NCP YAML 파일에는 nsx-node-agent-config ConfugMap이 포함되어 있습니다. 사용 환경에 맞게 모든 옵션을 업데이트할 수 있습니다. 다음은 ncp-ubuntu-policy.yaml의 nsx-node-agent-config ConfigMap입니다.

apiVersion: v1
kind: ConfigMap
metadata:
  name: nsx-node-agent-config
  namespace: nsx-system
  labels:
    version: v1
data:
  ncp.ini: |

    [DEFAULT]

    # If set to true, the logging level will be set to DEBUG instead of the
    # default INFO level.
    #debug = False

    # If set to true, log output to standard error.
    #use_stderr = True

    # Destination to send api log to. STDOUT or STDERR for console output. FILE
    # to write log to file configured in "api_log_file". NONE to disable api
    # log.
    # Choices: STDOUT STDERR FILE NONE
    #api_log_output = NONE

    # Name of log file to send API access log to.
    #api_log_file = ncp_api_log.txt

    # Interval in seconds to logs api call to output configured in
    # api_log_output
    #api_log_interval = 60

    # When api_log_output is not NONE, this option determines if api calls
    # should be collected per NSX cluster or individual NSX manager.
    # Choices: API_LOG_PER_ENDPOINT API_LOG_PER_CLUSTER
    #api_log_mode = API_LOG_PER_ENDPOINT

    # If set to true, use syslog for logging.
    #use_syslog = False

    # The base directory used for relative log_file paths.
    #log_dir = <None>

    # Name of log file to send logging output to.
    #log_file = <None>

    # max MB for each compressed file. Defaults to 100 MB.
    #log_rotation_file_max_mb = 100

    # max MB for each compressed file for API logs.Defaults to 10 MB.
    #api_log_rotation_file_max_mb = 10

    # Total number of compressed backup files to store. Defaults to 5.
    #log_rotation_backup_count = 5

    # Total number of compressed backup files to store API logs. Defaults to 5.
    #api_log_rotation_backup_count = 5

    # Log level for the root logger. If debug=True, the default root logger
    # level will be DEBUG regardless of the value of this option. If this
    # option is unset, the default root logger level will be either DEBUG or
    # INFO according to the debug option value
    # Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL
    #loglevel = <None>

    [k8s]

    # Kubernetes API server IP address.
    #apiserver_host_ip = <None>

    # Kubernetes API server port.
    #apiserver_host_port = <None>

    # Full path of the Token file to use for authenticating with the k8s API
    # server.
    client_token_file = /var/run/secrets/kubernetes.io/serviceaccount/token

    # Full path of the client certificate file to use for authenticating with
    # the k8s API server. It must be specified together with
    # "client_private_key_file".
    #client_cert_file = <None>

    # Full path of the client private key file to use for authenticating with
    # the k8s API server. It must be specified together with
    # "client_cert_file".
    #client_private_key_file = <None>

    # Specify a CA bundle file to use in verifying the k8s API server
    # certificate.
    ca_file = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

    # Specify whether ingress controllers are expected to be deployed in
    # hostnework mode or as regular pods externally accessed via NAT
    # Choices: hostnetwork nat
    #ingress_mode = hostnetwork

    # Log level for the kubernetes adaptor. Ignored if debug is True
    # Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL
    #loglevel = <None>

    # The default HTTP ingress port for non-NSX ingress controllers in NAT
    # mode.
    #http_ingress_port = 80

    # The default HTTPS ingress port for non-NSX ingress controllers in NAT
    # mode.
    #https_ingress_port = 443

    # Specify thread pool size to process resource events
    #resource_watcher_thread_pool_size = 1

    # User specified IP address for HTTP and HTTPS ingresses
    #http_and_https_ingress_ip = <None>

    # Set this to True to enable NCP to create tier1 router, first segment and
    # default SNAT IP for VirtualNetwork CRD, and then create segment port for
    # VM through VirtualNetworkInterface CRD.
    #enable_vnet_crd = False

    # Set this to True to enable NCP to create LoadBalancer on a Tier-1 for
    # LoadBalancer CRD. This option does not support LB autoscaling.
    #enable_lb_crd = False

    # Option to set the type of baseline cluster policy. ALLOW_CLUSTER creates
    # an explicit baseline policy to allow any pod to communicate any other pod
    # within the cluster. ALLOW_NAMESPACE creates an explicit baseline policy
    # to allow pods within the same namespace to communicate with each other.
    # By default, no baseline rule will be created and the cluster will assume
    # the default behavior as specified by the backend. Modification is not
    # supported after the value is set.
    # Choices: <None> allow_cluster allow_namespace
    #baseline_policy_type = <None>

    # Maximum number of endpoints allowed to create for a service.
    #max_allowed_endpoints = 1000

    # Set this to True to enable NCP reporting NSX backend error to k8s object
    # using k8s event
    #enable_ncp_event = False

    # Set this to True to enable multus to create multiple interfaces for one
    # pod. Requires policy_nsxapi set to True to take effect. If passthrough
    # interface is used as additional interface, user should deploy the network
    # device plugin to provide device allocation information for NCP. Pod
    # annotations with prefix "k8s.v1.cni.cncf.io" cannot be modified once pod
    # is realized. User defined IP will not be allocated from the Segment
    # IPPool. The "gateway" in NetworkAttachmentDefinition is not used to
    # configure secondary interfaces, as the default gateway of Pod is
    # configured by the primary CNI on the main network interface. User must
    # define IP and/or MAC if no "ipam" is configured. Only available if node
    # type is HOSTVM and not to be leveraged in conjunction with 3rd party CNI
    # plugin
    #enable_multus = True

    # Interval of polling loadbalancer statistics. Default to60 seconds.
    #lb_statistic_monitor_interval = 60

    # This option is for toggling process of network CRD.It should be set to
    # False when the network status setting is done by OCP4 NetworkOperator
    #process_oc_network = True

    [coe]

    # Container orchestrator adaptor to plug in.
    #adaptor = kubernetes

    # Specify cluster for adaptor.
    #cluster = k8scluster

    # Log level for NCP modules (controllers, services, etc.). Ignored if debug
    # is True
    # Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL
    #loglevel = <None>

    # Log level for NSX API client operations. Ignored if debug is True
    # Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL
    #nsxlib_loglevel = <None>

    # Enable SNAT for all projects in this cluster. Modification of topologies
    # for existing Namespaces is not supported if this option is reset.
    #enable_snat = True

    # Option to enable profiling
    #profiling = False

    # The interval of reporting performance metrics (0 means disabled)
    #metrics_interval = 0

    # Name of log file for outputting metrics only (if not defined, use default
    # logging facility)
    #metrics_log_file = <None>

    # The type of container host node
    # Choices: HOSTVM BAREMETAL CLOUD WCP_WORKER
    #node_type = HOSTVM

    # The time in seconds for NCP/nsx_node_agent to recover the connection to
    # NSX manager/container orchestrator adaptor/Hyperbus before exiting. If
    # the value is 0, NCP/nsx_node_agent won't exit automatically when the
    # connection check fails
    #connect_retry_timeout = 0

    # Enable system health status report for SHA
    #enable_sha = True

    [nsx_kube_proxy]

    # The way to process service configuration, set into OVS flow or write to
    # nestdb,
    # Choices: ovs nestdb
    #config_handler = ovs

    [nsx_node_agent]

    # Prefix of node /proc and /var/run/netns path to mount on nsx_node_agent
    # DaemonSet
    #proc_mount_path_prefix = /host

    # The log level of NSX RPC library. Ignored if debug is True
    # Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL
    #nsxrpc_loglevel = ERROR

    # OVS bridge name
    #ovs_bridge = br-int

    # The time in seconds for nsx_node_agent to wait CIF config from HyperBus
    # before returning to CNI
    #config_retry_timeout = 300

    # The time in seconds for nsx_node_agent to backoff before re-using an
    # existing cached CIF to serve CNI request. Must be less than
    # config_retry_timeout.
    #config_reuse_backoff_time = 15

    # The OVS uplink OpenFlow port where to apply the NAT rules to.
    #ovs_uplink_port = <None>

    # Set this to True if you want to install and use the NSX-OVS kernel
    # module. If the host OS is supported, it will be installed by nsx-ncp-
    # bootstrap and used by nsx-ovs container in nsx-node-agent pod. Note that
    # you would have to add (uncomment) the volumes and mounts in the nsx-ncp-
    # bootstrap DS and add SYS_MODULE capability in nsx-ovs container spec in
    # nsx-node-agent DS. Failing to do so will result in failure of
    # installation and/or kernel upgrade of NSX-OVS kernelmodule.
    #use_nsx_ovs_kernel_module = False

    # The time in seconds for nsx_node_agent to call OVS command. Please
    # increase the time if OVS is in heavy load to create/delete ports
    #ovs_operation_timeout = 5

    # Set to true to allow the CNI plugin to enable IPv6 container interfaces
    #enable_ipv6 = False

    # Set to True if DHCP is configured on the "ovs_uplink_port". "auto" will
    # try to automatically  infer it but it only works on CoreOS. On other
    # types host OS, it defaults to False
    # Choices: True False auto
    #is_dhcp_configured_on_ovs_uplink_port = auto

    # The MTU value for nsx-cni
    #mtu = 1500

    # Applicable only in PKS. If set, nsx-node-agent watches for addition,
    # removal, and update of nodelocaldns DaemonSet. Upon a change, it
    # terminates and is restarted by the monit agent
    #enable_nodelocaldns_monitoring = False

    # The waiting time before nsx-node-agent returns response to CNI plugin,
    # there is a potential timing issue between port creation and related
    # firewall config update on Hypervisor host
    #waiting_before_cni_response = 0