universe-k8s-tenant-workload-rule-plugin
universe-k8s-tenant-workload-rule-plugin is a Kubernetes operator built with operator-sdk.
universe-k8s-tenant-workload-rule-plugin use WorkloadRule service of universe.workload.v1 GRPC API to create WorkloadRules in infrastructure cluster.
universe-k8s-tenant-workload-rule-plugin expose CRD based API in Tenant cluster:
Main registry:
harbor.mellanox.com/cloud-orchestration-dev/universe-k8s-tenant-workload-rule-plugin:0.5.0-dev
harbor.mellanox.com/cloud-orchestration-dev/universe-grpc-proxy:0.5.0-dev
Alternative registry:
nvcr.io/nvstaging/doca/universe-k8s-tenant-workload-rule-plugin:0.5.0-dev
nvcr.io/nvstaging/doca/universe-grpc-proxy:0.5.0-dev
Name |
Description |
Default value |
---|---|---|
namespace | namespace for Universe CR objects | default |
max-concurrent-reconciles | maximum number of concurrent Reconciles which can be run | 10 |
periodic-check-interval | check interval for resources in infrastructure cluster (in seconds) | 5 |
universe-workload-api-address | address of the universe.workload.v1 API, usually address of the proxy sidecar | 127.0.0.1:10000 |
universe-k8s-tenant-workload-rule-plugin doesn’t support TLS and injection of the required GRPC metadata (check universe.resource.v1 GRPC API for detail).
Usually universe-k8s-tenant-workload-rule-plugin is deployed with Envoy-based universe-grpc-proxy sidecar container which implements all required features.
Sidecar container is responsible for forwarding universe-k8s-tenant-workload-rule-plugin requests to universe-infra-api-gateway in a secure manner.