<p>Kubernetes is an orchestration system for automating software deployment, scaling, and management. One can interact though the Kubernetes API and it has a set of objects ready for use out of the box. Custom Resource Definitions (CRDs) is a way that allows to manage things other than Kubernetes itself and allows to create our own objects The use of CRDs makes the possibilities of Kubernetes management almost limitless. You can extend the base Kubernetes API with any object you like using CRDs.</p>
</blockquote>
<p>CRIDGE is a service designed to create and manage Custom Resources (CRs) based on Custom Resource Definitions (CRDs) installed on a Kubernetes cluster. By leveraging the OpenSlice (OSL), CRIDGE enables seamless integration and orchestration within Kubernetes environments, utilizing Kubernetes APIs via the TMF APIs and models. Thus, more or less, OSL exposes Kubernetes APIs as TMF APIs and models.</p>
<blockquote>
<p>CRIDGE is a service designed to create and manage Custom Resources (CRs) based on Custom Resource Definitions (CRDs) installed on a Kubernetes cluster. By leveraging OpenSlice (OSL), CRIDGE enables seamless integration and orchestration within Kubernetes environments, utilizing Kubernetes APIs via the TMF APIs and models. Thus, more or less, OSL exposes Kubernetes APIs as TMF APIs and models.</p>
<p>By allowing the design and lifecycle management of services/resources that expose CRDs/CRs in a Kubernetes cluster via the TMF APIs, OSL can be used in many complex scenarios now involing resources from multiple domains. </p>
</blockquote>
<p>Pros, in a nutshell:</p>
<ol>
<li>
<p>CRIDGE service allows OSL to:</p>
@@ -2359,7 +2540,7 @@
<li>Create and manage Custom Resources (CRs) using installed CRDs on a target Kubernetes cluster.</li>
<li>Facilitate complex orchestration scenarios by wrapping Kubernetes APIs as TMF APIs and models.</li>
<li>Handles connectivity to a Kubernetes cluster and manages the lifecycle of CRDs</li>
<li>Wraps the Kubernetes API, Receives and provides resources towards other OSL services via the service bus</li>
<li>Wraps the Kubernetes API, receives and provides resources towards other OSL services via the service bus</li>
</ul>
</li>
<li>
@@ -2383,11 +2564,11 @@ These scenarios may include service bundles that involve multiple systems, such
</li>
</ol>
<blockquote>
<p>Why the CRIDGE name? we wanted to build a service that maps TMF models to CRDs; a kind of a <strong>CR</strong>D to TMF br<strong>idge</strong>. Therefore CRIDGE was born</p>
<p>Why the CRIDGE name? We wanted to build a service that maps TMF models to CRDs; a kind of a <strong>CR</strong>D to TMF br<strong>idge</strong>. Therefore CRIDGE was born.</p>
</blockquote>
<h1id="approach">Approach</h1>
<h2id="approach">Approach</h2>
<blockquote>
<p>OSL in general is responible for exposing service specifications which are ready to be ordered and orchestrated, through tmforum Open APIs as defined in the OSL Service Spec Catalog. Usually for a service specification a corresponding (one or more) resource specification (resourceSpecificationReference) is registered in the OSL Resource Spec Catalog.</p>
<p>OSL in general is responsible for exposing Service Specifications which are ready to be ordered and orchestrated, through TMFORUM Open APIs as defined in the OSL Service Spec Catalog. Usually for a service specification a corresponding (one or more) Resource Specification (resourceSpecificationReference) is registered in the OSL Resource Spec Catalog.</p>
</blockquote>
<p>The following image illustrates the approach.</p>
<p>The provided image illustrates the architecture and workflow of the CRIDGE service, showing how it interacts with other components within a Kubernetes (K8s) cluster. Here is an explanation of the key components and flow in the diagram:</p>
<p>The provided image illustrates the architecture and workflow of the CRIDGE service, showing how it interacts with other components within a Kubernetes (K8s) cluster. </p>
<p>Following, there is an explanation of the key components and flow in the diagram:</p>
<ul>
<li>Other OSL Services: This box represents various OSL services such as Service Spec Catalogue, Resource Spec Catalogue, Service Inventory, Resource Inventory, and OSOM (OpenSlice Service Orchestration and Management).</li>
<li>Service Bus: This is the communication layer that facilitates interaction between the CRIDGE service and other OSL services.</li>
@@ -2411,63 +2593,66 @@ These scenarios may include service bundles that involve multiple systems, such
<p>K8s API: The Kubernetes API server, which is the central control point for managing the Kubernetes cluster. CRIDGE interacts with the K8s API to manage CRDs and CRs.</p>
<blockquote>
<p>CRD (Custom Resource Definition): A CRD is a way to define custom resources in Kubernetes cluster-wise. It allows the extension of Kubernetes API to create and manage user-defined resources. Example :
<p>Namespaces: Kubernetes namespaces provide a way to partition resources within a cluster. The diagram shows that multiple namespaces (nsxx, nsyy, nsz) can be managed by CRIDGE.</p>
</li>
</ul>
<blockquote>
<p>CR (Custom Resource): A CR is an instance of a CRD. It represents the actual custom resource that is managed within the Kubernetes cluster. Example shown in different namespaces:
<li>Various OSL services use the Service Bus to communicate with CRIDGE.</li>
<li>CRIDGE converts requests towards Kubernetes API and vice-versa, facilitating the integration of custom resources with other OSL services.</li>
<li>CRDs are defined and managed through the K8s API. The example CRD is named myresource.example.com.</li>
<li>Deploying CRs in Namespaces: Custom resources defined by the CRD are created and managed within different namespaces in the Kubernetes cluster. Each namespace can have its own instances of the custom resources.<divclass="language-text highlight"><pre><span></span><code>> The example CRD myresource.example.com allows the creation of custom resources of type Myresource.
> Instances of Myresource are created in various namespaces, each with unique names like example_resource_1.
</code></pre></div>
</li>
<li>Deploying CRs in Namespaces: Custom resources defined by the CRD are created and managed within different namespaces in the Kubernetes cluster. Each namespace can have its own instances of the custom resources.</li>
</ul>
<h1id="handling-more-than-one-clusters">Handling more than one clusters</h1>
<blockquote>
<p>The example CRD myresource.example.com allows the creation of custom resources of type Myresource.</p>
<p>Instances of Myresource are created in various namespaces, each with unique names like example_resource_1.</p>
<p>A CRIDGE service is usually responsible for managing one cluster. In the following diagram we show how it can be used for managing multiple clusters:</p>
<p>We assume that there is an OSL Management cluster that OSL is installed. CRIDGE is also installed there if we would like to manage resources in the same management cluster.
- Each CRIDGE service has for example its own configuration to connect to target cluster
- Each CRIDGE can be installed either in the managed cluster or at the remote clusters. Connectivity is handled via the service bus
- Important: Each CRIDGE has a different context and API endpoints. This is used to request CRDs on a different cluster</p>
<p>We assume that there is an OSL Management cluster that OSL is installed. CRIDGE is also installed there if we would like to manage resources in the same management cluster. </p>
<ul>
<li>Each CRIDGE service has its own configuration to connect to target cluster</li>
<li>Each CRIDGE can be installed either in the managed cluster or at the remote clusters. Connectivity is handled via the service bus.</li>
<li><strong>Important</strong>: Each CRIDGE has a different context and API endpoints. This is used to request CRDs on a different cluster.</li>
</ul>
<blockquote>
<p>A CRD has a globally unique name for example mycrd.example.com. So we need to somehow identify also the different cluster</p>
<p>A CRD has a globally unique name for example mycrd.example.com. So we need to somehow identify also the different cluster.</p>
</blockquote>
<h1id="awareness-for-crds-and-crs-in-cluster">Awareness for CRDs and CRs in cluster</h1>
<h2id="awareness-for-crds-and-crs-in-a-cluster">Awareness for CRDs and CRs in a Cluster</h2>
<blockquote>
<p>CRDs and CRs can appear (disappear) or change status at any time in a cluster. OSL Resource Inventory need to be aware of these events.</p>
</blockquote>
<p>The sync process is found in the code and explained by the following picture:</p>
<p>The implemented synchronization process is explained by the following diagram:</p>
<p>WatcherService is executed when the cridge service application starts (see onApplicationEvent). First things:</p>
<p>WatcherService is executed when the CRIDGE service application starts (see onApplicationEvent). Specifically:</p>
<ul>
<li>KubernetesClientResource is a class that wraps fabric8’s KubernetesClient<ul>
<li>This fabric8 KubernetesClient is initialized from the kubeconf and default context of the machine that runs CRIDGE</li>
</ul>
</li>
<li>On CRIDGE Startup we try to register this cluster and context to OSL catalogs.<ul>
<li>On CRIDGE start-up we try to register this cluster and context to OSL catalogs.<ul>
<li>See registerKubernetesClientInOSLResource method which registers the KubernetesContextDefinition in Resource Inventory as a LogicalResource via createOrUpdateResourceByNameCategoryVersion method</li>
</ul>
</li>
<li>After the creation (or update) of this cluster as a Resource in OSL we proceed to create SharedIndexInformers for CustomResourceDefinition objects</li>
<li>In this way CRIDGE is always aware of all CRDs and their CRs in the cluster, even if a CRD or CR is added/updated/deleted in the K8S cluster outside of OSL(CRIDGE)</li>
<li>In this way, CRIDGE is always aware of all CRDs and their CRs in the cluster, even if a CRD or CR is added/updated/deleted in the K8S cluster outside of OSL(CRIDGE)</li>
<li>The SharedIndexInformer events notify CRIDGE, which is always aware of all CRDs and their CRs in the cluster, even if a CRD or CR is added/updated/deleted in the K8S cluster outside of OSL (CRIDGE)<ul>
<li>NOTE: The ADD event is raised every time also we run CRIDGE. Therefore, on ADD we do the method to createORupdate resource specifications and resources</li>
</ul>
@@ -2475,7 +2660,7 @@ These scenarios may include service bundles that involve multiple systems, such
<li>On ADD event:<ul>
<li>The CRD is transformed to OSL Kubernetes domain model: method kubernetesClientResource.KubernetesCRD2OpensliceCRD</li>
<li>Then the OSL Kubernetes domain model is:<ul>
<li>transformed to Resource Specification and is stored to catalog (see createOrUpdateResourceSpecByNameCategoryVersion)</li>
<li>Transformed to Resource Specification and is stored to catalog (see createOrUpdateResourceSpecByNameCategoryVersion)</li>
<li>Transformed to Resource and is stored to catalog (see createOrUpdateResourceByNameCategoryVersion)</li>
</ul>
</li>
@@ -2491,26 +2676,9 @@ These scenarios may include service bundles that involve multiple systems, such
</ul>
</li>
</ul>
<h1id="deployment-of-a-new-cr-based-on-a-crd">Deployment of a new CR based on a CRD</h1>
<li>The call examines if this CRIDGE service can handle the request (based on context and masterURL)</li>
</ul>
</li>
<li>There are headers received and a crspec in json</li>
<li>The crspec is unmarshaled as GenericKubernetesResource</li>
<li>Headers are in format org.etsi.osl.*</li>
<li>These headers are injected as labels <ul>
<li>(see later in orchestration)</li>
</ul>
</li>
<li>A namespace is created for this resource</li>
<li>Watchers are created for this namespace for e.g. new secrets, config maps etc , so that they can be available back as resources to the Inventory of OSL (Note only Secrets for now are watched)</li>
</ul>
<h1id="expose-crds-as-service-specifications-in-openslice-catalogs">Expose CRDs as Service Specifications in OpenSlice catalogs</h1>
<h1id="service-orchestration-and-crdscrs">Service Orchestration and CRDs/CRs</h1>
<h2id="exposure-of-crds-as-service-specifications">Exposure of CRDs as Service Specifications</h2>
<p>See <ahref="../../service_design/kubernetes/exposing_kubernetes_resources.md">Exposing Kubernetes Resources</a> section for ways to design services around CRDs.</p>
<h2id="service-orchestration-and-crdscrs">Service Orchestration and CRDs/CRs</h2>
<p>OSOM checks the presence of attribute _CR_SPEC at the RFS to make a request for a CR deployment</p>
<ul>
<li>_CR_SPEC is a JSON or YAML string that is used for the request<ul>
@@ -2522,8 +2690,17 @@ These scenarios may include service bundles that involve multiple systems, such
<blockquote>
<p>LCM rules can be used to change attributes of this yaml/json file, before sending this for orchestration</p>
</blockquote>
<p>However, the following issue needs to be solved: ** How to map the CR lifecycle that is defined in the CRD with the TMF resource Lifecycle? **
- For this We introduced the following characteristics: _CR_CHECK_FIELD, _CR_CHECKVAL_STANDBY, _CR_CHECKVAL_ALARM, _CR_CHECKVAL_AVAILABLE, _CR_CHECKVAL_RESERVED, _CR_CHECKVAL_UNKNOWN, _CR_CHECKVAL_SUSPENDED</p>
<p>However, the following issue needs to be solved: <strong>How to map the CR lifecycle that is defined in the CRD with the TMF resource Lifecycle?</strong></p>
<p>For this We introduced the following characteristics: </p>
<ul>
<li>_CR_CHECK_FIELD</li>
<li>CR_CHECKVAL_STANDBY</li>
<li>_CR_CHECKVAL_ALARM </li>
<li>_CR_CHECKVAL_AVAILABLE</li>
<li>_CR_CHECKVAL_RESERVED</li>
<li>_CR_CHECKVAL_UNKNOWN</li>
<li>_CR_CHECKVAL_SUSPENDED</li>
</ul>
<p>OSOM sends to CRIDGE a message with the following information:</p>
<ul>
<li>currentContextCluster: current context of cluster </li>
@@ -2550,13 +2727,13 @@ These scenarios may include service bundles that involve multiple systems, such
<li>orderId related service order ID</li>
<li>startDate start date of the deployment (not used currently)</li>
<li>endDate end date of the deployment (not used currently)</li>
<li>_CR_SPEC the spec that is sent to cridge (in json)</li>
<li>_CR_SPEC the spec that is sent to CRIDGE (in json)</li>
</ul>
</li>
<li>
<p>Returns:</p>
<ul>
<li>a string response from cridge. It might return "OK" if everything is ok. "SEE OTHER" if there are multiple CRIDGEs then some other cridge will handle the request for the equivalent cluster. Any other response is handled as error</li>
<li>a string response from CRIDGE. It might return "OK" if everything is ok. "SEE OTHER" if there are multiple CRIDGEs then some other CRIDGE instance will handle the request for the equivalent cluster. Any other response is handled as error</li>
</ul>
</li>
<li>
@@ -2566,12 +2743,26 @@ These scenarios may include service bundles that involve multiple systems, such
<li>It monitors and tries to figure out and map the Status of the CR to the TMF Status according to the provided org.etsi.osl.statusCheck* labels</li>
<li>It sends to the message bus the current resource for creation or update to the TMF service inventory</li>
</ul>
<hr/>
<h2id="deployment-of-a-new-cr-based-on-a-crd">Deployment of a new CR based on a CRD</h2>
<p>The implemented process to deploy a CR is explained by the following diagram:</p>
<li>The call examines if this CRIDGE service can handle the request (based on context and masterURL)</li>
</ul>
</li>
<li>There are headers received and a _CR_SPEC in json</li>
<li>The _CR_SPEC is unmarshaled as GenericKubernetesResource</li>
<li>Headers are in format org.etsi.osl.*</li>
<li>These headers are injected as labels (see <ahref="#service-orchestration-and-crdscrs">Service Orchestration section</a>)</li>
<li>A namespace is created for this resource</li>
<li>Watchers are created for this namespace for e.g. new secrets, config maps etc, so that they can be available back as resources to the Inventory of OSL</li>
</ul>
<h2id="probe-further">Probe further</h2>
<ul>
<li>See examples of exposing Kubernetes Operators as a Service via OpenSlice:<ul>
<li><ahref="../../../service_design/examples/ExposingCRDs_aaS_Example_Calculator/ExposingCRDs_aaS_Example_Calculator/">Offering "Calculator as a Service"</a></li>
<li><ahref="../../../service_design/examples/helmInstallation_aaS_Example_Jenkins/HELM_Installation_aaS_Jenkins_Example/">Offering "Helm installation as a Service" (Jenkins example)</a></li>
<li><ahref="../../service_design/examples/calculator_crd_aas/calculator_crd_aas.md">Offering "Calculator as a Service"</a></li>
<li><ahref="../../service_design/examples/jenkins_helm_install_aas/jenkins_helm_install_aas.md">Offering "Helm installation as a Service" (Jenkins example)</a></li>
