{"id":18512806,"url":"https://github.com/vmware/nsx-container-plugin-operator","last_synced_at":"2025-04-04T19:14:18.235Z","repository":{"id":37980707,"uuid":"271337248","full_name":"vmware/nsx-container-plugin-operator","owner":"vmware","description":"Kubernetes Operator for the NSX Container Plugin (NCP)","archived":false,"fork":false,"pushed_at":"2025-03-21T22:36:48.000Z","size":12700,"stargazers_count":32,"open_issues_count":11,"forks_count":24,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-03-28T18:16:55.702Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vmware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-10T17:05:36.000Z","updated_at":"2025-03-14T06:47:41.000Z","dependencies_parsed_at":"2023-02-10T23:50:13.366Z","dependency_job_id":"98d14f64-678a-42c8-9f2b-460ef25ec057","html_url":"https://github.com/vmware/nsx-container-plugin-operator","commit_stats":{"total_commits":227,"total_committers":17,"mean_commits":"13.352941176470589","dds":0.7709251101321586,"last_synced_commit":"19bd4f260f273b8675e686387b865dbc54f765f4"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fnsx-container-plugin-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fnsx-container-plugin-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fnsx-container-plugin-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fnsx-container-plugin-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vmware","download_url":"https://codeload.github.com/vmware/nsx-container-plugin-operator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247234923,"owners_count":20905854,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T15:35:30.356Z","updated_at":"2025-04-04T19:14:18.215Z","avatar_url":"https://github.com/vmware.png","language":"Go","readme":"- [NSX Container Plugin Operator](#nsx-container-plugin-operator)\n  - [Overview](#overview)\n  - [Try it out](#try-it-out)\n    - [Preparing the operator image](#preparing-the-operator-image)\n    - [Installing](#installing)\n      - [Kubernetes](#kubernetes)\n      - [Openshift](#openshift)\n        - [Installing a cluster with user-provisioned infrastructure](#installing-a-cluster-with-user-provisioned-infrastructure)\n        - [Installing a cluster with installer-provisioned infrastructure](#installing-a-cluster-with-installer-provisioned-infrastructure)\n    - [Upgrade](#upgrade)\n  - [Documentation](#documentation)\n    - [Cluster network config (Openshift specific)](#cluster-network-config-openshift-specific)\n    - [Operator ConfigMap](#operator-configmap)\n      - [Kubernetes](#kubernetes-1)\n      - [OpenShift](#openshift-1)\n    - [NCP Image](#ncp-image)\n    - [Unsafe changes](#unsafe-changes)\n  - [Contributing](#contributing)\n  - [License](#license)\n# NSX Container Plugin Operator\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n\n## Overview\n\nAn operator for leveraging NSX as the default container networking solution for an\nKubernetes/Openshift cluster. The operator will be deployed in the early phases of\nOpenshift cluster deployment or after the kubectl is ready in Kubernetes cluster,\nand it will take care of deploying NSX integration components, and precisely:\n\n* The NSX container plugin (NCP) deployment\n* The nsx-ncp-bootstrap daemonset\n* The nsx-node-agent daemonset\n\nThe nsx-container-plugin operator monitors a dedicated ConfigMap, applies changes\nto NCP and nsx-node-agent configuration, and creates/restarts the relevant pods\nso that the relevant configuration changes are picked up.\n\nThe nsx-container-plugin operator also monitors the nsx-node-agent status and\nupdates the network status on relevant nodes.\n\nIn addition, the nsx-container-plugin operator is able to monitor nodes ensuring\nthe corresponding NSX logical port is enabled as a container host logical port.\n\nFor Openshift 4 clusters, the nsx-container-plugin operator especially monitors\nthe `network.config.openshift.io` CR to update the container network CIDRs used by NCP.\n\n## Try it out\n\n### Preparing the operator image\n\nPull the packed image for docker:\n```\ndocker pull vmware/nsx-container-plugin-operator:latest\n```\n\nFor containerd:\n```\nctr image pull docker.io/vmware/nsx-container-plugin-operator:latest\n```\n\nBuilding the nsx-container-plugin operator is very simple. From the project root\ndirectory simply type the following command, which based on docker build tool.\n\n```\nmake all\n```\n\nAt the moment the nsx-container-plugin operator only works on native Kubernetes\nor Openshift 4 environments\n\n### Installing\n\n#### Kubernetes\n\nEdit the operator yaml files in `deploy/kubernetes` then apply them.\n\n#### Openshift\n\n##### Installing a cluster with user-provisioned infrastructure\n\n1. Preparing install-config.yaml\nGenerate install-config.yaml by using openshift-install command.\n```\n$ openshift-install --dir=$MY_CLUSTER create install-config\n```\n\nEdit `$MY_CLUSTER/install-config.yaml` to update networking section.\nChange `networkType` to `ncp`(case insensitive).\nSet container network CIDRs `clusterNetwork` in `$MY_CLUSTER/install-config.yaml`.\n\n2. Creating manifest files:\n```\n$ openshift-install --dir=$MY_CLUSTER create manifests\n```\n\nIf one cluster node has multiple VirtualNetworkInterfaces, the operator cannot\ndetect which interface should be enabled as the containers' parent interface,\nso the user should edit `deploy/openshift4/operator.nsx.vmware.com_v1_ncpinstall_cr.yaml`\nto set `addNodeTag: false` and manually tag the target node port by\n`scope=ncp/node_name, tag=\u003cnode_name\u003e` and `scope=ncp/node_name, tag=\u003ccluster_name\u003e`\non NSX-T.\n\nPut operator yaml files from `deploy/openshift4/` to `$MY_CLUSTER/manifests`,\nedit configmap.yaml about operator configurations, add the operator image and\nNCP image in operator.yaml.\n\n3. Generating ignition configuration files:\n```\n$ openshift-install --dir=$MY_CLUSTER create ignition-configs\n```\nThis bootstrap ignition file will be added to the terraform tfvars.\nThen use terraform to install Openshift 4 cluster on vSphere.\n\n##### Installing a cluster with installer-provisioned infrastructure\n\n1. Prepare install-config.yaml\nThis step is similar to UPI installation. An example of install-config.yaml:\n\n```\napiVersion: v1\nbaseDomain: openshift.test\ncompute:\n- architecture: amd64\n  hyperthreading: Enabled\n  name: worker\n  platform: {}\n  replicas: 3\ncontrolPlane:\n  architecture: amd64\n  hyperthreading: Enabled\n  name: master\n  platform: {}\n  replicas: 3\nmetadata:\n  creationTimestamp: null\n  name: ipi\nnetworking:\n  networkType: ncp\n  clusterNetwork:\n  - cidr: 10.0.0.0/14\n    hostPrefix: 24\n  machineCIDR: 192.168.10.0/24\n  serviceNetwork:\n  - 172.8.0.0/16\nplatform:\n  vsphere:\n    apiVIP: 192.168.10.11\n    cluster: cluster\n    datacenter: dc\n    defaultDatastore: vsanDatastore\n    ingressVIP: 192.168.10.12\n    network: openshift-segment\n    password: pass\n    username: user\n    vCenter: my-vc.local\npublish: External\npullSecret: 'xxx'\nsshKey: 'ssh-rsa xxx'\n```\n\nYou can validate your DNS configuration\nbefore installing OpenShift Container Platform on IPI. A sample DNS zone database\nas follow:\n\n```\n$TTL    604800\n\n$ORIGIN openshift.test.\n@       IN      SOA     dns1.openshift.test. root.openshift.test. (\n                              2         ; Serial\n                         604800         ; Refresh\n                          86400         ; Retry\n                        2419200         ; Expire\n                         604800 )       ; Negative Cache TTL\n; main domain name servers\n@       IN      NS      localhost.\n@       IN      A       127.0.0.1\n@       IN      AAAA    ::1\n        IN      NS      dns1.openshift.test.\n\n; recors for name servers above\ndns1    IN      A       10.92.204.129\n\n; sub-domain definitions\n$ORIGIN ipi.openshift.test.\napi IN A 192.168.10.11\napps IN A 192.168.10.12\n\n; sub-domain definitions\n$ORIGIN apps.ipi.openshift.test.\n* IN A 192.168.10.12\n```\n\n2. Preparing manifest files:\n\nPut operator yaml files from `deploy/openshift4/` to `$MY_CLUSTER/manifests`,\nedit configmap.yaml about operator configurations, add the operator image and\nNCP image in operator.yaml.\n\n3.  Creating cluster\n```\n$ openshift-install create cluster --dir=$MY_CLUSTER\n```\n\nThe installation log locates in $MY_CLUSTER/.openshift_install.log.\nIf the deployment ends in timeout or failure, you can check the environment\naccording to the log, then Re-run Installer to continue to get the installation\nlog:\n\n```\n$ openshift-install wait-for install-complete\n```\n\n### Upgrade\n\nFor upgrading, all yaml files in `deploy/${platform}/` should be involved,\nespecially to check the `image` and `NCP_IMAGE` in `deploy/${platform}/operator.yaml\n\n\n## Documentation\n\n### Cluster network config (Openshift specific)\nCluster network config is initially set in install-config.yaml, user could apply\n`network.config.openshift.io` CRD to update `clusterNetwork` in `manifests/cluster-network-02-config.yml`.\n*Example configurations*\n```\napiVersion: config.openshift.io/v1\nkind: Network\nmetadata:\n  name: cluster\nspec:\n  clusterNetwork:\n  - cidr: 10.10.0.0/14\n  networkType: ncp\n```\n\n### Operator ConfigMap\n\nOperator ConfigMap `nsx-ncp-operator-config` is used to provide NCP configurations.\nAs for now we only support NSX Policy API, single Tier topology on Openshift 4,\nsingle or two Tiers topology on native Kubernetes.\n\n#### Kubernetes\n\nSome fields are mandatory including `cluster`, `nsx_api_managers`,\n`container_ip_blocks`, `tier0_gateway`(for single T1 case), `top_tier_router`\n(for single T0 case), `external_ip_pools`(for SNAT mode).. If any of above\noptions is not provided in the operator ConfigMap, the operator will fail to\nreconcile configurations, error message swill be added in ncpinstall nsx-ncp\nDegraded conditions\n\n#### OpenShift\n\nThe operator sets `policy_nsxapi` as True, `single_tier_topology` as True.\nIn the ConfigMap, some fields are mandatory including `cluster`, `nsx_api_managers`,\n`tier0_gateway`(for single T1 case), `top_tier_router`(for single T0 case),\n`external_ip_pools`(for SNAT mode). If any of above options is not provided in the\noperator ConfigMap, the operator will fail to reconcile configurations, error messages\nwill be added in clusteroperator nsx-ncp Degraded conditions.\n\n### NCP Image\nUser needs to set NCP image as an environment parameter `NCP_IMAGE` in `deploy/${platform}/operator.yaml`.\n\n### Unsafe changes\n* (Openshift specific) If CIDRs in `clusterNetwork` are already applied, it is\nunsafe to remove them. NSX NCP operator won't fail when it detects some existing\nnetwork CIDRs are deleted, but the removal may cause unexpected issues.\n* NSX NCP operator uses tags to mark the container host logical ports, deleting these tags\nfrom NSX manager will cause network realization failure on corresponding nodes.\n\n## Contributing\n\nWe welcome community contributions to the NSX Container plugin Operator!\n\nBefore you start working with nsx-container-plugin-operator, you should sign our\ncontributor license agreement (CLA).\n\nIf you wish to contribute code and you have not signed our CLA, our bot will update\nthe issue when you open a Pull Request.\nFor more detailed information, refer to [CONTRIBUTING.md](CONTRIBUTING.md).\n\nFor any questions about the CLA process, please refer to our [FAQ](https://cla.vmware.com/faq).\n\n## License\n\nThis repository is available under the [Apache 2.0 license](LICENSE).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmware%2Fnsx-container-plugin-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvmware%2Fnsx-container-plugin-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmware%2Fnsx-container-plugin-operator/lists"}