Skip to main content

Introduction

The Ditto SDK v5 has renamed Application to Database and AppID to DatabaseID. The operator will update this terminology in a future release. This documentation uses the older Application terminology that matches the current release.
The Ditto Operator allows you to deploy Big Peer (aka Ditto Server), Ditto’s cloud sync engine and data integration platform, to your own self-hosted Kubernetes environment. Ditto Operator simplifies the configuration of the various components that form Big Peer, allowing you to focus on developing applications that get you connected to the cloud.

Prerequisites

A few prerequisites need to be running before you install the Operator and deploy Big Peer.

Kubernetes Environment

The following steps assume you have a Kubernetes cluster, on at least version 1.31. If you’re looking to try the Operator locally, we recommend using kind, a tool for running Kubernetes locally using Docker.
Here’s an example configuration you can use, which will expose the Big Peer Ingress on your local device, allowing you to follow the steps later in this guide:

Tools

You’ll also need to have kubectl and helm installed, with the appropriate KUBECONFIG current-context set.

Installing Certificate Manager

The Ditto Operator uses cert-manager to issue various auth-related certificates. You can install cert-manager into the target cluster using:
Verify the installation was successful by checking the status of the cert-manager pods:

Installing an Ingress

The Ditto Operator manages ingresses to route traffic into the various Big Peer services. We recommend using an ingress-nginx, as specific nginx specific annotations are used for optimal hashing. This guide will assume that nginx is being used.
The Ditto Operator can support other ingress controllers, but these may require different annotations. Please get in touch with Ditto support for guidance.
To install nginx:
If you opted to use Kind config provided to run the cluster locally, run the following:
Verify the installation was successful by checking the status of the nginx pods:

Installing Strimzi

The Ditto Operator uses strimzi to create a Kafka cluster and topic for the transaction log. You must install strimzi, a Kafka Operator, into the target cluster using:
0.49.0 is the latest version of Strimzi compatible with the Ditto Operator. Newer versions (including 1.0.0) are not yet supported and will cause the Big Peer controller to fail when applying Kafka resources.
Verify the installation was successful by checking the status of the strimzi pods:
For convenience, this instructs Strimzi to watch all namespaces for Kafka resources.If you wish to constrain this behaviour (for example you deploy Kafka for your other applications in another namespace) you can use --set watchNamespaces to specify the namespace you’re using for Ditto. Eg: --set watchNamespaces=ditto,another-ditto-namespace

Installing the Ditto Operator

With all prerequisites taken care of, the latest stable version of the Ditto Operator can be installed using the helm chart and image located at oci://quay.io/ditto-external/ditto-operator:
This installs the Operator into a newly created ditto namespace. All further steps will refer to this namespace.
Various configuration options are available in the chart’s values.yaml. You can view them with helm show values oci://quay.io/ditto-external/ditto-operator.These values can be overridden using helm’s --set syntax. Further documentation for these values, and what they do, is coming soon.
You can now verify the Ditto Operator is installed and running with:
The various Ditto-related CRDs (Custom Resource Definitions) that were installed by the chart can be viewed using:
Which will return output similar to:

Deploying a Big Peer

Here’s a minimal example to deploy Big Peer:
This will deploy a Big Peer which is:
  • Running on version 1.59.0
  • Defines an ingress on localhost
  • Enables Ditto SDK device auth via the provider named __playgroundProvider:
    • Devices have read and write access to all collections
    • A Small Peer can authenticate using an “Online Playground” identity with a shared token of abc123
    • This is a global authentication configuration which can be used to authenticate to any app on the Big Peer
OnlinePlayground is ideal for development and testing, as it allows you to quickly define a shared token that can be shared with devices for auth.OnlineWithAuthentication is more appropriate for production use.For more on connecting with the SDK, see: SDK -> Authentication & Authorization
Small Peers using an OnlinePlayground or OnlineWithAuthentication identity try to connect to Ditto’s cloud service by default. Extra configuration is required to point it to your Big Peer.
  • In the parameters to OnlinePlayground, provide a custom authentication URL pointing to the ingress, e.g. “https://my-host
  • In the parameters to OnlinePlayground, set “enable cloud sync” to false
  • Set a TransportConfig with a websocket URL pointing to your ingress. In the Rust SDK, for example: transport_config.connect.websocket_urls.insert("wss://my-host".to_owned())
If the BigPeer was applied successfully, the various components of the Big Peer can be observed by running:
Which will match all running pods with the above BigPeer’s metadata.name, which is "example" in this case:

Configuring Big Peer

Once Big Peer is deployed, you’ll need to configure it for first time usage.
By default, attachments use ephemeral in-memory storage. For production, configure an external attachment backend — see Attachments.

The Operator API

You can manage Big Peer from within Kubernetes by using Ditto Custom Resources. Alternatively, the Ditto Operator provides a RESTful API for creating Apps and managing their configuration. At this time, the Operator API does not have an authentication mechanism, and should not be exposed to the publicly. It is intended for use within the K8s cluster only. To access the API, we recommend port-forwarding to ensure it remains secure and only accessible from your local machine. For example:
For the purpose of this guide, we’ll assume you’ve port-forwarded in this way.

Creating an App

In Ditto, an App is a logical container for your data. An App needs to be registered with Big Peer before you can start creating documents. Each app has a unique ID that’s used to identify it across different Big Peers and devices. You’ll use this ID for all interactions with your App, including:
  • Connecting to the App from the Ditto SDK
  • Making HTTP API calls to the App
  • Setting up replication between Big Peers
Using the Operator API is the simplest way to create a new App.
This will create an App called example-app, running on the example Big Peer, in the ditto namespace.If successful, you should receive a response like this:
Take note of the appId from the response, you’ll need this later to use the HTTP API.

App-scoped Authentication Providers

The auth providers listed in the BigPeer resource are available to all apps. You can also configure providers for a specific BigPeerApp by including an auth configuration. The following example defines an external webhook with the provider name my-provider.
An anonymous provider may also be specified at the app level. Make sure to give it the name __playgroundProvider so that it can be used by Ditto SDKs using an OnlinePlayground identity.

Using the Big Peer HTTP API

Using the HTTP API is the quickest way to verify your installation is running.
If you’ve deployed locally using the kind example config provided, these queries should work out of the box.Otherwise, you may need to update the localhost according to the ingress you’ve configured on your K8s deployment.

Generate an API Key

To use the Big Peer HTTP API, you’ll need to generate an API key. This can only be done using the Operator API. For this guide, we’ll create an API key that can has read and write access to all collections, with a very long expiry. For production scenarios, you may want to customise the scope of the API Keys access, and its expiry. First, ensure you have port-forwarded to the Operator as described in the previous section. Then, create an API key for your app using a POST request:
You’ll receive the raw API key as the response:
The raw API key is only shown once and is not stored anywhere. Make sure to save it securely, as you’ll need it for all HTTP API requests.
You can verify the API key was created by listing all keys for your app:
You can also verify this using kubectl as the Operator will make a BigPeerApiKey object to manage this key:

Insert an item into the cars collection

These examples assume you’ve deployed locally using the kind example config provided. If not, you may need to update localhost to the hostname you’ve configured as for your ingress.Remember to replace YOUR_API_KEY with the API key generated earlier.
This:
  • Uses the API key generated earlier
  • Inserts a new document into the cars collection, which will implicitly be created

List all items in the cars collection

We can then verify that the document was created with:

Connecting with the Ditto SDK

The Ditto Quickstart apps are the quickest way to get started using the Ditto SDK with an Operator managed Big Peer. Quickstart apps are available for various platforms including Swift, Java, React Native, Flutter, and more. You can find them in our GitHub repository. To get connected with minimal configuration for development and testing, we recommend using OnlinePlayground authentication. The Big Peer we deployed earlier has an OnlinePlayground auth provider configured with a shared token of abc123.
1

Clone the Quickstart repository

2

Configure .env file

Edit the .env file to set the following variables:If you’ve deployed using our suggested kind example config, and deployed a Big Peer and App per this guide, these values will be:
3

Run the app

Follow the steps README in the Quickstart repository for the SDK you’re using to run the app.For example, for the JavaScript TUI Quickstart app, you’ll need to run:
4

Verify the connection

The Quickstart app should launch and display “Sync Active”. You can then create some tasks.Quickstart DemoTo verify the tasks are being synced to your Big Peer, you can start another instance of the Quickstart app and confirm the tasks you’ve created are visible.You can also verify this by querying the tasks collection using the HTTP API:

Troubleshooting

Deleting the transaction log Kafka topic

If you find yourself needing to delete the transaction log Kafka topic, such as when attempting to reinstall Big Peer to a clean slate and discard past data, be aware that the transaction log topic has deletion protection enabled by default. Forcing the deletion, such as via removing the finalizer on the KafkaTopic custom resource, can cause the Kafka brokers and Strimzi operator to retain old state, such as transaction offsets. In order to cleanly delete the topic, you’ll need to override this setting within the BigPeer custom resource:
With that setting in place, you’ll be able to remove the KafkaTopic, allowing the Ditto Operator to cleanly recreate it without past data or offsets.

Uninstalling using Helm

Before continuing, ensure any Big Peer resources that were created have been deleted. You can check for existing resources using the following command:
It is recommended you delete these resources before uninstalling the Ditto Operator. Otherwise, if you plan to reinstall the Ditto Operator again later the new installation will immediately discover the previous resources and proceed to create them anew. You can now delete the helm release that was created in Installing the Ditto Operator: