vSphere IaaS control plane does not support editing the NCP configuration file ncp.ini
. You can create CustomResourceDefinitions (CRDs) in NCP to configure network and load balancer parameters.
NCPSetting CRD
Create a NCPSetting CRD and set values for the NCP configuration.
Parameter | Description |
---|---|
log_dropped_traffic | Indicate whether distributed firewall DENY rules are logged. Values: Default is |
log_firewall_traffic | Indicate whether DFW rules are logged.
Values are:
|
pool_algorithm | Option to set the load balancing algorithm in the load balancer pool object.
Values are:
Default is Round-Robin. |
service_size | Option to set the load balancer size. Values are Default is |
l7_persistence | Option to set the load balancer persistence option.
Values are:
|
l7_persistence_timeout | Persistence timeout value in seconds on the L7 persistence profile. |
cookie_name | Specify a cookie name when l7_persistence type is set to cookie . |
x_forward_for | Enable X_forward_for for headers in ingress.
Values are:
|
snat_rule_logging | Option to select logging for SNAT rules.
Values are:
|
vs_access_log | Log properties of the virutal server for ingress and route.
Values are:
Default is |
ip_reallocation_time | Time in seconds before a released IP can be reallocated. |
For more information about NCP and NSX objects, see the NSX documentation.
- Set the enable_ncp_setting_crd to True.
- Create a YAML file with the following template:
apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ncpsettings.vmware.com spec: group: vmware.com versions: - name: v1 served: true storage: true schema: openAPIV3Schema: type: object properties: spec: type: object properties: nsx_v3: type: object properties: log_dropped_traffic: description: 'Indicates whether distributed firewall DENY rules are logged.' type: boolean log_firewall_traffic: description: 'Indicate whether DFW rules are logged.' ........ All configs that are allow to be configured via CRD........ scope: Cluster names: plural: ncpsettings singular: ncpsetting kind: NCPSetting shortNames: - ncpstg
For example:apiVersion: vmware.com/v1alpha2 kind: NCPSetting metadata: name: ncp-setting-crd spec: nsx_v3: log_dropped_traffic: True log_firewall_traffic: ALL pool_algorithm: Round_Robin l7_persistence: cookie x_forwarded_for: Insert
- Apply the YAML file with the following command:
kubectl apply -f ncp-setting-crd.yaml.j2
To prevent mulitple CRDs from overriding the same configuration value, NCP only processses the CRD object with name ncp-setting-crd. Other CRDs with different names are annotated with errors and NCP does not process those CRDS.
Overriding NCP Configuration
- l7_persistence, l7_persistence_timeout, and cookie_name. If the l7_persistence is changed by the CRD, NCP creates a new persistence profile with the values of the l7_persistence, l7_persistence_timeout, and cookie_name.
If l7_persistence_timeout and cookie_name are changed through the CRD, the existing profile is updated based on the new values.
- x_forwarded_for. If x_forwarded_for is changed by the CRD, NCP creates a new application profile based on its value.
- vs_access_log. If the vs_access_log is changed by the CRD, NCP updates the logging option of the virtual servers accordingly.