This controllers goal is to read labels from the tkc
clusters and propogate them to the nsxt segment that is associated with the cluster as tags/scope so that they can be leveraged for grouping and firewalls.
NSXT_HOST
- the hostname or ip for nsxt managerNSXT_USERNAME
- NSXT user , must have priviliges to overwrite protected objects and update tags on segmentsNSXT_PASSWORD
- Password for the nsxt user
This will need to be deployed as a full cluster admin on the supervisor cluster.
-
temporarily give administrators cluster admin access to the supervisor
- ssh to vcenter and run
/usr/lib/vmware-wcp/decryptK8Pwd.py
- ssh to the ip that is output with the password that is output.
kubectl apply -f https://gist.githubusercontent.com/warroyo/9984a4e7ec1ee667153613153c8670ea/raw/58271b688583bd1f5c4feeecfeec014913d8277a/override-rbac.yml
- ssh to vcenter and run
-
clone this repo to your desktop
-
cp
config/manager/env-sample.txt
config/manager/env.txt
-
update the values in the
env.txt
file -
pull down the latest version of this image
warroyo90/nsxt-tag-controller:<version>
and move into your local repo or use a proxy cache -
export IMG=<path to the image>
-
make deploy
-
validate its running
-
remove the above role binding
kubectl delete -f https://gist.githubusercontent.com/warroyo/9984a4e7ec1ee667153613153c8670ea/raw/58271b688583bd1f5c4feeecfeec014913d8277a/override-rbac.yml
after deploying the controller it will watch for changes on tkc
objects. it will only update tags in nsxt if the label has the prefix of ntc/
- edit a tkc and add a new label with a prefix of
ntc/
ex.
labels:
ntc/hello: world
- you should see tags/scopes updated on the segment in nsxt. we are mapping the label's key to an NSXt
scope
and the label value to an NSXttag
cp .netrc-sample .netrc
and update with credsexport IMG=<your-image-name>
ßmake docker-build
make