Vcenter NamespaceManagement Clusters update

Vcenter NamespaceManagement Clusters update

Update configuration on the cluster object. The specified configuration is applied partially and missing or null fields in spec will leave those parts of configuration as-is.

This operation was added in vSphere API 7.0.0.0.

Returns an authorization error if you do not have all of the privileges described as follows:

  • The resource ClusterComputeResource referenced by the parameter cluster requires Namespaces.Manage.
Request
URI
PATCH
https://{api_host}/api/vcenter/namespace-management/clusters/{cluster}
COPY
Path Parameters
string
cluster
Required

Identifier for the cluster on which vSphere Namespaces is enabled.

The parameter must be an identifier for the resource type: ClusterComputeResource.


Request Body

New specification for the Supervisor cluster.

Required
{
    "vsphere_pods_enabled": false,
    "supervisor_services_enabled": false,
    "size_hint": "string",
    "floating_ip": "string",
    "network_provider": "string",
    "ncp_cluster_network_spec": {
        "pod_cidrs": [
            {
                "address": "string",
                "prefix": 0
            }
        ],
        "ingress_cidrs": [
            {
                "address": "string",
                "prefix": 0
            }
        ],
        "egress_cidrs": [
            {
                "address": "string",
                "prefix": 0
            }
        ],
        "default_ingress_tls_certificate": "string",
        "default_ingress_tls_private_key": "string"
    },
    "vpc_cluster_network_spec": {
        "default_private_cidrs": [
            {
                "address": "string",
                "prefix": 0
            }
        ]
    },
    "supervisor_primary_workload_network": "string",
    "master_dns": [
        "string"
    ],
    "worker_dns": [
        "string"
    ],
    "master_dns_search_domains": [
        "string"
    ],
    "master_ntp_servers": [
        "string"
    ],
    "master_storage_policy": "string",
    "ephemeral_storage_policy": "string",
    "cns_file_config": {
        "vsan_clusters": [
            "string"
        ]
    },
    "login_banner": "string",
    "master_dns_names": [
        "string"
    ],
    "image_storage": {
        "storage_policy": "string"
    },
    "default_image_registry": {
        "hostname": "string",
        "port": 0
    },
    "default_image_repository": "string",
    "tls_endpoint_certificate": "string",
    "tls_endpoint_private_key": "string",
    "default_kubernetes_service_content_library": "string",
    "workload_ntp_servers": [
        "string"
    ],
    "cluster_proxy_config": {
        "proxy_settings_source": "string",
        "https_proxy_config": "string",
        "http_proxy_config": "string",
        "no_proxy_config": [
            "string"
        ],
        "tls_root_ca_bundle": "string"
    },
    "content_libraries": [
        {
            "content_library": "string",
            "supervisor_services": [
                "string"
            ],
            "resource_naming_strategy": "string"
        }
    ],
    "count": 0,
    "max_concurrent_dns_forwards": 0
}
boolean
vsphere_pods_enabled
Optional

A boolean indicating whether vSphere Pods support should be enabled. It is currently only possible to enable vSphere Pod support post Supervisor enablement, not disable it.

This property was added in vSphere API 9.0.0.0.

If missing or null, defaults to False.

boolean
supervisor_services_enabled
Optional

A boolean indicating whether Supervisor Service support should be enabled. It is currently only possible to enable Supervisor Service support post Supervisor enablement, not disable it. Supervisor Services that rely on vSphere Pod support will not be installed unless vSphere Pod support is enabled.

This property was added in vSphere API 9.0.0.0.

If missing or null, defaults to False.

string
size_hint
Optional

This affects the size and resources allocated to the Kubernetes API server.

For more information see: Vcenter NamespaceManagement SizingHint.

This property was added in vSphere API 7.0.0.0.

If missing or null, size and resources allocated to Kubernetes API server will not be modified.

string
floating_ip
Optional

Optionally, you can edit the floating IP address that is assigned to the Supervisor in case the DHCP server fails during the Supervisor enablement process. The field is only relevant when the DHCP mode of the Supervisor management network is set with Vcenter NamespaceManagement Clusters EnableSpec.master_management_network. Set this floating IP parameter to remediate a supervisor enablement failure in the case where it was detected that the DHCP server does not support DHCP client identifiers.

This property was added in vSphere API 7.0.3.0.

If missing or null, the existing effective management network floating IP will not be modified.

string
network_provider
Optional

The provider of cluster networking for this vSphere Namespaces cluster.

For more information see: Vcenter NamespaceManagement Clusters NetworkProvider.

This property was added in vSphere API 7.0.0.0.

If missing or null, the existing effective cluster network specification will not be modified.

ncp_cluster_network_spec
Optional

Updated specification for the cluster network configuration.

This property was added in vSphere API 7.0.0.0.

If missing or null, the existing effective cluster network specification will not be modified.

vpc_cluster_network_spec
Optional

Updated specification for the cluster network configuration.

This property was added in vSphere API 9.0.0.0.

If missing or null, the existing effective cluster network specification will not be modified.

string
supervisor_primary_workload_network
Optional

Identifier of the Supervisor Primary workload network configuration. The Supervisor Primary workload network configuration refers to a network configuration used by Supervisor Kubernetes control plane VMs to expose Kubernetes API server to users and other workloads.

This property was added in vSphere API 9.0.0.0.

If missing or null, the current value remains unchanged.

When clients pass a value of this schema as a parameter, the property must be an identifier for the resource type: com.vmware.vcenter.namespace_management.Network. When operations return a value of this schema as a response, the property will be an identifier for the resource type: com.vmware.vcenter.namespace_management.Network.

array of string
master_dns
Optional

List of DNS server IP addresses to use on Kubernetes API server, specified in order of preference.

This property was added in vSphere API 7.0.0.0.

If set, DNS servers set on Kubernetes API server will be replaced. Otherwise, they will not be modified.

array of string
worker_dns
Optional

List of DNS server IP addresses to use on the worker nodes, specified in order of preference.

This property was added in vSphere API 7.0.0.0.

If set, DNS servers set on worker nodes will be replaced. Otherwise, they will not be modified.

array of string
master_dns_search_domains
Optional

List of domains (for example "vmware.com") to be searched when trying to lookup a host name on Kubernetes API server, specified in order of preference.

This property was added in vSphere API 7.0.0.0.

If set, DNS search domains on Kubernetes API server will be replaced. Otherwise, they will not be modified.

array of string
master_ntp_servers
Optional

List of NTP server DNS names or IP addresses to use on Kubernetes API server, specified in order of preference.

This property was added in vSphere API 7.0.0.0.

If set, NTP servers on Kubernetes API server will be replaced. Otherwise, they will not be modified.

string
master_storage_policy
Optional

Identifier of storage policy associated with Kubernetes API server.

This property was added in vSphere API 7.0.0.0.

If missing or null, storage policy associated with Kubernetes API server will not be modified.

When clients pass a value of this schema as a parameter, the property must be an identifier for the resource type: SpsStorageProfile. When operations return a value of this schema as a response, the property will be an identifier for the resource type: SpsStorageProfile.

string
ephemeral_storage_policy
Optional

Identifier of storage policy associated with ephemeral disks of all the Kubernetes Pods in the cluster.

This property was added in vSphere API 7.0.0.0.

If missing or null, storage policy associated with ephemeral disks of all the Kubernetes Pods will not be modified.

When clients pass a value of this schema as a parameter, the property must be an identifier for the resource type: SpsStorageProfile. When operations return a value of this schema as a response, the property will be an identifier for the resource type: SpsStorageProfile.

cns_file_config
Optional

Specification for configuring Cloud Native Storage file volume support on Supervisor. This feature provides support for provisioning ReadWriteMany persistent volumes on this cluster and/or external clusters.

This property was added in vSphere API 7.0.3.0.

If missing or null, configuration for file volumes will remain unchanged.

string
login_banner
Optional

Disclaimer to be displayed prior to login via the Kubectl plugin.

This property was added in vSphere API 7.0.0.0.

If missing or null, disclaimer to be displayed prior to login via the Kubectl plugin will not be modified.

array of string
master_dns_names
Optional

List of DNS names to associate with the Kubernetes API server. These DNS names are embedded in the CSR for TLS certificate presented by the API server. The provided value will replace existing DNS names.

This property was added in vSphere API 8.0.2.00300.

If missing or null, existing DNS names will not be modified.

image_storage
Optional

Specification for storage to be used for container images.

This property was added in vSphere API 7.0.0.0.

If missing or null, configuration of storage used for container images is not modified.

default_image_registry
Optional

Default image registry to use when Kubernetes Pod container specification does not specify it as part of the container image name.

This property was added in vSphere API 7.0.0.0.

If missing or null, default image registry will not be modified.

string
default_image_repository
Optional

Default image repository to use when Kubernetes Pod container specification does not specify it as part of the container image name.

This property was added in vSphere API 7.0.0.0.

If missing or null, default image repository will not be modified.

string
tls_endpoint_certificate
Optional

PEM-encoded x509 certificate(s) issued for Kubernetes API Server. Certificate(s) used can be created by one of the two supported methods:

  1. By signing the Certificate Signing Request obtained from the Namespace Certificate Management API.

OR

  1. By creating a certificate using public key cryptography. In such case the certificate Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_certificate should be specified along with the private key Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_private_key used to generate the certificate.

Because a Kubernetes CertificateSigningRequest is created on an existing Namespaces-enabled cluster, you must use the Vcenter NamespaceManagement Clusters UpdateSpec to specify this Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_certificate on an existing cluster rather than during initially enabling Namespaces on a cluster.

In case of providing the trust chain, the certificates should be simply concatenated into a single string.

This property was added in vSphere API 7.0.0.0.

If missing or null, Kubernetes API Server certificate(s) will not be modified.

string As password As password
tls_endpoint_private_key
Optional

Private Key matching Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_certificate

When using certificates generated externally by the user and not using Certificate Signing Request obtained from Namespace Certificate Management API, users should be able to specify the private key which was used to generate the certificate Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_certificate.

Users with externally generated key pairs can import their own public key certificates and key pairs.

This property was added in vSphere API 9.0.0.0.

If missing or null and Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_certificate is specified then the Supervisor will attempt to find a matching key that was generated with Certificate Signing Request. Otherwise, Vcenter NamespaceManagement Clusters UpdateSpec.tls_endpoint_private_key will not be modified.

string
default_kubernetes_service_content_library
Optional

This property is deprecated as of vSphere API 9.0.0.0. Use Vcenter NamespaceManagement Clusters UpdateSpec.content_libraries instead.

Identifier of the Content Library which holds the VM Images for vSphere Kubernetes Service.

This Content Library should be subscribed to VMware's hosted vSphere Kubernetes Service Repository.

Modifying or clearing the Content Library identifier will not affect existing vSphere Kubernetes Service clusters. However, upgrades or scale-out of existing clusters may be affected if the new Content Library doesn't have the necessary VM Images.

This property was added in vSphere API 7.0.0.0.

If missing or null, the Content Library will not be modified.

When clients pass a value of this schema as a parameter, the property must be an identifier for the resource type: com.vmware.content.Library. When operations return a value of this schema as a response, the property will be an identifier for the resource type: com.vmware.content.Library.

array of string
workload_ntp_servers
Optional

List of NTP server DNS names or IP addresses to use for workloads such as Kubernetes Cluster VMs, specified in order of preference.

This property was added in vSphere API 7.0.1.0.

If missing or null, NTP servers for workloads will be unmodified.

cluster_proxy_config
Optional

Proxy configuration that will be applied to the Supervisor. The proxy should be reachable from the management network and will be used for image pulling and container traffic exiting out of the Supervisor.

Modifying these settings will result in a restart of the container runtime. Workloads might fail to pull their images for a short period of time.

There will be no effect on the currently running containers.

This property was added in vSphere API 7.0.3.00100.

If missing or null no change will be made to the cluster.

array of object
content_libraries
Optional

List of Content Libraries that will be associated with a Supervisor. This list should refer to existing Content Libraries in the vSphere inventory. These Content Libraries and the Content Library items belonging to them will be read-only across all vSphere Namespaces. If Vcenter NamespaceManagement Clusters UpdateSpec.default_kubernetes_service_content_library is set, the Content Library identifier will be migrated to this property.

This property was added in vSphere API 8.0.2.0.

If missing or null, no Content Libraries will be set for the Supervisor.

integer As int64 As int64
count
Optional

Total number of control planes associated with a Supervisor. If the existing count is 1, the allowed values are either 1 or 3.

This property was added in vSphere API 9.0.0.0.

If missing or null or the existing count is 3, no change will be made to the Supervisor.

integer As int64 As int64
max_concurrent_dns_forwards
Optional

This configuration setting applies to the DNS forwarder running on each Supervisor control plane VM. It determines the maximum number of concurrent DNS requests that can be sent to upstream Vcenter NamespaceManagement Clusters UpdateSpec.worker_DNS servers from the Supervisor, which is calculated by multiplying this value by the Vcenter NamespaceManagement Clusters UpdateSpec.count value. This value must be greater than or equal to 0. If set to 0, no limit will be imposed on the maximum number of concurrent requests that can be forwarded.

This property was added in vSphere API 9.0.0.0.

If missing or null, the existing value will not be modified.

Authentication
This operation uses the following authentication methods.
Responses
204

Success!

Operation doesn't return any data structure

400

Vapi Std Errors InvalidArgument if spec contain any errors.

Vapi Std Errors NotAllowedInCurrentState if vSphere Namespaces is being disabled on this Supervisor cluster or if the Supervisor cluster is being restored from a backup. When a Supervisor cluster is restored, there's a window of time during which the restored Supervisor cluster's state is being synchronized back to vCenter. During that time, Supervisor cluster's configuration modifications are not allowed.

Vapi Std Errors Unsupported if the Supervisor cluster's hosts are not configured with sufficient resources for the new Kubernetes API Server size.

Returns Vapi Std Errors Error of type(s) application/json
"Vapi Std Errors Error Object"
array of object
messages
Required

Stack of one or more localizable messages for human error consumers.

The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.

Each subsequent message in the stack describes the "cause" of the prior message.

object
data
Optional

Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully.

Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.

The Vapi Std Errors ArgumentLocations, Vapi Std Errors FileLocations, and Vapi Std Errors TransientIndication schemas are intended as possible values for this property. Vapi Std DynamicID may also be useful as a value for this property (although that is not its primary purpose). Some resources may provide their own specific schemas for use as the value of this property when reporting errors from their operations.

Some operations will not set this property when reporting errors.

string
error_type
Required

Discriminator field to help API consumers identify the structure type.

For more information see: Vapi Std Errors Error Type.

This property was added in vSphere API 6.7.2.

Can be missing or null for compatibility with preceding implementations.


401

if the user can not be authenticated.

Returns Vapi Std Errors Unauthenticated of type(s) application/json
This response body class contains all of the following: InlineVapi Std Errors Unauthenticated0
"Vapi Std Errors Unauthenticated Object"
string
challenge
Optional

Indicates the authentication challenges applicable to the target API provider. It can be used by a client to discover the correct authentication scheme to use. The exact syntax of the value is defined by the specific provider, the protocol and authentication schemes used.

For example, a provider using REST may adhere to the WWW-Authenticate HTTP header specification, RFC7235, section 4.1. In this case an example challenge value may be: SIGN realm="27da1358-2ba4-11e9-b210-d663bd873d93",sts="http://vcenter/sso?vsphere.local", Basic realm="vCenter"

This property was added in vSphere API 7.0.0.0.

This property is optional because it was added in a newer version than its parent node.


403

if the user does not have Namespaces.Manage privilege.

Returns Vapi Std Errors Unauthorized of type(s) application/json
This response body class contains all of the following: InlineVapi Std Errors Unauthorized0
"Vapi Std Errors Unauthorized Object"

404

if the Supervisor cluster could not be located.

Returns Vapi Std Errors NotFound of type(s) application/json
This response body class contains all of the following: InlineVapi Std Errors NotFound0
"Vapi Std Errors NotFound Object"

500

if the system reports an error while responding to the request.

Returns Vapi Std Errors Error of type(s) application/json
"Vapi Std Errors Error Object"
array of object
messages
Required

Stack of one or more localizable messages for human error consumers.

The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.

Each subsequent message in the stack describes the "cause" of the prior message.

object
data
Optional

Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully.

Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.

The Vapi Std Errors ArgumentLocations, Vapi Std Errors FileLocations, and Vapi Std Errors TransientIndication schemas are intended as possible values for this property. Vapi Std DynamicID may also be useful as a value for this property (although that is not its primary purpose). Some resources may provide their own specific schemas for use as the value of this property when reporting errors from their operations.

Some operations will not set this property when reporting errors.

string
error_type
Required

Discriminator field to help API consumers identify the structure type.

For more information see: Vapi Std Errors Error Type.

This property was added in vSphere API 6.7.2.

Can be missing or null for compatibility with preceding implementations.


Code Samples
COPY
                    curl -X PATCH -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{}'