Merge pull request #246 from timdengyun/sync_ncp4.1.2.1_manifest_conf…

…igmap Sync ncp4.1.2.1 manifest and configmap
vmware · Feb 5, 2024 · 131df64 · 131df64
2 parents 40b2b8b + 7453c15
commit 131df64
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 8 deletions.
diff --git a/deploy/kubernetes/configmap.yaml b/deploy/kubernetes/configmap.yaml
@@ -212,6 +212,16 @@ data:
 
 
 
+    # Set this to True to enable NCP Setting CRD. The CRD can be used to
+    # override some NCP Settings at runtime. Existing NSX resources will not be
+    # automatically updated when the CRD is created, except for L7 persistence
+    # profile and application profile. The corresponding k8s objects need to be
+    # modified or recreated to take effect. Settings that can be overridden
+    # include log_firewall_traffic, log_dropped_traffic, pool_algorithm,
+    # cookie_name, l7_persistence, l7_persistence_timeout, x_forwarded_for,
+    # snat_rule_logging, vs_access_log, ip_reallocation_time.
+    #enable_ncp_setting_crd = False
+
 
     [nsx_kube_proxy]
 
@@ -337,9 +347,9 @@ data:
 
     # Indicates whether distributed firewall rules are logged. Option 'ALL'
     # will enable logging for all DFW rules (both DENY and ALLOW), and option
-    # 'DENY' will enable logging only for DENY rules. Remove this config if no
-    # logging is desired. When IPv6 is enabled this setting will not apply to
-    # rules for allowing ND traffic.
+    # 'DENY' will enable logging only for DENY rules. Remove this config or set
+    # it to 'None' will turn off logging. When IPv6 is enabled this setting
+    # will not apply to rules for allowing ND traffic.
     # Choices: ALL DENY None NONE none
     #log_firewall_traffic = <None>
 
@@ -588,7 +598,10 @@ data:
     #cookie_name = <None>
 
     # If true, this will enable sync realization while creating ip-pool/ip-
-    # subnets for policy mode. It is only available after nsxt 4.1.1
+    # subnets for policy mode. It is only available after nsxt 4.1.1. If the
+    # value on the subnet conflicts with the existing subnets in the same ip-
+    # pool, it will use the original value to be consistent with the existing
+    # subnets.
     #sync_realization = True
 
 
@@ -609,6 +622,7 @@ data:
     #enable_mixed_expression_groups = False
 
 
+
     [vc]
 
 

diff --git a/deploy/openshift4/configmap.yaml b/deploy/openshift4/configmap.yaml
@@ -212,6 +212,16 @@ data:
 
 
 
+    # Set this to True to enable NCP Setting CRD. The CRD can be used to
+    # override some NCP Settings at runtime. Existing NSX resources will not be
+    # automatically updated when the CRD is created, except for L7 persistence
+    # profile and application profile. The corresponding k8s objects need to be
+    # modified or recreated to take effect. Settings that can be overridden
+    # include log_firewall_traffic, log_dropped_traffic, pool_algorithm,
+    # cookie_name, l7_persistence, l7_persistence_timeout, x_forwarded_for,
+    # snat_rule_logging, vs_access_log, ip_reallocation_time.
+    #enable_ncp_setting_crd = False
+
 
     [nsx_kube_proxy]
 
@@ -337,9 +347,9 @@ data:
 
     # Indicates whether distributed firewall rules are logged. Option 'ALL'
     # will enable logging for all DFW rules (both DENY and ALLOW), and option
-    # 'DENY' will enable logging only for DENY rules. Remove this config if no
-    # logging is desired. When IPv6 is enabled this setting will not apply to
-    # rules for allowing ND traffic.
+    # 'DENY' will enable logging only for DENY rules. Remove this config or set
+    # it to 'None' will turn off logging. When IPv6 is enabled this setting
+    # will not apply to rules for allowing ND traffic.
     # Choices: ALL DENY None NONE none
     #log_firewall_traffic = <None>
 
@@ -582,7 +592,10 @@ data:
     #cookie_name = <None>
 
     # If true, this will enable sync realization while creating ip-pool/ip-
-    # subnets for policy mode. It is only available after nsxt 4.1.1
+    # subnets for policy mode. It is only available after nsxt 4.1.1. If the
+    # value on the subnet conflicts with the existing subnets in the same ip-
+    # pool, it will use the original value to be consistent with the existing
+    # subnets.
     #sync_realization = True
 
 
@@ -603,6 +616,7 @@ data:
     #enable_mixed_expression_groups = False
 
 
+
     [vc]
 
 

diff --git a/manifest/kubernetes/rhel/ncp-rhel.yaml b/manifest/kubernetes/rhel/ncp-rhel.yaml
@@ -356,6 +356,7 @@ rules:
      - loadbalancers/status
      - nsxlbmonitors
      - nsxlbmonitors/status
+     - ncpsettings
 
    verbs:
      - create
@@ -443,6 +444,8 @@ subjects:
 
 
 
+
+
 ---
 # Create Role for NCP to run exec on pods
 kind: Role

diff --git a/manifest/kubernetes/ubuntu/ncp-ubuntu.yaml b/manifest/kubernetes/ubuntu/ncp-ubuntu.yaml
@@ -356,6 +356,7 @@ rules:
      - loadbalancers/status
      - nsxlbmonitors
      - nsxlbmonitors/status
+     - ncpsettings
 
    verbs:
      - create
@@ -443,6 +444,8 @@ subjects:
 
 
 
+
+
 ---
 # Create Role for NCP to run exec on pods
 kind: Role

diff --git a/manifest/openshift4/coreos/ncp-openshift4.yaml b/manifest/openshift4/coreos/ncp-openshift4.yaml
@@ -384,6 +384,8 @@ subjects:
 
 
 
+
+
 ---
 # Create Role for NCP to run exec on pods
 kind: Role
@@ -788,6 +790,8 @@ spec:
           # Mount multus config dir for copying primary CNI config
           - mountPath: /host/var/run/multus
             name: host-multus
+          - mountPath: /host/proc/sys/net
+            name: host-proc-sys-net
 
 
 
@@ -889,6 +893,9 @@ spec:
         - name: host-multus
           hostPath:
             path: /var/run/multus
+        - name: host-proc-sys-net
+          hostPath:
+            path: /proc/sys/net