DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 10-11 and 13-20 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Rao et al. (US 2020/0073692 A1).

Regarding claim 1, Rao discloses a method for deploying a plurality of guest clusters (GCs) (containers to one or more cluster nodes) for an entity (virtual execution elements) in a datacenter comprising (Rao, [0046], virtual execution elements may be deployed to a virtualization environment using a cluster-based framework in which a cluster master node of a cluster manages the deployment and operation of containers to one or more cluster minion nodes of the cluster. [0020], fig. 1, data center 10 provides an operating environment for applications and services for a customer sites 11 (illustrated as “customers 11”) having one or more customer networks coupled to the data center by service provider network 7):
deploying a virtual private cloud (VPC) (private and service provider clouds) network for a first cluster of machines (each tenant) of the entity in the datacenter (Rao, [0103] the deployed virtualization environment includes a network controller 324 which may provide cloud networking for a computing architecture operating over a network infrastructure. Cloud networking may include private clouds for enterprise or service providers, infrastructure as a service (IaaS), and virtual private clouds (VPCs) for cloud service providers (CSPs). The private cloud, VPC, and IaaS use cases may involve a multi-tenant virtualized data centers, such as that described with respect to FIG. 1. In such cases, multiple tenants in a data center share the same physical resources (physical servers, physical storage, physical network). Each tenant is assigned its own logical resources (virtual machines, containers, or other form of virtual execution elements; virtual storage; virtual networks). These logical resources are isolated from each other, unless specifically allowed by security policies. The virtual networks in the data center may also be interconnected to a physical IP VPN or L2 VPN),
the VPC network comprising a centralized routing element (network controller 24) that provides access to a datacenter gateway routing element (Rao [0047], Orchestrator 23 and network controller 24 may implement respective master nodes for one or more clusters each having one or more minion nodes implemented by respective servers 12. In general, network controller 24 controls the network configuration of the data center 10 fabric to, e.g., establish one or more virtual networks for packetized communications among virtual network endpoints. Network controller 24 provides a logically and in some cases physically centralized controller for facilitating operation of one or more virtual networks within data center 10) and 
provides a set of services for packets traversing a boundary of the first VPC (a first virtual network) (Rao [0103], discloses cloud networking which may include private clouds for enterprise or service providers, infrastructure as a service (IaaS), and virtual private clouds (VPCs) for cloud service providers (CSPs). [0122], discloses a Container 229A of pod 202A has virtual network interface 212A with a first virtual network corresponding to VRF 222A and a virtual network interface 212B with a second virtual network corresponding to VRF 22213. Other containerized applications executing in pods on computing device 200 or other minion nodes of the cluster and that have virtual network interfaces in the first virtual network or the second virtual network can exchange packets with container 229A and the containerized network function. A service chain of one or more containerized network functions may apply a sequence of services to network packets that traverse the service chain. The VRFs 222 of virtual routers 220 for the minion nodes may be configured to cause traffic forwarding along the sequence of services, such as by configuring service VRFs for the containerized network functions to use as left VRFs for the service); and
deploying, in the VPC network (private clouds for enterprise or service providers), a plurality of GCs and a GC network (multi-tenant virtualized data centers) for each GC comprising a plurality of GC machines (Rao [0103] Network controller 324 may provide cloud networking for a computing architecture operating over a network infrastructure. Cloud networking may include private clouds for enterprise or service providers, infrastructure as a service (IaaS), and virtual private clouds (VPCs) for cloud service providers (CSPs). The private cloud, VPC, and IaaS use cases may involve a multi-tenant virtualized data centers, such as that described with respect to FIG. 1. In such cases, multiple tenants in a data center share the same physical resources (physical servers, physical storage, physical network). Each tenant is assigned its own logical resources (virtual machines, containers, or other form of virtual execution elements; virtual storage; virtual networks)),
a plurality of routing elements implementing a distributed routing element executing on a plurality of host computers along with GC machines (Rao [0120] virtual network interfaces 212A, 212B are created in a single call flow, this may provide better performance in creating the virtual network interfaces and attaching them to pods. Containers 229A may communicate via either of virtual network interfaces 212A, 212B to exchange packets with other pods of the cluster on the corresponding networks, or externally to the virtual networks and pods of the cluster using, e.g., a gateway), 
each GC network configured to use the VPC’s centralized routing element (network controller 24) to access the datacenter gateway routing element (Rao [0075] discloses a network controller 24 may provide a logically centralized controller for facilitating operation of one or more virtual networks. The network controller 24 may, for example, maintain a routing information base, e.g., one or more routing tables that store routing information for the physical network as well as one or more overlay networks. Virtual router 220 implements one or more virtual routing and forwarding instances (VRFs) 222A-222B for respective virtual networks for which virtual router 220 operates as respective tunnel endpoints. In general, each VRF 222 stores forwarding information for the corresponding virtual network and identifies where data packets are to be forwarded and whether the packets are to be encapsulated in a tunneling protocol, such as with a tunnel header that may include one or more headers for different layers of the virtual network protocol stack. Each of VRF's 222 may include a network forwarding table storing routing and forwarding information for the virtual network).

Regarding claim 10, Rao disclose the method of claim 1, wherein the GC is a Kubernetes cluster (Rao [0048] In general, orchestrator 23 controls the deployment, scaling, and operations of virtual execution elements across clusters of servers 12 and providing computing infrastructure, which may include container-centric computing infrastructure. Orchestrator 23 and, in some cases, network controller 24 may implement respective cluster masters for one or more Kubernetes clusters. As an example, Kubernetes is a container management platform that provides portability across public and private clouds, each of which may provide virtualization infrastructure to the container management platform).

Regarding claim 11, Rao disclose the method of claim 1, wherein the VPC is a Kubernetes cluster (Rao [0103] Network controller 324 may provide cloud networking for a computing architecture operating over a network infrastructure. Cloud networking may include private clouds for enterprise or service providers, infrastructure as a service (IaaS), and virtual private clouds (VPCs) for cloud service providers (CSPs). The private cloud, VPC, and IaaS use cases may involve a multi-tenant virtualized data centers, such as that described with respect to FIG. 1. [0048] In general, orchestrator 23 controls the deployment, scaling, and operations of virtual execution elements across clusters of servers 12 and providing computing infrastructure, which may include container-centric computing infrastructure. Orchestrator 23 and, in some cases, network controller 24 may implement respective cluster masters for one or more Kubernetes clusters. As an example, Kubernetes is a container management platform that provides portability across public and private clouds, each of which may provide virtualization infrastructure to the container management platform).

Regarding claim 13, Rao disclose the method of claim 1, method of claim 1, wherein a set of resources allocated to the VPC network are shared by the plurality of GC networks (Rao [0103] Network controller 324 may provide cloud networking for a computing architecture operating over a network infrastructure. Cloud networking may include private clouds for enterprise or service providers, infrastructure as a service (IaaS), and virtual private clouds (VPCs) for cloud service providers (CSPs). The private cloud, VPC, and IaaS use cases may involve a multi-tenant virtualized data centers, such as that described with respect to FIG. 1. In such cases, multiple tenants in a data center share the same physical resources (physical servers, physical storage, physical network). Each tenant is assigned its own logical resources (virtual machines, containers, or other form of virtual execution elements; virtual storage; virtual networks).

Regarding claim 14, Rao disclose the method of claim 13, wherein the shared resources comprise at least one of processing resources, storage resources, and network resources (Rao [0103] Network controller 324 may provide cloud networking for a computing architecture operating over a network infrastructure. Cloud networking may include private clouds for enterprise or service providers, infrastructure as a service (IaaS), and virtual private clouds (VPCs) for cloud service providers (CSPs). The private cloud, VPC, and IaaS use cases may involve a multi-tenant virtualized data centers, such as that described with respect to FIG. 1. In such cases, multiple tenants in a data center share the same physical resources (physical servers, physical storage, physical network). Each tenant is assigned its own logical resources (virtual machines, containers, or other form of virtual execution elements; virtual storage; virtual networks).

Regarding claim 15, Rao disclose the method of claim 14, wherein the shared resources comprise network resources and the network resources comprise a set of internet protocol (IP) addresses allocated to the VPC network (Rao [0051] the orchestrator 23 and network controller 24 create a service virtual network and a pod virtual network that are shared by all namespaces, from which service and pod network addresses are allocated, respectively. In some cases, all pods in all namespaces that are spawned in the Kubernetes cluster may be able to communicate with one another, and the network addresses for all of the pods may be allocated from a pod subnet that is specified by the orchestrator 23. When a user creates an isolated namespace for a pod, orchestrator 23 and network controller 24 may create a new pod virtual network and new shared service virtual network for the new isolated namespace. [0057] the single network module 17A configures, for pod 22A, multiple virtual network interfaces 26A-26N (“virtual network interfaces”) for corresponding virtual networks configured in switch fabric 14, where any of the containers of the pod 22A may utilize, i.e., share, any of the multiple virtual network interfaces 26. In this way, and as described further below, network module 17A addresses certain limitations of CNI plugins that conform strictly to the CNI specification.

Regarding claim 16, Rao disclose the method of claim 1, wherein the VPC network implements a distributed firewall comprising a set of firewall rules and each of the plurality of GC networks inherits the set of firewall rules for implementing the distributed firewall within the GC network (Rao [0123] A containerized firewall may be deployed as the container 229A instance of pod 202A. Virtual network interface 212A is an interface for virtual network A, and virtual network interface 212B is an interface for virtual network B. Packets received at virtual network interface 212A from the frontend pod may be processed by the containerized firewall and output via virtual network interface 212B over virtual network B to the backend database pod).

Regarding claim 17, Rao disclose the method of claim 16, wherein the set of firewall rules comprises a firewall rule that specifies one of a source internet protocol (IP) address and a destination IP address as a match criteria for packets for which an action specified in the firewall rule is taken and, for each particular GC, inheriting the firewall rules comprises generating at least one rule corresponding to a rule applied by the VPC based on an IP address of at least one machine in the particular GC (Rao [0097], A service may be an abstraction that defines a logical set of pods and the policy used to access the pods. The set of pods implementing a service are selected based on the service definition. [0123] A containerized firewall may be deployed as the container 229A instance of pod 202A. Virtual network interface 212A is an interface for virtual network A, and virtual network interface 212B is an interface for virtual network B. Packets received at virtual network interface 212A from the frontend pod may be processed by the containerized firewall and output via virtual network interface 212B over virtual network B to the backend database pod).

Regarding claim 18, Rao disclose the method of claim 16, wherein the set of firewall rules comprises a firewall rule that specifies a port identifier that identifies at least one port in the VPC network as being subject to the firewall rule and inheriting the firewall rules, for each particular GC, comprises applying the firewall rule to a port of a machine in the particular GC (Rao [0123] A containerized firewall may be deployed as the container 229A instance of pod 202A. Virtual network interface 212A is an interface for virtual network A, and virtual network interface 212B is an interface for virtual network B. Packets received at virtual network interface 212A from the frontend pod may be processed by the containerized firewall and output via virtual network interface 212B over virtual network B to the backend database pod).

Regarding claim 19, Rao disclose the method of claim 18, wherein the firewall rule identifies the at least one port in the VPC using an endpoint group identifier that is used to identify individual ports to which the firewall rule applies and a port identifier of the machine of the particular GC 1s added to the endpoint group based on a policy associated with at least one of the VPC and the particular GC (Rao [0120], The network controller manager 325 may parse this list of networks and create the respective ports in the virtual router 220. When the pod 202A is scheduled on computing device 200, the network plugin 206A may query the virtual router agent 216 for ports. The virtual router agent 216 will respond back with a list of ports, and for every member of this list, the network plugin 206A will create the tap interface and attach the tap interface to pod 202A. [0123] A containerized firewall may be deployed as the container 229A instance of pod 202A. Virtual network interface 212A is an interface for virtual network A, and virtual network interface 212B is an interface for virtual network B. Packets received at virtual network interface 212A from the frontend pod may be processed by the containerized firewall and output via virtual network interface 212B over virtual network B to the backend database pod).

Regarding claim 20, Rao disclose the method of claim 1, wherein the VPC network and a set of GC networks in the plurality of GC networks are deployed by a software defined datacenter manager that is aware of network addresses of each network component in the VPC network and the set of GC networks (Rao [0021], one or more of customer sites 11 and public network 15 may be tenant networks within data center 10 or another data center. For example, data center 10 may host multiple tenants (customers) each associated with one or more virtual private networks (VPNs), each of which may implement one of customer sites 11. [0103] Network controller 324 may provide cloud networking for a computing architecture operating over a network infrastructure. Cloud networking may include private clouds for enterprise or service providers, infrastructure as a service (IaaS), and virtual private clouds (VPCs) for cloud service providers (CSPs). The private cloud, VPC, and IaaS use cases may involve a multi-tenant virtualized data centers, such as that described with respect to FIG. 1).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claim(s) 2-9 and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rao et al. (US 2020/0073692 A1), in view Hira et al. (US 2019/0173780 A1).

Regarding claim 2, Rao discloses the method of claim 1, did not explicitly disclose wherein the VPC centralized routing element comprises (1) a service routing component of the VPC network that provides a set of stateful services and (2) a distributed routing component of the VPC network.
Hira discloses wherein the VPC centralized routing element comprises (Hira [0042] In the public datacenter 310, FIG. 3 illustrates a virtual private cloud (VPC) 335 created for the owner of the private datacenter 305 (referred to herein as the tenant of the public datacenter). The virtual private cloud 335 (or similar constructs) is a logically isolated set of resources of the public datacenter 310 over which the tenant has control. [0031]),
a service routing component of the VPC network that provides a set of stateful services (Hira, [0031] discloses a distributed routing component (referred to herein as a distributed router, or DR) and one or more centralized routing components (referred to herein as service routers, or SRs). The DR is implemented in a distributed manner along with the logical switches, whereas the SRs are implemented in centralized logical network gateways. The SRs implement both the connection to the external network and any stateful services defined for the logical router 115), and 
(2) a distributed routing component of the VPC network (Hira [0031] within a VPC a distributed routing component is defined (referred to herein as a distributed router, or DR) and one or more centralized routing components (referred to herein as service routers, or SRs). The DR is implemented in a distributed manner along with the logical switches, whereas the SRs are implemented in centralized logical network gateways).
One of ordinary skill in the art would have been motivated to combine Rao and Hira because these teachings are from the same field of endeavor with respect to the disclosure of techniques for managing clusters of resources in a virtualized environment.
Therefore, before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Hira into the method by Rao, thereby providing a set of stateful services in a virtual private cloud, Hira, [0031].

Regarding claim 3, Rao modified by Hira discloses the method of claim 2, wherein the VPC centralized routing element is one of a set of centralized routing elements that implement the service routing component (Hira [0031] within a VPC a distributed routing component is defined (referred to herein as a distributed router, or DR) and one or more centralized routing components (referred to herein as service routers, or SRs/set of centralized routing elements). The DR is implemented in a distributed manner along with the logical switches, whereas the SRs are implemented in centralized logical network gateways).
The motivation to combine is similar to that of claim 2.

Regarding claim 4, Rao modified by Hira discloses the method of claim 3, wherein the set of centralized routing elements that implement the service routing component are configured in an active/standby configuration (Hira, [0036], central Service routers (SRs) in high availability mode, are configured with an active instance of the SR for a particular zone implemented on the gateway DCN in that zone and a standby instance of the SR for the particular zone implemented on the gateway DCN in a different zone. In this case, the SR for the first zone 205 would have its active instance implemented on the gateway DCN 230 and its standby instance implemented on the gateway DCN 240, while the SR for the second zone 210 would have its active instance implemented on the gateway DCN 240 and its standby instance implemented on the gateway DCN 230).
The motivation to combine is similar to that of claim 2.

Regarding claim 5, Rao modified by Hira discloses the method of claim 4, wherein the set of centralized routing elements are configured in an active/standby configuration for each GC and at least one standby centralized routing element for a first GC in the plurality of GCs 1s an active centralized routing element for a second GC in the plurality of GCs (Hira [0036], SRs in high availability mode, with an active instance of the SR for a particular zone implemented on the gateway DCN in that zone and a standby instance of the SR for the particular zone implemented on the gateway DCN in a different zone. In this case, the SR for the first zone 205 would have its active instance implemented on the gateway DCN 230 and its standby instance implemented on the gateway DCN 240, while the SR for the second zone 210 would have its active instance implemented on the gateway DCN 240 and its standby instance implemented on the gateway DCN 230).
The motivation to combine is similar to that of claim 2.


Regarding claim 6, Rao modified by Hira disclose the method of claim 2, wherein the service routing component provides at least one stateful service in the set of stateful services by calling a service machine in a set of service machines to provide the stateful service (Hira, [0044], in the view of the MP/CCP cluster 315, the gateway controller is equivalent to a local controller 320 with numerous logical ports connected (assuming there are numerous logical ports in the VPC 335). As such, the MP/CCP cluster 315 identifies the gateway controller 350 as a recipient for all of the configuration rules required for any of the logical ports in the VPC 335. The gateway VM 345 also operates a gateway datapath 380 for implementing one or more SRs for the logical network to provide centralized stateful services (e.g., NAT, load balancing, etc.) and for processing/routing packets sent between the VMs 360 and external sources (e.g., via the Internet).
The motivation to combine is similar to that of claim 2.


Regarding claim 7, Rao modified by Hira disclose the method of claim 6, wherein the set of service machines comprises a plurality of service machines and for at least a first and second GC in the plurality of GCs, a first service machine in the set of service machines is selected as a service machine to provide the stateful service for the first GC and a second service machine in the set of service machines that is different than the first service machine is selected as a service machine to provide the stateful service for the second GC (Hira [0028] discloses implementing high availability logical network gateways in a public multi-tenant cloud (e.g., one or more public multi-tenant datacenters). The logical network gateways, in some embodiments, provide stateful services such as firewall, network address translation (NAT), load balancing, virtual private networking (VPN), etc. for data traffic between a logical network implemented at least partially in the public cloud and external entities (e.g., external client devices that communicate with the logical network). These logical network gateways are implemented in the public cloud in high availability pairs, with active gateways and standby gateways operating in different physical locations (e.g., different physical datacenters of the cloud).
The motivation to combine is similar to that of claim 2.

Regarding claim 8, Rao modified by Hira disclose the method of claim 3, wherein the distributed routing component is implemented by each centralized routing element as well as a plurality of other routing elements in the VPC (Hira [0031] within a VPC a distributed routing component is defined (referred to herein as a distributed router, or DR) and one or more centralized routing components (referred to herein as service routers, or SRs). The DR is implemented in a distributed manner along with the logical switches, whereas the SRs are implemented in centralized logical network gateways. [0042] In the public datacenter 310, FIG. 3 illustrates a virtual private cloud (VPC) 335 created for the owner of the private datacenter 305 (referred to herein as the tenant of the public datacenter). The virtual private cloud 335 (or similar constructs) is a logically isolated set of resources of the public datacenter 310 over which the tenant has control).
The motivation to combine is similar to that of claim 2.

Regarding claim 9, Rao modified by Hira disclose the method of claim 8, wherein the other routing elements implementing the distributed routing components in the VPC comprise routing elements executing on each host of the VPC that executes at least one of a machine of the VPC and a machine of the GC (Hira [0031] within a VPC a distributed routing component is defined (referred to herein as a distributed router, or DR) and one or more centralized routing components (referred to herein as service routers, or SRs/set of centralized routing elements). The DR is implemented in a distributed manner along with the logical switches, whereas the SRs are implemented in centralized logical network gateways. [0036], SRs in high availability mode, with an active instance of the SR for a particular zone implemented on the gateway DCN in that zone and a standby instance of the SR for the particular zone implemented on the gateway DCN in a different zone. In this case, the SR for the first zone 205 would have its active instance implemented on the gateway DCN 230 and its standby instance implemented on the gateway DCN 240, while the SR for the second zone 210 would have its active instance implemented on the gateway DCN 240 and its standby instance implemented on the gateway DCN 230).
The motivation to combine is similar to that of claim 2.

Regarding claim 21, Rao did not explicitly disclose the method of claim 1, wherein the GC comprises a set of service Pods for which a load balancer of the VPC provides a load balancing service.
Hira discloses wherein the GC comprises a set of service Pods for which a load balancer of the VPC provides a load balancing service (Hira [0028] discloses implementing high availability logical network gateways in a public multi-tenant cloud (e.g., one or more public multi-tenant datacenters). The logical network gateways, in some embodiments, provide stateful services such as firewall, network address translation (NAT), load balancing, virtual private networking (VPN), etc. for data traffic between a logical network implemented at least partially in the public cloud and external entities (e.g., external client devices that communicate with the logical network). These logical network gateways are implemented in the public cloud in high availability pairs, with active gateways and standby gateways operating in different physical locations (e.g., different physical datacenters of the cloud).
The motivation to combine is similar to that of claim 2.

Claim(s) 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rao et al. (US 2020/0073692 A1), in view Hegde (US 2020/0301801 A1).

Regarding claim 12, Rao disclose the method of claim 1, did not explicitly disclose wherein the VPC is a non-Kubernetes cluster comprising at least one of virtual machines and non-Kubernetes Pods.
Hegde discloses wherein the VPC is a non-Kubernetes cluster comprising at least one of virtual machines and non-Kubernetes Pods (Hedge [0057] The cluster controller (104) may comprise software, hardware and/or a combination of software and hardware that implements control plane functions of the computer clusters (e.g., 106, etc.) including but not limited to container management related control plane functions. Example cluster controllers may include, but are not necessarily limited to only, one or more of: Kubernetes control planes, non-Kubernetes control planes, cloud based cluster controllers, non-cluster based controllers, container management systems, etc. [0047] The content-sensitive applications/services may have accumulated (or optimized) a large amount of application/service specific content (e.g., cached movies, configuration data, access control rules, configuration data, trained operational parameters in artificial intelligence or machine learning applications, etc.) on a host or in a POD. As used herein, a POD may refer to a group of one or more containers (e.g., deployed on one or more computer hosts, etc.) with shared resources such as storage, network, etc., among applications/services of the group of the one or more containers).
One of ordinary skill in the art would have been motivated to combine Rao and Hegde because these teachings are from the same field of endeavor with respect to the disclosure of techniques for managing clusters of resources in a virtualized environment.
Therefore, before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Hegde into the method by Rao, thereby selecting a specific computer host among the available computer hosts to run the container for the content-sensitive computer application type, Hegde, [Abstract].

Claim(s) 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rao et al. (US 2020/0073692 A1), in view Hira et al. (US 2019/0173780 A1), further in view of Zhou et al. (US 2021/0314388 A1).

Regarding claim 22, Rao modified by Hira disclose the method of claim 21, but did not explicitly disclose wherein the set of service Pods connect to a network segment that is not directly reachable by the load balancer of the VPC, the load balancer of the VPC performs a first load balancing operation over a set of virtual machines (VMs) on which the Pods execute and a VM in the set of VMs that receives a data message destined to a service Pod in the set of service Pods performs a second load balancing operation over the set of service Pods to select a service Pod in the set of service Pods and provide the data message to the selected service Pod.
Zhou discloses wherein the set of service Pods connect to a network segment that is not directly reachable by the load balancer of the VPC, the load balancer of the VPC performs a first load balancing operation over a set of virtual machines (VMs) on which the Pods execute (Zhou, [0008], for non-Kubernetes Pods and for VMs, the virtual network interfaces (VIF) CRDs are used to specify virtual interfaces for connecting the non-Kubernetes Pods and the VMs to software forwarding elements (e.g., software switches) executing on host computers on which the non-Kubernetes Pods and VMs execute. [0077] discloses a logical network 295 includes multiple logical switches 284 with each logical switch connecting different sets of machines and serving as a different network segment. Each logical switch has a port 252 that connects with (i.e., is associated with) a virtual interface 265 of a machine 260. The machines 265 in some embodiments include VMs and Pods, with each Pod having one or more containers. [0078] The logical network 295 also includes a logical router 282 that connects the different network segments defined by the different logical switches 284. [0091] In fig. 4, load balancer 415 is connected to logical router 282 that connects the different network segments defined by the different logical switches 284. Each segment contain machines 265, each of the machines include VMs and Pods, with each pod having one or more containers. Therefore, pods in each segment are not directly reachable by the load balancer, instead, the load balancer 415 balances the load on the different segments hosting VMs and each VM balances the load by directing the load/request to an appropriate pod executing in the VM), and 
a VM in the set of VMs that receives a data message destined to a service Pod in the set of service Pods performs a second load balancing operation over the set of service Pods to select a service Pod in the set of service Pods and provide the data message to the selected service Pod (Zhou, [0008], [0023], for non-Kubernetes Pods and for VMs, the virtual network interfaces (VIF) CRDs are used to specify virtual interfaces for connecting the non-Kubernetes Pods and the VMs to software forwarding elements (e.g., software switches) executing on host computers on which the non-Kubernetes Pods and VMs execute. [0077] discloses a logical network 295 includes multiple logical switches 284 with each logical switch connecting different sets of machines and serving as a different network segment. Each logical switch has a port 252 that connects with (i.e., is associated with) a virtual interface 265 of a machine 260. The machines 265 in some embodiments include VMs and Pods, with each Pod having one or more containers. [0078] The logical network 295 also includes a logical router 282 that connects the different network segments defined by the different logical switches 284. [0091] In fig. 4, load balancer 415 is connected to logical router 282 that connects the different network segments defined by the different logical switches 284. Each segment contain machines 265, each of the machines include VMs and Pods, with each pod having one or more containers. Therefore, pods in each segment are not directly reachable by the load balancer, instead, the load balancer 415 balances the load on the different segments hosting VMs and each VM balances the load by directing the load/request to an appropriate pod executing in the VM).
One of ordinary skill in the art would have been motivated to combine Rao, Hegde, and Zhou because these teachings are from the same field of endeavor with respect to the disclosure of techniques for managing clusters of resources in a virtualized environment.
Therefore, before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Zhou into the method by Rao and Hegde, thereby performing automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set where the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files, Zhou, [Abstract].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following publications show the state of the art related to networking for nested container clusters.
Gawade et al. (US 11,316,822 B1
Talur et al. (US 2021/0409336 A1).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DIXON F DABIPI whose telephone number is (571)270-3673. The examiner can normally be reached 8:30 -5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher L Parry can be reached on 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/D.F.D/Examiner, Art Unit 2451                                                                                                                                                                                                        

/Chris Parry/Supervisory Patent Examiner, Art Unit 2451