Administrators and developers can act on Cloud Consumption Interface (CCI) API resources that the CCI Kubernetes API server exposes.

Depending on the resource kind, administrators and developers can use the API to perform the following actions.

Resource kind Admin action verbs Developer action verbs
CloudAccount get, list
CloudGateway get, list
Supervisor get, patch, list
Project create, get, update, patch, delete, list get, list
ProjectRole get, list get, list
ProjectRoleBinding create, get, update, patch, delete, list get, list
Region create, get, update, patch, delete, list get, list
RegionBinding create, get, update, patch, delete, list get, list
RegionBindingConfig create, get, update, patch, delete, list
SupervisorNamespaceClass create, get, update, patch, delete, list get, list
SupervisorNamespaceClassConfig create, get, update, patch, delete, list
SupervisorNamespaceClassBinding create, get, update, patch, delete, list get, list
SupervisorNamespace create, get, delete, list create, get, delete, list
The following examples show the CLI call and responses. Using the CLI requires that you have:
  • Downloaded the CCI kubectl plug-in.
  • Obtained an API token.
  • Logged in to the CCI server.
See Using the Command Line Interface to perform Supervisor Namespace tasks

Projects and Users

Project
Administratord create projects to group users and set access to content sources such as cloud templates in Automation Assembler or to catalog items in Automation Service Broker.
Project includes the following properties:
  • metadata.name Project name.
  • spec.description Optional description.
  • spec.sharedResources If true, the project shares the Supervisor Namespaces with other users in the project. If false, the project limits namespace access to administrators or the user who created the namespace.
Create project example input.
apiVersion: project.cci.vmware.com/v1alpha1
kind: Project
metadata:
  name: demo-project
spec:
  description: This is a demo project
  sharedResources: true
Project Role
The project role reflects the available roles of admin, view, or edit that can be assigned to a user in a project.
Project Role Description
admin Allows modification and deletion of the namespace.
view A read-only role on the namespace.
edit Allows modification of the namespace.
The project roles are read-only and provide available roles when creating the project role binding.

Read project role example input.

apiVersion: authorization.cci.vmware.com/v1alpha1
kind: ProjectRole
metadata:
  name: admin
spec:
  description: project administrator
Project Role Binding
Project role binding is used to assign membership to a user or group a role in a project.
ProjectRoleBinding includes the following properties:
  • metadata.name Name of the project role binding and requires a specific format to reflect the subject type (user or group) and subject name:
    cci:<user/group>:<subject domain>:<subject name>
  • metadata.namespace Describes the project name.
  • subjects Describes the user or group. Only one entry is allowed.
  • roleRef Describes the role.
Create project role binding example input.
apiVersion: authorization.cci.vmware.com/v1alpha1
kind: ProjectRoleBinding
metadata:
  # name must match the subject kind and name
  name: cci:user:vmware.com:hello
  namespace: demo-project
subjects:
  - kind: User  # User / Group
    name: [email protected]
roleRef:
  apiGroup: authorization.cci.vmware.com
  kind: ProjectRole
  name: admin # admin / edit / view

vCenters and Supervisors

This category deals with infrastructure and its functions are for administrators only.

Cloud Account
Cloud accounts are created automatically by vSphere+ or manually by an administrator to register a vCenter and enable datacenters with Supervisors.
Create cloud account example output.
Name:         cci-ui-volume-service
Namespace:    cci-config
Labels:       <none>
Annotations:  infrastructure.cci.vmware.com/data-collection-status: FINISHED
              infrastructure.cci.vmware.com/last-data-collection-timestamp: 2022-10-24T22:06:08.603Z
API Version:  infrastructure.cci.vmware.com/v1alpha1
Kind:         CloudAccount
Metadata:
  Creation Timestamp:  2022-10-17T12:18:28Z
  UID:                 2163e7cf-f698-3f1f-afca-f3daa8c730fa
Spec:
  Address:           127.193.29.114
  Cloud Proxy Name:  2d164fed-bbf3-47cc-8e6b-5226c5277ee4
Events:              <none>
Cloud Gateway
A cloud gateway establishes the communication between your on-premises vCenter instance and the VMware Aria Automation cloud. The cloud gateway is only used in a vSphere+ environment.

To query cloud gateways, administrators must have an API token for the Automation Service Broker administrator and the vSphere+ cloud administrator service roles. To obtain the API token, see Using the Command Line Interface to perform Supervisor Namespace tasks.

CloudGateway includes the following properties:
  • status.conditions.status indicates the condition of the cloud gateway. Status: true indicates that the gateway is functioning properly.
  • status.gatewayVersion indicates the gateway version.
  • status.phase indicates the gateway status as connected or disconnected.
List all Cloud Gateways example command with output.
$ kubectl -n cci-config get cloudgateways
NAME                                   AGE
1edcd989-6b57-61d3-a57f-5bc9f848d4c2   21d
1edcda3b-0ad1-6680-8488-914e7078087d   21d
1edd3e58-c7fc-6afc-b2b9-4382615d7f58   13d
1edd4c68-ada5-617f-9649-53904d8cf8db   12d
1edd9bdf-71ca-67d3-ac0d-a3c2f885f97c   5d20h
Describe cloud gateway by ID example command with output.
$ kubectl -n cci-config describe cloudgateway 1edd9bdf-71ca-67d3-ac0d-a3c2f885f97c
Name:         1edd9bdf-71ca-67d3-ac0d-a3c2f885f97c
Namespace:    cci-config
Labels:       <none>
Annotations:  <none>
API Version:  infrastructure.cci.vmware.com/v1alpha1
Kind:         CloudGateway
Metadata:
  Creation Timestamp:  2023-04-13T05:42:23Z
  UID:                 e0de7747-2076-366e-9546-c98f6738c0ab
Spec:
  Gateway Id:  1edd9bdf-71ca-67d3-ac0d-a3c2f885f97c
Status:
  Conditions:
    Last Updated Time:  2023-04-19T21:45:03Z
    Status:             True
    Type:               CloudGatewayReady
  Gateway Version:      8.0.1.00000
  Hostname:             sc2-10-184-86-182.eng.vmware.com
  Phase:                Connected
  Vcenters:
    Id:              94c18050-362e-4a8c-842f-2d8c4f01e240
  Vm Instance Uuid:  4201EFF0-2147-CB43-2817-155FDA47DF41
Events:              <none>
Supervisor
A Supervisor is created by the system after vCenter data collection has completed. The administrator can update the Supervisor with capability labels for placement and assign it to a region.
  • metadata.labels Administrators define labels with key-value settings that reflect Supervisor capabilities. Labels are used to filter Supervisors based on capabilities when creating a namespace.
  • spec.regionNames Administrators define region names so that a Supervisor can be assigned to a region. A Supervisor can only be assigned to a single region and is not assigned to a region by default.
Update Supervisor example output.
Name:         bugbash-vc:domain-c8
Namespace:    cci-config
Labels:       environment=bug-bash-9
Annotations:  infrastructure.cci.vmware.com/cloud-account-id: 33a0b2d0-91c8-4629-b04a-65448494d54e
API Version:  infrastructure.cci.vmware.com/v1alpha1
Kind:         Supervisor
Metadata:
  Creation Timestamp:  2022-09-28T04:22:38Z
  UID:                 fbd10d08-bc56-4ec2-93f8-693a7a4b2003
Spec:
  Cloud Account Name:  bugbash-vc
  Display Name:        wcp-test-dc-cluster
  External Id:         domain-c8
  Region Names:
    us-demo1
Status:
  Power State:  On
Events:         <none>

Topology

Region
An administrator creates regions as a grouping mechanism for one or more Supervisors. Regions can be based on various parameters such as geography or infrastructure, and they can include Supervisors from multiple vCenters.
Create region example input.
apiVersion: topology.cci.vmware.com/v1alpha1
kind: Region
metadata:
  name: us-west1
spec:
  description: The us-west1 region
Region Binding
An administrator creates Region Bindings to associate regions with projects.

For a user in a project to create to Supervisor Namespaces, both RegionBinding and RegionBindingConfig must exist.

RegionBinding includes the following properties:
  • metadata.name Region name and must match an existing region.
  • metadata.namespace Project name.
Create Region Binding example input.
apiVersion: topology.cci.vmware.com/v1alpha1
kind: RegionBinding
metadata:
  name: us-west1
  namespace: demo-project
Region Binding Config
To control the supervisor placement logic on a per region basis in a project, an administrator defines RegionBindingConfig. With RegionBindingConfig defined, an administrator can use Supervisor label key-value pairs to further refine the association of specific Supervisors to projects. For example, an administrator could use a key: environment specification to select a Supervisor specified for testing with value: testing.
RegionBindingConfig includes the following properties:
  • metadata.name Region name and must match an existing region.
  • metadata.namespace Project name.
  • spec.supervisorSelector selects the supervisors in the project that are available for creating a namespace. To select the correct supervisor, matchExpressions define the Supervisor label key, matching operator, and value for the match.
    spec.supervisorSelector expression matching uses the following operators:
    • operator: In The region binding tests to see if the key-value matches the Supervisor label key-value. The matchExpressions is an array but the array is currently limited to a single entry value.
    • operator: NotIn The region binding tests to see if the key-value does not match the Supervisor Label key-value. The matchExpressions is an array but the array is currently limited to a single entry value.
    • operator: Exists The region binding searches for a match with a Supervisor that contains the label key. Values are not used.
    • operator: DoesNotExist The region binding searches for a Supervisor that does not contain the label key. Values are not used.
Create Region Binding Config example input.
apiVersion: topology.cci.vmware.com/v1alpha1
kind: RegionBindingConfig
metadata:
  name: us-west1
  namespace: demo-project
spec:
  supervisorSelector:
    matchExpressions:
      - key: environment
        operator: In
        values:
          - testing
      - key: storage
        operator: Exists
      - key: storage
        operator: NotIn
        values:
          - encrypted

Supervisor Namespace Classes

Supervisor Namespace Class
SupervisorNamespaceClass defines the the namespace template and optional parameters that can be used to customize the namespace settings during creation.
The default field specifies the parameter value that is used if a user does not provide the parameter value on namespace creation. For example, if default: false, false is the parameter value.
Note: To ensure that a user can create a namespace with partial or no parameter values, every parameter must include a default field and value.
Parameter type definitions:
Parameter type Properties
Boolean
  • default Default boolean value.
  • enum List of allowed boolean values. Can be used to for a parameter to have only one value, true or false.
Integer
  • minimum Minimum integer value.
  • maximum Maximum integer value.
  • default Default integer value.
  • enum List of allowed integer values.
String
  • minLength Minimum string length.
  • maxLength Maximum string length.
  • default Default string value if not provided by user.
  • pattern regex pattern to validate against value.
  • enum List of allowed string values.
Create Supervisor Namespace Class example input.
apiVersion: infrastructure.cci.vmware.com/v1alpha1
kind: SupervisorNamespaceClass
metadata:
  name: gold-with-gpu
spec:
  description: Gold with GPU enabled supervisor namespace
  parameters:
    - name: environment
      type: String
      default: testing
      enum:
        - testing
        - staging
        - production  
    - name: fastStorageClass
      type: Boolean
      default: false
    - name: podCountLimit
      type: Integer
      minimum: 100
      maximum: 1000
      default: 500
Supervisor Namespace Class Config
To specify the implementation of Supervisor Namespace Classes, an administrator creates a SupervisorNamespaceClassConfig with namespace settings. For a project to have access to Supervisor Namespace Class, both SupervisorNamespaceClass and SupervisorNamespaceClassConfig must exist.
SupervisorNamespaceClassConfig includes the following properties:
  • metadata.name Supervisor Namespace Class name.
  • metadata.namespace Project name.
  • spec.storageClasses Storage class names and limits in megabytes.
  • spec.vmClasses Names of the VM classes.
  • spec.contentSource Content library names that are all defined with type: ContentLibrary.
  • spec.limits Limit names and values. Valid limit values include:
    • config_map_count
    • cpu_limit
    • cpu_limit_default
    • cpu_request_default
    • daemon_set_count
    • deployment_count
    • job_count
    • memory_limit
    • memory_limit_default
    • memory_request_default
    • persistent_volume_claim_count
    • pod_count
    • replica_set_count
    • replication_controller_count
    • secret_count
    • service_count
    • stateful_set_count
    • storage_request_limit
  • spec.supervisorSelector Supervisors in the project that are available for creating a namespace. To select the correct supervisor, matchExpressions define the label key, matching operator, and label value for the match.

An administrator exposes class parameters that can be consumed when defining the namespace settings values, so that users can customize the namespace settings during request time.

Create Supervisor Namespace Class Configuration example input.
apiVersion: infrastructure.cci.vmware.com/v1alpha1
kind: SupervisorNamespaceClassConfig
metadata:
  name: gold-with-gpu
spec:     
  storageClasses:
    - name: wcp-storage-class
      limit: "100"
    - name: "((parameters.fastStorageClass ? 'fast-storage-class' : 'standard-storage-class'))"
  vmClasses:
    - name: big-vm-class
    - name: small-vm-class
  contentSources:
    - name: global-content-library
      type: ContentLibrary
    - name: "((parameters.environment))-content-library"
      type: ContentLibrary     
  limits:
    - name: cpu_limit
      limit: "1000"
    - name: pod_count
      limit: "((parameters.podCountLimit))"
  supervisorSelector:
    matchExpressions:
      - key: gpu-enabled
        operator: In
        values:
          - true 
This example uses parameters from the Supervisor Namespace Class example as follows:
  • ((parameters.fastStorageClass ? 'fast-storage-class' : 'standard-storage-class')) shows a conditional check to specify a storage class name. fastStorageClass is a Boolean type.
    • If the user specifies the parameter value as true, then the name is fast-storage-class.
    • If the user specifies the value as false, then the name is standard-storage-class.
  • ((parameters.podCountLimit)) shows how to specify a value for the pod count limit. podCountLimit is an integer type.
    • If the user specifies a value that is within the minimum and maximum values of 100 to 1000 as defined in the Supervisor Namespce Class, that is the value for the pod count limit.
    • If the user specifies no value, the pod count limit is the default value of 500 as defined in the Supervisor Namespace Class.
    • If the user specifies a value outside the minimum and maximum values, the value is invalid and Supervisor Namespace creation will fail with an error that shows the pod count limit is outside of the range of allowed values.
Supervisor Namespace Class Binding
The Supervisor Namespace Class Binding enables the use of Supervisor Namespace Classes when creating a Supervisor Namespace in a project.
SupervisorNamespaceClassBinding includes the following properties:
  • metadata.name Supervisor Namespace Class Binding name.
  • metadata.namespace Project name.
  • spec.overrideParameters Created by the administrator, these parameters are define values that cannot be changed by a user when creating the Supervisor Namespace. const specifies the value for the parameter. These parameters are optional and if defined, are not required for all class parameters.
Create Supervisor Namespace Class Binding example input.
apiVersion: infrastructure.cci.vmware.com/v1alpha1
kind: SupervisorNamespaceClassBinding
metadata:
  name: gold-with-gpu
  namespace: demo-project
spec:
  overrideParameters:
    - name: environment
      type: string
      const: testing
supervisorNamespaceClassRef:
  apiVersion: infrastructure.cci.vmware.com/v1alpha1
  kind: SupervisorNamespaceClass
  name: gold
In this example, name: environment is an override parameter using the environment parameter from the Supervisor Namespace Class. By specifying const: testing, the user can only create a Supervisor Namespace using this class in a testing environment.

Supervisor Namespaces

Supervisor Namespace
Users can create Supervisor Namespaces in a specific region using a Supervisor Namespace Class as a template. If exposed, optional class parameters can be used to define the Namespace settings.
SupervisorNamespace includes the following properties:
  • metadata.name Name of the namespace in the project and on the Supervisor.
  • metadata.namespace Project name.
  • spec.regionName Region name.
  • spec.className Supervisor Namespace Class name.
  • spec.classParameters Optional key-value to override default parameter values.
  • spec.description Optional namespace description.
Create Supervisor Namespace example input.
apiVersion: infrastructure.cci.vmware.com/v1alpha1
kind: SupervisorNamespace
metadata:
  name: demo-ns5
  namespace: demo-project
spec:
  description: Demonstrating supervisor namespace creation
  regionName: us-west2
  className: bronze
Create Supervisor Namespace example output.
Name:         demo-1
Namespace:    sprint-demo-project
Labels:       <none>
Annotations:  infrastructure.cci.vmware.com/wcp-address: 10.161.81.40
API Version:  infrastructure.cci.vmware.com/v1alpha1
Kind:         SupervisorNamespace
Metadata:
  Creation Timestamp:  2022-09-13T01:55:57Z
  UID:                 my-example-demo-1
Spec:
  Class Name:  demo-class
  Class Parameters:
    Pods:       30
  Description:
  Region Name:  us-demo-1
Status:
  Conditions:
    Last Transition Time:  2022-09-13T01:55:58Z
    Status:                True
    Type:                  Ready
  Phase:                   Created
Events:                    <none>