IBM CEX Device Plugin CM

Overview

Description

The Kubernetes CEX device plug-in provides IBM Crypto Express cards to be made available on Kubernetes nodes for use by containers.

The CEX device plug-in version 1 groups the available CEX resources (APQNs) into CEX config sets. Containers can request one resource from one CEX config set. Thus, from a container perspective, the APQNs within one CEX config set should be equal.

The CEX config sets are described in a cluster wide config map, which is maintained by the cluster administrator.

The CEX device plug-in instances running on all compute nodes:

Handle CEX resource allocation requests from the containers.
Check if the existing crypto resources are available on the nodes.
Claim the resource
Ensure containers are scheduled on the correct compute node with the requested CEX crypto resources.

The CEX device plug-in instances running on each compute node:

Screen all the available CEX resources on the compute node and provide this information to the Kubernetes infrastructure service.
Allocate and deallocate a CEX resource on request of the Kubernetes infrastructure based on the requirement of a pod asking for CEX support.

The application container only has to specify that it needs a CEX resource from a specific CEX config set with a Kubernetes resource limit declaration. The cluster system and the CEX device plug-in handle the details, claim a CEX resource, and schedule the pod on the correct compute node.

The following sections provide more information about CEX resources on IBM Z and LinuxONE, the CEX device plug-in details, the CEX crypto configuration as config sets in a cluster, and application container handling details.

For further details see the documentation:

https://www.ibm.com/support/pages/kubernetes-device-plug-ibm-crypto-express-cex-cards-installation-and-user-guide

Github Repository:

https://github.com/ibm-s390-cloud/k8s-cex-dev-plugin

Products using this container

Kubernetes device plug-in for IBM Crypto Express (CEX) cards

The Kubernetes CEX device plug-in provides IBM Crypto Express cards to be made available on Kubernetes nodes for use by containers.

Containerized application

Security

Packages

Get this image

Terms & conditionsBefore downloading or using this Container, you must agree to the Red Hat subscription agreement located at redhat.com/licenses. If you do not agree with these terms, do not download or use the Container. If you have an existing Red Hat Enterprise Agreement (or other negotiated agreement with Red Hat) with terms that govern subscription services associated with Containers, then your existing agreement will control.

Using registry tokens

RegistryCopy to Clipboard

RepositoryCopy to Clipboard

Use the following instructions to get images from a Red Hat container registry using registry service account tokens. You will need to create a registry service account to use prior to completing any of the following tasks.

Using OpenShift secrets

First, you will need to add a reference to the appropriate secret and repository to your Kubernetes pod configuration via an imagePullSecrets field.

Copy to Clipboard

Then, use the following from the command line or from the OpenShift Dashboard GUI interface.

Copy to Clipboard

Using podman login

Use the following command(s) from a system with podman installed

Copy to Clipboard

Using docker login

Use the following command(s) from a system with docker service installed and running

Copy to Clipboard

RegistryCopy to Clipboard

RepositoryCopy to Clipboard

Use the following instructions to get images from a Red Hat container registry using your Red Hat login.

Using OpenShift

For best practices, it is recommended to use registry tokens when pulling content for OpenShift deployments.

Using podman login

Use the following command(s) from a system with podman installed

Copy to Clipboard

Using docker login

Use the following command(s) from a system with docker service installed and running

Copy to Clipboard

Description

The Kubernetes CEX device plug-in provides IBM Crypto Express cards to be made available on Kubernetes nodes for use by containers.

The CEX config sets are described in a cluster wide config map, which is maintained by the cluster administrator.

The CEX device plug-in instances running on all compute nodes:

Handle CEX resource allocation requests from the containers.

Check if the existing crypto resources are available on the nodes.

Claim the resource

Ensure containers are scheduled on the correct compute node with the requested CEX crypto resources.

The CEX device plug-in instances running on each compute node:

Screen all the available CEX resources on the compute node and provide this information to the Kubernetes infrastructure service.

Allocate and deallocate a CEX resource on request of the Kubernetes infrastructure based on the requirement of a pod asking for CEX support.

For further details see the documentation:

Github Repository:

Description

Products using this container

Kubernetes device plug-in for IBM Crypto Express (CEX) cards

Release category

Using OpenShift secrets

Using podman login

Using docker login

Using OpenShift

Using podman login

Using docker login

Platforms

Products & services

Try, buy, sell

Help

About Red Hat Ecosystem Catalog

Red Hat legal and privacy links

Red Hat legal and privacy links

IBM CEX Device Plugin CM

Description

Products using this container

Kubernetes device plug-in for IBM Crypto Express (CEX) cards

Release category

Using OpenShift secrets

Using podman login

Using docker login

Using OpenShift

Using podman login

Using docker login