universe-k8s-tenant-resource-plugin
universe-k8s-tenant-resource-plugin is a Kubernetes operator built with operator-sdk.
The main goal of the universe-k8s-tenant-resource-plugin is to expose Kubernetes native API in the tenant cluster for managing Kubernetes resources in the infrastructure cluster.
universe-k8s-tenant-resource-plugin use universe.resource.v1 GRPC API to provision resource in infrastructure cluster.
universe-k8s-tenant-resource-plugin expose CRD based API in Tenant cluster, supported object types are:
universe-k8s-tenant-resource-plugin uses Update rpc call of the universe.resource.v1 GRPC API to create and update resources in the infrastructure cluster.
The Update call is implemented as a
server-side apply.
Server-side apply implements more strict validation than create call.
In some cases kubectl create
call can accept a request with an invalid object spec with a Warning message,
but if the same object will be used in the server-side update call, then the request may fail.
Main registry:
harbor.mellanox.com/cloud-orchestration-dev/universe-k8s-tenant-resource-plugin:0.5.0-dev
harbor.mellanox.com/cloud-orchestration-dev/universe-grpc-proxy:0.5.0-dev
Alternative registry:
nvcr.io/nvstaging/doca/universe-k8s-tenant-resource-plugin:0.5.0-dev
nvcr.io/nvstaging/doca/universe-grpc-proxy:0.5.0-dev
Name |
Description |
Default value |
---|---|---|
namespace | namespace to watch Universe CRDs | default |
periodic-check-interval | check interval for resources in infrastructure cluster (in seconds) | 5 |
universe-resource-api-address | address of the universe.resource.v1 API, usually address of the proxy sidecar | 127.0.0.1:9090 |
universe-k8s-tenant-resource-plugin doesn’t support TLS and injection of the required GRPC metadata (check universe.resource.v1 GRPC API for detail).
Usually universe-k8s-tenant-resource-plugin is deployed with Envoy-based universe-grpc-proxy sidecar container which implements all required features.
Sidecar container is responsible for forwarding universe-k8s-tenant-resource-plugin requests to universe-infra-api-gateway in a secure manner.