Control Plane YAML Specification
potctl allows users to deploy Edge Compute Networks ('ECNs'). The various resources which constitute an ECN are specified within YAML files for potctl to consume.
Trying to use potctl v1.3.8 with an older ECN?
You can connect to an older ECN with potctl +v1.3.0 for view-only purposes. If you would like full control over the ECN with potctl +v1.3.0, you should delete the ECN with your older potctl and then redeploy with potctl +v1.3.0 .
Kubernetes Control Plane
The Kubernetes Control Plane specifies all the resources required to deploy the ioFog Control Plane on a Kubernetes cluster.
apiVersion: datasance.com/v3
kind: KubernetesControlPlane
metadata:
name: buffalo
namespace: default
spec:
iofogUser:
name: Foo
surname: Bar
email: user@domain.com
password: g9hr823rhuoi
config: ~/.kube/config
replicas:
controller: 2
database:
provider: mysql/postgres
user:
host:
port:
password:
databaseName: pot
auth:
url: https://example.com/
realm: realm-name
realmKey:
ssl: external
controllerClient: pot-controller
controllerSecret:
viewerClient: ecn-viewer
images:
pullSecret: pull-srect
operator: ghcr.io/datasance//operator:3.1.18
controller: ghcr.io/datasance/controller:3.4.10
portManager: ghcr.io/datasance/port-manager:3.1.7
proxy: ghcr.io/datasance/proxy:3.1.2
router: ghcr.io/datasance/router:3.3.0
services:
controller:
type: LoadBalancer/ClusterIP
# annotations:
# service.beta.kubernetes.io/azure-load-balancer-internal: "true"
proxy:
type: LoadBalancer/oadBalancer
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
router:
type: LoadBalancer/ClusterIP
# annotations:
# service.beta.kubernetes.io/azure-load-balancer-internal: "true"
controller:
ecnViewerUrl: https://
https: true
secretName:
ecnViewerPort: 8008
router:
internalSecret:
amqpsSecret:
requireSsl: "yes"
saslMechanisms: EXTERNAL
authenticatePeer: "yes"
proxy:
serverName:
transport: tls
ingresses:
controller:
annotations:
# cert-manager.io/cluster-issuer: letsencrypt
# nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
# nginx.ingress.kubernetes.io/backend-protocol: "https"
ingressClassName: nginx
host:
secretName:
router:
address:
messagePort: 5672
interiorPort: 55672
edgePort: 45672
httpProxy:
address:
tcpProxy:
address:
| Field | Description |
|---|---|
| iofogUser | Credentials registered against ioFog Controller REST API. |
| config | Path to the Kubernetes configuration file that potctl uses to install the Controller service to the Kubernetes cluster. (Note: The namespace used with potctl will be the Kubernetes namespace where your components are deployed.) |
| replicas.controller | Defines the number of controller replicas to be deployed. |
| database | Configuration for the database. Includes provider, user, host, port, password, and database name. |
| auth | Authentication configuration for Keycloak. Includes realm, realm key, SSL type, and client/secret configurations. |
| images | Contains image references and pull secrets for various components like operator, controller, proxy, router, etc. |
| services | Specifies the service type (e.g., LoadBalancer or ClusterIP) and optional annotations for the controller, proxy, and router services. |
| controller | Configuration for the Controller service, including the ECN Viewer URL, HTTPS settings, and secret names. |
| router | Configuration for the Router, including secrets, SSL requirements, SASL mechanisms, and peer authentication settings. |
| proxy | Proxy server configuration, including transport protocol and server name. |
| ingresses | Ingress configuration for Controller and Router, including annotations, ingress class name, host, and secret name. |
| ingresses.controller | Annotations and ingress settings specific to the Controller, including optional cert-manager and ingress controller configurations. |
| ingresses.router | Address, message port, interior port, and edge port configurations for the Router. |
| ingresses.httpProxy | Address the http Proxy. |
| ingresses.tcpProxy | Address the tcp Proxy. |
Router and Proxy Ingress
Above ingress configurations for Router and Proxy are not creating Ingress on Kubernetes, they are just for the configuring Router and Proxy ingress addresses for Controller
Remote Control Plane
The Remote Control Plane component specifies all the resources required to deploy the ioFog Control Plane on a set of remote hosts.
apiVersion: datasance.com/v3
kind: ControlPlane
metadata:
name: buffalo
namespace: default
spec:
iofogUser:
name: Foo
surname: Bar
email: user@domain.com
password: g9hr823rhuoi
auth:
url: https://example.com/
realm: realm-name
realmKey: realm-key
ssl: exter
controllerClient: pot-controller
controllerSecret:
viewerClient: ecn-viewer
controllers:
- name: vanilla
host: 30.40.50.3
ssh:
user: foo
keyFile: ~/.ssh/id_rsa
port: 22
package:
container:
image: ghcr.io/datasance/controller:3.4.10
systemAgent:
container:
image: ghcr.io/datasance/agent:3.3.3
| Field | Description |
|---|---|
| iofogUser | Credentials registered against ioFog Controller REST API. |
| controllers | List of Controller instances. |
| controller.name | User-defined unique identifier of Controller instance within an potctl namespace. Must start and end with lowercase alphanumeric character. Can include '-' character. |
| controller.host | Hostname of remote host that potctl must SSH into to install Controller service. |
| controller.ssh.user | Username of remote host that potctl must SSH into to install Controller service. |
| controller.ssh.keyFile | Path to private SSH key that potctl must use to SSH into remote host to install Controller service. |
| controller.ssh.port | Port to use with SSH. Optional (default: 22). |
| controller.package.container.image | Remote controller container image |
| controller.systemAgent.container.image | Remote controlplane Agent container image |
Local Control Plane
The Local Control Plane component specifies all the resources required to deploy the ioFog Control Plane as a local docker container.
apiVersion: datasance.com/v3
kind: LocalControlPlane
metadata:
name: buffalo
namespace: default
spec:
iofogUser:
name: Foo
surname: Bar
email: user@domain.com
password: g9hr823rhuoi
auth:
url: https://example.com/
realm: realm-name
realmKey: realm-key
ssl: exter
controllerClient: pot-controller
controllerSecret:
viewerClient: ecn-viewer
controller:
container:
image: ghcr.io/datasance/controller:3.4.10
| Field | Description |
|---|---|
| iofogUser | Credentials registered against ioFog Controller REST API. |
| controller | Controller specification. |
| controller.image | Docker image to use as the Controller. |
Remote Controller
We can expand a Remote Control Plane by deploying a new Controller.
apiVersion: datasance.com/v3
kind: Controller
metadata:
name: alpaca
namespace: default
spec:
host: 30.40.50.5
ssh:
user: foo
keyFile: ~/.ssh/id_rsa
port: 22
| Field | Description |
|---|---|
| name | User-defined unique identifier of Controller instance within an potctl namespace. Must start and end with lowercase alphanumeric character. Can include '-' character. |
| host | Hostname of remote host that potctl must SSH into to install Controller service. |
| ssh.user | Username of remote host that potctl must SSH into to install Controller service. |
| ssh.keyFile | Path to private SSH key that potctl must use to SSH into remote host to install Controller service. |
| ssh.port | Port to use with SSH. Optional (default: 22) |
Edge Compute Network
An entire ECN can be specified within a single YAML file.
Multiple resources can be incorporated into a single YAML file using --- as a separator.
---
apiVersion: datasance.com/v3
kind: ControlPlane
metadata:
name: buffalo
namespace: default
spec:
iofogUser:
name: John
surname: Doe
email: user@example.com
password: mysecretpw
auth:
url: https://example.com/
realm: realm-name
realmKey: realm-key
ssl: exter
controllerClient: pot-controller
controllerSecret:
viewerClient: ecn-viewer
controllers:
- name: alpaca-1
host: 30.40.50.3
ssh:
user: john
keyFile: ~/.ssh/id_rsa
- name: alpaca-2
host: 30.40.50.4
ssh:
user: john
keyFile: ~/.ssh/id_rsa
---
apiVersion: datasance.com/v3
kind: Agent
metadata:
name: hippo-1
namespace: default
spec:
host: 30.40.50.6
ssh:
user: john
keyFile: ~/.ssh/id_rsa
---
apiVersion: datasance.com/v3
kind: Agent
metadata:
name: hippo-2
namespace: default
spec:
host: 30.40.50.7
ssh:
user: john
keyFile: ~/.ssh/id_rsa
See anything wrong with the document? Help us improve it!