NVIDIA Docs Hub NVIDIA Networking Networking Software Cloud Orchestration Network Operator Application Notes 23.10.0 - Sphinx Test universe-k8s-tenant-workload-rule-plugin

universe-k8s-tenant-workload-rule-plugin

universe-k8s-tenant-workload-rule-plugin is a Kubernetes operator built with operator-sdk.

universe-k8s-tenant-workload-rule-plugin use WorkloadRule service of universe.workload.v1 GRPC API to create WorkloadRules in infrastructure cluster.

universe-k8s-tenant-workload-rule-plugin expose CRD based API in Tenant cluster:

WorkloadRule CRD

Repository

universe-k8s-tenant-workload-rule-plugin repo

Images

Main registry:

harbor.mellanox.com/cloud-orchestration-dev/universe-k8s-tenant-workload-rule-plugin:0.5.0-dev

harbor.mellanox.com/cloud-orchestration-dev/universe-grpc-proxy:0.5.0-dev

Alternative registry:

nvcr.io/nvstaging/doca/universe-k8s-tenant-workload-rule-plugin:0.5.0-dev

nvcr.io/nvstaging/doca/universe-grpc-proxy:0.5.0-dev

Parameters

Name	Description	Default value
namespace	namespace for Universe CR objects	default
max-concurrent-reconciles	maximum number of concurrent Reconciles which can be run	10
periodic-check-interval	check interval for resources in infrastructure cluster (in seconds)	5
universe-workload-api-address	address of the universe.workload.v1 API, usually address of the proxy sidecar	127.0.0.1:10000

Note

universe-k8s-tenant-workload-rule-plugin doesn’t support TLS and injection of the required GRPC metadata (check universe.resource.v1 GRPC API for detail).

Usually universe-k8s-tenant-workload-rule-plugin is deployed with Envoy-based universe-grpc-proxy sidecar container which implements all required features.

Sidecar container is responsible for forwarding universe-k8s-tenant-workload-rule-plugin requests to universe-infra-api-gateway in a secure manner.

Previous universe-k8s-tenant-workload-plugin

Next Infrastructure cluster control plane