-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
integrate external device inventory proposal draft #45
base: main
Are you sure you want to change the base?
Conversation
d1844e7
to
3787b21
Compare
@kate-goldenring , my bad the previous PR wrongly includes non-relevant commits. Recreate and reply your comments as below. Is it the Agent or Discovery Handlers that will reach out to the device registry? Would be good to add a section defining the API in detail, specifically the contents of the query how will the device inventory service know to trust the Akri Agent and vice versa? Why not make the connection with the device inventory part of the initial discovery process in the discovery handlers? So, instances are created fully formed and all information is grabbed at once? instead of Akri hosting the service, maybe it would be better to add another endpoint to the inventory service that should also be exposed to kubernetes. This matches akris approach to date of query for devices rather than being told about them. but if we want the updateDevice endpoint as well, this may make sense I wonder if the /addDevice and /updateDevice services can be bundled together under some device registry extension to Akri what changes to the DiscoveryHandler interface are needed to support credentials how to move credentials around securely how new device credentials are passed to running brokers. I wonder if there needs to be some way for the device registry to pass "device registry access creds" that can be given to brokers to query for new creds when they expire but maybe this opens up the registry too much and defeats the point of rotating creds We might need to create a new threat model around this to understand the flow of trust and creds. |
first version. Akri can get more device related information beyond discovery. Suggest Akri agent talking with an external device inventory POD/service Signed-off-by: Leo Lu <leolu@microsoft.com>
Make the proposal clearer by drawing device discovery handler in, since I found device discovery handler is not inside Akri agent Signed-off-by: Leo Lu <leolu@microsoft.com>
f5fd665
to
8d60095
Compare
@kate-goldenring , I did not know device discovery handler is not embedded in Akri agent but separate POD. The proposal should clearly define the flow with discovery handler together. I update the diagram. The discovery handler is added in. To minimize the change request, I suggest a new gRPC service in Akri agent for discovery handler to talk with agent during the discovery procedure. This is necessary for discovering credential protected Onvif camera. |
@leolumicrosoft originally the discovery handlers were embedded, but we soon moved them behind a gRPC interface so that not all discovery protocols needed to be embedded in the agent. You can still conditionally compile them into the agent. I'd recommend skimming through our architecture documentation if you havent already. This diagram lays out all of akris components, this walks through the information flow, and this section on resource discovery talks about the discovery handler interface. It may make more sense to extend this interface rather than make a new one. |
@kate-goldenring , yes, I already changed the proposal based on the links you shared, please review the proposal again. With keeping the current structure (discovery handler talking with Agent with gRPC call), I suggest adding a new gRPC service:RequestDeviceInfo in Agent that device handler may call it to fetch more device information through Agent. It does not deprecate current device handler. For example, current Onvif handler will still work for non-protected camera. Optionally, it is also possible to enhance current onvif handler to support Onvif authentication, by calling RequestDeviceInfo during the discovery procedure. That is drawn in proposal. I will create a PR to show the suggested code work. |
Can this proposal be built up to discuss/detail the proposed implementation: project-akri/akri#520. Specifically, detail the defined services and payloads and discuss the decision making around it. |
first version.
Akri can get more device related information beyond discovery.
Suggest Akri agent talking with an external device inventory POD/service