...
- All components are exposed as DCM microservices and queries are made by Rest API
- DCM User controller microservices API is used to create the users with logical cloud admin and their associated logical namespace in the each cluster using Cluster labels
- DCM Manager looks for the quota information, if the quota information is not available it will apply the default quota for memory, CPU and kubernetes resources
- DCM Manager Microservices queries the database to create users, namespace, security controller root CA
- DCM Manager create logical cloud using Istio control plane using namespace and security controller root CA
- The quota for the logical cloud could be tuned even after the logical cloud has been created
Logical cloud creation(With default resource quota & users)
...
Code Block |
---|
language | js |
---|
title | logical cloud creationget users |
---|
|
GET URL: /v2/projects/<project-name>/logical-clouds/<name><logical-cloud-name>/users
RETURN STATUS: 200
RETURN BODY:
{
users" : [{
"name" : "user-1", //name of user for this cloud
"type" : "certificate", //type of authentication credentials used by user (certificate, APIKey, UNPW)
"certificate" : "/path/to/user1/logical cloud-1-user1.csr" , //Path to user certificate
"permissions" : {
"apiGroups" : ["stable.example.com"]
"resources" : ["secrets", "pods"]
"verbs" : ["get", "watch", "list", "create"]
},
"quota" : {
"cpu": "100",
"memory": "500Gi",
"pods": "100",
"dummy/dummyResource": 20
}
},
{
"name" : "user-2", //name of user for this cloud
"type" : "certificate", //type of authentication credentials used by user (certificate, APIKey, UNPW)
"certificate" : "/path/to/user2/logical cloud-1-user1.csr" , //Path to user certificate
"permissions" : {
"apiGroups" : ["stable.example.com"]
"resources" : ["secrets", "pods"]
"verbs" : ["get", "watch", "list", "create"]
},
"quota" : {
"cpu": "100",
"memory": "500Gi",
"pods": "100",
"dummy/dummyResource": 20
}
}
]
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<name><logical-cloud-name>/users
URL: /v2/projects/<project-name>/logical-clouds/<name><logical-cloud-name>/user/<user-name>
RETURN STATUS: 204 |
...
Code Block |
---|
language | js |
---|
title | logical cloud creationnamespace api |
---|
|
GET URL: /v2/projects/<project-name>/logical-clouds/<name><logical-cloud-name>/namespaces
RETURN STATUS: 200
RETURN BODY:
{
"clusters": {c1, c2}
namespaces" : {
"name" : "logical cloud-1-ns", //name of namespace for the logical cloud
}
}
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<name><logical-cloud-name>/namespaces
RETURN STATUS: 204 |
...
Code Block |
---|
language | js |
---|
title | logical cloud creationkeys api |
---|
|
URL: /v2/projects/<project-name>/logical-clouds/control-plane
POST BODY:
{
"name": "logical-cloud-1", //unique name for the new logical cloud
"namespace": "Logical-cloud-1-istio-system",
"ca-cert": "/path/to/ca-cert.pem",
"ca-key": "/path/to/ca-key.pem",
"root-cert": "/path/to/root-cert.pem",
"cert-chain" "/path/to/cert-chain.pem"
}
curl -d @create_logical_cloud-1-user-2.json http://onap4k8s:<multicloud-k8s_NODE_PORT>/v2/projects/<project-name>/logical-clouds/control-plane \
--key ./logical cloud-t1-admin-key.pem \
--cert ./logical cloud-t1-admin.pem \
Return Status: 201
Return Body:
{
"name" : "logical-cloud-1"
"Message" : "logical cloud 1 control plane is successfully created"
}
GET URL: /v2/projects/<project-name>/logical-clouds/<Logical-cloud-name>/control-planes
RETURN STATUS: 200
RETURN BODY:
{
"name" : "logical -cloud-1-ns", //name of namespace for the logical cloud
"gateways" : "istio-egressgateway",
"dns": "istiocoredns",
"clusters": {c1, c2}
}
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<Logical-cloud-name>/control-planes
RETURN STATUS: 204 |
Creating new users
...
for the existing Logical cloud
Adding new users in existing Logical cloud 1
Code Block |
---|
language | js |
---|
title | logical cloud user creation |
---|
|
URL: /v2/projects/<project-name>/logical-cloudsclouds<logical-cloud-name>/users
POST BODY:
{
"name": "logical-cloud-1", //unique name for the new logical cloud
"user" : {
"name" : "user-2", //name of user for this cloud
"type" : "certificate", //type of authentication credentials used by user (certificate, APIKey, UNPW)
"certificate" : "/path/to/user2/logical cloud-1-user2.csr" , //Path to user certificate
"permissions" : {
"apiGroups" : ["stable.example.com"]
"resources" : ["secrets", "pods"]
"verbs" : ["get", "watch", "list", "create"]
},
"quota" : {
"cpu": "200",
"memory": "300Gi",
"pods": "200",
"dummy/dummyResource": 30,
}
}
}
curl -d @create_logical_cloud-1-user-2.json http://onap4k8s:<multicloud-k8s_NODE_PORT>/v2/projects/<project-name>/logical-clouds \
--key ./logical cloud-t1-admin-key.pem \
--cert ./logical cloud-t1-admin.pem \
Return Status: 201
Return Body:
{
"name" : "logical-cloud-1"
"user" : "user-2"
"Message" : "logical cloud and associated user successfully created"
}
|
...
Code Block |
---|
language | js |
---|
title | logical cloud quota creation |
---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/quotas
POST BODY:
{
"name": "logical-cloud-1", //unique name for the new logical cloud
"cluster-labels": "abc, xyz",
"resources": {
"cpu": "400",
"memory": "1000Gi",
"pods": "500",
"dummy/dummyResource": 100,
}
}
curl -d @create_logical_cloud-1.json http://onap4k8s:<multicloud-k8s_NODE_PORT>/v2/projects/<project-name>/logical-clouds \
--key ./logical cloud-t1-admin-key.pem \
--cert ./logical cloud-t1-admin.pem \
Return Status: 201
Return Body:
{
"name" : "logical-cloud-1"
"Message" : "logical cloud 1 is successfully tuned"
}
GET URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/quotas
RETURN STATUS: 200
RETURN BODY:
{
"resources": {
"cpu": "400",
"memory": "1000Gi",
"pods": "500",
"dummy/dummyResource": 100,
}
}
DELETE
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/quotas
RETURN STATUS: 204 |
...
Code Block |
---|
language | js |
---|
title | logical cloud creationget cluster labels |
---|
|
GET URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/defaultkubeconfigcluster-labels
RETURN STATUS: 200
RETURN BODY:
[{
"cluster": c1
"labels" : {abc,xyz,ijk,dfg}
},
{
"cluster": c2
"labels" : {abc,xyz,irk,iop}
}
}] |
...
Code Block |
---|
language | js |
---|
title | logical cloud creationget kubeconfig |
---|
|
URL: /v2/projects/<project-name>/logical-clouds/<logical-cloud-name>/kubeconfig
GET
Return Status: 201
Return Body :
{
apiVersion: v1
clusters:
- cluster:
certificate-authority: path/to/my/cafile
server: http://2.2.2.2:6443
name: cluster-abc
- cluster:
certificate-authority: path/to/my/cafile
server: https://1.1.1.1:6443
name: cluster-xyz
contexts:
- context:
cluster: kubernetes
namespace: ns-1
user: user-1
name: logical-cloud-1
current-context: logical-cloud-1
kind: Config
preferences: {}
users:
- name: user-1
user:
client-certificate: path/to/my/client/cert
client-key: path/to/my/client/key
} |
...