dtDomains¶
A dtDomain
allows you to peer multiple DTaaS nodes together and share
dtApp
objects between them. When a dtDomain
is active and has multiple
peers connected, those peers will share objects, and API calls will be
federated across the domain. This means that when you make an API call to list
Models for example, any Model you have Capabilities on, on any node in the
domain, will be visible to you from your own node. Users also become visible
to each other across the domain, allowing the sharing of objects to other users
on other nodes. This facilitates the sharing of objects through Trusts.
Example¶
In this example, we will create a dtDomain
and peer another node to it.
This will be done directly using Kubernetes with DTaaS running. If you’re not
familiar with Kubernetes, the yaml snippets shown can be applied to a cluster
with the kubectl apply
tool provided by Kubernetes.
On one DTaaS node, call it node0
, create a dtDomain
:
apiVersion: sid.sightlineinnovation.com/v1
kind: dtDomain
metadata:
name: mydomain
If DTaaS is running, then an invite token should be generated for the domain.
You can view it with kubectl
.
$ kubectl describe dtdomains
Name: mydomain
Namespace: node0
Labels: <none>
Annotations: API Version: sid.sightlineinnovation.com/v1
Invite Token: VHNL8qPUdHRoaOTJ8oOoyoKD59CmJO/KxjluEj6pIX0mC8RBgQwGKepPHb1rhP2U65uWyGYSoooW9+bbYnOS3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFCuuq+JuQxlZJa2NpDN5c4WouM93gjU6Dkewdb5N17tfi70gBGew4RkpXdVPgJGHm/0Y0uYmqKmBL5hQ0Z0uIzKlEe5dRI8dKzzJyaPMmFFiXQMCBq4MVQKoaoQAAAAAAAAAAAAAAAAAAAABrAO/ual8n3psD3QecqfPb//7Ahkjm5wi8Oy0Sied4XjYku/KEsp3K6UFzsPpdl6MPvFIuq4tnOUFz9p7q0+0d
Kind: dtDomain
Metadata:
Creation Timestamp: 2020-09-22T17:37:16Z
Generation: 5
Resource Version: 44438196
Self Link: /apis/sid.sightlineinnovation.com/v1/namespaces/node0/dtdomains/mydomain
UID: 7486c9fd-dc8d-412b-8ec8-ea3823969156
Peers:
ca777327efb4498ab8c8876a6488701e
Status: Ready
Events: <none>
The Invite Token can be used by another node to join the domain.
The Peers are a list of peers of the dtDomain
. Each one is
represented by a dtPeer
object that will look similar to:
Name: ca777327efb4498ab8c8876a6488701e
Namespace: node0
Labels: <none>
Annotations: <none>
Address: 100.64.0.2
API Version: sid.sightlineinnovation.com/v1
Connected: true
Dt Domain: mydomain
Id: ca777327efb4498ab8c8876a6488701e
Kind: dtPeer
Metadata:
Creation Timestamp: 2020-11-30T20:15:22Z
Generation: 14
Resource Version: 2522953
Self Link: /apis/sid.sightlineinnovation.com/v1/namespaces/node0/dtpeers/ca777327efb4498ab8c8876a6488701e
UID: af4a0ddf-d1e6-4830-a144-9c52a2d1a1e9
Name: node0.example.org
Public Key: Zi1YbyozJju2gzsmEFZxQTsj2VA9hLJmWiFK7YUgaVY=
Events: <none>
On another DTaaS node, call it node1
, create another dtDomain
, this
time specifying a peer and Invite Token. The address is the address where the
DTaaS API is accessible, and so node1
must be able to talk to node0
for
this to work.
apiVersion: sid.sightlineinnovation.com/v1
kind: dtDomain
metadata:
name: mydomain
spec:
peer:
address: 1.2.3.4
inviteToken: VHNL8qPUdHRoaOTJ8oOoyoKD59CmJO/KxjluEj6pIX0mC8RBgQwGKepPHb1rhP2U65uWyGYSoooW9+bbYnOS3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFCuuq+JuQxlZJa2NpDN5c4WouM93gjU6Dkewdb5N17tfi70gBGew4RkpXdVPgJGHm/0Y0uYmqKmBL5hQ0Z0uIzKlEe5dRI8dKzzJyaPMmFFiXQMCBq4MVQKoaoQAAAAAAAAAAAAAAAAAAAABrAO/ual8n3psD3QecqfPb//7Ahkjm5wi8Oy0Sied4XjYku/KEsp3K6UFzsPpdl6MPvFIuq4tnOUFz9p7q0+0d
This will cause node1
to peer with node0
.
After this has completed, any dtApp
objects defined on either node will
synchronize and become available on the other node. As an example, create a
service on node0
and expose it in node1
.
node0
:
apiVersion: v1
kind: Service
metadata:
name: example-service
spec:
ports:
- protocol: TCP
port: 8080
targetPort: 12345
---
apiVersion: v1
kind: Endpoints
metadata:
name: example-service
subsets:
- addresses:
- ip: 10.1.2.3
ports:
- port: 12345
In this example, example-service
exposes on port 8080
an internal
service listening on 10.1.2.3:12345
. That service is available within
node0
only. It can be exposed to node1
by creating a dtApp
,
selecting both the domain and service:
apiVersion: sid.sightlineinnovation.com/v1
kind: dtApp
metadata:
name: mydtapp
serviceSelector:
name: example-service
domainSelector:
name:
- mydomain
spec:
authenticationType: None
After this, the dtApp
exists on node1
as well:
Name: 0dc2454cd73640a0816c1fee74a040c3
Namespace: node1
Labels: <none>
URI: http://0dc2454cd73640a0816c1fee74a040c3.node1.example.org
API Version: sid.sightlineinnovation.com/v1
Domain Selector:
Name:
mydomain
Kind: dtApp
Metadata:
Creation Timestamp: 2020-09-22T17:38:21Z
Generation: 2
Resource Version: 44438333
Self Link: /apis/sid.sightlineinnovation.com/v1/namespaces/node1/dtapps/0dc2454cd73640a0816c1fee74a040c3
UID: e1727794-18b4-4ef2-be58-5205a0455b40
Spec:
Authentication Type: None
Events: <none>
Now connecting to that URI will connect to example-service in node0
.
Peers¶
Peers represent individual DTaaS nodes that have been peered together through a
domain and exist as dtPeer
objects in Kubernetes. Peers are
not created manually but instead created and managed by DTaaS.
dtApps¶
dtApp
objects represent Kubernetes services that have been assigned a
subdomain on DTaaS through which they can be accessed. They exist as a
dtApp
object in Kubernetes.
For more information on creating an app see here.
Removing Peers¶
At any time a node can be removed from a domain by deleting its dtPeer
object. This will result in its removal as a peer and network disconnection.
Peers may only be deleted on the node which created the domain.