dtDomain allows you to peer multiple DTaaS nodes together and share
dtApp objects between them. When a
dtDomain is active and has multiple
peers connected, those peers will share objects, and API calls will be
federated across the domain. This means that when you make an API call to list
Models for example, any Model you have Capabilities on, on any node in the
domain, will be visible to you from your own node. Users also become visible
to each other across the domain, allowing the sharing of objects to other users
on other nodes. This facilitates the sharing of objects through Trusts.
In this example, we will create a
dtDomain and peer another node to it.
This will be done directly using Kubernetes with DTaaS running. If you’re not
familiar with Kubernetes, the yaml snippets shown can be applied to a cluster
kubectl apply tool provided by Kubernetes.
On one DTaaS node, call it
node0, create a
apiVersion: sid.sightlineinnovation.com/v1 kind: dtDomain metadata: name: mydomain
If DTaaS is running, then an invite token should be generated for the domain.
You can view it with
$ kubectl describe dtdomains Name: mydomain Namespace: node0 Labels: <none> Annotations: API Version: sid.sightlineinnovation.com/v1 Invite Token: VHNL8qPUdHRoaOTJ8oOoyoKD59CmJO/KxjluEj6pIX0mC8RBgQwGKepPHb1rhP2U65uWyGYSoooW9+bbYnOS3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFCuuq+JuQxlZJa2NpDN5c4WouM93gjU6Dkewdb5N17tfi70gBGew4RkpXdVPgJGHm/0Y0uYmqKmBL5hQ0Z0uIzKlEe5dRI8dKzzJyaPMmFFiXQMCBq4MVQKoaoQAAAAAAAAAAAAAAAAAAAABrAO/ual8n3psD3QecqfPb//7Ahkjm5wi8Oy0Sied4XjYku/KEsp3K6UFzsPpdl6MPvFIuq4tnOUFz9p7q0+0d Kind: dtDomain Metadata: Creation Timestamp: 2020-09-22T17:37:16Z Generation: 5 Resource Version: 44438196 Self Link: /apis/sid.sightlineinnovation.com/v1/namespaces/node0/dtdomains/mydomain UID: 7486c9fd-dc8d-412b-8ec8-ea3823969156 Peers: ca777327efb4498ab8c8876a6488701e Status: Ready Events: <none>
The Invite Token can be used by another node to join the domain.
The Peers are a list of peers of the
dtDomain. Each one is
represented by a
dtPeer object that will look similar to:
Name: ca777327efb4498ab8c8876a6488701e Namespace: node0 Labels: <none> Annotations: <none> Address: 100.64.0.2 API Version: sid.sightlineinnovation.com/v1 Connected: true Dt Domain: mydomain Id: ca777327efb4498ab8c8876a6488701e Kind: dtPeer Metadata: Creation Timestamp: 2020-11-30T20:15:22Z Generation: 14 Resource Version: 2522953 Self Link: /apis/sid.sightlineinnovation.com/v1/namespaces/node0/dtpeers/ca777327efb4498ab8c8876a6488701e UID: af4a0ddf-d1e6-4830-a144-9c52a2d1a1e9 Name: node0.example.org Public Key: Zi1YbyozJju2gzsmEFZxQTsj2VA9hLJmWiFK7YUgaVY= Events: <none>
On another DTaaS node, call it
node1, create another
time specifying a peer and Invite Token. The address is the address where the
DTaaS API is accessible, and so
node1 must be able to talk to
this to work.
apiVersion: sid.sightlineinnovation.com/v1 kind: dtDomain metadata: name: mydomain spec: peer: address: 184.108.40.206 inviteToken: VHNL8qPUdHRoaOTJ8oOoyoKD59CmJO/KxjluEj6pIX0mC8RBgQwGKepPHb1rhP2U65uWyGYSoooW9+bbYnOS3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFCuuq+JuQxlZJa2NpDN5c4WouM93gjU6Dkewdb5N17tfi70gBGew4RkpXdVPgJGHm/0Y0uYmqKmBL5hQ0Z0uIzKlEe5dRI8dKzzJyaPMmFFiXQMCBq4MVQKoaoQAAAAAAAAAAAAAAAAAAAABrAO/ual8n3psD3QecqfPb//7Ahkjm5wi8Oy0Sied4XjYku/KEsp3K6UFzsPpdl6MPvFIuq4tnOUFz9p7q0+0d
This will cause
node1 to peer with
After this has completed, any
dtApp objects defined on either node will
synchronize and become available on the other node. As an example, create a
node0 and expose it in
apiVersion: v1 kind: Service metadata: name: example-service spec: ports: - protocol: TCP port: 8080 targetPort: 12345 --- apiVersion: v1 kind: Endpoints metadata: name: example-service subsets: - addresses: - ip: 10.1.2.3 ports: - port: 12345
In this example,
example-service exposes on port
8080 an internal
service listening on
10.1.2.3:12345. That service is available within
node0 only. It can be exposed to
node1 by creating a
selecting both the domain and service:
apiVersion: sid.sightlineinnovation.com/v1 kind: dtApp metadata: name: mydtapp serviceSelector: name: example-service domainSelector: name: - mydomain spec: authenticationType: None
After this, the
dtApp exists on
node1 as well:
Name: 0dc2454cd73640a0816c1fee74a040c3 Namespace: node1 Labels: <none> URI: http://0dc2454cd73640a0816c1fee74a040c3.node1.example.org API Version: sid.sightlineinnovation.com/v1 Domain Selector: Name: mydomain Kind: dtApp Metadata: Creation Timestamp: 2020-09-22T17:38:21Z Generation: 2 Resource Version: 44438333 Self Link: /apis/sid.sightlineinnovation.com/v1/namespaces/node1/dtapps/0dc2454cd73640a0816c1fee74a040c3 UID: e1727794-18b4-4ef2-be58-5205a0455b40 Spec: Authentication Type: None Events: <none>
Now connecting to that URI will connect to example-service in
Peers represent individual DTaaS nodes that have been peered together through a
domain and exist as
dtPeer objects in Kubernetes. Peers are
not created manually but instead created and managed by DTaaS.
dtApp objects represent Kubernetes services that have been assigned a
subdomain on DTaaS through which they can be accessed. They exist as a
dtApp object in Kubernetes.
For more information on creating an app see here.
At any time a node can be removed from a domain by deleting its
object. This will result in its removal as a peer and network disconnection.
Peers may only be deleted on the node which created the domain.