universe-k8s-tenant-workload-rule-plugin

universe-k8s-tenant-workload-rule-plugin is a Kubernetes operator built with operator-sdk.

universe-k8s-tenant-workload-rule-plugin use WorkloadRule service of universe.workload.v1 GRPC API to create WorkloadRules in infrastructure cluster.

universe-k8s-tenant-workload-rule-plugin expose CRD based API in Tenant cluster:

Main registry:

harbor.mellanox.com/cloud-orchestration-dev/universe-k8s-tenant-workload-rule-plugin:0.5.0-dev

harbor.mellanox.com/cloud-orchestration-dev/universe-grpc-proxy:0.5.0-dev

Alternative registry:

nvcr.io/nvstaging/doca/universe-k8s-tenant-workload-rule-plugin:0.5.0-dev

nvcr.io/nvstaging/doca/universe-grpc-proxy:0.5.0-dev

Name

Description

Default value

namespace namespace for Universe CR objects default
max-concurrent-reconciles maximum number of concurrent Reconciles which can be run 10
periodic-check-interval check interval for resources in infrastructure cluster (in seconds) 5
universe-workload-api-address address of the universe.workload.v1 API, usually address of the proxy sidecar 127.0.0.1:10000
Note

universe-k8s-tenant-workload-rule-plugin doesn’t support TLS and injection of the required GRPC metadata (check universe.resource.v1 GRPC API for detail).

Usually universe-k8s-tenant-workload-rule-plugin is deployed with Envoy-based universe-grpc-proxy sidecar container which implements all required features.

Sidecar container is responsible for forwarding universe-k8s-tenant-workload-rule-plugin requests to universe-infra-api-gateway in a secure manner.

Previous universe-k8s-tenant-workload-plugin
Next Infrastructure cluster control plane
© Copyright 2023, NVIDIA. Last updated on Feb 7, 2024.