VMware NSX Container Plugin 4.2.1.1 Release Notes
This document contains the following sections
Introduction
VMware NSX Container Plugin 4.2.1.1 | 17 JAN 2025 | Build 24431154 Check for additions and updates to these release notes. |
What's New
- MP2P: use the MP ID as Policy ID for user created NSX resources during MP2P migration for TKGi.
Compatibility Requirements
Product | Version |
NCP/NSX-T Tile for Tanzu Application Service (TAS) | 4.2.1 |
NSX-T/NSX | NSX-T 3.2.4, 3.2.5. NSX 4.1.0.3, 4.1.2.4, 4.1.2.5, 4.2.0, 4.2.1. (See notes below.) |
vSphere | 6.7, 7.0, 8.0.0.1 |
Kubernetes | 1.28, 1.29, 1.30 |
OpenShift 4 | 4.14, 4.15, 4.16 |
Kubernetes Host VM OS | Ubuntu 20.04 (only kernel version 5.15 or earlier supported) Ubuntu 22.04 (only kernel version 5.15 or earlier supported, only upstream OVS kernel module supported) Ubuntu 24.04 RHEL 8.8, 8.9, 8.10, 9.3, 9.4 See notes below. |
Tanzu Application Service (TAS) | Ops Manager 3.0 + TAS 4.0 Ops Manager 3.0 + TAS 5.0 Ops Manager 3.0 + TAS 6.0 |
Tanzu Kubernetes Grid Integrated (TKGI) | 1.18, 1.19, 1.20 |
Notes:
NSX-T 3.2.4 and 3.2.5 are supported with basic sanity testing coverage. See Product Interoperability Matrix.
The installation of the nsx-ovs kernel module on RHEL requires a specific kernel version. The supported RHEL kernel versions are 193, 305, 348, and 372, regardless of the RHEL version. If you are running a different kernel version, you can (1) Modify your kernel version to one that is supported. When modifying the kernel version and then restarting the VM, make sure that the IP and static routes are persisted on the uplink interface (specified by ovs_uplink_port) to guarantee that connectivity to the Kubernetes API server is not lost. Or (2) Skip the installation of the nsx-ovs kernel module by setting "use_nsx_ovs_kernel_module" to "False" under the "nsx_node_agent" section in the nsx-node-agent config map. For information about switching between NSX-OVS and upstream OVS kernel modules, see https://docs.vmware.com/en/VMware-NSX-Container-Plugin/4.1/ncp-kubernetes/GUID-7225DDCB-88CB-4A2D-83A3-74BB9ED7DCFF.html.
To run the nsx-ovs kernel module on RHEL, you must disable the "UEFI secure boot" option under "Boot Options" in the VM's settings in vCenter Server.
For all supported integrations, use the Red Hat Universal Base Image (UBI). For more information, https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image.
Support for upgrading to this release:
- All previous 4.1.x releases
Limitations
- The "baseline policy" feature for NCP creates a dynamic group which selects all members in the cluster. NSX-T has a limit of 8,000 effective members of a dynamic group (for details, see Configuration Maximums). Therefore, this feature should not be enabled for clusters that are expected to grow beyond 8,000 pods. Exceeding this limit can cause delays in the creation of resources for the pods.
- Transparent mode load balancer
- Only north-south traffic for a Kubernetes cluster is supported. Intra-cluster traffic is not supported.
- Not supported for services attached to a LoadBalancer CRD or when auto scaling is enabled. Auto scaling must be disabled for this feature to work.
- It is recommended to use this feature only on newly deployed clusters.
- Manager-to-policy migration
- It is not possible to migrate a Kubernetes cluster if a previous migration failed and the cluster is rolled back. This is a limitation with NSX 4.0.0.1 or earlier releases only.