Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec

CIDR blocks from which Kubernetes allocates pod IP addresses. This range should not overlap with those in Vcenter NamespaceManagement Clusters EnableSpec.service_cidr, Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.ingress_cidrs, Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.egress_cidrs, or other services running in the datacenter. An update operation only allows for addition of new CIDR blocks to the existing list. All Pod CIDR blocks must be of at least subnet size /23.

This property was added in vSphere API 7.0.0.0.

If missing or null, CIDRs from which Kubernetes allocates pod IP addresses will not be modified.

CIDR blocks from which NSX assigns IP addresses for Kubernetes Ingresses and Kubernetes Services of type LoadBalancer. These ranges should not overlap with those in Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.pod_cidrs, Vcenter NamespaceManagement Clusters EnableSpec.service_cidr, Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.egress_cidrs, or other services running in the datacenter. An update operation only allows for addition of new CIDR blocks to the existing list.

This property was added in vSphere API 7.0.0.0.

If missing or null, CIDRs from which Kubernetes allocates ingress IP addresses will not be modified.

CIDR blocks from which NSX assigns IP addresses used for performing SNAT from container IPs to external IPs. These ranges should not overlap with those in Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.pod_cidrs, Vcenter NamespaceManagement Clusters EnableSpec.service_cidr, Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.ingress_cidrs, or other services running in the datacenter. An update operation only allows for addition of new CIDR blocks to the existing list.

This property was added in vSphere API 7.0.0.0.

If missing or null, CIDR from which Kubernetes allocates egress IP addresses will not be modified.

PEM-encoded x509 certificate used by NSX as a default fallback certificate for Kubernetes Ingress services. Certificate(s) used can be created by one of the two supported methods:

1. By signing the Certificate Signing Request obtained from the Namespace Certificate Management API.

OR

2. By creating a certificate using public key cryptography. In such case the certificate Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.default_ingress_tls_certificate should be specified along with the private key Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.default_ingress_tls_private_key used to generate the certificate.

This property was added in vSphere API 7.0.0.0.

If missing or null, the Kubernetes Ingress services certificate will not be modified.

Private Key matching Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.default_ingress_tls_certificate

When using certificates generated externally by the user and not using Certificate Signing Request obtained from Namespace Certificate Management API, users should be able to specify the private key which was used to generate the certificate Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.default_ingress_tls_certificate.

Users with externally generated key pairs can import their own public key certificates and key pairs.

This property was added in vSphere API 9.0.0.0.

If missing or null and Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.default_ingress_tls_certificate is specified then the Supervisor will attempt to find a matching key that was generated with Certificate Signing Request. Otherwise, Vcenter NamespaceManagement Clusters NCPClusterNetworkUpdateSpec.default_ingress_tls_private_key will not be modified.