From 84369712b6760047ccfa77f5961a984e7a7fa17c Mon Sep 17 00:00:00 2001 From: Deng Yun Date: Mon, 14 Mar 2022 18:29:35 +0800 Subject: [PATCH] Sync bundle manifests with deploy ones for v3.2.1 Sync bundle manifests with latest manifests under directory deploy for nsx-container-plugin-operator v3.2.1 version release in master branch --- bundle/kubernetes/manifests/configmap.yaml | 44 ++++++++++++------- ...plugin-operator.clusterserviceversion.yaml | 21 ++++++--- ...erator.nsx.vmware.com_ncpinstalls_crd.yaml | 44 +++++++++++++++++++ bundle/openshift4/manifests/configmap.yaml | 44 ++++++++++++------- ...plugin-operator.clusterserviceversion.yaml | 21 ++++++--- ...erator.nsx.vmware.com_ncpinstalls_crd.yaml | 44 +++++++++++++++++++ 6 files changed, 177 insertions(+), 41 deletions(-) diff --git a/bundle/kubernetes/manifests/configmap.yaml b/bundle/kubernetes/manifests/configmap.yaml index f4335cd..ced6d60 100644 --- a/bundle/kubernetes/manifests/configmap.yaml +++ b/bundle/kubernetes/manifests/configmap.yaml @@ -52,7 +52,7 @@ data: [coe] # Container orchestrator adaptor to plug in. - adaptor = kubernetes + #adaptor = kubernetes # Specify cluster for adaptor. #cluster = k8scluster @@ -220,6 +220,15 @@ data: # subnets for no-snat namespace. It only works for policy mode. #enable_namespace_subnets = False + # If true, NCP will collect prometheus metrics and export the metrics + # through the prometheus_metrics_port.On VMC metric monitoring will always + # be enabled regardless of this option. + #enable_prometheus_metrics = False + + # The port number for NCP to expose prometheus metrics. + #prometheus_metrics_port = 8001 + + [nsx_kube_proxy] @@ -374,6 +383,7 @@ data: #log_firewall_traffic = + # Option to use native load balancer or not #use_native_loadbalancer = True @@ -383,10 +393,6 @@ data: # creation/update. #l4_lb_auto_scaling = True - # Option to use native load balancer or not when ingress class annotation - # is missing. Only effective if use_native_loadbalancer is set to true - #default_ingress_class_nsx = True - # Path to the default certificate file for HTTPS load balancing. Must be # specified along with lb_priv_key_path option #lb_default_cert_path = @@ -554,24 +560,24 @@ data: # Choices: PREEMPTIVE NON_PREEMPTIVE #failover_mode = NON_PREEMPTIVE - # Set this to ENABLE to enable NCP enforced pool member limit for all load - # balancer servers in cluster. Set this to CRD_LB_ONLY will only enforce - # the limit for load balancer servers created using lb CRD. Set this to - # DISABLE to turn off all limit checks. This option requires + # Set this to ACTIVATE to enable NCP enforced pool member limit for all + # load balancer servers in cluster. Set this to CRD_LB_ONLY will only + # enforce the limit for load balancer servers created using lb CRD. Set + # this to DEACTIVATE to turn off all limit checks. This option requires # relax_scale_validation set to True, l4_lb_auto_scaling set to False, and - # works on Policy API only. When not disabled, NCP will enforce a pool - # member limit on LBS to prevent one LBS from using up all resources on - # edge nodes. - # Choices: DISABLE ENABLE CRD_LB_ONLY - #ncp_enforced_pool_member_limit = DISABLE + # works on Policy API only. When activated, NCP will enforce a pool member + # limit on LBS to prevent one LBS from using up all resources on edge + # nodes. + # Choices: DEACTIVATE ACTIVATE CRD_LB_ONLY + #ncp_enforced_pool_member_limit = DEACTIVATE # Maximum number of pool member allowed for each small load balancer - # service. Requires ncp_enforced_pool_member_limit set to ENABLE or + # service. Requires ncp_enforced_pool_member_limit set to ACTIVATE or # CRD_LB_ONLY to take effect. #members_per_small_lbs = 2000 # Maximum number of pool member allowed for each medium load balancer - # service. Requires ncp_enforced_pool_member_limit set to ENABLE or + # service. Requires ncp_enforced_pool_member_limit set to ACTIVATE or # CRD_LB_ONLY to take effect. #members_per_medium_lbs = 2000 @@ -614,6 +620,12 @@ data: #cookie_name = + # This parameter indicate how firewall is applied to a traffic packet. + # Firewall can be bypassed, or be applied to external/internal address of + # NAT rule + # Choices: MATCH_EXTERNAL_ADDRESS MATCH_INTERNAL_ADDRESS BYPASS + #natfirewallmatch = MATCH_INTERNAL_ADDRESS + [vc] diff --git a/bundle/kubernetes/manifests/nsx-container-plugin-operator.clusterserviceversion.yaml b/bundle/kubernetes/manifests/nsx-container-plugin-operator.clusterserviceversion.yaml index 14f8d6e..e2de61f 100644 --- a/bundle/kubernetes/manifests/nsx-container-plugin-operator.clusterserviceversion.yaml +++ b/bundle/kubernetes/manifests/nsx-container-plugin-operator.clusterserviceversion.yaml @@ -8,7 +8,7 @@ metadata: capabilities: Seamless Upgrades categories: Networking, Security certified: "True" - containerImage: vmware/nsx-container-plugin-operator:3.2.0 + containerImage: vmware/nsx-container-plugin-operator description: An operator which provides NSX as default network for an Openshift cluster. Simplifies the process of installing and upgrading the NSX Container plugin (NCP) components running in an Openshift cluster. The operator also allows @@ -19,7 +19,7 @@ metadata: marketplace.openshift.io/remote-workflow: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/ncp-openshift/GUID-1D75FE92-051C-4E30-8903-AF832E854AA7.html repository: https://github.com/vmware/nsx-container-plugin/operator support: VMware - name: nsx-container-plugin-operator.v3.2.0 + name: nsx-container-plugin-operator spec: apiservicedefinitions: {} customresourcedefinitions: @@ -89,7 +89,7 @@ spec: - command: - /bin/bash - -c - - nsx-ncp-operator --zap-time-encoding=iso8601 + - nsx-ncp-operator --zap-time-encoding=iso8601 --metrics-server-bind-address=:8181 env: - name: POD_NAME valueFrom: @@ -101,7 +101,7 @@ spec: value: nsx-ncp:latest - name: WATCH_NAMESPACE value: nsx-system-operator - image: docker.io/vmware/nsx-container-plugin-operator:v3.2.0 + image: docker.io/vmware/nsx-container-plugin-operator imagePullPolicy: IfNotPresent name: nsx-ncp-operator volumeMounts: @@ -304,6 +304,17 @@ spec: - watch - delete - use + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - delete serviceAccountName: nsx-ncp-operator strategy: deployment installModes: @@ -326,4 +337,4 @@ spec: maturity: alpha provider: name: VMware - version: 3.2.0 + version: "" diff --git a/bundle/kubernetes/manifests/operator.nsx.vmware.com_ncpinstalls_crd.yaml b/bundle/kubernetes/manifests/operator.nsx.vmware.com_ncpinstalls_crd.yaml index 142d3e2..078dcec 100644 --- a/bundle/kubernetes/manifests/operator.nsx.vmware.com_ncpinstalls_crd.yaml +++ b/bundle/kubernetes/manifests/operator.nsx.vmware.com_ncpinstalls_crd.yaml @@ -46,6 +46,50 @@ spec: description: 'Tag node logical switch port with node name and cluster when set to true, skip tagging when set to false. Note that if one node has multiple attached VirtualNetworkInterfaces, this function is not supported and should be set to false.' type: boolean + nsx-ncp: + description: nsx-ncp defines what properties users can configure for NCP Deployment + type: object + properties: + nodeSelector: + additionalProperties: + type: string + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + nsx-node-agent: + description: nsx-node-agent defines what properties users can configure for nsx-ncp-bootstrap and nsx-node-agent DaemonSet + type: object + properties: + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array status: description: NcpInstallStatus defines the observed state of NcpInstall type: object diff --git a/bundle/openshift4/manifests/configmap.yaml b/bundle/openshift4/manifests/configmap.yaml index b2d86a5..df459d5 100644 --- a/bundle/openshift4/manifests/configmap.yaml +++ b/bundle/openshift4/manifests/configmap.yaml @@ -220,6 +220,15 @@ data: # subnets for no-snat namespace. It only works for policy mode. #enable_namespace_subnets = False + # If true, NCP will collect prometheus metrics and export the metrics + # through the prometheus_metrics_port.On VMC metric monitoring will always + # be enabled regardless of this option. + #enable_prometheus_metrics = False + + # The port number for NCP to expose prometheus metrics. + #prometheus_metrics_port = 8001 + + [nsx_kube_proxy] @@ -236,6 +245,8 @@ data: # Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL #nsxrpc_loglevel = ERROR + # OVS bridge name + ovs_bridge = br-int # The time in seconds for nsx_node_agent to backoff before re-using an @@ -374,6 +385,7 @@ data: #log_firewall_traffic = + # Option to use native load balancer or not use_native_loadbalancer = True @@ -383,10 +395,6 @@ data: # creation/update. #l4_lb_auto_scaling = True - # Option to use native load balancer or not when ingress class annotation - # is missing. Only effective if use_native_loadbalancer is set to true - #default_ingress_class_nsx = True - # Path to the default certificate file for HTTPS load balancing. Must be # specified along with lb_priv_key_path option #lb_default_cert_path = @@ -548,24 +556,24 @@ data: # Choices: PREEMPTIVE NON_PREEMPTIVE #failover_mode = NON_PREEMPTIVE - # Set this to ENABLE to enable NCP enforced pool member limit for all load - # balancer servers in cluster. Set this to CRD_LB_ONLY will only enforce - # the limit for load balancer servers created using lb CRD. Set this to - # DISABLE to turn off all limit checks. This option requires + # Set this to ACTIVATE to enable NCP enforced pool member limit for all + # load balancer servers in cluster. Set this to CRD_LB_ONLY will only + # enforce the limit for load balancer servers created using lb CRD. Set + # this to DEACTIVATE to turn off all limit checks. This option requires # relax_scale_validation set to True, l4_lb_auto_scaling set to False, and - # works on Policy API only. When not disabled, NCP will enforce a pool - # member limit on LBS to prevent one LBS from using up all resources on - # edge nodes. - # Choices: DISABLE ENABLE CRD_LB_ONLY - #ncp_enforced_pool_member_limit = DISABLE + # works on Policy API only. When activated, NCP will enforce a pool member + # limit on LBS to prevent one LBS from using up all resources on edge + # nodes. + # Choices: DEACTIVATE ACTIVATE CRD_LB_ONLY + #ncp_enforced_pool_member_limit = DEACTIVATE # Maximum number of pool member allowed for each small load balancer - # service. Requires ncp_enforced_pool_member_limit set to ENABLE or + # service. Requires ncp_enforced_pool_member_limit set to ACTIVATE or # CRD_LB_ONLY to take effect. #members_per_small_lbs = 2000 # Maximum number of pool member allowed for each medium load balancer - # service. Requires ncp_enforced_pool_member_limit set to ENABLE or + # service. Requires ncp_enforced_pool_member_limit set to ACTIVATE or # CRD_LB_ONLY to take effect. #members_per_medium_lbs = 2000 @@ -608,6 +616,12 @@ data: #cookie_name = + # This parameter indicate how firewall is applied to a traffic packet. + # Firewall can be bypassed, or be applied to external/internal address of + # NAT rule + # Choices: MATCH_EXTERNAL_ADDRESS MATCH_INTERNAL_ADDRESS BYPASS + #natfirewallmatch = MATCH_INTERNAL_ADDRESS + [vc] diff --git a/bundle/openshift4/manifests/nsx-container-plugin-operator.clusterserviceversion.yaml b/bundle/openshift4/manifests/nsx-container-plugin-operator.clusterserviceversion.yaml index 96a3547..c793bf0 100644 --- a/bundle/openshift4/manifests/nsx-container-plugin-operator.clusterserviceversion.yaml +++ b/bundle/openshift4/manifests/nsx-container-plugin-operator.clusterserviceversion.yaml @@ -8,7 +8,7 @@ metadata: capabilities: Seamless Upgrades categories: Networking, Security certified: "True" - containerImage: vmware/nsx-container-plugin-operator:3.2.0 + containerImage: vmware/nsx-container-plugin-operator description: An operator which provides NSX as default network for an Openshift cluster. Simplifies the process of installing and upgrading the NSX Container plugin (NCP) components running in an Openshift cluster. The operator also allows @@ -19,7 +19,7 @@ metadata: marketplace.openshift.io/remote-workflow: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/ncp-openshift/GUID-1D75FE92-051C-4E30-8903-AF832E854AA7.html repository: https://github.com/vmware/nsx-container-plugin/operator support: VMware - name: nsx-container-plugin-operator.v3.2.0 + name: nsx-container-plugin-operator spec: apiservicedefinitions: {} customresourcedefinitions: @@ -89,7 +89,7 @@ spec: - command: - /bin/bash - -c - - nsx-ncp-operator --zap-time-encoding=iso8601 + - nsx-ncp-operator --zap-time-encoding=iso8601 --metrics-server-bind-address=:8181 env: - name: POD_NAME valueFrom: @@ -101,7 +101,7 @@ spec: value: nsx-ncp:latest - name: WATCH_NAMESPACE value: nsx-system-operator - image: docker.io/vmware/nsx-container-plugin-operator:v3.2.0 + image: docker.io/vmware/nsx-container-plugin-operator imagePullPolicy: IfNotPresent name: nsx-ncp-operator volumeMounts: @@ -344,6 +344,17 @@ spec: verbs: - get - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - delete serviceAccountName: nsx-ncp-operator strategy: deployment installModes: @@ -366,4 +377,4 @@ spec: maturity: alpha provider: name: VMware - version: 3.2.0 + version: "" diff --git a/bundle/openshift4/manifests/operator.nsx.vmware.com_ncpinstalls_crd.yaml b/bundle/openshift4/manifests/operator.nsx.vmware.com_ncpinstalls_crd.yaml index 142d3e2..078dcec 100644 --- a/bundle/openshift4/manifests/operator.nsx.vmware.com_ncpinstalls_crd.yaml +++ b/bundle/openshift4/manifests/operator.nsx.vmware.com_ncpinstalls_crd.yaml @@ -46,6 +46,50 @@ spec: description: 'Tag node logical switch port with node name and cluster when set to true, skip tagging when set to false. Note that if one node has multiple attached VirtualNetworkInterfaces, this function is not supported and should be set to false.' type: boolean + nsx-ncp: + description: nsx-ncp defines what properties users can configure for NCP Deployment + type: object + properties: + nodeSelector: + additionalProperties: + type: string + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + nsx-node-agent: + description: nsx-node-agent defines what properties users can configure for nsx-ncp-bootstrap and nsx-node-agent DaemonSet + type: object + properties: + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array status: description: NcpInstallStatus defines the observed state of NcpInstall type: object