公开(公告)号：US20220019455A1

公开(公告)日：2022-01-20

申请号：US16933823

申请日：2020-07-20

Applicant: VMware, Inc.

Inventor： Yanping CAO ,  Zachary James SHEPHERD ,  Mark Russell JOHNSON

IPC: G06F9/455 ,  G06F21/31 ,  G06F8/61

Abstract: A virtualized computing system according to an example includes: a host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts, the virtualization layer supporting execution of virtual machines (VMs); a container image registry configured to manage container images for deploying containers in the host cluster; an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server executing in a first VM of the VMs, the master server configured to manage image secrets based on accounts in the container image registry; and a guest cluster, managed by the orchestration control plane and executing in second VMs of the VMs, the guest cluster configured to receive the image secrets from the master server and access the container image registry using the image secrets.

公开(公告)号：US20210314310A1

公开(公告)日：2021-10-07

申请号：US15930148

申请日：2020-05-12

Applicant: VMware, Inc.

Inventor： Yanping CAO ,  Tan JIANG ,  Michal Adam JANKOWSKI

IPC: H04L29/06 ,  G06F21/45 ,  G06F9/455 ,  G06F8/60

Abstract: An example method of logging in an automation user to a container image registry in a virtualized computing system is described, the container image registry managing container images for deploying containers in the virtualized computing system. The method includes: receiving, at a credential manager in the container image registry, a login request from a service executing in the virtualized computing system representing the automation user, the login request for image access to the container image registry and including an automation token; authenticating the automation token as credentials of a robot account in the container image registry corresponding to the automation user; and authorizing the automation user as identified in the automation token of the login request in response to the robot account having privilege for the image access.

公开(公告)号：US20210311758A1

公开(公告)日：2021-10-07

申请号：US16838526

申请日：2020-04-02

Applicant: VMware, Inc.

Inventor： Yanping CAO ,  Mark Russell JOHNSON ,  Pratik KAPADIA ,  Xiaoyun AN

IPC: G06F9/455 ,  G06F9/54 ,  G06F9/50 ,  G06F8/61

Abstract: A container image registry is managed in a virtualized computing system. The container image registry manages container images for deploying containers in a host cluster, the host cluster includes hosts and a virtualization layer executing on hardware platforms of the hosts, and the virtualization layer supports execution of virtual machines (VMs). The method includes: creating a namespace for an orchestration control plane integrated with the virtualization layer, the namespace including constraints for deploying workloads in the VMs; invoking, by a registry service in response to creation of the namespace, a management application programming interface (API) of the container image registry to create a project for the container images; and invoking, by the registry service, the management API of the container image registry to both add members to the project, and assign image registry roles to the members, in response to bindings of users and namespace roles derived from the constraints.