Network Operator Application Notes 23.10.0 - Sphinx Test
NVIDIA Docs Hub  NVIDIA Networking  Networking Software  Cloud Orchestration  Network Operator Application Notes 23.10.0 - Sphinx Test  universe-k8s-tenant-resource-plugin
1.0

universe-k8s-tenant-resource-plugin

universe-k8s-tenant-resource-plugin is a Kubernetes operator built with operator-sdk.

The main goal of the universe-k8s-tenant-resource-plugin is to expose Kubernetes native API in the tenant cluster for managing Kubernetes resources in the infrastructure cluster.

universe-k8s-tenant-resource-plugin use universe.resource.v1 GRPC API to provision resource in infrastructure cluster.

universe-k8s-tenant-resource-plugin expose CRD based API in Tenant cluster, supported object types are:

Note

universe-k8s-tenant-resource-plugin uses Update rpc call of the universe.resource.v1 GRPC API to create and update resources in the infrastructure cluster.

The Update call is implemented as a server-side apply. Server-side apply implements more strict validation than create call. In some cases kubectl create call can accept a request with an invalid object spec with a Warning message, but if the same object will be used in the server-side update call, then the request may fail.

Repository

Images

Main registry:

harbor.mellanox.com/cloud-orchestration-dev/universe-k8s-tenant-resource-plugin:0.5.0-dev

harbor.mellanox.com/cloud-orchestration-dev/universe-grpc-proxy:0.5.0-dev

Alternative registry:

nvcr.io/nvstaging/doca/universe-k8s-tenant-resource-plugin:0.5.0-dev

nvcr.io/nvstaging/doca/universe-grpc-proxy:0.5.0-dev

Parameters

Name

Description

Default value
namespace namespace to watch Universe CRDs default
periodic-check-interval check interval for resources in infrastructure cluster (in seconds) 5
universe-resource-api-address address of the universe.resource.v1 API, usually address of the proxy sidecar 127.0.0.1:9090
Note

universe-k8s-tenant-resource-plugin doesn’t support TLS and injection of the required GRPC metadata (check universe.resource.v1 GRPC API for detail).

Usually universe-k8s-tenant-resource-plugin is deployed with Envoy-based universe-grpc-proxy sidecar container which implements all required features.

Sidecar container is responsible for forwarding universe-k8s-tenant-resource-plugin requests to universe-infra-api-gateway in a secure manner.

Previous Tenant control plane components
Next universe-k8s-tenant-workload-plugin
© Copyright 2023, NVIDIA. Last updated on Feb 7, 2024.