check-circle-line exclamation-circle-line close-line

VMware NSX-T 2.1.2 Release Notes

VMware NSX Container Plug-in 2.1.2   |   12 APR 2018   

Check regularly for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

What's New
NSX Container Plug-in 2.1.2 is a maintenance release specifically for the NSX Container Plug-in (NCP) feature of NSX-T 2.1. It has the following improvements:
  • Support for a persistent and distinct egress IP per Kubernetes service in NAT topologies
  • Support for multiple Ingress controllers for a single Kubernetes cluster
  • Added support for matchExpressions with Network Policies
  • Pivotal Application Service (PAS) NSX-T tile improvements
  • Support for Kubernetes 1.9 and 1.10
  • Support for OpenShift 3.9

Resolved Issues

  • Issue 2011712: NCP does not handle network policy modify events properly

    When NCP is running and a network policy modify event occurs, NCP might not process the event properly. For example, the isolation rule might not be correct, or the source IPset rule might be missing.

  • Issue 2051265: NCP supports only equality-based label selectors for network policies

    Network policies select pods/namespaces using label selectors. Currently, NCP only supports equality-based label selectors. Inequality-based and set-based label selectors are not supported.

  • Issue 2046665: NCP does not support the dollar ('$') character in NSX Manager's password

    If NSX Manager's password contains the dollar ('$') character, NCP fails to work with Pivotal Cloud Foundry or OpenShift.

Known Issues

  • Issue 2083074: NSX Manager shows incorrect auto-discovered address bindings for a container logical port.

    If ARP snooping is enabled (through the IP discobery switching profile) for a container logical port and the container host VM's logical port, the NSX Manager's GUI might show incorrect auto-discovered address bindings for the container logical port. This is a cosmetic error and can be ignored. The actual address bindings are displayed under Manual Bindings.

    Workaround: None needed.

  • Issue 1998217: HyperBus interface vmk50 might be missing on vSphere ESXi causing container creation failure

    Container is not created because the HyperBus interface vmk50 might be missing on vSphere ESXi.

    Workaround: Complete the following steps.

    1. Retrieve the vmk50 port ID using CLI on vSphere ESXi
      net-dvs | grep vmk50 -C 10
    2. Create the vmk50 interface on vSphere ESXi.
      esxcli network ip interface add -P <port-id from step-1> -s DvsPortset-0 -i vmk50 -N hyperbus
    3. Assign an IP address to the vmk50 interface.
      esxcfg-vmknic -i 169.254.1.1 -n 255.255.0.0 -s DvsPortset-0 -v <port-id from step-1> -N hyperbus
  • Issue 2022750: BOSH VM cold migration issue

    Newly provisioned PODs or containers in a container host VM in PKS, PAS, Openshift or other Kubernetes solutions will not have network connectivity under the following conditions:

    • When a container host VM is powered off and subject to cold migration
    • In some cases, when a container host VM is powering on and is subject to DRS (Distributed Resource Scheduler) before the power-up is completed
    • If the vNIC of the container host is detached and re-attached

    Workaround: Delete the container host. In PKS and PAS scenarios, BOSH will recreate the container host.

  • Issue 2094336: New virtual machines created not seen in NSX-T inventory

    When Pivotal BOSH deploys new VMs on vSphere, the VMs might not appear in NSX-T's inventory.

    Workaround: See https://kb.vmware.com/s/article/54138.

  • Issue 2091962: Pivotal BOSH provisioning of virtual machines fails randomly on NSX-T

    When Pivotal BOSH deploys new VMs on vSphere, the provisioning might randomly fail.

    Workaround: See https://kb.vmware.com/s/article/54139.

  • PAS 2.1.0 CNI change

    Due to the CNI plugin change in PAS 2.1.0, none of the NSX-T Tile 2.1.0, 2.1.0.1, 2.1.2 will work with PAS 2.1.0. This is fixed in PAS 2.1.1.

    Workaround: None.

  • PAS 2.1 file mode change

    Due to the template file mode change in PAS 2.1.0 and 2.1.1, PAS deployment with NSX-T Tile 2.1 and 2.1.0.1 will fail. This is fixed in NCP 2.1.2.

    Workaround: None.

  • Issue 2101502: Cell VMs have "unresponsive agent" status after BOSH Agent restarts

    Cell VMs will have the status "unresponsive agent" after BOSH Agent in the VM restarts. This can also happen after recreation of BOSH Director (could be triggered by OpsManager Director configuration changes). BOSH Agent performs validation of eth0 IP address at restart, but in the case of NSX CNI the validation will fail since the eth0 IP is moved to the OVS bridge. This issues applies to all NCP versions and supported PAS versions. 

    Workaround: Delete the Cell VMs and let BOSH recreate them. If the VMs continually run into the issue, log into the Cell VM and add the IP address back to eth0 with the following command: 

       ip addr add {ip/prefix} dev eth0

     

  • The command 'udevadm' hangs for several minutes when nsx-node-agent starts

    The nsx-node-agent startup script will create a network namespace. In the BOSH Agent restart case, the agent will execute the “udevadm settle” command which could hang for several minutes. BOSH might assume the Cell VM fails and recreate the VM. This is an issue with “udevadm settle” which was fixed in udevadm v213. See https://github.com/systemd/systemd/commit/9ea28c55a2488e6cd4a44ac5786f12b71ad5bc9f.

  • Issue 2102003: FQDN cannot be used for NSX Manager API in NSX-T Tile

    The NCP pre-start script cannot resolve FDQN due to the BOSH Job start ordering problem that causes the consul DNS service to not be started when the script is run. This will be fixed in the NCP 2.1.3 release.

    Workaround: None.