You can use the antreansxctl command to manage your Antrea environment.
The syntax of the
antreansxctl command:
antreansxctl --help antrea-nsx command line utility - version - Usage: antreansxctl [flags] antreansxctl [command] Available Commands: bootstrap Create cert and PI, generate the bootstrap config child-segment-create Create child segment and its parent segment on NSX child-segment-delete Delete a child segment and its connection binding maps child-segment-list List child segments that attach to the provided parent segment on NSX cluster-cleanup Cleanup ClusterControlPlane and ContainerCluster in case K8s cluster is destroyed without running deregister job. This operation is irreversible. cluster-get Get ClusterControlPlane and ContainerCluster cluster-list List all ClusterControlPlanes and ContainerClusters completion Generate the autocompletion script for the specified shell help Help about any command version Print version information Flags: -h, --help help for antreansxctl
Use "antreansxctl [command] --help" for more information about a command.
Note: The commands child-segment-create, child-segment-delete, child-segment-list, and version are available in VMware Container Networking with Antrea Installation 1.10.0 or later. For more information about child segments and Egress support in Antrea, see Configuring a Subnet for Egress IPs.
antreansxctl config file
You can specify the IP address, user name, and password for NSX in the contexts section of the antreansxctl config file, For example,
current-context: nsx1
contexts:
nsx1:
nsx_manager: 192.168.10.22
user: admin
password: ZHVtbXktcGFzc3dvcmQ= # echo -n 'dummy-password' | base64
nsx2:
nsx_manager: 172.19.10.22
user: admin
password: ZHVtbXktcGFzc3dvcmQ=
By default, the config file path is $HOME/.antreansxctl. To change the path, you can run the command export ANTREANSXCTL_CONFIG=path/to/antreansxctl-config.
A different context can be chosen with the command antreansxctl -c context if there are multiple NSX configs.
Note the following:
- If you specify the --nsx-managers/user/password/key/cert parameters, the configuration information of NSX (IP/user/key/cert) will be written to the default config file ~/.antreansxctl. The next time the command can be executed using the --c nsx_default parameter, without the need to specify the --nsx-managers/user/password/key/cert parameters.
- If you specify both --user and --password parameters, you need to add the password information in the configuration file manually.
- The antreansxctl tool does not store any password information.
This feature is available in VMware Container Networking with Antrea Installation 1.10.0 or later.
Cluster cleanup
You can use the antreansxctl cluster-cleanup command to clean up Antrea data. You can run this command when the cluster has been destroyed before the deregisterjob.yaml has run.
To clean up a cluster's registration and inventory, run one of the following commands:
antreansxctl cluster-cleanup --cluster-name string --nsx-ip string --user string --password string antreansxctl cluster-cleanup --cluster-id string --nsx-ip string --user string --password string
To clean up the registration and inventory for all clusters, run the following commands. This will deregister all Antrea clusters.
antreansxctl cluster-cleanup --delete-all --nsx-ip string --user string --password string
List all registered clusters
To list all registered clusters, including running clusters and left-over clusters, run the following command:
antreansxctl cluster-list --nsx-ip string --user string --password string
For example,
./bootstrap cluster-list --nsx-ip string --user admin --password string ----- Cluster Control Plane Resources ----- CLUSTER-NAME CLUSTER-ID wenqi-0004 6c018574-cd1f-4da0-b0f5-5965b270cd22 ----- Antrea Container Cluster Inventory Resources ---- CLUSTER-NAME CLUSTER-ID wenqi-0004 6c018574-cd1f-4da0-b0f5-5965b270cd22
View cluster registration and inventory information
Run one of the following commands:
antreansxctl cluster-get --cluster-name string --nsx-ip string --user string --password string antreansxctl cluster-get --cluster-id string --nsx-ip string --user string --password string
For example,
./bootstrap cluster-get --nsx-ip string --user string --password string --cluster-name=string ----- Cluster Control Plane Resources ----- CLUSTER-NAME CLUSTER-ID wenqi-0004 6c018574-cd1f-4da0-b0f5-5965b270cd22 ----- Antrea Container Cluster Inventory Resources ---- CLUSTER-NAME CLUSTER-ID wenqi-0004 6c018574-cd1f-4da0-b0f5-5965b270cd22
Bootstrap
Use this command to simplify the process of setting up a Kubernetes cluster and registering it to NSX Manager. It will automatically create a certificate and PI in NSX and generate the bootstrap configuration. The syntax is:
Usage:
antreansxctl bootstrap [flags]
Flags:
--bootstrap-config-yaml-file string Optional. A bootstrap config yaml file path used as template input. The file can be found from Antrea-interworking deliverables. If this parameter is not provided, the command will use an embedded bootstrap config template, and the embedded bootstrap config comes from the same Antrea-interworking version as this command
--cert string NSX manager admin cert
--cluster-name string Name of the cluster to be registered to NSX
-h, --help help for bootstrap
--key string NSX manager admin key
--nsx-managers string NSX manager IP or domain name, if there are multiple values, separate them with commas
--password string NSX manager admin password
--proxy-endpoints-rest-api string Optional.The proxy-endpoints-rest-api should be a string slice that contains the IP address or domain name of the REST API endpoint, if there are multiple values, separate them with commas
--proxy-endpoints-rpc-fwd string Optional.The proxy-endpoints-rpc-fwd should be a string slice that contains the IP address or domain name of the NSX RPC forward proxy, if there are multiple values, separate them with commas
--user string NSX manager admin username
--vpcPath string Optional.It`s the NSX VPC path assigned to this cluster. Example: /orgs/default/projects/project1/vpcs/my-vpc1 . If VPC path is not specified, Enterprise admin role is assigned to the PI. If VPC path is specified, multi tenant Role bound to the VPC is assigned to the PI.
The following command will create a PI in NSX and generate a certificate, and generate the
bootstrap-config.yaml.
antreansxctl bootstrap --user string --password string --nsx-managers string --cluster-name string --vpcPath string --bootstrap-config-yaml-file string
The
antreansxctl bootstrap options:
- --cert string: NSX manager admin cert, either admin cert+key or admin username+password is required for authenticating with NSX.
- --cluster-name string: Required. Name of the cluster to be registered to NSX.
- --key string: NSX manager admin key, either admin cert+key or admin username+password is required for authenticating with NSX.
- --nsx-managers string: Required. NSX manager IP or domain name, if there are multiple values, separate them with commas.
- --proxy-endpoints-rest-api string: Optional.The proxy-endpoints-rest-api should be a string slice that contains the IP address or domain name of the REST API endpoint, if there are multiple values, separate them with commas.
- --proxy-endpoints-rpc-fwd string: Optional.The proxy-endpoints-rpc-fwd should be a string slice that contains the IP address or domain name of the NSX RPC forward proxy, if there are multiple values, separate them with commas.
- --password string: NSX manager admin password, either admin cert+key or admin username+password is required for authenticating with NSX.
- --user string: NSX manager admin username, either admin cert+key or admin username+password is required for authenticating with NSX.
- --vpcPath string: Optional.It's the NSX VPC path assigned to this cluster. Example: /orgs/default/projects/project1/vpcs/my-vpc1 . If VPC path is not specified, Enterprise admin role is assigned to the PI. If VPC path is specified, multi tenant Role bound to the VPC is assigned to the PI.
- --bootstrap-config-yaml-file string: Optional. A bootstrap config yaml file path used as template input. The file can be found from Antrea-interworking deliverables. If this parameter is not provided, the command will use an embedded bootstrap config template, and the embedded bootstrap config comes from the same Antrea-interworking version as this command.
Create a child segment
The child-segment-create command creates a child segment in NSX, and creates a segment connection binding map between the child segment and the parent segment where the Nodes are attached. After this configuration, you can use the Antrea IPAM or Egress features on the cluster with VLAN isolations in NSX with a tier-1 topology.
Usage:
antreansxctl child-segment-create [--flags...] name [flags]
Flags:
--cert string NSX manager admin cert
--cidr string Network address for the target CHILD segment in CIDR format. Example: 192.168.1.0/24
--gateway string Optional. Gateway address for the target CHILD segment in CIDR format. If it is set, the value must be in the cidr, otherwise, the first IP in the cidr is used by default.
-h, --help help for child-segment-create
--key string NSX manager admin key
--nsx-managers string Required. NSX manager IP or domain name, if there are multiple values, separate them with commas
--parent string Policy path for the segment which K8s Nodes are attaching on. Example: /infra/segments/openshift-segment
--password string NSX manager admin password
--user string NSX manager admin username
--vlan int Optional. VLAN is used when attaching the CHILD segment to the given parent. A valid VLAN is supposed in [1, 4094]. If it is not set, the script will choose an available value from the scope which is never used under the given parent.
The maximum length of the name of a child segment is 80 characters.
For example,
./antreansxctl child-segment-create --nsx-managers=$manager_ip --user=$user --password=$password --cidr="192.168.20.0/24" --gateway="192.168.20.1" --parent="/infra/segments/test-parent" --vlan=2001 c1 ----- Create CHILD segment result ----- CIDR Gateway VLAN BindingMap Segment-Path 192.168.20.0/24 192.168.20.1 2001 bindingmap-2001-m9sfg9sd /infra/segments/c1-ghzhg4rm
List child segments
The child-segment-list command lists all the child segments and the segment connection binding maps between the child segments and the parent segment.
Usage:
antreansxctl child-segment-list parent-path [flags]
Flags:
--c string The name of the NSX config context to use
--cert string NSX manager admin cert
-h, --help help for child-segment-list
--key string NSX manager admin key
--nsx-managers string Required. NSX manager IP or domain name, if there are multiple values, separate them with commas
--password string NSX manager admin password
--user string NSX manager admin username
For example,
./antreansxctl child-segment-list --nsx-managers=$manager_ip --user=$user --password=$password /infra/segments/test-parent ----- List CHILD segment result ----- CIDR Gateway VLAN BindingMap Segment-Path 192.168.20.0/24 192.168.20.1 2001 bindingmap-2001-m9sfg9sd /infra/segments/c1-ghzhg4rm
Delete a child segment
The child-segment-delete command deletes a child segment and its associated segment connection binding maps.
Usage:
antreansxctl child-segment-delete child-path [flags]
Flags:
--c string The name of the NSX config context to use
--cert string NSX manager admin cert
-h, --help help for child-segment-delete
--key string NSX manager admin key
--nsx-managers string Required. NSX manager IP or domain name, if there are multiple values, separate them with commas
--password string NSX manager admin password
--user string NSX manager admin username
For example,
./antreansxctl child-segment-delete --nsx-managers=$manager_ip --user=$user --password=$password /infra/segments/c1-ghzhg4rm Successfully deleted child segment /infra/segments/c1-ghzhg4rm and its binding maps.
