OShiftK8SConfiguration
{
"app_sync_frequency": 0,
"auto_assign_fqdn": false,
"avi_bridge_subnet": {
"ip_addr": {
"addr": "string",
"type": "string"
},
"mask": 0
},
"ca_tls_key_and_certificate_ref": "string",
"client_tls_key_and_certificate_ref": "string",
"cluster_tag": "string",
"container_port_match_http_service": false,
"coredump_directory": "string",
"default_service_as_east_west_service": false,
"disable_auto_backend_service_sync": false,
"disable_auto_frontend_service_sync": false,
"disable_auto_gs_sync": false,
"disable_auto_se_creation": false,
"docker_endpoint": "string",
"docker_registry_se": {
"oshift_registry": {
"registry_namespace": "string",
"registry_service": "string",
"registry_vip": {
"addr": "string",
"type": "string"
}
},
"password": "string",
"private": false,
"registry": "string",
"username": "string"
},
"east_west_placement_subnet": {
"ip_addr": {
"addr": "string",
"type": "string"
},
"mask": 0
},
"enable_event_subscription": false,
"enable_route_ingress_hardening": false,
"feproxy_vips_enable_proxy_arp": false,
"http_container_ports": [
0
],
"ing_exclude_attributes": [
{
"attribute": "string",
"value": "string"
}
],
"ing_include_attributes": [
{
"attribute": "string",
"value": "string"
}
],
"l4_health_monitoring": false,
"master_nodes": [
"string"
],
"node_availability_zone_label": "string",
"ns_exclude_attributes": [
{
"attribute": "string",
"value": "string"
}
],
"ns_include_attributes": [
{
"attribute": "string",
"value": "string"
}
],
"num_shards": 0,
"override_service_ports": false,
"persistent_volume_claim": "string",
"routes": [
{
"if_name": "string",
"network_namespace": "string",
"nexthop": {
"addr": "string",
"type": "string"
},
"subnet": {
"ip_addr": {
"addr": "string",
"type": "string"
},
"mask": 0
}
}
],
"sdn_overlay": false,
"se_deployment_method": "string",
"se_exclude_attributes": [
{
"attribute": "string",
"value": "string"
}
],
"se_image_pull_secret": "string",
"se_include_attributes": [
{
"attribute": "string",
"value": "string"
}
],
"se_namespace": "string",
"se_pod_tolerations": [
{
"effect": "string",
"key": "string",
"operator": "string",
"toleration_seconds": 0,
"value": "string"
}
],
"se_priority_class": "string",
"se_restart_batch_size": 0,
"se_restart_force": false,
"se_volume": "string",
"secure_egress_mode": false,
"service_account_token": "string",
"shard_prefix": "string",
"shared_virtualservice_namespace": false,
"ssh_user_ref": "string",
"sync_not_ready_addresses": false,
"use_controller_image": false,
"use_resource_definition_as_ssot": false,
"use_scheduling_disabled_nodes": false,
"use_service_cluster_ip_as_ew_vip": false,
"vip_default_gateway": {
"addr": "string",
"type": "string"
}
}Sync frequency in seconds with frameworks. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Auto assign FQDN to a virtual service if a valid FQDN is not configured. Field introduced in 17.2.8. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
UUID of the UCP CA TLS cert and key. It is a reference to an object of type SSLKeyAndCertificate. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
UUID of the client TLS cert and key instead of service account token. One of client certificate or token is required. It is a reference to an object of type SSLKeyAndCertificate. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Openshift/K8S Cluster ID used to uniquely map same named namespaces as tenants in Avi. In order to use more than one OpenShift/K8S cloud on this controller, cluster_tag has to be unique across these clouds. Changing cluster_tag is disruptive as all virtual services in the cloud will be recreated. Field introduced in 17.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Perform container port matching to create a HTTP Virtualservice instead of a TCP/UDP VirtualService. By default, ports 80, 8080, 443, 8443 are considered HTTP. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Directory to mount to check for core dumps on Service Engines. This will be mapped read only to /var/crash on any new Service Engines. This is a disruptive change. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
If there is no explicit east_west_placement field in virtualservice configuration, treat service as a East-West service; default services such a OpenShift API server do not have virtualservice configuration. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Disable auto service sync for back end services. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Disable auto service sync for front end services. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Disable auto sync for GSLB services. Field introduced in 17.1.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Disable SE creation. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Host Docker server UNIX socket endpoint. Field introduced in 17.2.14, 18.1.5, 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Enable Kubernetes event subscription. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Knob to turn on adding of HTTP drop rules for host and path combinations in incoming request header, specified as part of Ingress/Route spec. The default state is to enable this behavior. Note Toggling this knob only affects any new routes/ingresses, existing routes/ingresses present in Avi will continue to function as-is. Field introduced in 18.2.6. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Enable proxy ARP from Host interface for Front End proxies. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
List of container ports that create a HTTP Virtualservice instead of a TCP/UDP VirtualService. Defaults to 80, 8080, 443 and 8443. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Do not sync applications only for ingress that have these exclude attributes configured. Field introduced in 17.2.15, 18.1.5, 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Sync applications only for ingress objects that have these include attributes configured. Default values are populated for this field if not provided. The default value are 'attribute' 'kubernetes.io/ingress.class', 'value' 'avi'. Field introduced in 17.2.15, 18.1.5, 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Perform Layer4 (TCP/UDP) health monitoring even for Layer7 (HTTP) Pools. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
List of OpenShift/Kubernetes master nodes; In case of a load balanced OpenShift/K8S cluster, use Virtual IP of the cluster. Each node is of the form node 8443 or http //node 8080. If scheme is not provided, https is assumed. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
OpenShift/K8S Node label to be used as OpenShift/K8S Node's availability zone in a dual availability zone deployment. ServiceEngines belonging to the availability zone will be rebooted during a manual DR failover. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Syncing of applications is disabled only for namespaces/projects that have these exclude attributes configured. If there are apps synced already for these namespaces, they will be removed from Avi. Field introduced in 17.1.9,17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Sync applications only for namespaces/projects that have these include attributes configured. Field introduced in 17.1.9,17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Enables sharding of Routes and Ingresses to this number (if non zero) of virtual services in the admin tenant per SEGroup. Sharding is done by hashing on the namespace of the Ingress/Route object. This knob is valid only if shared_virtualservice_namespace flag is set. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Override Service Ports with well known ports (80/443) for http/https Route/Ingress VirtualServices. Field introduced in 17.2.12,18.1.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Persistent Volume Claim name to be used for persistent storage for Avi service engines. This could be used in scenarios where host based volumes are ephemeral. Refer https //kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims for more details on the usage of this field. Field introduced in 18.2.6. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Routes support adding routes to a particular namespace routing table in Openshift/K8s cluster. Each route is a combination of subnet and nexthop ip address or nexthop interface name, and a enum type is used to distinguish an entry in the host (default behaviour) or in the container/pod or in other namespace. This knob should be enabled in the following cases 1. Forwarding the network packets to the same network interface from where it came from in the OpenShift/K8s node. 2. OpenShift/K8s Node connected to the Internet via multiple network interfaces on different networks/ISPs.3. Handling North-South traffic originating from with in the node when the default gateway for outgoing traffic of vs is configured.4. Handling the container/pod traffic by adding the routes in the container/pod. Field introduced in 18.2.6. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Cluster uses overlay based SDN. Enable this flag if cluster uses a overlay based SDN for OpenShift, Flannel, Weave, Nuage. Disable for routed mode. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Use SSH/Pod for SE deployment. Enum options - SE_CREATE_FLEET, SE_CREATE_SSH, SE_CREATE_POD. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Exclude hosts with attributes for SE creation. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
OpenShift/K8S secret name to be used for private docker repos when deploying SE as a Pod. Reference Link https //kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/. Field introduced in 17.2.13,18.1.3,18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Create SEs just on hosts with include attributes. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Kubernetes namespace to be used for deploying Avi service engines. This namespace is used to create daemonsets, service accounts, etc. for Avi only use. Setting this value is a disruptive operation and assumes the namespace exists in kubernetes. 'default' namespace is picked if this field is unset. Field introduced in 18.2.6. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Match SE Pod tolerations against taints of OpenShift/K8S nodes https //kubernetes.io/docs/concepts/configuration/taint-and-toleration/. Field introduced in 17.2.14, 18.1.5, 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Priority class for AVI SEs when running as pods. User is expected to have the priority class (with this name) created in Kubernetes, beforehand. If the priority class doesn't exist while assigning this field, the SE pods may not start. If empty no priority class will be used for deploying SE pods (default behaviour). Field introduced in 18.2.6. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Restart ServiceEngines by batch on ServiceEngineGroup updates (cpu, memory..etc). Field introduced in 17.2.15, 18.1.5, 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Restart ServiceEngines forcely if VirtualServices failed to migrate to another SE. Field introduced in 17.2.15, 18.1.5, 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Host volume to be used as a disk for Avi SE, This is a disruptive change. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Allow Avi Vantage to create SecurityContextConstraints and ServiceAccounts which allow Egress Pods to run in privileged mode in an Openshift environment. Enabling this would exclude egress services from 'disable_auto_backend_service_sync' (if set) behaviour. Note Access credentials must have cluster-admin role privileges. Field introduced in 17.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Authorization token for service account instead of client certificate. One of client certificate or token is required. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Prefix to be used for Shard VS name when num_shards knob is non zero. Format for Shard VS name will be
Projects/Namespaces use a shared virtualservice for http/https Routes and Ingress objects unless overriden by the avi_virtualservice dedicated|shared annotation. Field introduced in 17.1.9,17.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Cloud connector user uuid for SSH to hosts. It is a reference to an object of type CloudConnectorUser. Field introduced in 17.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Allow the not_ready_addresses in the kubernetes endpoint object to be added as servers in the AVI pool object. Field introduced in 18.2.5. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
If true, use controller generated SE docker image via fileservice, else use docker repository image as defined by docker_registry_se. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Use OpenShift/Kubernetes resource definition and annotations as single-source-of-truth. Any changes made in Avi Controller via UI or CLI will be overridden by values provided in annotations. Field introduced in 17.2.13, 18.1.4, 18.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Enable VirtualService placement on Service Engines on nodes with scheduling disabled. When false, Service Engines are disabled on nodes where scheduling is disabled. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Use Cluster IP of service as VIP for East-West services; This option requires that kube proxy is disabled on all nodes. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.