universe-k8s-tenant-workload-plugin
universe-k8s-tenant-workload-plugin watch Pod resource in tenant cluster and send Workload notifications to the infrastructure cluster.
universe-k8s-tenant-workload-plugin use universe.workload.v1 GRPC API to send workload notification to infrastructure cluster.
Configuration for universe-k8s-tenant-workload-plugin can be provided in form of config map.
The only supported option for now is namespaces
which contains list of namespace to watch.
If ConfigMap doesn’t exist, or namespaces
parameter is empty, then universe-k8s-tenant-workload-plugin
will watch Pods in all namespaces.
apiVersion: v1
kind: ConfigMap
metadata:
name: workload-plugin-config
namespace: universe
data:
config: |-
# namespaces to watch
namespaces:
- kube-system
Main registry:
harbor.mellanox.com/cloud-orchestration-dev/universe-k8s-tenant-workload-plugin:0.5.0-dev
harbor.mellanox.com/cloud-orchestration-dev/universe-grpc-proxy:0.5.0-dev
Alternative registry:
nvcr.io/nvstaging/doca/universe-k8s-tenant-workload-plugin:0.5.0-dev
nvcr.io/nvstaging/doca/universe-grpc-proxy:0.5.0-dev
Name |
Description |
Default value |
---|---|---|
configmap-name | name of the ConfigMap which stores configuration for plugin | workload-plugin-config |
configmap-namespace | namespace of the ConfigMap which stores configuration for plugin | universe |
universe-k8s-tenant-workload-plugin doesn’t support TLS and injection of the required GRPC metadata (check universe.workload.v1 GRPC API for detail).
Usually universe-k8s-tenant-workload-plugin is deployed with Envoy-based universe-grpc-proxy sidecar container which implements all required features.
Sidecar container is responsible for forwarding universe-k8s-tenant-workload-plugin requests to universe-infra-api-gateway in a secure manner.