Background
The DCM is one of the components of ONAP4K8s. It will run as a microservice exposing Rest APIs, external components will use REST to communicate with the DCM while other microservices will use gRPC. The DCM will perform the following functions;
- User creation
- Logical Cloud creation
- Create the Istio control planes for the logical clouds.
- Generate intermediate CA key for each edge which is signed by an root or intermediate key
Different components (microservice) work together with the DCM to make the above possible, the components are;
- Main DCM Microservice (contains the Logical Cloud Controller, User Controller and Namespace Controller)
- Istio DCM Controller (Create the Istio Control planes for the logical clouds)
- CA Key Distribution Controller ( Generate intermediate CA key for each edge which is signed by an root or intermediate key)
- Quota Controller (Limits resources available to each logical cloud)
Design Overview
Fig 1: DCM Components
Fig 2: Showing Logical Clouds spanning multiple edge location. Istio Replicated Control planes are used and in each cluster, there is an istio control plane per logical cloud
API
1. Create Logical Cloud
URL: /v2/projects/<project-name>/logical-clouds POST BODY: { "name": "logical-cloud-1", //unique name for the new logical cloud "description": "logical cloud for walmart finance department", //description for the logical cloud "user" : { "name" : "user-1", //name of user for this cloud "type" : "certificate", //type of authentication credentials used by user (certificate, APIKey, UNPW) "certificate" : "/path/to/user1/crt" , //Path to user certificate "permissions" : { "apiGroups" : ["stable.example.com"] "resources" : ["secrets", "pods"] "verbs" : ["get", "watch", "list", "create"] } } } Return Status: 201 Return Body: { "name" : "logical-cloud-1" "user" : "user-1" "Message" : "logical cloud and associated user successfully created" }
Kubeconfig will be generated for the logical cloud
2. Get Logical Cloud kubeconfig
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kubeconfig GET Return Status: 201 Return Body : { apiVersion: v1 clusters: - cluster: certificate-authority: path/to/my/cafile server: http://2.2.2.2:6443 name: cluster-abc - cluster: certificate-authority: path/to/my/cafile server: https://1.1.1.1:6443 name: cluster-xyz contexts: - context: cluster: kubernetes namespace: ns-1 user: user-1 name: logical-cloud-1 current-context: logical-cloud-1 kind: Config preferences: {} users: - name: user-1 user: client-certificate: path/to/my/client/cert client-key: path/to/my/client/key }
3. PUT (Change logical cloud contents)
URL: /v2/projects/<project-name>/logical-clouds/<name> PUT BODY: