universe.workload.v1

Note

This APIs are available for Tenants only

Proto file and generated GO client for the API can be found in universe-api repo

This API is served by universe-infra-workload-manager

The intent of this API is to send notifications about Workloads which running in the tenant cluster to infrastructure cluster.

universe-k8s-tenant-workload-plugin use this API.

Workload - API

Copy
Copied!
            

syntax = "proto3"; package universe.workload.v1; // The following client metadata fields are used: // "tenant-id" (required): tenant identifier service WorkloadService { // WorkloadStream provide directional stream from client to server rpc WorkloadStream(stream WorkloadStreamRequest) returns (WorkloadStreamResponse) {} } // supported orchestrator type enum OrchestratorType { ORCHESTRATOR_TYPE_UNSPECIFIED = 0; ORCHESTRATOR_TYPE_KUBERNETES = 1; } // WorkloadMetadata contains meta information about workload message WorkloadMetadata { // unique workload ID, e.g. Pod resource UID for k8s string id = 1; // orchestrator identifier for the workload OrchestratorType orchestrator = 2; // resource type identifier in orchestrator, e.g. v1/Pod for k8s string resource_type = 3; // identifier of the orchestrator specific abstraction for resource // grouping/isolation, // for example for k8s - namespace, for Openstack - project. // if orchestrator has no concept similar to namespace/project/tenant this // field should be empty string resource_namespace = 4; // human readable identifier for resource with resource_type for orchestrator, // e.g. podName for k8s string resource_name = 5; } // WorkloadState contains complete description of the object state // This message should reflect the current state of the object, // not the fact that object was changed. // That's mean that each field of the message can be set independently // to provide an accurate description of the current state of the object. message WorkloadState { // name of the node on which this workload is started string node_name = 1; // indicate if workload is in ready state bool ready = 2; // orchestrator-specific information which will help to identify resource // and describe its state message ExtraData { map<string, string> data = 1; } // contains ExtraData // for k8s it is expected that extra field will include labels and annotations keys // which will hold all labels and annotations of the workload in k8s cluster map<string, ExtraData> extra = 3; } // WorkloadUpdate contains workload metadata and workload state message WorkloadUpdate { WorkloadMetadata workload_metadata = 1; WorkloadState workload_state = 2; } // WorkloadDelete message should be used to notify that workload was removed from the // cluster. message WorkloadDelete { WorkloadMetadata workload_metadata = 1; } // WorkloadSync contains list of WorkloadUpdate objects message WorkloadSync { repeated WorkloadUpdate workload_updates = 1; } // WorkloadStreamRequest contains messages which can be send by client message WorkloadStreamRequest { oneof message { WorkloadUpdate workload_update = 1; WorkloadDelete workload_delete = 2; WorkloadSync workload_sync = 3; } } // WorkloadStreamResponse contains messages which can be send by server message WorkloadStreamResponse {}

This API is served by universe-infra-workload-rule-manager

This API provide a way to define Tenant workload rules in infrastructure cluster.

universe-k8s-tenant-workload-rule-plugin use this API.

Examples

check Manual GRPC API usage doc before start

Here some examples using ‘grpcurl’ tool to access the API:

Note

Replace $API_GW_ADDRESS with address of iCP API GW in your environment

Replace $TENANT_ID with existing tenant id

List WorkloadRules

Copy
Copied!
            

grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \ -H tenant-id:$TENANT_ID \ -proto universe/workload/v1/workload_rule.proto $API_GW_ADDRESS \ universe.workload.v1.WorkloadRuleService.List

Get WorkloadRule

Copy
Copied!
            

grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \ -H tenant-id:$TENANT_ID \ -d '{"id": "tenantrule1"}' \ -proto universe/workload/v1/workload_rule.proto $API_GW_ADDRESS \ universe.workload.v1.WorkloadRuleService.Get

Delete WorkloadRule

Copy
Copied!
            

grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \ -H tenant-id:$TENANT_ID \ -d '{"id": "tenantrule1"}' \ -proto universe/workload/v1/workload_rule.proto $API_GW_ADDRESS \ universe.workload.v1.WorkloadRuleService.Delete

Create WorkloadRule

Note

Create and Update requests contain binary fields. grpcurl utility requires binary fields to be encoded to base64 encoded before they can be used as request parameters.

Copy
Copied!
            

# put base64 encoded Pod spec to RULE_TEMPLATE shel variable RULE_TEMPLATE=$(cat << EOM | base64 -w0 { "apiVersion": "v1", "kind": "Pod", "metadata": { "name": "nginx" }, "spec": { "containers": [ { "name": "nginx", "image": "nginx:1.14.2", "ports": [ { "containerPort": 80 } ] } ] } } EOM ) # -d @ argument for grpcurl mean read arguments from STDIN # use content of RULE_TEMPLATE shel variable as rule.data.rule_template grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \ -H tenant-id:$TENANT_ID \ -d @ -proto universe/workload/v1/workload_rule.proto $API_GW_ADDRESS \ universe.workload.v1.WorkloadRuleService.Create << EOM { "rule": { "id": "tenantrule1", "data": { "orchestrator_type": 1, "resource_type": "v1/Pod", "dpu_selection_policy": "Any", "workload_terms": [ { "match_expressions": [ { "key": "metadata.resourceNamespace", "operation": 1, "values": [ "default" ] } ] } ], "workload_info_inject": [ { "key": "@", "as_annotation": { "name": "full-workload-info" } } ], "rule_template": "$RULE_TEMPLATE" } } } EOM

WorkloadRule - API

Copy
Copied!
            

syntax = "proto3"; package universe.workload.v1; import "universe/workload/v1/workload.proto"; // The following client metadata fields are used: // "tenant-id" (required): tenant identifier service WorkloadRuleService { // create a new workload rule, return error if rule already exist rpc Create(CreateRequest) returns (CreateResponse) {} // update existing workload rule, return error if rule not found rpc Update(UpdateRequest) returns (UpdateResponse) {} // delete existing workload rule rpc Delete(DeleteRequest) returns (DeleteResponse) {} // get specific instance of workload rule rpc Get(GetRequest) returns (GetResponse) {} // list all workload rules rpc List(ListRequest) returns (ListResponse) {} } message Rule { // unique rule id string id = 1; // rule config RuleData data = 2; } message RuleData { // orchestrator type for workload that shall be matched by this rule OrchestratorType orchestrator_type = 1; // orchestrator specific resource type for workload that shall be matched by this rule string resource_type = 2; // workload match terms // if multiple match terms specified they will be ORed, // rule will match workload if at least one RuleWorkloadTerm matches workload repeated RuleWorkloadTerm workload_terms = 3; // dpu selection policy, can be SameNode or Any string dpu_selection_policy = 4; // workload inject settings repeated WorkloadInfoInject workload_info_inject = 5; // template of the resource which will be created if rule matches workload bytes rule_template = 6; } // contains match expressions which will be used to examine workload // match_expressions are ANDed, workloadTerm is true if all match expressions // inside it are true message RuleWorkloadTerm { repeated RuleMatchExpression match_expressions = 1; } // expression to check workload field message RuleMatchExpression { // name of the workload field in JSONPath format string key = 1; // operation field should be set, UNSPECIFIED value will // return error enum Operation { // invalid request OPERATION_UNSPECIFIED = 0; // value from workload[RuleMatchExpression.key] // should be in RuleMatchExpression.values list OPERATION_IN = 1; // value from workload[RuleMatchExpression.key] // should not be in RuleMatchExpression.values list OPERATION_NOT_IN = 2; // workload object should have RuleMatchExpression.key OPERATION_EXISTS = 3; // workload object should not have RuleMatchExpression.key OPERATION_DOES_NOT_EXIST = 4; // value from workload[RuleMatchExpression.key] should be greater than // RuleMatchExpression.values[0] OPERATION_GT = 5; // value from workload[RuleMatchExpression.key] should be less than // RuleMatchExpression.values[0] OPERATION_LT = 6; } // operation to use for key examination Operation operation = 2; // values to use for examination // should contain one or more values if operation is IN and NOT_IN, // should contain single element if operation is EXISTS and DOES_NOT_EXIST, // should contains single element convertible to integer is operation is GT and LT repeated string values = 3; } // hold different kind of inject configurations message WorkloadInfoInject { string key = 1; oneof message { // hold configuration for AsAnnotation inject method WorkloadInfoInjectConfigAsAnnotation as_annotation = 2; } } message WorkloadInfoInjectConfigAsAnnotation { string name = 1; } // message for create request message CreateRequest { // full rule object Rule rule = 1; } // message for update request message UpdateRequest { // full rule object Rule rule = 1; } // message for delete request message DeleteRequest { // id of a rule to remove string id = 1; } // message for get request message GetRequest { // id of a rule to retrieve string id = 1; } // message for list request // no parameters supported for now message ListRequest {} // message for response of the create request message CreateResponse {} // message for response of the update request message UpdateResponse {} // message for response of the delete request message DeleteResponse {} // message for response of the get request message GetResponse { // contains single rule spec Rule rule = 1; } // message for response of the list request message ListResponse { // list of rules with specs repeated Rule rules = 1; }

Previous universe.admin.provisioning.v1
Next universe.admin.workload.v1
© Copyright 2023, NVIDIA. Last updated on Feb 7, 2024.