Slice Configuration Parameters
This topic describes the parameters required to create a slice across the registered worker cluster.
Slice Configuration Parameters
The following tables describe the configuration parameters used to create a slice
with registered worker clusters.
| Parameter | Parameter Type | Description | Required |
|---|
| apiVersion | String | The KubeSlice Controller API version. A set of resources that are exposed together, along with the version. The value must be controller.kubeslice.io/v1alpha1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be SliceConfig. | Mandatory |
| metadata | Object | The metadata describes parameters (names and types) and attributes that have been applied. | Mandatory |
| spec | Object | The specification of the desired state of an object. | Mandatory |
These parameters are related to the metadata configured in the
slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| name | String | The name of the slice you create. Each slice must have a unique name within a Project namespace. | Mandatory |
| namespace | String | The project namespace on which you apply the slice configuration file. | Mandatory |
Slice Spec Parameters
These parameters are related to the spec configured in the slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| sliceSubnet | String (IP/16 Subnet) (RFC 1918 addresses) | This subnet is used to assign IP addresses to pods that connect to the slice overlay network. The CIDR range can be re-used for each slice or can be modified as required. Example: 192.168.0.0/16 | Mandatory |
| maxClusters | Integer | The maximum number of clusters that are allowed to connect a slice. The value of maxClusters can only be set during the slice creation. The maxClusters value is immutable after the slice creation. The minimum value is 2, and the maximum value is 32. The default value is 16. Example: 5. The maxClusters affect the subnetting across the clusters. For example, if the slice subnet is 10.1.0.0/16 and the maxClusters=16, then each cluster would get a subnet of 10.1.x.0/20, x=0,16,32. | Optional |
| sliceType | String | Denotes the type of the slice. The value must be set to Application. | Mandatory |
| overlayNetworkDeploymentMode | String | This parameter is to set the overlay network deployment mode to multi-network. The default value is single-network. This parameter value becomes immutable after it is set. If this parameter is not passed, then a single-network slice is created. A single-network slice contains flat overlay network, and the pod-to-pod connectivity is at L3. A multi-network slice contains the pod-to-pod connectivity across clusters that is set up through a network of L7 ingress and egress gateways. A multi-network slice only supports HTTP and HTTPs protocols where as a single network-slice supports HTTP, HTTPs, TCP, and UDP protocols. To know more, refer to the slice overlay network deployment mode. | Optional |
| sliceGatewayProvider | Object | It is the type of slice gateway created for inter cluster communication. | Mandatory |
| sliceIpamType | String | It is the type of the IP address management for the slice subnet. The value must be always set to Local. | Mandatory |
| rotationInterval | Integer | The duration in which SliceGateway certificates are periodically renewed or rotated to ensure security and compliance. The default interval is 30 days and the supported range is 30 to 90 days. | Optional |
| renewBefore | Time | The time period before the expiration of SliceGateway certificates during which the renewal process is initiated. It represents the duration prior to certificate expiration when the renewal process is triggered to ensure seamless continuation of secure communication. By setting an appropriate value for renewBefore, certificates can be renewed ahead of time, allowing for any necessary updates or adjustments to be completed before the current certificates expire. This parameter helps avoid potential disruptions by ensuring the availability of valid certificates without waiting until the last moment. If you want to renew it now, provide the current Timestamp. Warning: Do not set this parameter during slice creation. | Optional |
| vpnConfig | Object | The Slice VPN Gateway is a slice network service component that provides a secure VPN tunnel between multiple clusters that are a part of the slice configuration. | Optional |
| clusters | List of Strings | The names of the worker clusters that would be part of the slice. You can provide the list of worker clusters. | Mandatory |
| qosProfileDetails | Object | QoS profile for the slice inter cluster traffic. | Mandatory |
| namespaceIsolationProfile | Object | It is the configuration to onboard namespaces and/or isolate namespaces with the network policy. | Mandatory |
| externalGatewayConfig | Object | It is the slice ingress/egress gateway configuration. It is an optional configuration. | Optional |
Slice Gateway Provider Parameters
These parameters are related to the slice gateway created for the inter-cluster communication and they are configured in the
slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| sliceGatewayType | String | The slice gateway type for inter cluster communication. The value must be OpenVPN. | Mandatory |
| sliceCaType | String | The slice gateway certificate authority type that provides certificates to secure inter-cluster traffic. The value must be always set to Local. | Mandatory |
| SliceGatewayServiceType | Object | The type of gateway connectivity to use on a cluster. The default value is NodePort. | Optional |
Slice Gateway Service Type Parameters
These parameters are related to the slice gateway service type parameters that provides an option to use the external Load Balancer.
The user can add the slice gateway type and protocol for each cluster.
| Parameter | Parameter | Description | Required |
|---|
| cluster | String | The name of the worker cluster for which the user configures slice gateway connectivity. This field supports wildcard entries. To configure the slice gateway connectivity for all clusters connected to the slice, specify *(asterisk) as the parameter's value. | Mandatory |
| type | String | It defines the type of inter-cluster connectivity in KubeSlice. It has two options: NodePort and LoadBalancer. The default value is NodePort. The type value set to LoadBalancer is immutable after the slice creation. | Optional |
| protocol | String | It defines the protocol for gateway configuration. It has two options: TCP and UDP. The default value is UDP. The protocol is immutable after the slice creation. | Optional |
OpenVPN Configuration
This parameter is related to the open VPN certificate generation and is configured in the slice configuration YAML file.
| Parameter | Parameter Type | Parameter Description | Required | | | |
|---|
| cipher | Alphanumeric | This is the type of cipher used to generate the open VPN certificates. The value can be set to AES_128_CBC. The default value is AES_256_CBC.This parameter is provided as part of the slice configuration during creation. This configuration is immutable during the lifetime of the slice. | Optional | | | Optional |
QOS Profile Parameters
These parameters are related to the QoS profile for the slice inter-cluster traffic configured in the
slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| queueType | String | It is the slice traffic control queue type. The value must be Hierarchical Token Bucket (HTB). HTB facilitates guaranteed bandwidth for the slice traffic. | Mandatory |
| priority | Integer | QoS profiles allows traffic management within a slice as well as prioritization across slices. The value range is 0-3. Integer 0 represents the lowest priority and integer 3 represents the highest priority. | Mandatory |
| tcType | String | It is the traffic control type. The value must be BANDWIDTH_CONTROL. | Mandatory |
| bandwidthCeilingKbps | Integer | The maximum bandwidth in Kbps that is allowed for the slice traffic. | Mandatory |
| bandwidthGuaranteedKbps | Integer | The guaranteed bandwidth in Kbps for the slice traffic. | Mandatory |
| dscpClass | Alphanumeric | DSCP marking code for the slice inter-cluster traffic. | Mandatory |
Namespace Isolation Profile Parameters
These parameters are related to onboarding namespaces, isolating the slice, and allowing external namespaces to
communicate with the slice. They are configured in the
slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| applicationNamespaces | Array object | Defines the namespaces that will be onboarded to the slice and their corresponding worker clusters. | Mandatory |
| allowedNamespaces | Array object | Contains the list of namespaces from which the traffic flow is allowed to the slice. By default, native Kubernetes namespaces such as kube-system are allowed. If isolationEnabled is set to true, then you must include namespaces that you want to allow traffic from. | Optional |
| isolationEnabled | Boolean | Defines if the namespace isolation is enabled. By default, it is set to false. The isolation policy only applies to the traffic from the application and allowed namespaces to the same slice. | Optional |
Application Namespaces Parameters
These parameters are related to onboarding namespaces onto a slice, which are configured in the
slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| namespace | String | The namespace that you want to onboard to the slice. These namespaces can be isolated using the namespace isolation feature. | Mandatory |
| clusters | List of Strings | Corresponding cluster names for the namespaces listed above. To onboard the namespace on all clusters, specify the asterisk * as this parameter's value. | Mandatory |
Allowed Namespaces Parameters
These parameters are related to allowing external namespaces to communicated with the slice, which are configured in the
slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| namespace | Strings | List of external namespaces that are not a part of the slice from which traffic is allowed into the slice. | Optional |
| clusters | List of Strings | Corresponding cluster names for the namespaces listed above. To onboard the namespace on all clusters, specify the asterisk * as this parameter's value. | Optional |
External Gateway Configuration Parameters
These parameters are related to external gateways, which are configured in the
slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| ingress | Boolean | To use the ingress gateway for East-West traffic on your slice, set the value to true. | Optional |
| egress | Boolean | To use the egress gateway for East-West traffic on your slice, set the value to true. | Optional |
| gatewayType | String | The type of ingress/egress gateways that need to be provisioned for the slice. It can be none, envoy, or istio. If set to envoy, cloud services access gateway is enabled. If set to istio, the ingress gateway is created for a slice when ingress is enabled. - The egress gateway is created for a slice when egress is enabled. If set to istio, and ingress and egress are set to false then Istio gateways are not created. | Mandatory |
| clusters | List of Strings | Names of the clusters to which the externalGateway configuration should be applied. | Optional |
| vpcServiceAccess | Object | This object contains configuration options to set up an access gateway to a cloud managed service on a worker cluster. | Mandatory and required only if you are onboarding a cloud-based service onto a slice. |
VPC Service Access Paramters
| Parameter | Parameter Type | Description | Required |
|---|
| egress | Boolean | To set up an egress gateway on a worker-cluster to access a cloud managed service in the VPC, set this parameter value to true. | Mandatory |
Service Export Configuration Parameters
The following tables describe the configuration parameters used to create Service Export.
| Parameter | Parameter Type | Description | Required | |
|---|
| apiVersion | String | The KubeSlice Controller API version. A set of resources that are exposed together, along with the version. The value must be networking.kubeslice.io/v1beta1. | Mandatory | |
| kind | String | The name of a particular object schema. The value must be ServiceExport. | Mandatory | |
| metadata | Object | The metadata | describes parameters (names and types) and attributes that have been applied. | Mandatory |
| spec | Object | The specification of the desired state of an object. | Mandatory | |
These parameters are related to metadata for exporting a service, which are configured in the
ServiceExport YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| name | String | The name of the service export. | Mandatory |
| namespace | String | The application namespace. | Mandatory |
ServiceExport Spec Parameters
These parameters are related to the exporting service specification configured in the
ServiceExport YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| slice | String | The name of the slice on which the service should be exported. | Mandatory |
| aliases | String Array | One or more aliases can be provided for the service being exported from a worker cluster. This parameter is required when the exported services have arbitrary names instead of the slice.local name. | Optional |
| selector | Object | The labels used to select the endpoints. | Mandatory |
| port | Object | The details of the port for the service. | Mandatory |
Service Selector Parameters
These parameters are related to the labels for selecting the endpoints in a service export, which are configured in the
ServiceExport YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| matchLabels | Map | The labels used to select the endpoints. | Mandatory |
Service Ports Parameters
These parameters contains the details of the port for the export service, which are configured in the
ServiceExport YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| name | String | It is a unique identifier for the port. It must be prefixed with http for HTTP services or tcp for TCP services. | Mandatory |
| containerPort | Integer | The port number for the service. | Mandatory |
| Protocol | String | The protocol type for the service. For example: TCP. | Mandatory |
| serviceProtocol | String | This is the application protocol the service is based on. The supported values are HTTP or HTTPS. By default, the service protocol is assumed to be HTTP. This parameter is relevant only for slices with overlayNetworkDeploymentMode set to multi-network. | Optional |
| servicePort | String | This is the application port number of the service. This parameter is mandatory only when the slice's overlayNetworkDeploymentMode is set to multi-network. | Only mandatory for a multi-network slice |
No-Network Slice Configuration Parameters
The following tables describe the configuration parameters used to create a no-network slice
with registered worker clusters.
| Parameter | Parameter Type | Description | Required |
|---|
| apiVersion | String | The KubeSlice Controller API version. A set of resources that are exposed together, along with the version. The value must be controller.kubeslice.io/v1alpha1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be SliceConfig. | Mandatory |
| metadata | Object | The metadata describes parameters (names and types) and attributes that have been applied. | Mandatory |
| spec | Object | The specification of the desired state of an object. | Mandatory |
These parameters are related to the metadata configured in the
slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| name | String | The name of the slice you create. Each slice must have a unique name within a Project namespace. | Mandatory |
| namespace | String | The project namespace on which you apply the slice configuration file. | Mandatory |
Slice Spec Parameters
These parameters are related to the spec configured in the slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| sliceSubnet | String (IP/16 Subnet) (RFC 1918 addresses) | This subnet is used to assign IP addresses to pods that connect to the slice overlay network. The CIDR range can be re-used for each slice or can be modified as required. Example: 192.168.0.0/16 | Mandatory |
| maxClusters | Integer | The maximum number of clusters that are allowed to connect a slice. The value of maxClusters can only be set during the slice creation. The maxClusters value is immutable after the slice creation. The minimum value is 2, and the maximum value is 32. The default value is 16. Example: 5. The maxClusters affect the subnetting across the clusters. For example, if the slice subnet is 10.1.0.0/16 and the maxClusters=16, then each cluster would get a subnet of 10.1.x.0/20, x=0,16,32. | Optional |
| sliceType | String | Denotes the type of the slice. The value must be set to Application. | Mandatory |
| clusters | List of Strings | The names of the worker clusters that would be part of the slice. You can provide the list of worker clusters. | Mandatory |
| overlayNetworkDeploymentMode | String | This parameter is to set the overlay network deployment mode for a slice to single-network, multi-network, or no-network. If this parameter is not passed, then a single-network slice is created. The value is no-network for a slice without inter-cluster connectivity. For A single-network slice contains flat overlay network, and the pod-to-pod connectivity is at L3. A multi-network slice contains the pod-to-pod connectivity across clusters that is set up through a network of L7 ingress and egress gateways. A multi-network slice only supports HTTP and HTTPs protocols where as a single network-slice supports HTTP, HTTPs, TCP, and UDP protocols. A no-network slice does not contain inter-cluster connectivity. To know more, refer to the slice overlay network deployment mode. | Optional |
| namespaceIsolationProfile | Object | It is the configuration to onboard namespaces and/or isolate namespaces with the network policy. | Mandatory |
Namespace Isolation Profile Parameters
These parameters are related to onboarding namespaces, isolating the slice, and allowing external namespaces to
communicate with the slice. They are configured in the
slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| applicationNamespaces | Array object | Defines the namespaces that will be onboarded to the slice and their corresponding worker clusters. | Mandatory |
| allowedNamespaces | Array object | Contains the list of namespaces from which the traffic flow is allowed to the slice. By default, native Kubernetes namespaces such as kube-system are allowed. If isolationEnabled is set to true, then you must include namespaces that you want to allow traffic from. | Optional |
| isolationEnabled | Boolean | Defines if the namespace isolation is enabled. By default, it is set to false. The isolation policy only applies to the traffic from the application and allowed namespaces to the same slice. | Optional |
Application Namespaces Parameters
These parameters are related to onboarding namespaces onto a slice, which are configured in the
slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| namespace | String | The namespace that you want to onboard to the slice. These namespaces can be isolated using the namespace isolation feature. | Mandatory |
| clusters | List of Strings | Corresponding cluster names for the namespaces listed above. To onboard the namespace on all clusters, specify the asterisk * as this parameter's value. | Mandatory |
Allowed Namespaces Parameters
These parameters are related to allowing external namespaces to communicated with the slice, which are configured in the
slice configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| namespace | Strings | List of external namespaces that are not a part of the slice from which traffic is allowed into the slice. | Optional |
| clusters | List of Strings | Corresponding cluster names for the namespaces listed above. To onboard the namespace on all clusters, specify the asterisk * as this parameter's value. | Optional |
Assign Node Label Configuration Parameters
The following tables describe the configuration parameters used to assign node labels in the
assign-node-labels YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| apiVersion | String | The KubeSlice Controller API version. A set of resources that are exposed together, along with the version. The value must be controller.kubeslice.io/v1alpha1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be SliceNodeAffinity. | Mandatory |
| metadata | Object | The metadata describes parameters (names and types) and attributes that have been applied. | Mandatory |
| spec | Object | The specification of the desired state of an object. | Mandatory |
| Parameter | Parameter Type | Description | Required |
|---|
| name | String | The name of the node label object for a slice. | Mandatory |
Node Label Spec Parameters
The following tables describe the configuration spec parameters used to assign node labels in the
assign-node-labels YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| nodeAffinityProfiles | Object | This defines the node affinity profile for the slice. | Mandatory |
Node Affinity Profile Parameters
| Parameter | Parameter Type | Description | Required |
|---|
| cluster | String | This is the cluster in the slice for which this node affinity rule applies to. If you want to assign node labels to a namespace of all the worker clusters, add an asterisk (*) as the value of this property. | Mandatory |
| nodeAffinityRules | Object | These rules define the node affinity profile for the slice. | Mandatory |
Node Affinity Rules Parameters
| Parameter | Parameter Type | Description | Required |
|---|
| namespace | String | This is the namespace in the slice for which the node affinity rules apply to. If you want to assign node labels to all the namespaces of a worker cluster, add an asterisk (*) as the value of this property. | Mandatory |
| nodeSelectorLabels | Object | This object defines the label selectors to select nodes for assigning to pods. It contains values, a key, and an operator that relates the key and values. | Mandatory |
Node Selector Labels Parameters
| Parameter | Parameter Type | Description | Required |
|---|
| key | String | The label key that the selector applies to. | Mandatory |
| operator | String | This represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. | Mandatory |
| values | Array of Strings | This is an array of string values. If the operator is In or NotIn, the values must not be empty. If the operator is Exists or DoesNotExist, the values must be empty. If the operator is Gt or Lt, the values array must have a single value, which will be interpreted as an integer. | Mandatory |
Resource Quota Configuration Parameters
The following tables describe the configuration parameters used to set quotas in the
sliceResourceQuotaConfig YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| apiVersion | String | The KubeSlice Controller API version. A set of resources that are exposed together, along with the version. The value must be controller.kubeslice.io/v1alpha1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be SliceResourceQuotaConfig. | Mandatory |
| metadata | Object | The metadata describes parameters (names and types) and attributes that have been applied. | Mandatory |
| spec | Object | The specification of the desired state of an object. | Mandatory |
These parameters are related to setting quotas, which are configured in the
sliceResourceQuotaConfig YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| name | String | The name of the slice resource quota. | Mandatory |
Resource Quota Spec Parameters
These parameters are related to the setting quotas, which are configured in the
sliceResourceQuotaConfig YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| sliceQuota | Object | It contains the resources for which the total limits that can be consumed by the namespaces on this slice. The total limits are configured at a slice level. | Optional |
| clusterQuota | Object | It contains the name of the worker clusters, and the quotas set for the namespaces on a slice. | Optional |
sliceQuota Parameters
These parameters are related to setting the total number of quotas for a slice, which are configured in the
sliceResourceQuotaConfig YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| resources | Object | The resources contains the limit and request objects that sets limits for CPU, memory, ephemeral storage and pod count (only apply to limits) for all namespaces on a slice. | Optional |
resources Parameters
| Parameter | Parameter Type | Description | Required |
|---|
| limit | Object | It is the quota object for the limits set for CPU, memory, ephemeral storage, and pod count for all namespaces on a slice. | Optional |
| request | Object | It is the quota object for the total requests set for CPU, memory, and ephemeral storage for all namespaces on a slice. | Optional |
| defaultRequestPerContainer | Object | It is the quota object for the default requests per container set for CPU, memory, and ephemeral storage for all namespaces on a slice. For a resource type, the default request per container must be less than or equal to the corresponding request. | Optional |
limit Parameters
| Parameter | Parameter Type | Description | Required |
|---|
| cpu | String | It sets the CPU limit for all namespaces on a slice. Its value is in millicores and it does not accept negative values. | Optional |
| memory | String | It sets the total memory limit for all namespaces on a slice. Its value is in Mi and it does not accept negative values. | Optional |
| podCount | String | It sets the limit for the total number of application pods on a slice. | Optional |
| ephemeralStorage | String | It sets the total limit for the local ephemeral storage for all namespaces on a slice. Its value is in Mi and it does not accept negative values. | Optional |
request Parameters
| Parameter | Parameter Type | Description | Required |
|---|
| cpu | String | It sets the the CPU request total for all the namespaces on a slice. Its value is in millicores and it does not accept negative values. The value must be less than or equal to the CPU limit. | Optional |
| memory | String | It sets the memory request total for all the namespaces on a slice. Its value is in Mi and it does not accept negative values. The value must be less than or equal to the memory limit. | Optional |
| ephemeralStorage | String | It sets the request for the total ephemeral storage for all the namespaces on a slice. The value must be less than or equal to the ephemeral storage limit. | Optional |
defaultRequestPerContainer Parameters
This default request per container value holds good to all namespaces. To override this value, you can set the same parameter
under namespaceQuota.
| Parameter | Parameter Type | Description | Required |
|---|
| cpu | String | It sets the the default CPU request per container for all the pods of a namespace. Its value is in millicores and it does not accept negative values. The value must be less than or equal to the CPU request. | Optional |
| memory | String | It sets the default memory request per container for all the pods of a namespace. Its value is in Mi and it does not accept negative values. The value must be less than or equal to the memory request. | Optional |
| ephemeralStorage | String | It sets the default request for the local ephemeral storage per container for all the pods of a namespace. Its value is in Mi and it does not accept negative values. The value must be less than or equal to the ephemeral storage request. | Optional |
clusterQuota Parameters
These parameters are related to enforcing the quotas on the namespaces on all the worker clusters connected to a slice. They are
configured in the
sliceResourceQuotaConfig YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| clusterName | String | It is the name of the worker cluster that contains the namespaces onboarded onto the slice. | Mandatory |
| namespaceQuota | Object | It contains the configuration of the resources' limits set for all the application pods in the namespace. | Optional |
namespaceQuota Parameters
These parameters are related to the quotas enforced for a namespace, which are configured in the
sliceResourceQuotaConfig YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| enforceQuota | Boolean | When enabled, it enforces the quota limit at the namespace level. The value should be set to true. | Mandatory |
| namespace | String | The namespace on which you want to enforce the quota. | Mandatory |
| resources | Object | The resources contains the limit object that sets limits for CPU, memory, ephemeral storage and pod count (only apply to limits). | Optional |
resources Parameters under namespaceQuota
| Parameter | Parameter Type | Description | Required |
|---|
| limit | Object | It is the quota object for limits set for CPU, memory, ephemeral storage, and pods count. | Optional |
| request | Object | It is the quota object for requests set for CPU, memory, and ephemeral storage. | Optional |
| defaultLimitPerContainer | Object | It is the quota object for default limits per container set for CPU, memory, and ephemeral storage of a namespace. | Optional |
| defaultRequestPerContainer | Object | It is the quota object for the default requests per container set for CPU, memory, and ephemeral storage of a namespace. | Optional. |
limit Parameters under nameSpaceQuota
| Parameter | Parameter Type | Description | Required |
|---|
| cpu | String | It sets the the CPU limit for all the pods of a namespace. Its value is in millicores and it does not accept negative values. The value must be less than less than or equal to the CPU limit set under sliceQuota. If you want to set the CPU limit for more than one namespace, then ensure that the total CPU limit of all the namespaces does not exceed the corresponding CPU limit set under sliceQuota. | Optional |
| memory | String | It sets the memory limit for all the pods of a namespace. Its value is in Mi and it does not accept negative values. The value must be less than or equal to the memory limit set under sliceQuota. If you want to set the memory limit for more than one namespace, then ensure that the total memory limit of all the namespaces does not exceed the corresponding memory limit set under sliceQuota. | Optional |
| podCount | String | It sets the limit for the total number of application pods that can exist in a namespace. The value must be less than the pod count limit set under sliceQuota. If you want to set the pod count limit for more than one namespace, then ensure that the total pod count limit of all the namespaces does not exceed the corresponding pod count limit set under sliceQuota. | Optional |
| ephemeralStorage | String | It sets the limit for the local ephemeral storage for all the pods of a namespace. Its value is Mi and it does not accept negative values. The value must be less than or equal to the ephemeral storage limit set under sliceQuota. If you want to set the ephemeral storage limit for more than one namespace, then ensure that the total ephemeral storage limit of all the namespaces does not exceed to the corresponding ephemeral storage limit set under sliceQuota. | Optional |
request Parameters under namespaceQuota
| Parameter | Parameter Type | Description | Required |
|---|
| cpu | String | It sets the the CPU request total for all the pods of the namespace. Its value is in millicores and it does not accept negative values. The value must be less than or equal to the CPU limit set for the namespace. If you want to set the CPU request for more than one namespace, then ensure that the total requests of all the namespaces does not exceed the corresponding request set under sliceQuota. | Optional |
| memory | String | It sets the memory request total for all the pods of the namespace. Its value is in Mi and it does not accept negative values. The value must be less than or equal to the memory limit set for the namespace. If you want to set the memory request for more than one namespace, then ensure that the total request of all the namespaces does not exceed the corresponding request set under sliceQuota. | Optional |
| ephemeralStorage | String | It sets the request for local ephemeral storage for all pods of the namespace. Its value is in Mi and it does not accept negative values. The value must be less than or equal to the ephemeral storage request set for the namespace. If you want to set the ephemeral storage request for more than one namespace, then ensure that the total requests of all the namespaces does not exceed the corresponding request set under sliceQuota. | Optional |
defaultLimitPerContainer Parameters under namespaceQuota�
| Parameter | Parameter Type | Description | Required |
|---|
| cpu | String | It sets the the default CPU limit per container for all the pods of a namespace. Its value is in millicores and it does not accept negative values. If the CPU limit is configured, then you must set the default CPU limit per container. This value must be less than or equal to the CPU limit set for the namespace. | Optional |
| memory | String | It sets the default memory limit per container for all the pods of a namespace. Its value is in Mi and it does not accept negative values. If the memory limit is configured, then you must set the default memory limit per container. This value must be less than or equal to the memory limit set for the namespace. | Optional |
| ephemeralStorage | String | It sets the default local ephemeral storage limit per container for all the pods of a namespace. Its value is in Mi and it does not accept negative values. If the ephemeral storage limit is configured, then you must set the default ephemeral storage limit per container. This value must be less than or equal to the ephemeral storage limit set for the namespace. | Optional |
defaultRequestPerContainer Parameters under namespaceQuota
The defaultRequestPerContainer set at the namespace level overrides the corresponding value set under sliceQuota.
| Parameter | Parameter Type | Description | Required |
|---|
| cpu | String | It sets the the default CPU request per container for all the pods of a namespace. Its value is in millicores and it does not accept negative values. If this parameter is not set at the slice level, then you must set it at the namespace level. This value must be less than or equal to the default limit per container and the request set for the namespace. | Optional |
| memory | String | It sets the default memory request for all the pods of a namespace. Its value is in Mi and it does not accept negative values. If this parameter is not set at the slice level, then you must set it at the namespace level. This value must be less than or equal to the default limit per container and the request set for the namespace. | Optional |
| ephemeralStorage | String | It sets the default ephemeral storage request for all the pods of the namespace. Its value is in Mi and it does not accept negative values. If this parameter is not set at the slice level, then you must set it at the namespace level. This value must be less than or equal to the default limit per container and the request set for the namespace. | Optional |
Replication Slice Configuration Parameters
The following tables describe the configuration parameters used to create a slice
with source and destination worker clusters.
| Parameter | Parameter Type | Description | Required |
|---|
| apiVersion | String | The KubeSlice Controller API version. A set of resources that are exposed together, along with the version. The value must be controller.kubeslice.io/v1alpha1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be MigrationSlice. | Mandatory |
| metadata | Object | The metadata describes parameters (names and types) and attributes that have been applied. | Mandatory |
| spec | Object | The specification of the desired state of an object. | Mandatory |
These parameters are related to the metadata configured in the replication slice
configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| name | String | The name of the slice you create. Each slice must have a unique name within a project namespace. | Mandatory |
| namespace | String | The project namespace on which you apply the slice configuration file. | Mandatory |
Replication Slice Spec Parameters
| Parameter | Parameter Type | Description | Required |
|---|
| destinationCluster | String | The name of the worker cluster that you identify as the destination for replicating a namespace. This cluster cannot serve as the destination for the same source in another replication slice. You can specify the source and destination as the same cluster when you want to backup the data and restore it later. | Mandatory |
| sourceCluster | String | The name of the worker cluster that you identify as the source from which a namespace will be replicated. This cluster cannot serve as the source for the same destination in another replication slice. You can specify the source and destination as the same cluster when you want to backup the data and restore it later. | Mandatory |
| minIOBucketName | String | The name of the MinIO bucket that you want for this replication slice being created. You can create a separate MinIO bucket for each replication slice. | Mandatory |
Replication Job Configuration Parameters
| Parameter | Parameter Type | Description | Required |
|---|
| apiVersion | String | The KubeSlice Controller API version. A set of resources that are exposed together, along with the version. The value must be controller.kubeslice.io/v1alpha1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be MigrationJobConfig. | Mandatory |
| metadata | Object | The metadata describes parameters (names and types) and attributes that have been applied. | Mandatory |
| spec | Object | The specification of the desired state of an object. | Mandatory |
These parameters are related to the metadata configured in the replication job
configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| name | String | The name of the replication job you create. Each job must have a unique name within a Project namespace. | Mandatory |
| namespace | String | The project namespace on which you apply the slice configuration file. | Mandatory |
Replication Job Spec Parameters
| Parameter | Parameter Type | Description | Required |
|---|
| replicationSliceName | String | The name of the replication slice for which this job is being created. Each job must have a unique name within a Project namespace. | Mandatory |
| namespace | String | The name of namespace that you want to replicate from the source cluster to the destination cluster. | Mandatory |
RBAC Role Configuration parameters
These parameters are related to roles and they are configured in the
role configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| apiVersion | String | The KubeSlice Controller API version. A set of resources that are exposed together, along with the version. The value must be controller.kubeslice.io/v1alpha1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be SliceRoleTemplate. | Mandatory |
| metadata | Object | The metadata describes parameters (names and types) and attributes that have been applied. | Mandatory |
| rules | Object | This parameter holds information that describes a policy rule. It does not contain information about who the rule applies to or which namespace the rule applies to. | Mandatory |
| Parameter | Parameter Type | Description | Required |
|---|
| name | String | The name of the role that you define. | Mandatory |
rules Parameters
These parameters are related to roles and they are configured in the
role configuration YAML file.
| Parameter | Parameter Type | Description | Required |
|---|
| apiGroups | String Array | The name of the API group that contains the resources. If multiple API groups are specified, an action requested against one of the resources in any API group is allowed. You must not add an asterisk * to represent all API groups. An empty apiGroup represents the core API group. | Mandatory |
| resources | String Array | This contains an array of optional list of names that the rule applies to. An empty set means that all resources are allowed. | Mandatory |
| verbs | String Array | A list of verbs that apply to all the resource types contained in this rule. * represents all verbs that apply to the resource types. | Mandatory |
RBAC Slice Configuration Parameters
These parameters are related to managing role-based access control (RBAC) for a slice and
they are configured in the YAML file for assigning roles to a slice.
| Parameter | Parameter Type | Description | Required |
|---|
| apiVersion | String | The KubeSlice Controller API version. A set of resources that are exposed together, along with the version. The value must be controller.kubeslice.io/v1alpha1. | Mandatory |
| kind | String | The name of a particular object schema. The value must be SliceRoleBinding. | Mandatory |
| metadata | Object | The metadata describes parameters (names and types) and attributes that have been applied. | Mandatory |
| bindings | Object | The role assignment parameters of a slice. | Mandatory |
| Parameter | Parameter Type | Description | Required |
|---|
| name | String | The name of the role assignment object of a slice. The value must be the name of the slice to which the roles are assigned. | Mandatory |
Slice Role Assignment Parameters
These parameters are related to managing role-based access control (RBAC) for a slice and
they are configured in the YAML file for assigning roles to a slice.
| Parameter | Parameter Type | Description | Required |
|---|
| roleRef | Object | This object contains the parameters that refer to a role. | |
| applyTo | String Array Object | This object contains the resource-parameters for which the above role is applied. | |
roleRef Parameters
These parameters are related to managing role-based access control (RBAC) for a slice and
they are configured in the YAML file for assigning roles to a slice.
| Parameter | Parameter Type | Description | Required |
|---|
| apiVersion | String | The KubeSlice Controller API version. A set of resources that are exposed together, along with the version. The value must be controller.kubeslice.io/v1alpha1 for roles. The value must be rbac.authorization.k8s.io/v1 for Kubernetes (K8s) roles. | Mandatory |
| kind | String | The kind of the role that is being referenced. The value must be Role for a Kubernetes (K8s) role. The value must be SliceRoleTemplate for roles when the API version is controller.kubeslice.io/v1alpha1. | Mandatory |
| name | String | The name of the role that you assign to the slice and namespaces onboarded onto that slice. | Mandatory |
applyTo Parameters
These parameters are related to managing role-based access control (RBAC) for a slice and
they are configured in the YAML file for assigning roles to a slice.
| Parameter | Parameter Type | Description | Required |
|---|
| namespace | String | The namespace to which the role is applied. To add more than one namespace, you must create an array for each namespace followed by subjects. You must only add a namespace as the parameter value. | Mandatory |
| subjects | Object | The name of the resource and schema to which the role is applied. For each namespace, the subjects must be added separately in an array. | Mandatory |
| cluster | AlphaNumeric | The name of the cluster to which the role is applied. | Mandatory |
subjects Parameters
| Parameter | Parameter Type | Description | Required |
|---|
| kind | String | The type of the resource for which you assign the role. For example, the kind is a User, ServiceAccount, or a Group. | Mandatory |
| name | String | The name of the resource to which the role is applied. | Mandatory |