The instructions in this section are optional for TKGI users because the steps are automated in TKGI.
The first step in the Manager to Policy migration process is to migrate the NSX resources that are shared among clusters such as Logical Routers, IP blocks and pools, NsGroups, and so on. These NSX resources are created by the user. They are specified in the mp2p-user-spec YAML manually by the user when migrating vanilla Kubernetes clusters. They cannot be specified in TKGI as they are auto-inferred. They are specified in the VMware NSX-T Tile under MP to Policy Migration config pane in Ops Manager in TAS.
- Each space (' ') literal is replaced with underscore ('_')
- Each forward slash ('/') is replaced with underscore ('_')
- If the display name has only periods (for example, '.', '.....', etc.) it is prepended with one underscore ('_')
- "mp display name" becomes policy id: "mp_display_name"
- "mp display/name" becomes policy id: "mp_display_name"
- "....." becomes policy id: "_....."
So you must ensure that all the NSX resources that you created have unique display names.
In TAS, Shared Resources are migrated to Policy with a policy ID that is same as the MP ID.
NOTE: After migrating a Vanilla Kubernetes cluster, update the ncp.ini based on the above rules wherever the config reads the ID of the NSX resource.
How to specify shared resources in user-spec YAML
- The resource using either display_name or ID in the Manager API. If the resource is not found in Manager API, it is ignored.
- The IP-Allocations to be imported for any IP Pool in the user-spec.yaml under "ip-allocations". Two scenarios:
- With custom IpPoolAllocations from this IpPool
If you have created some IpAllocations manually, please specify them under here. Key is the allocation_id of the IpPoolAllocation and value is its expected policy ID. Do not import any other resources such as IpBlock, Tier0, etc. with it. Once they are imported, run the script again to import shared resources but as specified in step 2 below.
- Without custom IpPoolAllocations from this IpPool (default)
Do not edit/specify ip-allocations under any IpPool and add all the other resources like IpBlock, Tier0, etc in the spec to be imported.
- With custom IpPoolAllocations from this IpPool
- Static routes and router ports to be imported for a tier 1 router.
Do not change the `key` and `value` identifier in the spec, but only their assigned values. `Key` is the manager ID and value is the expected policy ID.
See Sample user-spec.yaml to see the list of NSX resources that can be specified and how to specify them.
Steps to import only shared resources
NCP 4.1.1 or Earlier
- Fill in the appropriate information in config.yaml and set import_shared_resources_only to True. See Sample user-spec.yaml.
- Fill in the shared resources info in user-spec.yaml. See Sample user-spec.yaml.
- Run the mp_to_policy_importer using either the config file or command line arguments. For example:
python3 mp_to_policy_importer.py --config-file config.yaml
NCP 4.1.2 or Later
- Fill in the shared resources info in nsx-ncp-migrate-mp2p-user-spec config map. See Sample user-spec.yaml.
- Do not specify any Kubernetes cluster name under the key "k8s-clusters".
- Apply the file migrate-mp2p-job.yaml to run the migration job.
- Navigate to the MP to Policy Migration config pane.
- Specify the NSX resources to be migrated.
- Enable the checkbox Migrate only manually created NSX resources. If this option is selected, then NCP created NSX resources for this foundation will not be migrated to Policy.
- Select the radio button Perform Migration to NSX Policy. All user-specified NSX resources specified in this configuration pane and NCP-created NSX resources are migrated to Policy. This is done by deploying a new VM in the VMware-NSX-T deployment and running an errand on it.
- Click Save.
- Click Installation Dashboard.
- Click Review Pending Changes.
- Under VMware NSX-T Tile Errands, enable Perform MP2P Migration.
- Click Apply Changes.