DETAILED ACTION
This action is responsive to the Application filed 7/09/2020.
Accordingly, claims 1-20 are submitted for prosecution on merits.
	Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-6, 8, 11-13, 15, 18-20 is/are rejected under § 35 U.S.C. 103 as being unpatentable over Lee et al, USPubN: 2020/0326988 (herein Lee), in view of Giannetti, USPubN: 2020/0348918 (herein Giannetti), Balcha et al, USPubN: 2021/0149769 (herein Balcha) and Dobies et al, “Kubernetes Operators: automating the container Orchestration platform”, Red Hat inc, March 2020, pg.1-155 (herein Dobies). 
As per claim 1, Lee discloses a method for configuring and deploying cloud application-related infrastructure (para 0055-0056; cloud instances – claim 10, pg. 13) to a workspace (space for workflows – para 0044; para 0024; platform API …abstracts infrastructure services like Kubernetes – para 0055) via an application deployment platform (ADP – Fig.5; para 0049; Fig. 4C), the ADP being configured to containerize application-related resources (containerized, workflow definition, CRD - para 0235-0236; container, Docker, Kubernetes – para 0014) for deployment to the workspace(e.g. VMWare, Docker container, workspace level vituralization – para 0024), the ADP having at least one application programming interface (API) via which the application- related resources are configured, the method comprising:
generating, via the ADP, a workspace custom resource definition (Fig. 2, para 0029; CRD – implemented in part using Kubernetes …CRD – para 0038) to define a workspace 
the infrastructure controller (IC) having a set of IC definitions (DSL,  YAML - para 0075-0077; definition - CustomResourceDefintion – para 0236; workflow definition – para 0038; plurality of workflow definitions – claim 1, pg. 13; YAML … para 0048; declarative workflow definition – para 0028; YAML, DSL language … workflow definitions – para 0025; metadata, YAML – para 0062-0063) that define the infrastructure resources (e.g. para 0236) for the workspace (space for workflows – para 0044; para 0024; platform API …abstracts infrastructure services like Kubernetes – para 0055);
building the workspace with the infrastructure resources ( para 0062-0063; 0075-0077, 0038, 0236, 0028, 0048) defined by a workspace custom resource (see above); and
deploying the CRD (see above – Note1: use of definition integrated with Kubernetes descriptor reads on deploying effect of CRD onto the ADP to configure a cluster deployment or containerized workflow) to the ADP (Fig.5; para 0049; para 0024; platform API …abstracts infrastructure services like Kubernetes – para 0055) to create the workspace custom resource (see para 0236, 0038) based on the collection of configurations (see above) and the one or more variables (see above; commit parameters - para 0080).
A) Lee does not explicitly disclose CRD in terms of
CRD to define a workspace schema for the workspace, the workspace schema representing one or more modules that model the workspace, each module being a collection of configurations to manage infrastructure resources of the workspace.
Lee discloses use of database having schema action to define operation of a workflow, incluind lifecycle management action (para 0239) where workflow definition can be expressed as markup or YAML (para 0238); hence markup or schema type formatting of a existing definition for use is recognized.
Similar to Lee’s configuration of cluster deployment (para 0180), Kubernetes container and corresponding definition or template data is also used in Giannetti to automate deployment of cluster-type service (see Abstract; para 0015; Fig. 2, 4), via a framework that configure Kubernetes clusters and committing CRD therewith (para 0066-0067), where definition resources underlying CRD templates are described in schema type elements (clusters-crd.yaml, mapping-crd.yaml - para 0102-0159); hence configuration resources such as Kubernetes descriptor/templates expressed as CRD schema format.
CRD provided to define a workload in shown in Balcha Kubernetes API server for implementingg Kubernetes cluster (para 0032,0041, 0050)  on basis of template Helm charts, where the workload CRD instance comes from application resources included with yaml/json provisioning (para 0073); hence YAML and JSON structure entails a schema or hierarchized node description for implementing a CRD, the operator generated from Helm chart used to package, deploy and manage the Kubernetes cluster application (para 0069-0070)
Kubernetes infrastructure by Dobies also discloses CRs for use with an API extension mechanism, wehre a CRD is analogous to a schema (chp. 1, pg. 6; chp.3 pg. 28; CRD schema – chp. 6 pg. 50), the CRDs extended to also provide endpoints for reading and writing structured data, the CRDs allowing a developer to create domain-specific resources, and tracking changes thereto (chp. 6 pg. 50) where managing a CR utilized instance of operator expressed by Yaml language, Kubernetes template and description by a Helm chart (describe the CR this Operator manages - chp. 6 pg. 52; crd.yaml – chp. 6, pg. 55); hence YAML or markup expression of CDR information for create operator entails resource descriptor or templates formulated as schema type language for instantiating one or more Kubernetes modules or Operator code that in turn manage the application resources; such as a lifecycle manage Operator (OLM operator - chp. 8, pg. 90-92).
Therefore, It would have been obvious before the time of the effective date of the claimed invention for one of ordinary skill in the art to implement high-level descriptive language such as CRD schema structure as resources in Kubernetes, so that the CRD is to define a workspace schema – as set forth in Gianetti or Dobies- for the workspace, the workspace schema representing one or more modules – as per a yaml/json structure as per Balcha, or yaml script per Dobies or Gianetta from above – as specifications that model the workspace, each module being a collection of configurations (operator instance declared via yaml tree/hierarchy) to manage infrastructure resources of the workspace, as per effect of creating a operator extension – in Dobies - to manage CRD elements or lifecycle of other operator resources;  or yaml-driven Kubernetes operator to manage the application workflow itself as in Balcha; because
Kubernetes resources such as high-level definitions and meta-description can be coupled with openSource development type and purposely integrated into workspace or framework space for developing containerized applications or service or workload/cluster deployment, and 
using schema type of descriptor (e.g. Kubernetes CRD in yaml or json form) to express representation of specifications, parametric definition, and Operator functionality declaration in terms of yaml/json hierarchy structure as set forth above, represent a usefule and dynamic supply of resource definition, and parametric relationships, and flow dependency surrounding resource configuration, object definition or programmatic instantiation (for operator instances or Kubernetes APIs such as via structuring CRD  requirement or Helm chart as set forth above), and
this schema type description or flow can procure to a development framework or container-based implementation workspace, significant code namespace, meta-information, library-related or programmatic constructs associated template, in terms of exposing description dependencies and applicable relationships/insights facilitating the developer underlying this Kubernetes infrastructure with educated grasp on significance of defined resources, and enhanced flexibility and freedom to instantiate and scale up software creation (i.e. freely adding of operators set) in conjunction with ease in being able to impart resources, create on-the-fly administrative software support per a framework on-demand or workspace need basis, e.g. software instances (Kubernetes APIs or operators) for deploying the intended application, workflow and additional operator APIs extended for managing the resources (CRD) committed therewith as well as special operator instances for controlling lifecycle management of other deployed operator instances; e.g. via a specialized Kubernetes life manager operator.
B) Nor does Lee explicitly disclose 
providing an infrastructure controller (IC) operator to the ADP to extend the API for communication with an infrastructure controller (IC), the IC operator being configured to reconcile the CRD with the set of IC definitions to provision the infrastructure resources for the ADP
Dobies discloses operator extension infrastructure where operators destined for a cluster deployment can be manually spawned as per a developer need using Helm chart and yaml file to associate a CRD with each operator generation (chp. 6 pg. 55-57), including developer capability to create a master Operator to manage lifecycle of other operator (see OLM chp. 8), where SDK resources associated with terminated operator or associated CRD can be reconciled via registration of the CRD to a GO module, per request to a watching logic pertinent to a Kubernetes controller such that resources child can be reconciled by the controller to a parent source (chp. 7, pg. 67-74) or via the reconcile act performing garbage collection, cleanup on a terminated resource (when a resourcde is deleted – chp.7 pg. 70)
Therefore, It would have been obvious before the time of the effective date of the claimed invention for one of ordinary skill in the art to implement controller logic in Lee’s Kubernetes framework so that a Kubernetes operator acting as infrastructure controller (IC) of resources can be provided as to extend the ADP functionality in terms of added communication capability – e.g. Go/CRD registration – established with an infrastructure controller (IC), whereby the IC operator is configured – via a Go/CRD module as in Dobies - to reconcile the CRD with the set of IC definitions to provision the infrastructure resources for the ADP, in case of detected changes by the IC, including reconcile resources of a terminated CRD child to a its parent- as per Dobies reconcile controller logic; because
CRD or dynamically allocated Kubernetes resources created with a operator functionality can be terminated and resources allocation thereof cannot outlive the CRD lifetime; and providing a communication paradigm by which a CRD can register with a resource controller – IC or infrastructure controller operator set forth above - created from a Kubernetes operator, life management of the CRD-related resources can be handled timely when changes or termination to the CRD is detected, including acts of reconcilation by the IC or resource controller over the resources pertaining to a changed CRD or deleted CRD, thereby reclaiming unused resources towards other allocation needs deemed proper by the infrastructure.
As per claim 4, Lee does not explicitly disclose (method in accordance with claim 1), wherein the IC operator includes 
an interface between the IC and an existing control plane of the ADP for handling and locking of state, sequential execution of runs, and patterns for injecting secrets and provisioning resources of the workspace.
Dobies discloses standard Kubernetes control plane having scalable creation of pods required for a Kubernetes cluster deployment, using a replicaset controller that manages replicas and pods belonging to them, including (chp. 3 pg. 27-28) deletion of excess pods or startup of new replicas, including startup or shut-down sequence for application that might use the cluster, the deletion of operators being managed by setfinalizers (underlying a Reconcile module) which can block a request to delete, the deletion state being locked in presence of deletion timestamp identified by the Finalizers (chp. 7, pg. 75).  Further, Dobies discloses Operator SDK to map resources to actions of the cluster, the resources being endpoints, configmaps, pods or secrets (Appendix C, pg. 128) the secrets being part of serviceaccounts associated with a deployer role under check by authorization operator (Chp. 2, pg. 15), upon which configuration of a container includes injection of secretkeyRef as part of creating manifest of an account instance and a named deployment (chp. 5 pg. 42).
Therefore, It would have been obvious before the time of the effective date of the claimed invention for one of ordinary skill in the art to implement Lee’s framework along the intrinsic resource support and programming tools  underlying this open-source, role-based, container-based creation of workflow, cluster application using a workspace provisioning of Kubernetes operator instance logic so that the IC operator underlying logic created by the workspace would include an interface between the IC and an existing control plane of the ADP, as set forth in Dovies -  for handling and locking of state (see Dovies: blocking a delete request), sequential execution of runs (see Dovies: start-up or shutdown sequence), and patterns for injecting secrets (see Dovies: secretkey Ref injection) and provisioning resources (see Dovies: endpoints, configmaps, secrets)  of the workspace; because
Resources such as endpoints, secrets and configmaps using a control plane and attached controller therewith in a Kubernetes infrastructure can be used to automate operations and code invocation by a given operator to justify usability of its being deployed and created in accordance to pods intents and policies constraints attached to tasks or workload embedded with the pod(s); whereas use of an interface of said control plane by which secrets can be imparted into configuration of a Kubernetes, container logic would protect a operator runtime and associated role-based context from undesirable vulnerability attacks or policy infringement; whereas provision of a action lock or inserting a sequential invocation order as part of configuring a operator logic would help resources from being squandered unnecessarily and consummation of a pod-alloted resources by successive steps performed by an operator to be optimal and effective.
As per claim 5, Lee discloses (method of claim 1), wherein the ADP is a Kubernetes-based platform (para 0020-0030, 0038, 0053, 0055-0057, 0236).
As per claim 6, Lee discloses (method in accordance with claim 5), wherein the Kubernetes-based platform is configured to containerize (para 0235, 0014), via one or more of the APIs, application-related resources (para 0042-0043, 0047; container: resources – para 0080-0081; container: resources – para 0085; para 0117, 0135) for deployment to the workspace.
As per claim 8, Lee discloses a system for configuring and deploying cloud application-related infrastructure to a workspace via an application deployment platform (ADP), the ADP being
configured to containerize application-related resources (refer to claim 1) for deployment to the workspace (refer to claim 1), the ADP (refer to claim 1) having at least one application programming interface (API) via which the application-related resources are configured, the system comprising:
a workspace custom resource definition (CRD) generated (refer to claim 1) via the ADP that defines a workspace schema for the workspace, the workspace schema representing one or more modules that model the workspace, each module being a collection of configurations to manage infrastructure resources of the workspace, the collection of configurations including one or more variables for operating the infrastructure resources (refer to rationale A in claim 1);
an infrastructure controller (IC) having a set of IC definitions that define the infrastructure resources for the workspace (refer to claim 1); and
an IC operator integrated with the ADP to extend the API for communication with the IC, the IC operator being configured to reconcile the CRD with the set of IC definitions to provision the infrastructure resources for the ADP (refer to rationale B in claim 1)
to deploy the CRD to the ADP via the IC operator (refer to claim 1) to create a workspace custom resource based on the collection of configurations and the one or more variables, and 
to build (refer to claim 1) the workspace with the infrastructure resources defined by the workspace custom resource.
As per claims 11-12, refer to rejection of claims 4 and 5 from above.
As per claim 13, refer to claim 6.
As per claim 15, Lee discloses a non-transitory computer readable storage medium including a set of instructions, wherein the instructions, when executed, cause a processor to:
generate, via an application deployment platform (ADP), a workspace custom resource definition (CRD) to define a workspace schema for the workspace, the workspace schema representing one or more modules that model the workspace, each module being a collection of configurations to manage infrastructure resources of the workspace, the collection of configurations including one or more variables for operating the infrastructure resources, the ADP being configured to containerize application-related resources for deployment to the
workspace, the ADP having at least one application programming interface (API) via which the application-related resources are configured;
provide an infrastructure controller (IC) operator to the ADP to extend the API for communication with an infrastructure controller (IC), the IC having a set of IC definitions that define the infrastructure resources for the workspace, the IC operator being configured to reconcile the CRD with the set of IC definitions to provision the infrastructure resources for the ADP;
build the workspace with the infrastructure resources defined by a workspace custom resource; and
deploy the CRD to the ADP via the IC operator to create the workspace custom resource based on the collection of configurations and the one or more variables.
( All of which being addressed in claim 1)
As per claims 18-19, refer to rejection of claim 4, 5 respectively.
As per claim 20, refer to claim 6.
Claims 2-3, 9-10, 16-17 is/are rejected under § 35 U.S.C. 103 as being unpatentable over Lee et al, USPubN: 2020/0326988 (herein Lee), in view of Giannetti, USPubN: 2020/0348918 (herein Giannetti), Balcha et al, USPubN: 2021/0149769 (herein Balcha) and Dobies et al, “Kubernetes Operators: automating the container Orchestration platform”, Red Hat inc, March 2020, pg.1-155 (herein Dobies), further in view of Watt, JR et al, USPubN: 2021/0132974 (herein Watt) 
As per claims 2-3, Lee does not explicitly disclose (method of claim 1), 
wherein the IC includes a translation layer configured to enable calls from the ADP to be made to the IC.
wherein the IC operator is configured as a module of the IC that is hosted in a public endpoint accessible to the IC.
Dobies alsodiscloses a management layer interposed between creation context of an operator, creation of its custom resource definition, and permission and context of its deployment (chp. 8, pg. 81) where list of most used custom resources for use in the deployment include Endpoint list, pod information and requirements (chp. 8 pg. 97); hence provision of a commonly access endpoint as a field definition to a CRD entails possibility to configure Endpoint of an Operator using setting made commonly accessible to all instantiation of custom resources, where management of the Operators and association of their resources includes a controller level equipped with helm chart layer associated with SDK, yaml templates to create CR to initialize an operator and settings to deploy the created operator (see chp. 6, pg, 6-7); hence configuration layer by which a framework specifies argument and resources for an operator, using deploy specification in a Helm language entails layer configured from the ADP to invoke deployment of the Helm-designated Operator.
Watt orchestration framework also discloses Kubernetes container (para 0022-0023) and container-based cluster configuration where the API underlying the container orchestration system creates a endpoint service having list of services as a common endpoint container accessible to any dependent container of the cluster to consume services therefrom (para 0003-0004); hence provision by the deployment framework of a container endpoint as common container from which services listed therein can be accessed by other dependent container entails hosted endpoint accessible by other container of the cluster framework.
Therefore, It would have been obvious before the time of the effective date of the claimed invention for one of ordinary skill in the art to implement the infrastructure ADP and instantiation of endpoints associated with operation and deployment of the operator by the infrastructure controller in Lee so that the infrastructure framework controller includes a translation layer configured to enable calls from the ADP to be made to operators created as IC, using a Helm chart layer interface -as per Dobies - and setting of resources therewith to enable deployment or call of the respective operators by the ADP; where the generated operator can be configured as a module of the infrastructure controller as a hosted public endpoint accessible to the IC and operators instance dependent of that endpoint – as set forth in Watt; because
programming toolkit and container-based resources attached with creation of operators as functional instances created in a framework such as Kubernetes infrastructure by Lee’s in terms of container-based configuration workspace essentially benefit from the intrinsic extensibility provisioned under this open source methodology and, 
as resource attachment can be dynamic with instances of operators creation per effect of a specific layer set forth above from a high level Kubernetes controller using a Helm Chart or Yaml setting - according to which descriptor resources, meta-information, parametric settings and runtime constraints and policies can be added on the fly in accordance with the immediacy by which Kubernetes functionality/logic (e.g. Pods operators) is to be added or extended -  code calling definition about operability of a newly created operator and parsable runtime setting to automate the operator activation using this Helm-chart invocation layer can facilitate kubernetes logic to be invoked instantly (per a task or service expediency) without pre-runtime arrangement of resources, whereas 
provision by the high level Kubernetes controller (IC), of task or job endpoints in terms of a commonly accessible configuration or container, accessibility of this endpoint  can be dynamically shared by all operators created for a given workload or Kubernetes pod (generated by the infrastructure IC) so to align  directions or instructions specified by this public endpoint structure with the operations pertinent to those task-bound operators - dependent operators  -in need for consummating or timely achieving operations required for the pod. 
As per claims 9-10, Lee discloses system in accordance with claim 8, wherein the IC includes a translation layer configured to enable calls from the ADP to be made to the IC.
wherein the IC operator is configured as a module of the IC that is hosted in a public endpoint accessible to the IC. (refer to claims 2-3)
As per claims 16-17, refer to rejection of claims 2-3.
Claims 7, 14 is/are rejected under § 35 U.S.C. 103 as being unpatentable over Lee et al, USPubN: 2020/0326988 (herein Lee), in view of Giannetti, USPubN: 2020/0348918 (herein Giannetti), Balcha et al, USPubN: 2021/0149769 (herein Balcha) and Dobies et al, “Kubernetes Operators: automating the container Orchestration platform”, Red Hat inc, March 2020, pg.1-155 (herein Dobies), further in view of Gajananan et al, USPubN: 2021/0397712 (herein Gajananan) and Ackerly et al, USPubN: 2021/0281548 (herein Ackerly)
As per claim 7, Lee does not explicitly disclose (method of claim 1), wherein the IC is configured to receive changes to the workspace for a single audit trail.
Gajananan discloses a deployment framework using Kubernetes architecture (Fig. 2; para 0042-0043; Fig. 5) and packaging of configuration in terms of YAML and Helm charts (para 0053) via a Kubernetes API and admission controller (para 0062), the controller for preventing unauthorized workloads and enforcing actions for audit purposes (para 0068, 0133)
Ackerly discloses Kubernetes control plane application and server API for creation of pods (para 0038)  running as workflow nodes (Kubernetes control plane, pod, Kubernetes service mesh - para 0062-0063), as implementation framework under a Kubernetes service (EKS) and/or architecture (para 0040) comprising access controls associated with training data authenticity, audit trail, contract enforcement (para 0016) , where workload build in terms of cloud-based containerized application such as workload (para 0041) model or use case impose restrictions and encryption delivered with access control check and log analysis, using a platform server that enforce retention and provides audit trail for such access (para 0065)
Therefore, based on role-based access control typical to configuration of constraints associated with workload creation, Operator namespace scoping, and pod configuration (see Dobies: Chp. 2, pg. 10, chp.3, pg. 29-30; Appendix C: pg.127-0129) or the Role-based Access Control (RBAC) policies in Balcha (para 0073),and exclusive access managed by resources through an access-coordinating interface underlying a workflow launch by Lee (para 0134-0136; para 0068), It would have been obvious before the time of the effective date of the claimed invention for one of ordinary skill in the art to include access control resources integrated with a Kubernetes/container-based infrastruture with capability of a IC level of Lee’s workflow build/configuration framework, so that the IC is configured with access-coordinating interface to receive changes to the workspace for a single audit trail; the audit-based measure per effect to prevent unauthorized workload as in Gajananan; and policies-related data access enforcement in Ackerly logging support for audit trail access; because
provision of audit as a means to protect architecture build implementation, interchanged data associated with pods instantiation or container operations over a cloud network would preclude undesirable infraction (vulnerability attacks) to the secured and controlled data integrity as part of the infrastructure established policies governing the containerized infrastructure or cloud-service, the access control enforcing aspect thereof implemented via various data collection or change logging as set forth above, which in turn consolidate a coordinating aspect by the controller plane as set forth above, such that the provisioning via high-level platform layer or controller interface in terms of audit enforcement measures and data collection (change logs  offering audit trail accessibility) would not only facilitate security purport of a centralized layer over policies enforcement as well as data protection sustained over time; but would also instill a layer of trust from the user standpoint, to all container-associated data thereby enhancing usability and worthiness of the framework resources; e.g. the latter based on audit carried out to timely enforce policies on integrity and protection of resources data and logic ( application or workload) built and integrated with the controller plane or UI by Lee’s Kubernetes framework. 
As per claim 14, Lee discloses (system in accordance with claim 8), wherein the IC is configured to receive changes to the workspace for a single audit trail.
( All of which being addressed in claim 7)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tuan A Vu whose telephone number is (571) 272-3735.  The examiner can normally be reached on 8AM-4:30PM/Mon-Fri.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Chat Do can be reached on (571)272-3721.
The fax phone number for the organization where this application or proceeding is assigned is (571) 273-3735 ( for non-official correspondence - please consult Examiner before using) or 571-273-8300 ( for official correspondence) or redirected to customer service at 571-272-3609.
Any inquiry of a general nature or relating to the status of this application should be directed to the TC 2100 Group receptionist: 571-272-2100.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/Tuan A Vu/
Primary Examiner, Art Unit 2193
February 26, 2022