Vcenter NamespaceManagement Clusters update
Update configuration on the cluster object. The specified configuration is applied partially and missing or null fields in spec will leave those parts of configuration as-is.
This operation was added in vSphere API 7.0.0.0.
Returns an authorization error if you do not have all of the privileges described as follows:
- The resource
ClusterComputeResourcereferenced by the parameter cluster requiresNamespaces.Manage.
Identifier for the cluster on which vSphere Namespaces is enabled.
The parameter must be an identifier for the resource type: ClusterComputeResource.
New specification for the Supervisor cluster.
{
"vsphere_pods_enabled": false,
"supervisor_services_enabled": false,
"size_hint": "string",
"floating_ip": "string",
"network_provider": "string",
"ncp_cluster_network_spec": {
"pod_cidrs": [
{
"address": "string",
"prefix": 0
}
],
"ingress_cidrs": [
{
"address": "string",
"prefix": 0
}
],
"egress_cidrs": [
{
"address": "string",
"prefix": 0
}
],
"default_ingress_tls_certificate": "string",
"default_ingress_tls_private_key": "string"
},
"vpc_cluster_network_spec": {
"default_private_cidrs": [
{
"address": "string",
"prefix": 0
}
]
},
"supervisor_primary_workload_network": "string",
"master_dns": [
"string"
],
"worker_dns": [
"string"
],
"master_dns_search_domains": [
"string"
],
"master_ntp_servers": [
"string"
],
"master_storage_policy": "string",
"ephemeral_storage_policy": "string",
"cns_file_config": {
"vsan_clusters": [
"string"
]
},
"login_banner": "string",
"master_dns_names": [
"string"
],
"image_storage": {
"storage_policy": "string"
},
"default_image_registry": {
"hostname": "string",
"port": 0
},
"default_image_repository": "string",
"tls_endpoint_certificate": "string",
"tls_endpoint_private_key": "string",
"default_kubernetes_service_content_library": "string",
"workload_ntp_servers": [
"string"
],
"cluster_proxy_config": {
"proxy_settings_source": "string",
"https_proxy_config": "string",
"http_proxy_config": "string",
"no_proxy_config": [
"string"
],
"tls_root_ca_bundle": "string"
},
"content_libraries": [
{
"content_library": "string",
"supervisor_services": [
"string"
],
"resource_naming_strategy": "string"
}
],
"count": 0,
"max_concurrent_dns_forwards": 0
}A boolean indicating whether vSphere Pods support should be enabled. It is currently only possible to enable vSphere Pod support post Supervisor enablement, not disable it.
This property was added in vSphere API 9.0.0.0.
If missing or null, defaults to False.
A boolean indicating whether Supervisor Service support should be enabled. It is currently only possible to enable Supervisor Service support post Supervisor enablement, not disable it. Supervisor Services that rely on vSphere Pod support will not be installed unless vSphere Pod support is enabled.
This property was added in vSphere API 9.0.0.0.
If missing or null, defaults to False.
This affects the size and resources allocated to the Kubernetes API server.
For more information see: Vcenter NamespaceManagement SizingHint.
This property was added in vSphere API 7.0.0.0.
If missing or null, size and resources allocated to Kubernetes API server will not be modified.
Optionally, you can edit the floating IP address that is assigned to the Supervisor in case the DHCP server fails during the Supervisor enablement process. The field is only relevant when the DHCP mode of the Supervisor management network is set with Vcenter NamespaceManagement Clusters EnableSpec.master_management_network. Set this floating IP parameter to remediate a supervisor enablement failure in the case where it was detected that the DHCP server does not support DHCP client identifiers.
This property was added in vSphere API 7.0.3.0.
If missing or null, the existing effective management network floating IP will not be modified.
The provider of cluster networking for this vSphere Namespaces cluster.
For more information see: Vcenter NamespaceManagement Clusters NetworkProvider.
This property was added in vSphere API 7.0.0.0.
If missing or null, the existing effective cluster network specification will not be modified.
Updated specification for the cluster network configuration.
This property was added in vSphere API 7.0.0.0.
If missing or null, the existing effective cluster network specification will not be modified.
Updated specification for the cluster network configuration.
This property was added in vSphere API 9.0.0.0.
If missing or null, the existing effective cluster network specification will not be modified.
Identifier of the Supervisor Primary workload network configuration. The Supervisor Primary workload network configuration refers to a network configuration used by Supervisor Kubernetes control plane VMs to expose Kubernetes API server to users and other workloads.
This property was added in vSphere API 9.0.0.0.
If missing or null, the current value remains unchanged.
When clients pass a value of this schema as a parameter, the property must be an identifier for the resource type: com.vmware.vcenter.namespace_management.Network. When operations return a value of this schema as a response, the property will be an identifier for the resource type: com.vmware.vcenter.namespace_management.Network.
List of DNS server IP addresses to use on Kubernetes API server, specified in order of preference.
This property was added in vSphere API 7.0.0.0.
If set, DNS servers set on Kubernetes API server will be replaced. Otherwise, they will not be modified.
List of DNS server IP addresses to use on the worker nodes, specified in order of preference.
This property was added in vSphere API 7.0.0.0.
If set, DNS servers set on worker nodes will be replaced. Otherwise, they will not be modified.
List of domains (for example "vmware.com") to be searched when trying to lookup a host name on Kubernetes API server, specified in order of preference.
This property was added in vSphere API 7.0.0.0.
If set, DNS search domains on Kubernetes API server will be replaced. Otherwise, they will not be modified.
List of NTP server DNS names or IP addresses to use on Kubernetes API server, specified in order of preference.
This property was added in vSphere API 7.0.0.0.
If set, NTP servers on Kubernetes API server will be replaced. Otherwise, they will not be modified.
Identifier of storage policy associated with Kubernetes API server.
This property was added in vSphere API 7.0.0.0.
If missing or null, storage policy associated with Kubernetes API server will not be modified.
When clients pass a value of this schema as a parameter, the property must be an identifier for the resource type: SpsStorageProfile. When operations return a value of this schema as a response, the property will be an identifier for the resource type: SpsStorageProfile.
Identifier of storage policy associated with ephemeral disks of all the Kubernetes Pods in the cluster.
This property was added in vSphere API 7.0.0.0.
If missing or null, storage policy associated with ephemeral disks of all the Kubernetes Pods will not be modified.
When clients pass a value of this schema as a parameter, the property must be an identifier for the resource type: SpsStorageProfile. When operations return a value of this schema as a response, the property will be an identifier for the resource type: SpsStorageProfile.
Specification for configuring Cloud Native Storage file volume support on Supervisor. This feature provides support for provisioning ReadWriteMany persistent volumes on this cluster and/or external clusters.
This property was added in vSphere API 7.0.3.0.
If missing or null, configuration for file volumes will remain unchanged.
Disclaimer to be displayed prior to login via the Kubectl plugin.
This property was added in vSphere API 7.0.0.0.
If missing or null, disclaimer to be displayed prior to login via the Kubectl plugin will not be modified.
List of DNS names to associate with the Kubernetes API server. These DNS names are embedded in the CSR for TLS certificate presented by the API server. The provided value will replace existing DNS names.
This property was added in vSphere API 8.0.2.00300.
If missing or null, existing DNS names will not be modified.
Specification for storage to be used for container images.
This property was added in vSphere API 7.0.0.0.
If missing or null, configuration of storage used for container images is not modified.
Default image registry to use when Kubernetes Pod container specification does not specify it as part of the container image name.
This property was added in vSphere API 7.0.0.0.
If missing or null, default image registry will not be modified.
Default image repository to use when Kubernetes Pod container specification does not specify it as part of the container image name.
This property was added in vSphere API 7.0.0.0.
If missing or null, default image repository will not be modified.
PEM-encoded x509 certificate(s) issued for Kubernetes API Server. Certificate(s) used can be created by one of the two supported methods:
- By signing the Certificate Signing Request obtained from the Namespace Certificate Management API.
OR
- By creating a certificate using public key cryptography. In such case the certificate Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_certificate should be specified along with the private key Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_private_key used to generate the certificate.
Because a Kubernetes CertificateSigningRequest is created on an existing Namespaces-enabled cluster, you must use the Vcenter NamespaceManagement Clusters UpdateSpec to specify this Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_certificate on an existing cluster rather than during initially enabling Namespaces on a cluster.
In case of providing the trust chain, the certificates should be simply concatenated into a single string.
This property was added in vSphere API 7.0.0.0.
If missing or null, Kubernetes API Server certificate(s) will not be modified.
Private Key matching Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_certificate
When using certificates generated externally by the user and not using Certificate Signing Request obtained from Namespace Certificate Management API, users should be able to specify the private key which was used to generate the certificate Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_certificate.
Users with externally generated key pairs can import their own public key certificates and key pairs.
This property was added in vSphere API 9.0.0.0.
If missing or null and Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_certificate is specified then the Supervisor will attempt to find a matching key that was generated with Certificate Signing Request. Otherwise, Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_private_key will not be modified.
This property is deprecated as of vSphere API 9.0.0.0. Use Vcenter NamespaceManagement Clusters UpdateSpec.content_libraries instead.
Identifier of the Content Library which holds the VM Images for vSphere Kubernetes Service.
This Content Library should be subscribed to VMware's hosted vSphere Kubernetes Service Repository.
Modifying or clearing the Content Library identifier will not affect existing vSphere Kubernetes Service clusters. However, upgrades or scale-out of existing clusters may be affected if the new Content Library doesn't have the necessary VM Images.
This property was added in vSphere API 7.0.0.0.
If missing or null, the Content Library will not be modified.
When clients pass a value of this schema as a parameter, the property must be an identifier for the resource type: com.vmware.content.Library. When operations return a value of this schema as a response, the property will be an identifier for the resource type: com.vmware.content.Library.
List of NTP server DNS names or IP addresses to use for workloads such as Kubernetes Cluster VMs, specified in order of preference.
This property was added in vSphere API 7.0.1.0.
If missing or null, NTP servers for workloads will be unmodified.
Proxy configuration that will be applied to the Supervisor. The proxy should be reachable from the management network and will be used for image pulling and container traffic exiting out of the Supervisor.
Modifying these settings will result in a restart of the container runtime. Workloads might fail to pull their images for a short period of time.
There will be no effect on the currently running containers.
This property was added in vSphere API 7.0.3.00100.
If missing or null no change will be made to the cluster.
List of Content Libraries that will be associated with a Supervisor. This list should refer to existing Content Libraries in the vSphere inventory. These Content Libraries and the Content Library items belonging to them will be read-only across all vSphere Namespaces. If Vcenter NamespaceManagement Clusters UpdateSpec.default_kubernetes_service_content_library is set, the Content Library identifier will be migrated to this property.
This property was added in vSphere API 8.0.2.0.
If missing or null, no Content Libraries will be set for the Supervisor.
Total number of control planes associated with a Supervisor. If the existing count is 1, the allowed values are either 1 or 3.
This property was added in vSphere API 9.0.0.0.
If missing or null or the existing count is 3, no change will be made to the Supervisor.
This configuration setting applies to the DNS forwarder running on each Supervisor control plane VM. It determines the maximum number of concurrent DNS requests that can be sent to upstream Vcenter NamespaceManagement Clusters UpdateSpec.worker_DNS servers from the Supervisor, which is calculated by multiplying this value by the Vcenter NamespaceManagement Clusters UpdateSpec.count value. This value must be greater than or equal to 0. If set to 0, no limit will be imposed on the maximum number of concurrent requests that can be forwarded.
This property was added in vSphere API 9.0.0.0.
If missing or null, the existing value will not be modified.
Success!
Vapi Std Errors InvalidArgument if spec contain any errors.
Vapi Std Errors NotAllowedInCurrentState if vSphere Namespaces is being disabled on this Supervisor cluster or if the Supervisor cluster is being restored from a backup. When a Supervisor cluster is restored, there's a window of time during which the restored Supervisor cluster's state is being synchronized back to vCenter. During that time, Supervisor cluster's configuration modifications are not allowed.
Vapi Std Errors Unsupported if the Supervisor cluster's hosts are not configured with sufficient resources for the new Kubernetes API Server size.
"Vapi Std Errors Error Object"Stack of one or more localizable messages for human error consumers.
The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.
Each subsequent message in the stack describes the "cause" of the prior message.
Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully.
Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.
The Vapi Std Errors ArgumentLocations, Vapi Std Errors FileLocations, and Vapi Std Errors TransientIndication schemas are intended as possible values for this property. Vapi Std DynamicID may also be useful as a value for this property (although that is not its primary purpose). Some resources may provide their own specific schemas for use as the value of this property when reporting errors from their operations.
Some operations will not set this property when reporting errors.
Discriminator field to help API consumers identify the structure type.
For more information see: Vapi Std Errors Error Type.
This property was added in vSphere API 6.7.2.
Can be missing or null for compatibility with preceding implementations.
if the user can not be authenticated.
"Vapi Std Errors Unauthenticated Object"Indicates the authentication challenges applicable to the target API provider. It can be used by a client to discover the correct authentication scheme to use. The exact syntax of the value is defined by the specific provider, the protocol and authentication schemes used.
For example, a provider using REST may adhere to the WWW-Authenticate HTTP header specification, RFC7235, section 4.1. In this case an example challenge value may be: SIGN realm="27da1358-2ba4-11e9-b210-d663bd873d93",sts="http://vcenter/sso?vsphere.local", Basic realm="vCenter"
This property was added in vSphere API 7.0.0.0.
This property is optional because it was added in a newer version than its parent node.
if the user does not have Namespaces.Manage privilege.
"Vapi Std Errors Unauthorized Object"if the Supervisor cluster could not be located.
"Vapi Std Errors NotFound Object"if the system reports an error while responding to the request.
"Vapi Std Errors Error Object"Stack of one or more localizable messages for human error consumers.
The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.
Each subsequent message in the stack describes the "cause" of the prior message.
Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully.
Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.
The Vapi Std Errors ArgumentLocations, Vapi Std Errors FileLocations, and Vapi Std Errors TransientIndication schemas are intended as possible values for this property. Vapi Std DynamicID may also be useful as a value for this property (although that is not its primary purpose). Some resources may provide their own specific schemas for use as the value of this property when reporting errors from their operations.
Some operations will not set this property when reporting errors.
Discriminator field to help API consumers identify the structure type.
For more information see: Vapi Std Errors Error Type.
This property was added in vSphere API 6.7.2.
Can be missing or null for compatibility with preceding implementations.
curl -X PATCH -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{}'