Developer Guide
Summary
Section titled “Summary”This guide provides step-by-step instructions for setting up a development environment to install and run the Datum Cloud operators. It is targeted toward a technical audience familiar with Kubernetes, kubebuilder, and controller-runtime.
By following this guide, you will:
- Install and configure necessary development tools.
- Set up a kind cluster for access to a Kubernetes control plane.
- Install and run the Workload Operator, Network Services Operator, and Infra Provider GCP components.
- Configure and use Config Connector for managing GCP resources.
- Register a Location and create a sample Datum Workload.
Prerequisites
Section titled “Prerequisites”Ensure the following are installed and properly configured:
Troubleshooting
Section titled “Troubleshooting”If errors such as Command 'make' not found are encountered, reference the
following guides for installing required build tools:
Control Plane Setup
Section titled “Control Plane Setup”Create Kind Cluster
Section titled “Create Kind Cluster”Create a kind cluster for development:
kind create cluster --name datumInstall Third Party Operators
Section titled “Install Third Party Operators”cert-manager
Section titled “cert-manager”Install cert-manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yamlEnsure that cert-manager pods are running and ready:
kubectl wait -n cert-manager --for=condition=Ready pod --allThe output is similar to:
pod/cert-manager-b6fd485d9-2s78z condition metpod/cert-manager-cainjector-dcc5966bc-ntbw4 condition metpod/cert-manager-webhook-dfb76c7bd-vxgb8 condition metRefer to the cert-manager installation guide for more details.
GCP Config Connector
Section titled “GCP Config Connector”GCP Config Connector is used to manage Google Cloud resources directly from Kubernetes. The infra-provider-gcp application integrates with GCP Config Connector to create and maintain resources in GCP based on Kubernetes custom resources.
Tip: The service account creation instructions in the installation guide result in granting significantly more access to the GCP project than necessary. It is recommended to only bind the following roles to the service account:
roles/compute.adminroles/container.adminroles/secretmanager.adminroles/iam.serviceAccountAdminroles/iam.serviceAccountUser
Follow the installation guide,
making sure to retain the service account credential saved to key.json, as
this will be required later by infra-provider-gcp. The target Kubernetes cluster
will be the kind cluster created in this guide.
Note: The section “Specifying where to create your resources” can be skipped.
Datum Operator Installation
Section titled “Datum Operator Installation”Clone the following repositories into the same parent folder for ease of use:
Note: The make commands can take some time to execute for the first time.
Workload Operator
Section titled “Workload Operator”-
In a separate terminal, navigate to the cloned
workload-operatorrepository:Terminal window cd /path/to/workload-operator -
Install CRDs:
Terminal window make install -
Start the operator:
Terminal window make run
Network Services Operator
Section titled “Network Services Operator”-
In a separate terminal, navigate to the cloned
network-services-operatorrepository:Terminal window cd /path/to/network-services-operator -
Install CRDs:
Terminal window make install -
Start the operator:
Terminal window make run
Infra Provider GCP
Section titled “Infra Provider GCP”-
In a separate terminal, navigate to the cloned
infra-provider-gcprepository:Terminal window cd /path/to/infra-provider-gcp -
Create an
upstream.kubeconfigfile pointing to thedatumkind cluster. This extra kubeconfig file is required due to the operator’s need to orchestrate resources between multiple control planes. For development purposes, these can be the same endpoints.Terminal window kind export kubeconfig --name datum --kubeconfig upstream.kubeconfig -
Start the operator after ensuring that the
GOOGLE_APPLICATION_CREDENTIALSenvironment variable is set to the path for the key saved while installing GCP Config Connector.Terminal window export GOOGLE_APPLICATION_CREDENTIALS=/path/to/key.jsonTerminal window make run
Create Datum Resources
Section titled “Create Datum Resources”Register a Self Managed Location
Section titled “Register a Self Managed Location”Before creating a workload, a Location must be registered.
Use the following example manifest to create a location which Datum’s control
plane will be responsible for managing, replacing GCP_PROJECT_ID with
your GCP project id:
apiVersion: networking.datumapis.com/v1alphakind: Locationmetadata: name: my-gcp-us-south1-aspec: locationClassName: self-managed topology: topology.datum.net/city-code: DFW provider: gcp: projectId: GCP_PROJECT_ID region: us-south1 zone: us-south1-a- Replace
topology.datum.net/city-code’s value (DFW) with the desired city code for your workloads. - Update the
gcpprovider settings to reflect your GCP project ID, desired region, and zone.
Apply the manifest:
kubectl apply -f <path-to-location-manifest>List Locations:
kubectl get locationsNAME AGEmy-gcp-us-south1-a 5sCreate a Network
Section titled “Create a Network”Before creating a workload, a Network must be created. You can use the following manifest to do this:
{{< alert title=“Note” color=“info”>}} In the future, a default network may automatically be created in a namespace. {{< /alert >}}
apiVersion: networking.datumapis.com/v1alphakind: Networkmetadata: name: defaultspec: ipam: mode: AutoApply the manifest:
kubectl apply -f <path-to-network-manifest>List Networks:
kubectl get networksNAME AGEdefault 5sCreate a Workload
Section titled “Create a Workload”Caution: These actions will result in billable resources being created in the GCP project for the target location. Destroy any resources which are not needed to avoid unnecessary costs.
Create a manifest for a sandbox based workload, for example:
apiVersion: compute.datumapis.com/v1alphakind: Workloadmetadata: name: my-container-workloadspec: template: spec: runtime: resources: instanceType: datumcloud/d1-standard-2 sandbox: containers: - name: httpbin image: mccutchen/go-httpbin ports: - name: http port: 8080 networkInterfaces: - network: name: default networkPolicy: ingress: - ports: - port: 8080 from: - ipBlock: cidr: 0.0.0.0/0 placements: - name: us cityCodes: ['DFW'] scaleSettings: minReplicas: 1Apply the manifest:
kubectl apply -f <path-to-workload-manifest>Check the state of the workload
Section titled “Check the state of the workload”kubectl get workloadsThe output is similar to:
NAME AGE AVAILABLE REASONmy-container-workload 9s False NoAvailablePlacementsThe REASON field will be updated as the system progresses with attempting to
satisfy the workload’s intent.
Check Workload Deployments
Section titled “Check Workload Deployments”A Workload will result in one or more WorkloadDeployments being created, one for each unique CityCode per placement.
kubectl get workloaddeploymentsThe output is similar to:
NAME AGE LOCATION NAMESPCE LOCATION NAME AVAILABLE REASONmy-container-workload-us-dfw 58s default my-gcp-us-south1-a False LocationAssignedSimilar to workloads, the REASON field will be updated as the system
progresses with attempting to satisfy the workload’s intent. In this case, the
infra-provider-gcp operator is responsible for these actions.
Check Instances
Section titled “Check Instances”kubectl -n default get instances -o wideThe output is similar to:
NAME AGE AVAILABLE REASON NETWORK IP EXTERNAL IPmy-container-workload-us-dfw-0 24s True InstanceIsRunning 10.128.0.2 34.174.154.114Confirm that the go-httpbin application is running:
curl -s http://34.174.154.114:8080/uuid{ "uuid": "8244205b-403e-4472-8b91-728245e99029"}Delete the workload
Section titled “Delete the workload”Delete the workload when testing is complete:
kubectl delete workload my-container-workload