IBM CEX Device Plugin CM

Overview

Features

Release categoryGenerally Available

Privilege modePrivileged

Download this image

Description

The Kubernetes CEX device plug-in provides IBM Crypto Express cards to be made available on Kubernetes nodes for use by containers.

The CEX device plug-in version 1 groups the available CEX resources (APQNs) into CEX config sets. Containers can request one resource from one CEX config set. Thus, from a container perspective, the APQNs within one CEX config set should be equal.

The CEX config sets are described in a cluster wide config map, which is maintained by the cluster administrator.

The CEX device plug-in instances running on all compute nodes:

Handle CEX resource allocation requests from the containers.
Check if the existing crypto resources are available on the nodes.
Claim the resource
Ensure containers are scheduled on the correct compute node with the requested CEX crypto resources.

The CEX device plug-in instances running on each compute node:

Screen all the available CEX resources on the compute node and provide this information to the Kubernetes infrastructure service.
Allocate and deallocate a CEX resource on request of the Kubernetes infrastructure based on the requirement of a pod asking for CEX support.

The application container only has to specify that it needs a CEX resource from a specific CEX config set with a Kubernetes resource limit declaration. The cluster system and the CEX device plug-in handle the details, claim a CEX resource, and schedule the pod on the correct compute node.

The following sections provide more information about CEX resources on IBM Z and LinuxONE, the CEX device plug-in details, the CEX crypto configuration as config sets in a cluster, and application container handling details.

For further details see the documentation:

https://www.ibm.com/support/pages/kubernetes-device-plug-ibm-crypto-express-cex-cards-installation-and-user-guide

Github Repository:

https://github.com/ibm-s390-cloud/k8s-cex-dev-plugin

Products using this container

Kubernetes device plug-in for IBM Crypto Express (CEX) cards

The Kubernetes CEX device plug-in provides IBM Crypto Express cards to be made available on Kubernetes nodes for use by containers.

Security

Packages

Get this image

Terms & conditionsBefore downloading or using this Container, you must agree to the Red Hat subscription agreement located at redhat.com/licenses. If you do not agree with these terms, do not download or use the Container. If you have an existing Red Hat Enterprise Agreement (or other negotiated agreement with Red Hat) with terms that govern subscription services associated with Containers, then your existing agreement will control.

Registry tokens

Use a registry service account token to authenticate your container client. This allows you to pull images without using your personal Red Hat credentials, which is recommended for CI/CD pipelines and automated deployments.

Using Podman login

Image identifiers

Use the following instructions to get images from a Red Hat container registry using your Red Hat login.

Features

Download this image

Description

Products using this container

Kubernetes device plug-in for IBM Crypto Express (CEX) cards

Type

Stream

Category

Registry tokens

Using Podman login

Image identifiers

Using Podman login

Image identifiers

Platforms

Products & services

Try, buy, sell

Help

About Red Hat Ecosystem Catalog

Red Hat legal and privacy links

Red Hat legal and privacy links

IBM CEX Device Plugin CM

Features

Download this image

Description

Products using this container

Kubernetes device plug-in for IBM Crypto Express (CEX) cards

Type

Stream

Category

Registry tokens

Using Podman login

Image identifiers

Using Podman login

Image identifiers