Control Plane YAML Specification
potctl allows users to deploy Edge Compute Networks ('ECNs'). The various resources which constitute an ECN are specified within YAML files for potctl to consume.
Trying to use potctl v1.4.5 with an older ECN?
You can connect to an older ECN with potctl +v1.3.0 for view-only purposes. If you would like full control over the ECN with potctl +v1.3.0, you should delete the ECN with your older potctl and then redeploy with potctl +v1.3.0 .
Kubernetes Control Plane
The Kubernetes Control Plane specifies all the resources required to deploy the ioFog Control Plane on a Kubernetes cluster.
---
apiVersion: datasance.com/v3
kind: KubernetesControlPlane
metadata:
name: pot
namespace: default
spec:
iofogUser:
name: Foo
surname: Bar
email: user@domain.com
# password: password in the case you are not providing password for user, potctl will ask for password interactively
config: .kube/config
replicas:
controller: 1
# # if controller replicas is greater than 1, you must configure the external database for the ControlPlane
# database:
# provider: # mysql or postgres
# user:
# host:
# port:
# password:
# databaseName:
# # ssl: true
# # ca: # set the base64 encoded string for the CA certificate
auth:
url: https://example.com/
realm: realm-name
realmKey: realm-key
ssl: external
controllerClient: pot-controller
controllerSecret:
viewerClient: ecn-viewer
images:
# pullSecret: # set the K8S pull secret name
operator: ghcr.io/datasance/operator:3.5.2
controller: ghcr.io/datasance/controller:3.5.8
routerAdaptor: ghcr.io/datasance/router-adaptor:3.5.2
router: ghcr.io/datasance/router:3.5.2
services:
controller:
type: # LoadBalancer or ClusterIP default is LoadBalancer
# annotations: # K8S service annotations
# service.beta.kubernetes.io/azure-load-balancer-internal: "true"
router:
type: # LoadBalancer or ClusterIP default is LoadBalancer
# annotations: # K8S service annotations
# service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
controller:
ecnViewerUrl: # set url for ECN Viewer UI for Controller REST API endpoint
https: # set to true to enable HTTPS for Controller REST API endpoint
secretName: # set the K8S secret name for the Controller REST API endpoint
logLevel: # set the log level for the Controller REST API endpoint
ingresses:
controller:
annotations: # K8S ingress annotations
# cert-manager.io/cluster-issuer: letsencrypt-nginx
# nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
# nginx.ingress.kubernetes.io/backend-protocol: "https"
ingressClassName: # set the K8S ingress class name
host: # set the host for the Controller endpoints
secretName: # set the K8S secret name for the Controller endpoints
router:
address: # set the address for the Router endpoints PS: this will not create an Ingress on Kubernetes, it is just for the configuring default router addresse of the ControlPlane
messagePort: # set the message port for the Router endpoints
interiorPort: # set the interior port for the Router endpoints
edgePort: # set the edge port for the Router endpoints
| Field | Description |
|---|---|
| iofogUser | Credentials registered against ioFog Controller REST API. |
| config | Path to the Kubernetes configuration file that potctl uses to install the Controller service to the Kubernetes cluster. (Note: The namespace used with potctl will be the Kubernetes namespace where your components are deployed.) |
| replicas.controller | Defines the number of controller replicas to be deployed. |
| database | Configuration for the database. Includes provider, user, host, port, password, and database name. |
| auth | Authentication configuration for Keycloak. Includes realm, realm key, SSL type, and client/secret configurations. |
| images | Contains image references and pull secrets for various components like operator, controller, proxy, router, etc. |
| services | Specifies the service type (e.g., LoadBalancer or ClusterIP) and optional annotations for the controller, proxy, and router services. |
| controller | Configuration for the Controller service, including the ECN Viewer URL, HTTPS settings, and secret names. |
| ingresses | Ingress configuration for Controller and Router, including annotations, ingress class name, host, and secret name. |
| ingresses.controller | Annotations and ingress settings specific to the Controller, including optional cert-manager and ingress controller configurations. |
| ingresses.router | Address, message port, interior port, and edge port configurations for the Router. |
Router and Proxy Ingress
Above ingress configurations for Router, they are just for the configuring Router address for ControllerPlane
Router TLS Certificates
By default all Router instances on cluster deployed with their TLS certificates. In the case you are not providing root CAs for Router instance Operator will create self-signed certificates and all Router server certificates will be signed with self-signed CA. In the case you would like to use your own CA certificated please make sure you have deployed Kubernetes secrets with name pot-site-ca and default-router-local-ca on the namespace you are deploying ControlPlane
Remote Control Plane
The Remote Control Plane component specifies all the resources required to deploy the ioFog Control Plane on a set of remote hosts.
---
apiVersion: datasance.com/v3
kind: ControlPlane
metadata:
name: remote
spec:
# endpoint: # in the case you would like to set controller behind load balancer, you can set the endpoint here
iofogUser:
name: Foo
surname: Bar
email: user@domain.com
# password: password in the case you are not providing password for user, potctl will ask for password interactively
controllers:
- name: remote-1
host: 10.0.128.192
ssh:
user: foo
keyFile: ~/.ssh/id_rsa
port: 22
# scripts: # in the case you would like to use your own scripts, you can set the scripts here for installation of Controller
# dir: /tmp/my-scripts
# deps:
# entrypoint: install_container_engine.sh
# args: []
# setEnv:
# entrypoint: set_env.sh
# args: []
# install:
# entrypoint: install_iofog.sh
# args:
# - ghcr.io/datasance/controller:3.5.8
# uninstall:
# entrypoint: uninstall_iofog.sh
# ecnViewerPort:
# ecnViewerUrl:
# logLevel:
# https:
# enabled: true
# caCert: # set the base64 encoded string for the CA certificate
# tlsCert: # set the base64 encoded string for the TLS certificate
# tlsKey: # set the base64 encoded string for the TLS key
# siteCA:
# tlsCert: # set the base64 encoded string for the TLS certificate for Router Site CA if not provided, Controller will create self-signed certificate for Router Site CA
# tlsKey: # set the base64 encoded string for the TLS key for Router Site CA if not provided, Controller will create self-signed certificate for Router Site CA
# localCA:
# tlsCert: # set the base64 encoded string for the TLS certificate for Router Local CA if not provided, Controller will create self-signed certificate for Router Local CA
# tlsKey: # set the base64 encoded string for the TLS key for Router Local CA if not provided, Controller will create self-signed certificate for Router Local CA
systemAgent: # systemAgent configuration that runs alongside with Controller on the same host
# package: # you can set the package for Agent installation if you would like to deploy Agent as a deb or rpm package you can set the version, if you would like to deploy Agent as a container you can set the image
# # version: 3.5.5 # set the version for Agent package
# container:
# image: ghcr.io/datasance/agent:3.5.5
# scripts: # in the case you would like to use your own scripts, you can set the scripts here for installation of Agent
# dir: /tmp/my-scripts # set the directory for the scripts for installation of Agent
# deps:
# entrypoint: install_container_engine.sh
# args: []
# install:
# entrypoint: install_iofog.sh
# args:
# - ghcr.io/datasance/agent:3.5.3
# uninstall:
# entrypoint: uninstall_iofog.sh
# args: []
# config: #configuration for System Agent
# fogType: x86
# deploymentType: container
# containerEngine: docker
# networkInterface: enX0
# dockerUrl: unix:///var/run/docker.sock
# diskLimit: 10
# diskDirectory: /var/lib/iofog-agent/
# memoryLimit: 4096
# cpuLimit: 80
# logLimit: 10
# logDirectory: /var/log/iofog-agent/
# logFileCount: 10
# statusFrequency: 10
# changeFrequency: 10
# deviceScanFrequency: 60
# bluetoothEnabled: false
# watchdogEnabled: false
# gpsMode: manual
# gpsScanFrequency: 60
# gpsDevice: ''
# edgeGuardFrequency: 0
# abstractedHardwareEnabled: false
# logLevel: INFO
# dockerPruningFrequency: 0
# availableDiskThreshold: 20
# timeZone: Etc/UTC
- name: remote-2
host: 10.0.128.192
ssh:
user: foo
keyFile: ~/.ssh/id_rsa
port: 22
# ecnViewerPort:
ecnViewerUrl: # set the URL for the ECN Viewer UI for Controller REST API endpoint
# logLevel:
# https:
# enabled: true
# caCert: base64 encoded string
# tlsCert: base64 encoded string
# tlsKey: base64 encoded string
# siteCA:
# tlsCert: base64 encoded string
# tlsKey: base64 encoded string
# localCA:
# tlsCert: base64 encoded string
# tlsKey: base64 encoded string
systemAgent:
package:
container:
image: ghcr.io/datasance/agent:3.5.5
# scripts:
# dir: /Users/emirhan/Documents/GitHub/demo.datasance.com/AWS/4-ControlPlanes/z-remote/agent-scrits
# deps:
# entrypoint: install_container_engine.sh
# args: []
# install:
# entrypoint: install_iofog.sh
# args:
# - ghcr.io/datasance/agent:3.5.3
# uninstall:
# entrypoint: uninstall_iofog.sh
# args: []
# config:
# deploymentType: container
# containerEngine: docker
# package: # you can set the container image for Controller installation
# container:
# image: emirhandurmus/controller:3.5.8
# systemMicroservices:
# router:
# x86: ghcr.io/datasance/router:3.5.2
# arm: ghcr.io/datasance/router:3.5.2
# database: # if you would like to use an external database or have multiple controllers for the ControlPlane, you can set the database here
# provider: postgres/mysql
# user:
# host:
# port: 5432
# password:
# databaseName:
# ssl: true/false
# ca: base64 encoded string
auth:
url: https://example.com/
realm: realm-name
realmKey: realm-key
ssl: exter
controllerClient: pot-controller
controllerSecret:
viewerClient: ecn-viewer
| Field | Description |
|---|---|
| iofogUser | Credentials registered against ioFog Controller REST API. |
| controllers | List of Controller instances. |
| controller.name | User-defined unique identifier of Controller instance within an potctl namespace. Must start and end with lowercase alphanumeric character. Can include '-' character. |
| controller.host | Hostname of remote host that potctl must SSH into to install Controller service. |
| controller.ssh.user | Username of remote host that potctl must SSH into to install Controller service. |
| controller.ssh.keyFile | Path to private SSH key that potctl must use to SSH into remote host to install Controller service. |
| controller.ssh.port | Port to use with SSH. Optional (default: 22). |
| controller.systemAgent | SystemAgent Configuration |
| package.container.image | Remote controller container image |
| systemMicroservices.router | Custom router images |
| database | Configuration for the database. Includes provider, user, host, port, password, and database name. |
| auth | Authentication configuration for Keycloak. Includes realm, realm key, SSL type, and client/secret configurations. |
Local Control Plane
The Local Control Plane component specifies all the resources required to deploy the ioFog Control Plane as a local docker container.
apiVersion: datasance.com/v3
kind: LocalControlPlane
metadata:
name: buffalo
namespace: default
spec:
iofogUser:
name: Foo
surname: Bar
email: user@domain.com
password: g9hr823rhuoi
auth:
url: https://example.com/
realm: realm-name
realmKey: realm-key
ssl: exter
controllerClient: pot-controller
controllerSecret:
viewerClient: ecn-viewer
controller:
container:
image: ghcr.io/datasance/controller:3.5.8
| Field | Description |
|---|---|
| iofogUser | Credentials registered against ioFog Controller REST API. |
| controller | Controller specification. |
| controller.image | Docker image to use as the Controller. |
| auth | Authentication configuration for Keycloak. Includes realm, realm key, SSL type, and client/secret configurations. |
Remote Controller
We can expand a Remote Control Plane by deploying a new Controller.
apiVersion: datasance.com/v3
kind: Controller
metadata:
name: alpaca
namespace: default
spec:
host: 30.40.50.5
ssh:
user: foo
keyFile: ~/.ssh/id_rsa
port: 22
| Field | Description |
|---|---|
| name | User-defined unique identifier of Controller instance within an potctl namespace. Must start and end with lowercase alphanumeric character. Can include '-' character. |
| host | Hostname of remote host that potctl must SSH into to install Controller service. |
| ssh.user | Username of remote host that potctl must SSH into to install Controller service. |
| ssh.keyFile | Path to private SSH key that potctl must use to SSH into remote host to install Controller service. |
| ssh.port | Port to use with SSH. Optional (default: 22) |
Edge Compute Network
An entire ECN can be specified within a single YAML file.
Multiple resources can be incorporated into a single YAML file using --- as a separator.
---
apiVersion: datasance.com/v3
kind: ControlPlane
metadata:
name: buffalo
namespace: default
spec:
iofogUser:
name: John
surname: Doe
email: user@example.com
password: mysecretpw
auth:
url: https://example.com/
realm: realm-name
realmKey: realm-key
ssl: exter
controllerClient: pot-controller
controllerSecret:
viewerClient: ecn-viewer
controllers:
- name: alpaca-1
host: 30.40.50.3
ssh:
user: john
keyFile: ~/.ssh/id_rsa
- name: alpaca-2
host: 30.40.50.4
ssh:
user: john
keyFile: ~/.ssh/id_rsa
---
apiVersion: datasance.com/v3
kind: Agent
metadata:
name: hippo-1
namespace: default
spec:
host: 30.40.50.6
ssh:
user: john
keyFile: ~/.ssh/id_rsa
---
apiVersion: datasance.com/v3
kind: Agent
metadata:
name: hippo-2
namespace: default
spec:
host: 30.40.50.7
ssh:
user: john
keyFile: ~/.ssh/id_rsa
See anything wrong with the document? Help us improve it!