3VweExuSllHZEI4eFBrRApmK3FISFYvMHVVV2Yzb2JpSUNTT09qUjF5VnB3eXdIVFcrTHhyM1BZcXQ5b0NTRXErYitPUDE2SVV5az0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
"memoryserver": "1000Gi",https://1.2.3.4:6443"
"pods": "500"
},
RETURN STATUS: 201 |
14. POST (Apply all the created configuration, this creates the K8s resources)
| Code Block |
|---|
| language | js |
|---|
| title | Apply configuration |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/apply
Return Status: 200 (OK)
Return Body:
{
"logical-cloud-name" : "logical-cloud-1",
"namespace" : "ns-1", // one namespace per logical cloud
"description": "logical cloud for walmart finance department", //description for the logical cloud
"user" : "user-1",
}
|
15. GET (Check status of operation)
| Code Block |
|---|
| language | js |
|---|
| title | Get Operation status |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>
GET BODY:
GET
Return Status: 201
Return Body :
{
"name" : "logical-cloud-1"
"user" : "user-1",
"status": "Creation in Progress " //Created, Creation Failed
} |
16. Add Key Value pair to logical cloud database
| Code Block |
|---|
| language | js |
|---|
| title | Add KV pair |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kv-pairs
POST BODY
{
"name" : "<name>",
"description" : "<description>",
"kv":[
{
"name": "kubernetes"
}
],
"contexts": [
{
"context": {
"cluster": "cluster-1",
"user": "user-1"
},
"name": "user-1-context"
}
],
"current-context": "user-1-context",
"kind": "Config",
"users": [
{
"name": "user-1",
"user": {
"key1":"val1client-certificate-data" : "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJZVovY05tQVE5NGd3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TURBeE1UWXlNalUwTWpKYUZ3MHlNVEF4TVRVeU1qVTBNamhhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW0zblA0eTdURjNrZldaZFoKaFdaV2RTSWZlNlpkbTdWK1BpcER6UWFHMTVuU0ZNSVRSeFVyYkhHdWlzakZQRlAzbUIyT09yN3BSQjJab3VDegppOFlYS21iYjJ6K2tjeWZxT1drcHhmTzlHQlV6SlYxL1BoUGU2dGRaSEp3c3FtNlhYZ2xkcTEvNjBSTWNwUVUxCi9LOXNZNHhWQ1djSkN4SEkvTnp4VDY0TU5zQlF3VldONXZWTTJOUDJtZDFOa2x2S3J2bnFRUERXTGxVWEx2THIKK2NESk50VytxcFc4dzVreXF5YWp1ZHQ4ZGw0dzZSY3FnL3VnbXRVMHRnVEdxcFdSYm5yZlFMSzBsaGJKejVMTgpmK1pNTjRCYllxWGRBZ2hFMTNEeHhYd2tHUHdnL3h0aFhManBaQzhjeTNlV0hCenV2cWY1aWJ2S0hRQ20zRmFjCjhBTlVpUUlEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDV3BuY1RhTWowOWZDL25CQTF1NWhkbFQrQmdhc3NZSFVEeQplM2tQUXJlUXdseUhYTGtWdDdiSkIxT0l6Y1V3K2M5MVF6Mm9lRFBaNzZGNGlQMTd5RUgrUFZrMVVUSzBLRU9jCjM2cVpXTUdMK0ptZy9wTnFBNXRsNG1EUTVneFhHTENpa2JiYzRTM0oxL0FicmFVakRtM1FEOTd6UEhSUkZnN2oKN2VXMnB2V3ZEakRTWDZGejY0dEorRHB2NUpGZGRHNU5lQVErZ0hNOWFPVUdCVG1oZlYzZnl1NzkzV0cyUGlxMgpMMlZQU0YycU5DRG96Y3Z3am84VHkxbUpXSzIvTkVjN2ZMd24wbml3UTd3aXpMWHU0N1hvL3Frb2pBMUN6MW9YCkhid1JQMjZXdVNDTGpnNnpHVUh3VnBZWmV4Z3pkY05CRERQTnlPem94RTFwUVlXRXkrZz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
"client-key-data" : "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbTNuUDR5N1RGM2tmV1pkWmhXWldkU0lmZTZaZG03VitQaXBEelFhRzE1blNGTUlUClJ4VXJiSEd1aXNqRlBGUDNtQjJPT3I3cFJCMlpvdUN6aThZWEttYmIyeitrY3lmcU9Xa3B4Zk85R0JVekpWMS8KUGhQZTZ0ZFpISndzcW02WFhnbGRxMS82MFJNY3BRVTEvSzlzWTR4VkNXY0pDeEhJL056eFQ2NE1Oc0JRd1ZXTgo1dlZNMk5QMm1kMU5rbHZLcnZucVFQRFdMbFVYTHZMcitjREpOdFcrcXBXOHc1a3lxeWFqdWR0OGRsNHc2UmNxCmcvdWdtdFUwdGdUR3FwV1JibnJmUUxLMGxoYkp6NUxOZitaTU40QmJZcVhkQWdoRTEzRHh4WHdrR1B3Zy94dGgKWExqcFpDOGN5M2VXSEJ6dXZxZjVpYnZLSFFDbTNGYWM4QU5VaVFJREFRQUJBb0lCQURSeCs3RTd5MU1ndFhXSQpPMWRuZFFTZ0ZSU2x3dS9TWWhwZ01XeklwZFcyZW9vc0NVcXlGbXJIVWtSWWcwZmRYeWk5MTR0emVNWlVZYzN5CmxENHkvUDk5b080dFlyREJweDNrbm9XNnVXK1ZQeUo4am42SFAydmlacG5qQ0tJWkdoQkxnb0JicVFTN3VLN2wKdWhkWnFXdFBIQ1JHMEdNZWhiamVZcndwRHMrc3V5Y0tUNlh2OGR0am9PRGlSenpodTBBWjErSDBMbC9MaUp5NgpubUF1M3IzUDN2dGt1ZndoOXB2SjA2TjhHVWhRZFlvVENBMHQ4c0lEN0Q0ZUZGcXdjM2FVTmlyVGdtcllmcVFkCnJQMnRUMkYxbEE5bEJ1bUJmNDBCUFMrejR0MS92Tk5XSEtseFFzaDRkTnNJczlFbHB1YkVTMlovbmJkUHpEOXUKUHlmWmNCMENnWUVBemZEZ21TVVZ2REpJMEZWWnNENWszNWxRWFpmQ3ZLZWpaaU5ScTZzaDlROUhBcTdaN3dESwo3RmNHSGZFQVhNZ1YyQ2VibUtkbFZ4aFJMQUVQb0todzNCbG94RlhiNC9ESytYdmV0ek4vUnQzQ0VGN29jZTFECko0eXVTS0pYR25RVW82NXV6RVBJMmVVdi81Njh5dEdDdXlNRmdIZDNTRHBxeUZqSjhlVXp3RGNDZ1lFQXdVU2kKVVpkMTEzVnFWeEpUQytSeTlsRzNIeGZFekhBbUdkMXNQNFdmYm9nZ3hjbmZrZk9ndU1ua0dzVVNnNGZjN3BKNworVDd2dFg2QVRXQkUzeUV1SHdMcytJd2VQT2RFeDNBZytSYnBKU25pTEc2WmUxdER0K2NtdTdObGZGRWRuR0l2CkUvTkt1c3FLdmduN3FzK216OHR5UmwxZ0pYMGdjT3J1TFVnbnNUOENnWUVBaGlUdUY3TnBXZ0lqSGRsS3A1dXMKMTEwbFZTR2lqb0pmMUFzVGlzL1pPYWh1NTlkL1M4aG5aZFUxdmRFYkhGU1VyZ3oydEZQdGxmTFlCT0xZREIxTQpEb0phbFBFY1gzaWNyaSs2bmZqa1lnUFhBaFRnTWoyTExicmNWNkd2UFNMNXdyaS9vVHhTRzJUSGhDa2c3cmZVCkFSUEo1S2xzd0ZhVThkV3NEVzN2N0xjQ2dZQlhlZGc2TStLcmpjSisvSlZJR2JPTEY3dFp3R2xiMnhyenRBdk4KeUk0NytqTlRNcWNWcVg3Q2hPYlEwd2dwTG5KcUxUVWR3RVhCRVN2RFdlSnlWOU5IU0F5NEJydWM5MVJqTExaUAo1L1hJMDJkQ2t5QzIrN3p2M1JqajlqUG1DOVRxTm1wMmpqVHh6TUQxZVJGRzQ4dnQyM2l5cm9yWkRRU0U5MkNzCmNDOC9Bd0tCZ1FDamRrVTNOcWFPZHUzMlpkWm5IK0cxY0NwbGtRK1VFZXNmTlcrWjdiWWtocng2Z2l6eCtjY0UKS3FhNTRxTmJkQVdLQXRzSU5lZ3pQU0toV0g0eXFnaWYrNmQ1aVVZUlFoUUhNVG0yTHpEQ2xGQ001N2FPdmQ3YQpNUEZxR3BNV2tqVmlnZjlwdHV3YW1qWkYwbm5MUVE5dWIzMlB3Zjk0Yzl4NFBEdkpmdTQrUHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo="
},
{}
"key2":"val2"}
}
]
}
RETURN STATUS: 201
RETURN BODY:
{
"]
} |
Apply API
When the API is called, the resource synchronizer is called and the resource creation in the cluster begins
Apply all the created configuration, this creates the K8s resources
| Code Block |
|---|
| language | js |
|---|
| title | Apply configuration |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/apply
Return Status: 200 (OK)
Return Body:
{
"logical-cloud-name" : "<name>logical-cloud-1",
"descriptionnamespace" : "<description>ns-1",
// "kv":[
{
"key1":"val1"
},
{
"key2":"val2"
}
]
} |
...
one namespace per logical cloud
"description": "logical cloud for walmart finance department", //description for the logical cloud
"user" : "user-1",
"clusters" : ["cluster1", "cluster2", "cluster3"]
"quota-name" : "quota-1"
}
|
Status API
GET (Check status of operation)
| Code Block |
|---|
| language | js |
|---|
| title | Update KV pair | Get Operation status |
|---|
|
GET
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kv-pairs/<name>status
PUTGET BODY:
{
Return "description"Body : "<description>",
{
"kvmetadata" :[
{
"key1name" : "val3"
},
logical-cloud-1"
{
"key2":"val4"
}
]
}
RETURN STATUS: 201
RETURN BODY:
{
"description" : "<description>",
}
"clusters" : [
"key1cluster-1":"val10"
} |
18. GET KV pair
| Code Block |
|---|
| language | js |
|---|
| title | Get KV pair |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kv-pairs/<name>
RETURN STATUS: 200
RETURN BODY:
{
: {
"namenamespace-status" : "<name><status>",
"descriptionrole-status" : "<description><status>",
"kvrole-binding-status" :[ "<status>"
{
}
"key1":"val1"cluster-2" : {
"namespace-status" : "<status>",
} "role-status" : "<status>",
{
"role-binding-status" : "<status>"
"key2control-plane-status" : "val2<status>"
}
]
} |
19. DELETE KV pair
| Code Block |
|---|
| language | js |
|---|
| title | Delete KV pair |
|---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kv-pairs/<name>
RETURN STATUS: 204
,
"status": "Creation in Progress " //Created, Creation Failed
} |
