universe.workload.v1
This APIs are available for Tenants only
Proto file and generated GO client for the API can be found in universe-api repo
This API is served by universe-infra-workload-manager
The intent of this API is to send notifications about Workloads which running in the tenant cluster to infrastructure cluster.
universe-k8s-tenant-workload-plugin use this API.
Workload - API
syntax = "proto3";
package universe.workload.v1;
// The following client metadata fields are used:
// "tenant-id" (required): tenant identifier
service WorkloadService {
// WorkloadStream provide directional stream from client to server
rpc WorkloadStream(stream WorkloadStreamRequest) returns (WorkloadStreamResponse) {}
}
// supported orchestrator type
enum OrchestratorType {
ORCHESTRATOR_TYPE_UNSPECIFIED = 0;
ORCHESTRATOR_TYPE_KUBERNETES = 1;
}
// WorkloadMetadata contains meta information about workload
message WorkloadMetadata {
// unique workload ID, e.g. Pod resource UID for k8s
string id = 1;
// orchestrator identifier for the workload
OrchestratorType orchestrator = 2;
// resource type identifier in orchestrator, e.g. v1/Pod for k8s
string resource_type = 3;
// identifier of the orchestrator specific abstraction for resource
// grouping/isolation,
// for example for k8s - namespace, for Openstack - project.
// if orchestrator has no concept similar to namespace/project/tenant this
// field should be empty
string resource_namespace = 4;
// human readable identifier for resource with resource_type for orchestrator,
// e.g. podName for k8s
string resource_name = 5;
}
// WorkloadState contains complete description of the object state
// This message should reflect the current state of the object,
// not the fact that object was changed.
// That's mean that each field of the message can be set independently
// to provide an accurate description of the current state of the object.
message WorkloadState {
// name of the node on which this workload is started
string node_name = 1;
// indicate if workload is in ready state
bool ready = 2;
// orchestrator-specific information which will help to identify resource
// and describe its state
message ExtraData {
map<string, string> data = 1;
}
// contains ExtraData
// for k8s it is expected that extra field will include labels and annotations keys
// which will hold all labels and annotations of the workload in k8s cluster
map<string, ExtraData> extra = 3;
}
// WorkloadUpdate contains workload metadata and workload state
message WorkloadUpdate {
WorkloadMetadata workload_metadata = 1;
WorkloadState workload_state = 2;
}
// WorkloadDelete message should be used to notify that workload was removed from the // cluster.
message WorkloadDelete {
WorkloadMetadata workload_metadata = 1;
}
// WorkloadSync contains list of WorkloadUpdate objects
message WorkloadSync {
repeated WorkloadUpdate workload_updates = 1;
}
// WorkloadStreamRequest contains messages which can be send by client
message WorkloadStreamRequest {
oneof message {
WorkloadUpdate workload_update = 1;
WorkloadDelete workload_delete = 2;
WorkloadSync workload_sync = 3;
}
}
// WorkloadStreamResponse contains messages which can be send by server
message WorkloadStreamResponse {}
This API is served by universe-infra-workload-rule-manager
This API provide a way to define Tenant workload rules in infrastructure cluster.
universe-k8s-tenant-workload-rule-plugin use this API.
Examples
check Manual GRPC API usage doc before start
Here some examples using ‘grpcurl’ tool to access the API:
Replace $API_GW_ADDRESS with address of iCP API GW in your environment
Replace $TENANT_ID with existing tenant id
List WorkloadRules
grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \
-H tenant-id:$TENANT_ID \
-proto universe/workload/v1/workload_rule.proto $API_GW_ADDRESS \
universe.workload.v1.WorkloadRuleService.List
Get WorkloadRule
grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \
-H tenant-id:$TENANT_ID \
-d '{"id": "tenantrule1"}' \
-proto universe/workload/v1/workload_rule.proto $API_GW_ADDRESS \
universe.workload.v1.WorkloadRuleService.Get
Delete WorkloadRule
grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \
-H tenant-id:$TENANT_ID \
-d '{"id": "tenantrule1"}' \
-proto universe/workload/v1/workload_rule.proto $API_GW_ADDRESS \
universe.workload.v1.WorkloadRuleService.Delete
Create WorkloadRule
Create and Update requests contain binary fields. grpcurl utility requires
binary fields to be encoded to base64 encoded before they can be used as request parameters.
# put base64 encoded Pod spec to RULE_TEMPLATE shel variable
RULE_TEMPLATE=$(cat << EOM | base64 -w0
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "nginx"
},
"spec": {
"containers": [
{
"name": "nginx",
"image": "nginx:1.14.2",
"ports": [
{
"containerPort": 80
}
]
}
]
}
}
EOM
)
# -d @ argument for grpcurl mean read arguments from STDIN
# use content of RULE_TEMPLATE shel variable as rule.data.rule_template
grpcurl -cacert=ca.crt -cert=admin.crt -key=admin.key -servername api-gateway.local \
-H tenant-id:$TENANT_ID \
-d @ -proto universe/workload/v1/workload_rule.proto $API_GW_ADDRESS \
universe.workload.v1.WorkloadRuleService.Create << EOM
{
"rule": {
"id": "tenantrule1",
"data": {
"orchestrator_type": 1,
"resource_type": "v1/Pod",
"dpu_selection_policy": "Any",
"workload_terms": [
{
"match_expressions": [
{
"key": "metadata.resourceNamespace",
"operation": 1,
"values": [
"default"
]
}
]
}
],
"workload_info_inject": [
{
"key": "@",
"as_annotation": {
"name": "full-workload-info"
}
}
],
"rule_template": "$RULE_TEMPLATE"
}
}
}
EOM
WorkloadRule - API
syntax = "proto3";
package universe.workload.v1;
import "universe/workload/v1/workload.proto";
// The following client metadata fields are used:
// "tenant-id" (required): tenant identifier
service WorkloadRuleService {
// create a new workload rule, return error if rule already exist
rpc Create(CreateRequest) returns (CreateResponse) {}
// update existing workload rule, return error if rule not found
rpc Update(UpdateRequest) returns (UpdateResponse) {}
// delete existing workload rule
rpc Delete(DeleteRequest) returns (DeleteResponse) {}
// get specific instance of workload rule
rpc Get(GetRequest) returns (GetResponse) {}
// list all workload rules
rpc List(ListRequest) returns (ListResponse) {}
}
message Rule {
// unique rule id
string id = 1;
// rule config
RuleData data = 2;
}
message RuleData {
// orchestrator type for workload that shall be matched by this rule
OrchestratorType orchestrator_type = 1;
// orchestrator specific resource type for workload that shall be matched by this rule
string resource_type = 2;
// workload match terms
// if multiple match terms specified they will be ORed,
// rule will match workload if at least one RuleWorkloadTerm matches workload
repeated RuleWorkloadTerm workload_terms = 3;
// dpu selection policy, can be SameNode or Any
string dpu_selection_policy = 4;
// workload inject settings
repeated WorkloadInfoInject workload_info_inject = 5;
// template of the resource which will be created if rule matches workload
bytes rule_template = 6;
}
// contains match expressions which will be used to examine workload
// match_expressions are ANDed, workloadTerm is true if all match expressions
// inside it are true
message RuleWorkloadTerm {
repeated RuleMatchExpression match_expressions = 1;
}
// expression to check workload field
message RuleMatchExpression {
// name of the workload field in JSONPath format
string key = 1;
// operation field should be set, UNSPECIFIED value will
// return error
enum Operation {
// invalid request
OPERATION_UNSPECIFIED = 0;
// value from workload[RuleMatchExpression.key]
// should be in RuleMatchExpression.values list
OPERATION_IN = 1;
// value from workload[RuleMatchExpression.key]
// should not be in RuleMatchExpression.values list
OPERATION_NOT_IN = 2;
// workload object should have RuleMatchExpression.key
OPERATION_EXISTS = 3;
// workload object should not have RuleMatchExpression.key
OPERATION_DOES_NOT_EXIST = 4;
// value from workload[RuleMatchExpression.key] should be greater than
// RuleMatchExpression.values[0]
OPERATION_GT = 5;
// value from workload[RuleMatchExpression.key] should be less than
// RuleMatchExpression.values[0]
OPERATION_LT = 6;
}
// operation to use for key examination
Operation operation = 2;
// values to use for examination
// should contain one or more values if operation is IN and NOT_IN,
// should contain single element if operation is EXISTS and DOES_NOT_EXIST,
// should contains single element convertible to integer is operation is GT and LT
repeated string values = 3;
}
// hold different kind of inject configurations
message WorkloadInfoInject {
string key = 1;
oneof message {
// hold configuration for AsAnnotation inject method
WorkloadInfoInjectConfigAsAnnotation as_annotation = 2;
}
}
message WorkloadInfoInjectConfigAsAnnotation {
string name = 1;
}
// message for create request
message CreateRequest {
// full rule object
Rule rule = 1;
}
// message for update request
message UpdateRequest {
// full rule object
Rule rule = 1;
}
// message for delete request
message DeleteRequest {
// id of a rule to remove
string id = 1;
}
// message for get request
message GetRequest {
// id of a rule to retrieve
string id = 1;
}
// message for list request
// no parameters supported for now
message ListRequest {}
// message for response of the create request
message CreateResponse {}
// message for response of the update request
message UpdateResponse {}
// message for response of the delete request
message DeleteResponse {}
// message for response of the get request
message GetResponse {
// contains single rule spec
Rule rule = 1;
}
// message for response of the list request
message ListResponse {
// list of rules with specs
repeated Rule rules = 1;
}