universe.admin.workload.v1
This API is available for CloudAdmin only
Proto file and generated GO client for the API can be found in universe-api repo
This API is served by universe-infra-workload-rule-manager
This API provide a way to define Admin workload rules in infrastructure cluster.
check Manual GRPC API usage doc before start
Here some examples using ‘grpcurl’ tool to access the API:
Replace $API_GW_ADDRESS
with address of iCP API GW in your environment
List AdminWorkloadRules
grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \
-proto universe/admin/workload/v1/admin_workload_rule.proto $API_GW_ADDRESS \
universe.admin.workload.v1.AdminWorkloadRuleService.List
Get AdminWorkloadRule
grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \
-d '{"id": "adminrule1"}' \
-proto universe/admin/workload/v1/admin_workload_rule.proto $API_GW_ADDRESS \
universe.admin.workload.v1.AdminWorkloadRuleService.Get
Delete AdminWorkloadRule
grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \
-d '{"id": "adminrule1"}' \
-proto universe/admin/workload/v1/admin_workload_rule.proto $API_GW_ADDRESS \
universe.admin.workload.v1.AdminWorkloadRuleService.Delete
Create AdminWorkloadRule
Create and Update requests contain binary fields. grpcurl
utility requires
binary fields to be encoded to base64 encoded before they can be used as request parameters.
# put base64 encoded Pod spec to RULE_TEMPLATE shel variable
RULE_TEMPLATE=$(cat << EOM | base64 -w0
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "nginx"
},
"spec": {
"containers": [
{
"name": "nginx",
"image": "nginx:1.14.2",
"ports": [
{
"containerPort": 80
}
]
}
]
}
}
EOM
)
# -d @ argument for grpcurl mean read arguments from STDIN
# use content of RULE_TEMPLATE shel variable as rule.data.rule_template
grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \
-d @ -proto universe/admin/workload/v1/admin_workload_rule.proto $API_GW_ADDRESS \
universe.admin.workload.v1.AdminWorkloadRuleService.Create << EOM
{
"rule": {
"id": "adminrule1",
"tenant_match": [
"tenant1"
],
"data": {
"orchestrator_type": 1,
"resource_type": "v1/Pod",
"dpu_selection_policy": "Any",
"workload_terms": [
{
"match_expressions": [
{
"key": "metadata.resourceNamespace",
"operation": 1,
"values": [
"default"
]
}
]
}
],
"workload_info_inject": [
{
"key": "@",
"as_annotation": {
"name": "full-workload-info"
}
}
],
"rule_template": "$RULE_TEMPLATE"
}
}
}
EOM
syntax = "proto3";
package universe.admin.workload.v1;
import "universe/workload/v1/workload_rule.proto";
service AdminWorkloadRuleService {
// create a new workload rule, return error if rule already exist
rpc Create(CreateRequest) returns (CreateResponse) {}
// update existing workload rule, return error if rule not found
rpc Update(UpdateRequest) returns (UpdateResponse) {}
// delete existing workload rule
rpc Delete(DeleteRequest) returns (DeleteResponse) {}
// get specific instance of workload rule
rpc Get(GetRequest) returns (GetResponse) {}
// list all workload rules
rpc List(ListRequest) returns (ListResponse) {}
}
message AdminRule {
// unique rule id
string id = 1;
// to which tenants this rule should apply
// will apply to all tenants if not set
repeated string tenant_match = 2;
// rule config
universe.workload.v1.RuleData data = 3;
}
// message for create request
message CreateRequest {
AdminRule rule = 1;
}
// message for update request
message UpdateRequest {
AdminRule rule = 1;
}
// message for delete request
message DeleteRequest {
// id of a rule to remove
string id = 1;
}
// message for get request
message GetRequest {
// id of a rule to retrieve
string id = 1;
}
// message for list request
// no parameters supported for now
message ListRequest {}
// message for Response of the create request
message CreateResponse {}
// message for Response of the update request
message UpdateResponse {}
// message for Response of the delete request
message DeleteResponse {}
// message for Response of the get request
message GetResponse {
// contains adminrule spec
AdminRule rule = 1;
}
// message for Response of the list request
message ListResponse {
// list of adminrules with specs
repeated AdminRule rules = 1;
}