diff --git a/VERSION b/VERSION index 4d0dcda..2787c14 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -4.1.2 +4.1.2.1 diff --git a/deploy/kubernetes/configmap.yaml b/deploy/kubernetes/configmap.yaml index 8e2854d..19d6982 100644 --- a/deploy/kubernetes/configmap.yaml +++ b/deploy/kubernetes/configmap.yaml @@ -212,6 +212,16 @@ data: + # Set this to True to enable NCP Setting CRD. The CRD can be used to + # override some NCP Settings at runtime. Existing NSX resources will not be + # automatically updated when the CRD is created, except for L7 persistence + # profile and application profile. The corresponding k8s objects need to be + # modified or recreated to take effect. Settings that can be overridden + # include log_firewall_traffic, log_dropped_traffic, pool_algorithm, + # cookie_name, l7_persistence, l7_persistence_timeout, x_forwarded_for, + # snat_rule_logging, vs_access_log, ip_reallocation_time. + #enable_ncp_setting_crd = False + [nsx_kube_proxy] @@ -337,9 +347,9 @@ data: # Indicates whether distributed firewall rules are logged. Option 'ALL' # will enable logging for all DFW rules (both DENY and ALLOW), and option - # 'DENY' will enable logging only for DENY rules. Remove this config if no - # logging is desired. When IPv6 is enabled this setting will not apply to - # rules for allowing ND traffic. + # 'DENY' will enable logging only for DENY rules. Remove this config or set + # it to 'None' will turn off logging. When IPv6 is enabled this setting + # will not apply to rules for allowing ND traffic. # Choices: ALL DENY None NONE none #log_firewall_traffic = @@ -588,7 +598,10 @@ data: #cookie_name = # If true, this will enable sync realization while creating ip-pool/ip- - # subnets for policy mode. It is only available after nsxt 4.1.1 + # subnets for policy mode. It is only available after nsxt 4.1.1. If the + # value on the subnet conflicts with the existing subnets in the same ip- + # pool, it will use the original value to be consistent with the existing + # subnets. #sync_realization = True @@ -609,6 +622,7 @@ data: #enable_mixed_expression_groups = False + [vc] diff --git a/deploy/openshift4/configmap.yaml b/deploy/openshift4/configmap.yaml index 1f88189..26fbbd5 100644 --- a/deploy/openshift4/configmap.yaml +++ b/deploy/openshift4/configmap.yaml @@ -212,6 +212,16 @@ data: + # Set this to True to enable NCP Setting CRD. The CRD can be used to + # override some NCP Settings at runtime. Existing NSX resources will not be + # automatically updated when the CRD is created, except for L7 persistence + # profile and application profile. The corresponding k8s objects need to be + # modified or recreated to take effect. Settings that can be overridden + # include log_firewall_traffic, log_dropped_traffic, pool_algorithm, + # cookie_name, l7_persistence, l7_persistence_timeout, x_forwarded_for, + # snat_rule_logging, vs_access_log, ip_reallocation_time. + #enable_ncp_setting_crd = False + [nsx_kube_proxy] @@ -337,9 +347,9 @@ data: # Indicates whether distributed firewall rules are logged. Option 'ALL' # will enable logging for all DFW rules (both DENY and ALLOW), and option - # 'DENY' will enable logging only for DENY rules. Remove this config if no - # logging is desired. When IPv6 is enabled this setting will not apply to - # rules for allowing ND traffic. + # 'DENY' will enable logging only for DENY rules. Remove this config or set + # it to 'None' will turn off logging. When IPv6 is enabled this setting + # will not apply to rules for allowing ND traffic. # Choices: ALL DENY None NONE none #log_firewall_traffic = @@ -582,7 +592,10 @@ data: #cookie_name = # If true, this will enable sync realization while creating ip-pool/ip- - # subnets for policy mode. It is only available after nsxt 4.1.1 + # subnets for policy mode. It is only available after nsxt 4.1.1. If the + # value on the subnet conflicts with the existing subnets in the same ip- + # pool, it will use the original value to be consistent with the existing + # subnets. #sync_realization = True @@ -603,6 +616,7 @@ data: #enable_mixed_expression_groups = False + [vc] diff --git a/manifest/kubernetes/rhel/ncp-rhel.yaml b/manifest/kubernetes/rhel/ncp-rhel.yaml index e86c7a0..44780d3 100644 --- a/manifest/kubernetes/rhel/ncp-rhel.yaml +++ b/manifest/kubernetes/rhel/ncp-rhel.yaml @@ -356,6 +356,7 @@ rules: - loadbalancers/status - nsxlbmonitors - nsxlbmonitors/status + - ncpsettings verbs: - create @@ -443,6 +444,8 @@ subjects: + + --- # Create Role for NCP to run exec on pods kind: Role diff --git a/manifest/kubernetes/ubuntu/ncp-ubuntu.yaml b/manifest/kubernetes/ubuntu/ncp-ubuntu.yaml index bc76a27..f8e5877 100644 --- a/manifest/kubernetes/ubuntu/ncp-ubuntu.yaml +++ b/manifest/kubernetes/ubuntu/ncp-ubuntu.yaml @@ -356,6 +356,7 @@ rules: - loadbalancers/status - nsxlbmonitors - nsxlbmonitors/status + - ncpsettings verbs: - create @@ -443,6 +444,8 @@ subjects: + + --- # Create Role for NCP to run exec on pods kind: Role diff --git a/manifest/openshift4/coreos/ncp-openshift4.yaml b/manifest/openshift4/coreos/ncp-openshift4.yaml index db6c39b..b4e939f 100644 --- a/manifest/openshift4/coreos/ncp-openshift4.yaml +++ b/manifest/openshift4/coreos/ncp-openshift4.yaml @@ -384,6 +384,8 @@ subjects: + + --- # Create Role for NCP to run exec on pods kind: Role @@ -788,6 +790,8 @@ spec: # Mount multus config dir for copying primary CNI config - mountPath: /host/var/run/multus name: host-multus + - mountPath: /host/proc/sys/net + name: host-proc-sys-net @@ -889,6 +893,9 @@ spec: - name: host-multus hostPath: path: /var/run/multus + - name: host-proc-sys-net + hostPath: + path: /proc/sys/net