Merge pull request #179 from timdengyun/sync_3.2.1_release_bundle_man…

…ifest

Sync bundle manifests with deploy ones for v3.2.1

bundle/kubernetes/manifests/configmap.yaml

@@ -52,7 +52,7 @@ data:
     [coe]
 
     # Container orchestrator adaptor to plug in.
-    adaptor = kubernetes
+    #adaptor = kubernetes
 
     # Specify cluster for adaptor.
     #cluster = k8scluster
@@ -220,6 +220,15 @@ data:
     # subnets for no-snat namespace. It only works for policy mode.
     #enable_namespace_subnets = False
 
+    # If true, NCP will collect prometheus metrics and export the metrics
+    # through the prometheus_metrics_port.On VMC metric monitoring will always
+    # be enabled regardless of this option.
+    #enable_prometheus_metrics = False
+
+    # The port number for NCP to expose prometheus metrics.
+    #prometheus_metrics_port = 8001
+
+
 
     [nsx_kube_proxy]
 
@@ -374,6 +383,7 @@ data:
     #log_firewall_traffic = <None>
 
 
+
     # Option to use native load balancer or not
     #use_native_loadbalancer = True
 
@@ -383,10 +393,6 @@ data:
     # creation/update.
     #l4_lb_auto_scaling = True
 
-    # Option to use native load balancer or not when ingress class annotation
-    # is missing. Only effective if use_native_loadbalancer is set to true
-    #default_ingress_class_nsx = True
-
     # Path to the default certificate file for HTTPS load balancing. Must be
     # specified along with lb_priv_key_path option
     #lb_default_cert_path = <None>
@@ -554,24 +560,24 @@ data:
     # Choices: PREEMPTIVE NON_PREEMPTIVE
     #failover_mode = NON_PREEMPTIVE
 
-    # Set this to ENABLE to enable NCP enforced pool member limit for all load
-    # balancer servers in cluster. Set this to CRD_LB_ONLY will only enforce
-    # the limit for load balancer servers created using lb CRD. Set this to
-    # DISABLE to turn off all limit checks. This option requires
+    # Set this to ACTIVATE to enable NCP enforced pool member limit for all
+    # load balancer servers in cluster. Set this to CRD_LB_ONLY will only
+    # enforce the limit for load balancer servers created using lb CRD. Set
+    # this to DEACTIVATE to turn off all limit checks. This option requires
     # relax_scale_validation set to True, l4_lb_auto_scaling set to False, and
-    # works on Policy API only. When not disabled, NCP will enforce a pool
-    # member limit on LBS to prevent one LBS from using up all resources on
-    # edge nodes.
-    # Choices: DISABLE ENABLE CRD_LB_ONLY
-    #ncp_enforced_pool_member_limit = DISABLE
+    # works on Policy API only. When activated, NCP will enforce a pool member
+    # limit on LBS to prevent one LBS from using up all resources on edge
+    # nodes.
+    # Choices: DEACTIVATE ACTIVATE CRD_LB_ONLY
+    #ncp_enforced_pool_member_limit = DEACTIVATE
 
     # Maximum number of pool member allowed for each small load balancer
-    # service. Requires ncp_enforced_pool_member_limit set to ENABLE or
+    # service. Requires ncp_enforced_pool_member_limit set to ACTIVATE or
     # CRD_LB_ONLY to take effect.
     #members_per_small_lbs = 2000
 
     # Maximum number of pool member allowed for each medium load balancer
-    # service. Requires ncp_enforced_pool_member_limit set to ENABLE or
+    # service. Requires ncp_enforced_pool_member_limit set to ACTIVATE or
     # CRD_LB_ONLY to take effect.
     #members_per_medium_lbs = 2000
 
@@ -614,6 +620,12 @@ data:
     #cookie_name = <None>
 
 
+    # This parameter indicate how firewall is applied to a traffic packet.
+    # Firewall can be bypassed, or be applied to external/internal address of
+    # NAT rule
+    # Choices: MATCH_EXTERNAL_ADDRESS MATCH_INTERNAL_ADDRESS BYPASS
+    #natfirewallmatch = MATCH_INTERNAL_ADDRESS
+
 
     [vc]
 

bundle/kubernetes/manifests/nsx-container-plugin-operator.clusterserviceversion.yaml

@@ -8,7 +8,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Networking, Security
     certified: "True"
-    containerImage: vmware/nsx-container-plugin-operator:3.2.0
+    containerImage: vmware/nsx-container-plugin-operator
     description: An operator which provides NSX as default network for an Openshift
       cluster. Simplifies the process of installing and upgrading the NSX Container
       plugin (NCP) components running in an Openshift cluster. The operator also allows
@@ -19,7 +19,7 @@ metadata:
     marketplace.openshift.io/remote-workflow: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/ncp-openshift/GUID-1D75FE92-051C-4E30-8903-AF832E854AA7.html
     repository: https://github.com/vmware/nsx-container-plugin/operator
     support: VMware
-  name: nsx-container-plugin-operator.v3.2.0
+  name: nsx-container-plugin-operator
 spec:
   apiservicedefinitions: {}
   customresourcedefinitions:
@@ -89,7 +89,7 @@ spec:
               - command:
                 - /bin/bash
                 - -c
-                - nsx-ncp-operator --zap-time-encoding=iso8601
+                - nsx-ncp-operator --zap-time-encoding=iso8601 --metrics-server-bind-address=:8181
                 env:
                 - name: POD_NAME
                   valueFrom:
@@ -101,7 +101,7 @@ spec:
                   value: nsx-ncp:latest
                 - name: WATCH_NAMESPACE
                   value: nsx-system-operator
-                image: docker.io/vmware/nsx-container-plugin-operator:v3.2.0
+                image: docker.io/vmware/nsx-container-plugin-operator
                 imagePullPolicy: IfNotPresent
                 name: nsx-ncp-operator
                 volumeMounts:
@@ -304,6 +304,17 @@ spec:
           - watch
           - delete
           - use
+        - apiGroups:
+          - ""
+          resources:
+          - events
+          verbs:
+          - create
+          - get
+          - list
+          - patch
+          - update
+          - delete
         serviceAccountName: nsx-ncp-operator
     strategy: deployment
   installModes:
@@ -326,4 +337,4 @@ spec:
   maturity: alpha
   provider:
     name: VMware
-  version: 3.2.0
+  version: ""

bundle/kubernetes/manifests/operator.nsx.vmware.com_ncpinstalls_crd.yaml

@@ -46,6 +46,50 @@ spec:
                 description: 'Tag node logical switch port with node name and cluster when set to true, skip tagging when set to false.
                   Note that if one node has multiple attached VirtualNetworkInterfaces, this function is not supported and should be set to false.'
                 type: boolean
+              nsx-ncp:
+                description: nsx-ncp defines what properties users can configure for NCP Deployment
+                type: object
+                properties:
+                  nodeSelector:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  tolerations:
+                    items:
+                      properties:
+                        effect:
+                          type: string
+                        key:
+                          type: string
+                        operator:
+                          type: string
+                        tolerationSeconds:
+                          format: int64
+                          type: integer
+                        value:
+                          type: string
+                      type: object
+                    type: array
+              nsx-node-agent:
+                description: nsx-node-agent defines what properties users can configure for nsx-ncp-bootstrap and nsx-node-agent DaemonSet
+                type: object
+                properties:
+                  tolerations:
+                    items:
+                      properties:
+                        effect:
+                          type: string
+                        key:
+                          type: string
+                        operator:
+                          type: string
+                        tolerationSeconds:
+                          format: int64
+                          type: integer
+                        value:
+                          type: string
+                      type: object
+                    type: array
           status:
             description: NcpInstallStatus defines the observed state of NcpInstall
             type: object

bundle/openshift4/manifests/configmap.yaml

@@ -220,6 +220,15 @@ data:
     # subnets for no-snat namespace. It only works for policy mode.
     #enable_namespace_subnets = False
 
+    # If true, NCP will collect prometheus metrics and export the metrics
+    # through the prometheus_metrics_port.On VMC metric monitoring will always
+    # be enabled regardless of this option.
+    #enable_prometheus_metrics = False
+
+    # The port number for NCP to expose prometheus metrics.
+    #prometheus_metrics_port = 8001
+
+
 
     [nsx_kube_proxy]
 
@@ -236,6 +245,8 @@ data:
     # Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL
     #nsxrpc_loglevel = ERROR
 
+    # OVS bridge name
+    ovs_bridge = br-int
 
 
     # The time in seconds for nsx_node_agent to backoff before re-using an
@@ -374,6 +385,7 @@ data:
     #log_firewall_traffic = <None>
 
 
+
     # Option to use native load balancer or not
     use_native_loadbalancer = True
 
@@ -383,10 +395,6 @@ data:
     # creation/update.
     #l4_lb_auto_scaling = True
 
-    # Option to use native load balancer or not when ingress class annotation
-    # is missing. Only effective if use_native_loadbalancer is set to true
-    #default_ingress_class_nsx = True
-
     # Path to the default certificate file for HTTPS load balancing. Must be
     # specified along with lb_priv_key_path option
     #lb_default_cert_path = <None>
@@ -548,24 +556,24 @@ data:
     # Choices: PREEMPTIVE NON_PREEMPTIVE
     #failover_mode = NON_PREEMPTIVE
 
-    # Set this to ENABLE to enable NCP enforced pool member limit for all load
-    # balancer servers in cluster. Set this to CRD_LB_ONLY will only enforce
-    # the limit for load balancer servers created using lb CRD. Set this to
-    # DISABLE to turn off all limit checks. This option requires
+    # Set this to ACTIVATE to enable NCP enforced pool member limit for all
+    # load balancer servers in cluster. Set this to CRD_LB_ONLY will only
+    # enforce the limit for load balancer servers created using lb CRD. Set
+    # this to DEACTIVATE to turn off all limit checks. This option requires
     # relax_scale_validation set to True, l4_lb_auto_scaling set to False, and
-    # works on Policy API only. When not disabled, NCP will enforce a pool
-    # member limit on LBS to prevent one LBS from using up all resources on
-    # edge nodes.
-    # Choices: DISABLE ENABLE CRD_LB_ONLY
-    #ncp_enforced_pool_member_limit = DISABLE
+    # works on Policy API only. When activated, NCP will enforce a pool member
+    # limit on LBS to prevent one LBS from using up all resources on edge
+    # nodes.
+    # Choices: DEACTIVATE ACTIVATE CRD_LB_ONLY
+    #ncp_enforced_pool_member_limit = DEACTIVATE
 
     # Maximum number of pool member allowed for each small load balancer
-    # service. Requires ncp_enforced_pool_member_limit set to ENABLE or
+    # service. Requires ncp_enforced_pool_member_limit set to ACTIVATE or
     # CRD_LB_ONLY to take effect.
     #members_per_small_lbs = 2000
 
     # Maximum number of pool member allowed for each medium load balancer
-    # service. Requires ncp_enforced_pool_member_limit set to ENABLE or
+    # service. Requires ncp_enforced_pool_member_limit set to ACTIVATE or
     # CRD_LB_ONLY to take effect.
     #members_per_medium_lbs = 2000
 
@@ -608,6 +616,12 @@ data:
     #cookie_name = <None>
 
 
+    # This parameter indicate how firewall is applied to a traffic packet.
+    # Firewall can be bypassed, or be applied to external/internal address of
+    # NAT rule
+    # Choices: MATCH_EXTERNAL_ADDRESS MATCH_INTERNAL_ADDRESS BYPASS
+    #natfirewallmatch = MATCH_INTERNAL_ADDRESS
+
 
     [vc]
 

bundle/openshift4/manifests/nsx-container-plugin-operator.clusterserviceversion.yaml

@@ -8,7 +8,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Networking, Security
     certified: "True"
-    containerImage: vmware/nsx-container-plugin-operator:3.2.0
+    containerImage: vmware/nsx-container-plugin-operator
     description: An operator which provides NSX as default network for an Openshift
       cluster. Simplifies the process of installing and upgrading the NSX Container
       plugin (NCP) components running in an Openshift cluster. The operator also allows
@@ -19,7 +19,7 @@ metadata:
     marketplace.openshift.io/remote-workflow: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/ncp-openshift/GUID-1D75FE92-051C-4E30-8903-AF832E854AA7.html
     repository: https://github.com/vmware/nsx-container-plugin/operator
     support: VMware
-  name: nsx-container-plugin-operator.v3.2.0
+  name: nsx-container-plugin-operator
 spec:
   apiservicedefinitions: {}
   customresourcedefinitions:
@@ -89,7 +89,7 @@ spec:
               - command:
                 - /bin/bash
                 - -c
-                - nsx-ncp-operator --zap-time-encoding=iso8601
+                - nsx-ncp-operator --zap-time-encoding=iso8601 --metrics-server-bind-address=:8181
                 env:
                 - name: POD_NAME
                   valueFrom:
@@ -101,7 +101,7 @@ spec:
                   value: nsx-ncp:latest
                 - name: WATCH_NAMESPACE
                   value: nsx-system-operator
-                image: docker.io/vmware/nsx-container-plugin-operator:v3.2.0
+                image: docker.io/vmware/nsx-container-plugin-operator
                 imagePullPolicy: IfNotPresent
                 name: nsx-ncp-operator
                 volumeMounts:
@@ -344,6 +344,17 @@ spec:
           verbs:
           - get
           - create
+        - apiGroups:
+          - ""
+          resources:
+          - events
+          verbs:
+          - create
+          - get
+          - list
+          - patch
+          - update
+          - delete
         serviceAccountName: nsx-ncp-operator
     strategy: deployment
   installModes:
@@ -366,4 +377,4 @@ spec:
   maturity: alpha
   provider:
     name: VMware
-  version: 3.2.0
+  version: ""