dtDomains

A dtDomain allows you to peer multiple DTaaS nodes together and share dtApp objects between them. When a dtDomain is active and has multiple peers connected, those peers will share objects, and API calls will be federated across the domain. This means that when you make an API call to list Models for example, any Model you have Capabilities on, on any node in the domain, will be visible to you from your own node. Users also become visible to each other across the domain, allowing the sharing of objects to other users on other nodes. This facilitates the sharing of objects through Trusts.

Example

In this example, we will create a dtDomain and peer another node to it. This will be done directly using Kubernetes with DTaaS running. If you’re not familiar with Kubernetes, the yaml snippets shown can be applied to a cluster with the kubectl apply tool provided by Kubernetes.

On one DTaaS node, call it node0, create a dtDomain:

apiVersion: sid.sightlineinnovation.com/v1
kind: dtDomain
metadata:
  name: mydomain

If DTaaS is running, then an invite token should be generated for the domain. You can view it with kubectl.

$ kubectl describe dtdomains

Name:          mydomain
Namespace:     node0
Labels:        <none>
Annotations:   API Version:  sid.sightlineinnovation.com/v1
Invite Token:  VHNL8qPUdHRoaOTJ8oOoyoKD59CmJO/KxjluEj6pIX0mC8RBgQwGKepPHb1rhP2U65uWyGYSoooW9+bbYnOS3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFCuuq+JuQxlZJa2NpDN5c4WouM93gjU6Dkewdb5N17tfi70gBGew4RkpXdVPgJGHm/0Y0uYmqKmBL5hQ0Z0uIzKlEe5dRI8dKzzJyaPMmFFiXQMCBq4MVQKoaoQAAAAAAAAAAAAAAAAAAAABrAO/ual8n3psD3QecqfPb//7Ahkjm5wi8Oy0Sied4XjYku/KEsp3K6UFzsPpdl6MPvFIuq4tnOUFz9p7q0+0d
Kind:          dtDomain
Metadata:
  Creation Timestamp:  2020-09-22T17:37:16Z
  Generation:          5
  Resource Version:    44438196
  Self Link:           /apis/sid.sightlineinnovation.com/v1/namespaces/node0/dtdomains/mydomain
  UID:                 7486c9fd-dc8d-412b-8ec8-ea3823969156
Peers:
  ca777327efb4498ab8c8876a6488701e
Status:                Ready
Events:                <none>

The Invite Token can be used by another node to join the domain.

The Peers are a list of peers of the dtDomain. Each one is represented by a dtPeer object that will look similar to:

Name:         ca777327efb4498ab8c8876a6488701e
Namespace:    node0
Labels:       <none>
Annotations:  <none>
Address:      100.64.0.2
API Version:  sid.sightlineinnovation.com/v1
Connected:    true
Dt Domain:    mydomain
Id:           ca777327efb4498ab8c8876a6488701e
Kind:         dtPeer
Metadata:
  Creation Timestamp:  2020-11-30T20:15:22Z
  Generation:          14
  Resource Version:    2522953
  Self Link:           /apis/sid.sightlineinnovation.com/v1/namespaces/node0/dtpeers/ca777327efb4498ab8c8876a6488701e
  UID:                 af4a0ddf-d1e6-4830-a144-9c52a2d1a1e9
Name:                  node0.example.org
Public Key:            Zi1YbyozJju2gzsmEFZxQTsj2VA9hLJmWiFK7YUgaVY=
Events:                <none>

On another DTaaS node, call it node1, create another dtDomain, this time specifying a peer and Invite Token. The address is the address where the DTaaS API is accessible, and so node1 must be able to talk to node0 for this to work.

apiVersion: sid.sightlineinnovation.com/v1
kind: dtDomain
metadata:
  name: mydomain
spec:
  peer:
    address: 1.2.3.4
    inviteToken: VHNL8qPUdHRoaOTJ8oOoyoKD59CmJO/KxjluEj6pIX0mC8RBgQwGKepPHb1rhP2U65uWyGYSoooW9+bbYnOS3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFCuuq+JuQxlZJa2NpDN5c4WouM93gjU6Dkewdb5N17tfi70gBGew4RkpXdVPgJGHm/0Y0uYmqKmBL5hQ0Z0uIzKlEe5dRI8dKzzJyaPMmFFiXQMCBq4MVQKoaoQAAAAAAAAAAAAAAAAAAAABrAO/ual8n3psD3QecqfPb//7Ahkjm5wi8Oy0Sied4XjYku/KEsp3K6UFzsPpdl6MPvFIuq4tnOUFz9p7q0+0d

This will cause node1 to peer with node0.

After this has completed, any dtApp objects defined on either node will synchronize and become available on the other node. As an example, create a service on node0 and expose it in node1.

node0:

apiVersion: v1
kind: Service
metadata:
    name: example-service
spec:
    ports:
        - protocol: TCP
          port: 8080
          targetPort: 12345

---
apiVersion: v1
kind: Endpoints
metadata:
    name: example-service
subsets:
    - addresses:
        - ip: 10.1.2.3
      ports:
        - port: 12345

In this example, example-service exposes on port 8080 an internal service listening on 10.1.2.3:12345. That service is available within node0 only. It can be exposed to node1 by creating a dtApp, selecting both the domain and service:

apiVersion: sid.sightlineinnovation.com/v1
kind: dtApp
metadata:
  name: mydtapp
serviceSelector:
  name: example-service
domainSelector:
  name:
    - mydomain
spec:
  authenticationType: None

After this, the dtApp exists on node1 as well:

Name:         0dc2454cd73640a0816c1fee74a040c3
Namespace:    node1
Labels:       <none>
URI:          http://0dc2454cd73640a0816c1fee74a040c3.node1.example.org
API Version:  sid.sightlineinnovation.com/v1
Domain Selector:
  Name:
    mydomain
Kind:    dtApp
Metadata:
  Creation Timestamp:  2020-09-22T17:38:21Z
  Generation:          2
  Resource Version:    44438333
  Self Link:           /apis/sid.sightlineinnovation.com/v1/namespaces/node1/dtapps/0dc2454cd73640a0816c1fee74a040c3
  UID:                 e1727794-18b4-4ef2-be58-5205a0455b40
Spec:
  Authentication Type: None
Events:                <none>

Now connecting to that URI will connect to example-service in node0.

Peers

Peers represent individual DTaaS nodes that have been peered together through a domain and exist as dtPeer objects in Kubernetes. Peers are not created manually but instead created and managed by DTaaS.

dtApps

dtApp objects represent Kubernetes services that have been assigned a subdomain on DTaaS through which they can be accessed. They exist as a dtApp object in Kubernetes.

For more information on creating an app see here.

Removing Peers

At any time a node can be removed from a domain by deleting its dtPeer object. This will result in its removal as a peer and network disconnection. Peers may only be deleted on the node which created the domain.