centra/photoncloud-monorepo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
photoncloud-monorepo/nix/test-cluster/node06.nix
centra 4ab47b1726
Implement declarative tenant networking and local VM dataplane 
Add tenant-scoped PrismNET routing, security-group, port, and service-IP APIs plus a deployer reconciler and Nix module that apply declarative tenant network state.

Teach PlasmaVMC to realize PrismNET NICs as a concrete local worker dataplane with Linux bridges, dnsmasq-backed DHCP, tap devices, richer network metadata, stable managed-volume IDs, and file:// image imports.

Expand the VM cluster validation around the new path, including the guest webapp demo, restart and cross-node migration checks, IAM listener reservation hardening, and a flake workspace-source-root audit so Nix builds keep path dependencies complete.
2026-04-04 00:07:43 +09:00

140 lines
3.8 KiB
Nix
Raw Blame History

# node06 - Gateway Node
#
# Services: APIGateway, NightLight, minimal auth-integrated CreditService reference
{ config, lib, pkgs, ... }:
{
imports = [
./common.nix
../modules/apigateway.nix
../modules/nightlight.nix
../modules/creditservice.nix
../modules/deployer.nix
../modules/fleet-scheduler.nix
];
networking.hostName = "node06";
virtualisation = {
memorySize = 1536;
diskSize = 10240;
};
networking.interfaces.eth1.ipv4.addresses = [{
address = "10.100.0.100";
prefixLength = 24;
}];
services.apigateway = {
enable = true;
port = 8080;
iamAddr = "10.100.0.11:50080";
# Configure routes to control plane and tenant-facing services
routes = [
{
name = "iam-auth";
pathPrefix = "/api/v1/auth";
upstream = "http://${config.plasmacloud.cluster.nodes.node01.ip}:8083";
}
{
name = "prismnet-vpcs";
pathPrefix = "/api/v1/vpcs";
upstream = "http://${config.plasmacloud.cluster.nodes.node01.ip}:8087";
}
{
name = "prismnet-subnets";
pathPrefix = "/api/v1/subnets";
upstream = "http://${config.plasmacloud.cluster.nodes.node01.ip}:8087";
}
{
name = "prismnet-routers";
pathPrefix = "/api/v1/routers";
upstream = "http://${config.plasmacloud.cluster.nodes.node01.ip}:8087";
}
{
name = "prismnet-security-groups";
pathPrefix = "/api/v1/security-groups";
upstream = "http://${config.plasmacloud.cluster.nodes.node01.ip}:8087";
}
{
name = "prismnet-ports";
pathPrefix = "/api/v1/ports";
upstream = "http://${config.plasmacloud.cluster.nodes.node01.ip}:8087";
}
{
name = "prismnet-service-ip-pools";
pathPrefix = "/api/v1/service-ip-pools";
upstream = "http://${config.plasmacloud.cluster.nodes.node01.ip}:8087";
}
{
name = "plasmavmc-vms";
pathPrefix = "/api/v1/vms";
upstream = "http://${config.plasmacloud.cluster.nodes.node01.ip}:8084";
timeoutMs = 1200000;
}
{
name = "nightlight-metrics";
pathPrefix = "/api/v1/metrics";
upstream = "http://127.0.0.1:9090/api/v1";
stripPrefix = true;
}
{
name = "creditservice-rest";
pathPrefix = "/api/v1/credits";
upstream = "http://127.0.0.1:3011/api/v1";
stripPrefix = true;
}
];
};
services.nightlight = {
enable = true;
grpcPort = 50088;
httpPort = 9090;
};
services.creditservice = {
enable = true;
grpcPort = 50089;
chainfireAddr = config.photonTestCluster.chainfireControlPlaneAddrs;
flaredbAddr = config.photonTestCluster.flaredbControlPlaneAddrs;
iamAddr = "10.100.0.11:50080";
};
services.deployer = {
enable = true;
bindAddr = "0.0.0.0:8088";
chainfireEndpoints = [
"http://10.100.0.11:2379"
"http://10.100.0.12:2379"
"http://10.100.0.13:2379"
];
clusterId = "test-cluster";
allowUnauthenticated = false;
allowUnknownNodes = false;
requireChainfire = true;
bootstrapToken = "test-bootstrap-token";
adminToken = "test-admin-token";
bootstrapFlakeBundle = pkgs.plasmacloudFlakeBundle;
seedClusterState = true;
};
services.fleet-scheduler = {
enable = true;
chainfireEndpoint = config.photonTestCluster.chainfireControlPlaneAddrs;
clusterId = "test-cluster";
intervalSecs = 10;
heartbeatTimeoutSecs = 60;
iamEndpoint = "http://10.100.0.11:50080";
fiberlbEndpoint = "http://10.100.0.11:50085";
flashdnsEndpoint = "http://10.100.0.11:50084";
publishAddress = "10.100.0.11";
defaultOrgId = "native-services";
defaultProjectId = "test-cluster";
controllerPrincipalId = "fleet-scheduler";
};
environment.systemPackages = [ pkgs.deployer-ctl ];
}
Reference in a new issue View git blame Copy permalink