Administrators and developers can act on Cloud Consumption Interface (CCI) API resources that the CCI Kubernetes API server exposes.
Depending on the resource kind, administrators and developers can use the API to perform the following actions.
Resource kind | Admin action verbs | Developer action verbs |
---|---|---|
CloudAccount | get, list | |
CloudGateway | get, list | |
Supervisor | get, patch, list | |
Project | create, get, update, patch, delete, list | get, list |
ProjectRole | get, list | get, list |
ProjectRoleBinding | create, get, update, patch, delete, list | get, list |
Region | create, get, update, patch, delete, list | get, list |
RegionBinding | create, get, update, patch, delete, list | get, list |
RegionBindingConfig | create, get, update, patch, delete, list | |
SupervisorNamespaceClass | create, get, update, patch, delete, list | get, list |
SupervisorNamespaceClassConfig | create, get, update, patch, delete, list | |
SupervisorNamespaceClassBinding | create, get, update, patch, delete, list | get, list |
SupervisorNamespace | create, get, delete, list | create, get, delete, list |
- Downloaded the CCI kubectl plug-in.
- Obtained an API token.
- Logged in to the CCI server.
Projects and Users
- Project
-
Administratord create projects to group users and set access to content sources such as cloud templates in
Automation Assembler or to catalog items in
Automation Service Broker.
Project includes the following properties:
metadata.name
Project name.-
spec.description
Optional description. -
spec.sharedResources
If true, the project shares the Supervisor Namespaces with other users in the project. If false, the project limits namespace access to administrators or the user who created the namespace.
apiVersion: project.cci.vmware.com/v1alpha1 kind: Project metadata: name: demo-project spec: description: This is a demo project sharedResources: true
- Project Role
-
The project role reflects the available roles of admin, view, or edit that can be assigned to a user in a project.
Project Role Description admin Allows modification and deletion of the namespace. view A read-only role on the namespace. edit Allows modification of the namespace. Read project role example input.
apiVersion: authorization.cci.vmware.com/v1alpha1 kind: ProjectRole metadata: name: admin spec: description: project administrator
- Project Role Binding
-
Project role binding is used to assign membership to a user or group a role in a project.
ProjectRoleBinding includes the following properties:
metadata.name
Name of the project role binding and requires a specific format to reflect the subject type (user or group) and subject name:cci:<user/group>:<subject domain>:<subject name>
metadata.namespace
Describes the project name.-
subjects
Describes the user or group. Only one entry is allowed. -
roleRef
Describes the role.
apiVersion: authorization.cci.vmware.com/v1alpha1 kind: ProjectRoleBinding metadata: # name must match the subject kind and name name: cci:user:vmware.com:hello namespace: demo-project subjects: - kind: User # User / Group name: [email protected] roleRef: apiGroup: authorization.cci.vmware.com kind: ProjectRole name: admin # admin / edit / view
vCenters and Supervisors
This category deals with infrastructure and its functions are for administrators only.
- Cloud Account
-
Cloud accounts are created automatically by vSphere+ or manually by an administrator to register a
vCenter and enable datacenters with Supervisors.
Create cloud account example output.
Name: cci-ui-volume-service Namespace: cci-config Labels: <none> Annotations: infrastructure.cci.vmware.com/data-collection-status: FINISHED infrastructure.cci.vmware.com/last-data-collection-timestamp: 2022-10-24T22:06:08.603Z API Version: infrastructure.cci.vmware.com/v1alpha1 Kind: CloudAccount Metadata: Creation Timestamp: 2022-10-17T12:18:28Z UID: 2163e7cf-f698-3f1f-afca-f3daa8c730fa Spec: Address: 127.193.29.114 Cloud Proxy Name: 2d164fed-bbf3-47cc-8e6b-5226c5277ee4 Events: <none>
- Cloud Gateway
-
A cloud gateway establishes the communication between your on-premises
vCenter instance and the
VMware Aria Automation cloud. The cloud gateway is only used in a vSphere+ environment.
To query cloud gateways, administrators must have an API token for the Automation Service Broker administrator and the vSphere+ cloud administrator service roles. To obtain the API token, see Using the Command Line Interface to perform Supervisor Namespace tasks.
CloudGateway includes the following properties:status.conditions.status
indicates the condition of the cloud gateway.Status: true
indicates that the gateway is functioning properly.status.gatewayVersion
indicates the gateway version.status.phase
indicates the gateway status as connected or disconnected.
List all Cloud Gateways example command with output.$ kubectl -n cci-config get cloudgateways NAME AGE 1edcd989-6b57-61d3-a57f-5bc9f848d4c2 21d 1edcda3b-0ad1-6680-8488-914e7078087d 21d 1edd3e58-c7fc-6afc-b2b9-4382615d7f58 13d 1edd4c68-ada5-617f-9649-53904d8cf8db 12d 1edd9bdf-71ca-67d3-ac0d-a3c2f885f97c 5d20h
Describe cloud gateway by ID example command with output.$ kubectl -n cci-config describe cloudgateway 1edd9bdf-71ca-67d3-ac0d-a3c2f885f97c Name: 1edd9bdf-71ca-67d3-ac0d-a3c2f885f97c Namespace: cci-config Labels: <none> Annotations: <none> API Version: infrastructure.cci.vmware.com/v1alpha1 Kind: CloudGateway Metadata: Creation Timestamp: 2023-04-13T05:42:23Z UID: e0de7747-2076-366e-9546-c98f6738c0ab Spec: Gateway Id: 1edd9bdf-71ca-67d3-ac0d-a3c2f885f97c Status: Conditions: Last Updated Time: 2023-04-19T21:45:03Z Status: True Type: CloudGatewayReady Gateway Version: 8.0.1.00000 Hostname: sc2-10-184-86-182.eng.vmware.com Phase: Connected Vcenters: Id: 94c18050-362e-4a8c-842f-2d8c4f01e240 Vm Instance Uuid: 4201EFF0-2147-CB43-2817-155FDA47DF41 Events: <none>
- Supervisor
-
A Supervisor is created by the system after
vCenter data collection has completed. The administrator can update the Supervisor with capability labels for placement and assign it to a region.
-
metadata.labels
Administrators define labels with key-value settings that reflect Supervisor capabilities. Labels are used to filter Supervisors based on capabilities when creating a namespace. spec.regionNames
Administrators define region names so that a Supervisor can be assigned to a region. A Supervisor can only be assigned to a single region and is not assigned to a region by default.
Name: bugbash-vc:domain-c8 Namespace: cci-config Labels: environment=bug-bash-9 Annotations: infrastructure.cci.vmware.com/cloud-account-id: 33a0b2d0-91c8-4629-b04a-65448494d54e API Version: infrastructure.cci.vmware.com/v1alpha1 Kind: Supervisor Metadata: Creation Timestamp: 2022-09-28T04:22:38Z UID: fbd10d08-bc56-4ec2-93f8-693a7a4b2003 Spec: Cloud Account Name: bugbash-vc Display Name: wcp-test-dc-cluster External Id: domain-c8 Region Names: us-demo1 Status: Power State: On Events: <none>
-
Topology
- Region
-
An administrator creates regions as a grouping mechanism for one or more Supervisors. Regions can be based on various parameters such as geography or infrastructure, and they can include Supervisors from multiple vCenters.
Create region example input.
apiVersion: topology.cci.vmware.com/v1alpha1 kind: Region metadata: name: us-west1 spec: description: The us-west1 region
- Region Binding
-
An administrator creates Region Bindings to associate regions with projects.
For a user in a project to create to Supervisor Namespaces, both RegionBinding and RegionBindingConfig must exist.
RegionBinding includes the following properties:metadata.name
Region name and must match an existing region.metadata.namespace
Project name.
Create Region Binding example input.apiVersion: topology.cci.vmware.com/v1alpha1 kind: RegionBinding metadata: name: us-west1 namespace: demo-project
- Region Binding Config
-
To control the supervisor placement logic on a per region basis in a project, an administrator defines
RegionBindingConfig. With
RegionBindingConfig defined, an administrator can use Supervisor label key-value pairs to further refine the association of specific Supervisors to projects. For example, an administrator could use a
key: environment
specification to select a Supervisor specified for testing withvalue: testing
.RegionBindingConfig includes the following properties:Create Region Binding Config example input.metadata.name
Region name and must match an existing region.metadata.namespace
Project name.spec.supervisorSelector
selects the supervisors in the project that are available for creating a namespace. To select the correct supervisor,matchExpressions
define the Supervisor label key, matching operator, and value for the match.spec.supervisorSelector
expression matching uses the following operators:operator: In
The region binding tests to see if the key-value matches the Supervisor label key-value. ThematchExpressions
is an array but the array is currently limited to a single entry value.operator: NotIn
The region binding tests to see if the key-value does not match the Supervisor Label key-value. ThematchExpressions
is an array but the array is currently limited to a single entry value.operator: Exists
The region binding searches for a match with a Supervisor that contains the label key. Values are not used.operator: DoesNotExist
The region binding searches for a Supervisor that does not contain the label key. Values are not used.
apiVersion: topology.cci.vmware.com/v1alpha1 kind: RegionBindingConfig metadata: name: us-west1 namespace: demo-project spec: supervisorSelector: matchExpressions: - key: environment operator: In values: - testing - key: storage operator: Exists - key: storage operator: NotIn values: - encrypted
Supervisor Namespace Classes
- Supervisor Namespace Class
-
SupervisorNamespaceClass defines the the namespace template and optional parameters that can be used to customize the namespace settings during creation.
The default field specifies the parameter value that is used if a user does not provide the parameter value on namespace creation. For example, ifParameter type definitions:
default: false
,false
is the parameter value.Note: To ensure that a user can create a namespace with partial or no parameter values, every parameter must include a default field and value.Parameter type Properties Boolean default
Default boolean value.enum
List of allowed boolean values. Can be used to for a parameter to have only one value,true
orfalse
.
Integer minimum
Minimum integer value.maximum
Maximum integer value.default
Default integer value.enum
List of allowed integer values.
String minLength
Minimum string length.maxLength
Maximum string length.default
Default string value if not provided by user.pattern
regex pattern to validate against value.enum
List of allowed string values.
apiVersion: infrastructure.cci.vmware.com/v1alpha1 kind: SupervisorNamespaceClass metadata: name: gold-with-gpu spec: description: Gold with GPU enabled supervisor namespace parameters: - name: environment type: String default: testing enum: - testing - staging - production - name: fastStorageClass type: Boolean default: false - name: podCountLimit type: Integer minimum: 100 maximum: 1000 default: 500
- Supervisor Namespace Class Config
-
To specify the implementation of Supervisor Namespace Classes, an administrator creates a
SupervisorNamespaceClassConfig with namespace settings. For a project to have access to Supervisor Namespace Class, both
SupervisorNamespaceClass and
SupervisorNamespaceClassConfig must exist.
SupervisorNamespaceClassConfig includes the following properties:
metadata.name
Supervisor Namespace Class name.metadata.namespace
Project name.spec.storageClasses
Storage class names and limits in megabytes.spec.vmClasses
Names of the VM classes.spec.contentSource
Content library names that are all defined withtype: ContentLibrary
.spec.limits
Limit names and values. Valid limit values include:config_map_count
cpu_limit
cpu_limit_default
cpu_request_default
daemon_set_count
deployment_count
job_count
memory_limit
memory_limit_default
memory_request_default
persistent_volume_claim_count
pod_count
replica_set_count
replication_controller_count
secret_count
service_count
stateful_set_count
storage_request_limit
spec.supervisorSelector
Supervisors in the project that are available for creating a namespace. To select the correct supervisor,matchExpressions
define the label key, matching operator, and label value for the match.
An administrator exposes class parameters that can be consumed when defining the namespace settings values, so that users can customize the namespace settings during request time.
Create Supervisor Namespace Class Configuration example input.apiVersion: infrastructure.cci.vmware.com/v1alpha1 kind: SupervisorNamespaceClassConfig metadata: name: gold-with-gpu spec: storageClasses: - name: wcp-storage-class limit: "100" - name: "((parameters.fastStorageClass ? 'fast-storage-class' : 'standard-storage-class'))" vmClasses: - name: big-vm-class - name: small-vm-class contentSources: - name: global-content-library type: ContentLibrary - name: "((parameters.environment))-content-library" type: ContentLibrary limits: - name: cpu_limit limit: "1000" - name: pod_count limit: "((parameters.podCountLimit))" supervisorSelector: matchExpressions: - key: gpu-enabled operator: In values: - true
This example uses parameters from the Supervisor Namespace Class example as follows:((parameters.fastStorageClass ? 'fast-storage-class' : 'standard-storage-class'))
shows a conditional check to specify a storage class name.fastStorageClass
is a Boolean type.- If the user specifies the parameter value as true, then the name is
fast-storage-class
. - If the user specifies the value as false, then the name is
standard-storage-class
.
- If the user specifies the parameter value as true, then the name is
((parameters.podCountLimit))
shows how to specify a value for the pod count limit.podCountLimit
is an integer type.- If the user specifies a value that is within the minimum and maximum values of 100 to 1000 as defined in the Supervisor Namespce Class, that is the value for the pod count limit.
- If the user specifies no value, the pod count limit is the default value of 500 as defined in the Supervisor Namespace Class.
- If the user specifies a value outside the minimum and maximum values, the value is invalid and Supervisor Namespace creation will fail with an error that shows the pod count limit is outside of the range of allowed values.
- Supervisor Namespace Class Binding
-
The Supervisor Namespace Class Binding enables the use of Supervisor Namespace Classes when creating a Supervisor Namespace in a project.
SupervisorNamespaceClassBinding includes the following properties:
metadata.name
Supervisor Namespace Class Binding name.metadata.namespace
Project name.spec.overrideParameters
Created by the administrator, these parameters are define values that cannot be changed by a user when creating the Supervisor Namespace.const
specifies the value for the parameter. These parameters are optional and if defined, are not required for all class parameters.
Create Supervisor Namespace Class Binding example input.In this example,apiVersion: infrastructure.cci.vmware.com/v1alpha1 kind: SupervisorNamespaceClassBinding metadata: name: gold-with-gpu namespace: demo-project spec: overrideParameters: - name: environment type: string const: testing supervisorNamespaceClassRef: apiVersion: infrastructure.cci.vmware.com/v1alpha1 kind: SupervisorNamespaceClass name: gold
name: environment
is an override parameter using theenvironment
parameter from the Supervisor Namespace Class. By specifyingconst: testing
, the user can only create a Supervisor Namespace using this class in a testing environment.
Supervisor Namespaces
- Supervisor Namespace
-
Users can create Supervisor Namespaces in a specific region using a Supervisor Namespace Class as a template. If exposed, optional class parameters can be used to define the Namespace settings.
SupervisorNamespace includes the following properties:Create Supervisor Namespace example input.
metadata.name
Name of the namespace in the project and on the Supervisor.metadata.namespace
Project name.spec.regionName
Region name.spec.className
Supervisor Namespace Class name.spec.classParameters
Optional key-value to override default parameter values.spec.description
Optional namespace description.
apiVersion: infrastructure.cci.vmware.com/v1alpha1 kind: SupervisorNamespace metadata: name: demo-ns5 namespace: demo-project spec: description: Demonstrating supervisor namespace creation regionName: us-west2 className: bronze
Create Supervisor Namespace example output.Name: demo-1 Namespace: sprint-demo-project Labels: <none> Annotations: infrastructure.cci.vmware.com/wcp-address: 10.161.81.40 API Version: infrastructure.cci.vmware.com/v1alpha1 Kind: SupervisorNamespace Metadata: Creation Timestamp: 2022-09-13T01:55:57Z UID: my-example-demo-1 Spec: Class Name: demo-class Class Parameters: Pods: 30 Description: Region Name: us-demo-1 Status: Conditions: Last Transition Time: 2022-09-13T01:55:58Z Status: True Type: Ready Phase: Created Events: <none>