Cloud
uuid
- Type
- string
- Category
- required
- Description
name
- Type
- string
- Category
- required
- Description
vtype
- Type
- enum
- Category
- required
- Description
- Cloud type
- Default
- CLOUD_NONE
- Choices
- CLOUD_NONE, CLOUD_VCENTER, CLOUD_OPENSTACK, CLOUD_AWS, CLOUD_VCA, CLOUD_APIC, CLOUD_MESOS, CLOUD_LINUXSERVER, CLOUD_DOCKER_UCP, CLOUD_RANCHER, CLOUD_OSHIFT_K8S
vcenter_configuration
- Type
- vCenterConfiguration
- Category
- optional
- Description
openstack_configuration
- Type
- OpenStackConfiguration
- Category
- optional
- Description
aws_configuration
- Type
- AwsConfiguration
- Category
- optional
- Description
apic_mode
- Type
- bool
- Category
- optional
- Description
- Default
- False
apic_configuration
- Type
- APICConfiguration
- Category
- optional
- Description
cloudstack_configuration
- Type
- CloudStackConfiguration
- Category
- optional
- Description
vca_configuration
- Type
- vCloudAirConfiguration
- Category
- optional
- Description
mesos_configuration
- Type
- MesosConfiguration
- Category
- optional
- Description
proxy_configuration
- Type
- ProxyConfiguration
- Category
- optional
- Description
linuxserver_configuration
- Type
- LinuxServerConfiguration
- Category
- optional
- Description
docker_configuration
- Type
- DockerConfiguration
- Category
- optional
- Description
rancher_configuration
- Type
- RancherConfiguration
- Category
- optional
- Description
oshiftk8s_configuration
- Type
- OShiftK8SConfiguration
- Category
- optional
- Description
dhcp_enabled
- Type
- bool
- Category
- optional
- Description
- Select the IP address management scheme
- Default
- False
mtu
- Type
- uint32
- Category
- optional
- Description
- MTU setting for the cloud
- Default
- 1500
prefer_static_routes
- Type
- bool
- Category
- optional
- Description
- Prefer static routes over interface routes during VirtualService placement.
- Default
- False
enable_vip_static_routes
- Type
- bool
- Category
- optional
- Description
- Use static routes for VIP side network resolution during VirtualService placement.
- Default
- False
obj_name_prefix
- Type
- string
- Category
- optional
- Description
- Default prefix for all automatically created objects in this cloud. This prefix can be overridden by the SE-Group template.
license_type
- Type
- enum
- Category
- optional
- Description
- If no license type is specified then default license enforcement for the cloud type is chosen. The default mappings are Container Cloud is Max Ses, OpenStack and VMware is cores and linux it is Sockets.
- Choices
- LIC_BACKEND_SERVERS, LIC_SOCKETS, LIC_CORES, LIC_HOSTS
ipam_provider_ref
- Type
- Reference to IpamDnsProviderProfile
- Category
- optional
- Description
- Ipam Profile for the cloud.
dns_provider_ref
- Type
- Reference to IpamDnsProviderProfile
- Category
- optional
- Description
- DNS Profile for the cloud.
east_west_ipam_provider_ref
- Type
- Reference to IpamDnsProviderProfile
- Category
- optional
- Description
- Ipam Profile for East-West services. Warning - Please use virtual subnets in this IPAM profile that do not conflict with the underlay networks or any overlay networks in the cluster. For example in AWS and GCP, 169.254.0.0/16 is used for storing instance metadata. Hence, it should not be used in this profile.
east_west_dns_provider_ref
- Type
- Reference to IpamDnsProviderProfile
- Category
- optional
- Description
- DNS Profile for East-West services.
nsx_configuration
- Type
- NsxConfiguration
- Category
- optional
- Description
- Configuration parameters for NSX Manager
tenant_ref
- Type
- Reference to Tenant
- Category
- required
- Description
vCenterConfiguration
username
- Type
- string
- Category
- optional
- Description
- The username Avi Vantage will use when authenticating with vCenter.
password
- Type
- string
- Category
- optional
- Description
- The password Avi Vantage will use when authenticating with vCenter.
vcenter_url
- Type
- string
- Category
- optional
- Description
- vCenter hostname or IP address.
privilege
- Type
- enum
- Category
- required
- Description
- Set the access mode to vCenter as either Read, which allows Avi to discover networks and servers, or Write, which also allows Avi to create Service Engines and configure their network properties.
- Default
- WRITE_ACCESS
- Choices
- NO_ACCESS, READ_ACCESS, WRITE_ACCESS
datacenter
- Type
- string
- Category
- optional
- Description
- Datacenter for virtual infrastructure discovery
management_network
- Type
- string
- Category
- optional
- Description
- Management network to use for Avi Service Engines
management_ip_subnet
- Type
- IpAddrPrefix
- Category
- optional
- Description
- Management subnet to use for Avi Service Engines
vcenter_template_se_location
- Type
- string
- Category
- optional
- Description
- Avi Service Engine Template in vCenter to be used for creating Service Engines
IpAddrPrefix
ip_addr
- Type
- IpAddr
- Category
- required
- Description
mask
- Type
- int32
- Category
- required
- Description
IpAddr
addr
- Type
- string
- Category
- required
- Description
- IP address
type
- Type
- enum
- Category
- required
- Description
- Choices
- V4, DNS
OpenStackConfiguration
username
- Type
- string
- Category
- required
- Description
- The username Avi Vantage will use when authenticating to Keystone. For Keystone v3, provide the user information in user@domain format, unless that user belongs to the Default domain.
password
- Type
- string
- Category
- optional
- Description
- The password Avi Vantage will use when authenticating to Keystone.
admin_tenant
- Type
- string
- Category
- required
- Description
- OpenStack admin tenant (or project) information. For Keystone v3, provide the project information in project@domain format. Domain need not be specified if the project belongs to the 'Default' domain.
keystone_host
- Type
- string
- Category
- optional
- Description
- Keystone's hostname or IP address. (Deprecated) Use auth_url instead.
mgmt_network_name
- Type
- string
- Category
- required
- Description
- Avi Management network name or cidr
privilege
- Type
- enum
- Category
- required
- Description
- Access privilege
- Choices
- NO_ACCESS, READ_ACCESS, WRITE_ACCESS
use_keystone_auth
- Type
- bool
- Category
- optional
- Description
- Use keystone for user authentication
- Default
- True
prov_name
- Type
- string
- Category
- repeated
- Description
- LBaaS provider name
mgmt_network_uuid
- Type
- string
- Category
- optional
- Description
- Management network UUID
region
- Type
- string
- Category
- optional
- Description
- Region name
hypervisor
- Type
- enum
- Category
- optional
- Description
- Default hypervisor type
- Default
- KVM
- Choices
- DEFAULT, VMWARE_ESX, KVM, VMWARE_VSAN, XEN
tenant_se
- Type
- bool
- Category
- optional
- Description
- If true, then SEs will be created in the appropriate tenants, else SEs will be created in the admin_tenant.
- Default
- True
import_keystone_tenants
- Type
- bool
- Category
- optional
- Description
- Import keystone tenants list into Avi
- Default
- True
anti_affinity
- Type
- bool
- Category
- optional
- Description
- If true, an anti-affinity policy will be applied to all SEs of a SE-Group, else no such policy will be applied.
- Default
- True
port_security
- Type
- bool
- Category
- optional
- Description
- If true, port-security extension (if detected) will be used instead of security-groups, allowed-address-pairs or interface-secondary-ips. If false, port-security extension is skipped
- Default
- False
security_groups
- Type
- bool
- Category
- optional
- Description
- If false, security-groups extension will not be used.
- Default
- True
allowed_address_pairs
- Type
- bool
- Category
- optional
- Description
- If false, allowed-address-pairs extension will not be used.
- Default
- True
free_floatingips
- Type
- bool
- Category
- optional
- Description
- Free unused floating IPs.
- Default
- False
img_format
- Type
- enum
- Category
- optional
- Description
- If OS_IMG_FMT_RAW, use RAW images else use QCOW2 or streamOptimized/flat VMDK as appropriate.
- Default
- OS_IMG_FMT_AUTO
- Choices
- OS_IMG_FMT_AUTO, OS_IMG_FMT_QCOW2, OS_IMG_FMT_VMDK, OS_IMG_FMT_RAW, OS_IMG_FMT_FLAT
use_admin_url
- Type
- bool
- Category
- optional
- Description
- If admin URLs are either inaccessible or not to be accessed from Avi Controller, then set this to False.
- Default
- True
role_mapping
- Type
- OpenStackRoleMapping
- Category
- repeated
- Description
- Defines the mapping from OpenStack role names to avi local role names. For an OpenStack role, this mapping is consulted only if there is no local Avi role with the same name as the OpenStack role. This is an ordered list and only the first matching entry is used. You can use '*' to match all OpenStack role names.
use_internal_endpoints
- Type
- bool
- Category
- optional
- Description
- Use internalURL for OpenStack endpoints instead of the default publicURL endpoints.
- Default
- False
admin_tenant_uuid
- Type
- string
- Category
- optional
- Description
- admin-tenant's UUID in OpenStack
config_drive
- Type
- bool
- Category
- optional
- Description
- If false, metadata service will be used instead of config-drive functionality to retrieve SE VM metadata.
- Default
- True
auth_url
- Type
- string
- Category
- optional
- Description
- Auth URL for connecting to keystone. If this is specified, any value provided for keystone_host is ignored.
insecure
- Type
- bool
- Category
- optional
- Description
- Allow self-signed certificates when communicating with https service endpoints.
- Default
- True
intf_sec_ips
- Type
- bool
- Category
- optional
- Description
- If True, interface-secondary-ips method will be used for VIP association.
- Default
- False
external_networks
- Type
- bool
- Category
- optional
- Description
- If True, allow selection of networks marked as 'external' for management, vip or data networks.
- Default
- False
neutron_rbac
- Type
- bool
- Category
- optional
- Description
- If True, enable neutron rbac discovery of networks shared across tenants/projects
- Default
- True
map_admin_to_cloudadmin
- Type
- bool
- Category
- optional
- Description
- If True, map Avi 'admin' tenant to the admin_tenant of the Cloud. Else map Avi 'admin' to OpenStack 'admin' tenant.
- Default
- False
usable_network_uuids
- Type
- string
- Category
- repeated
- Description
- A tenant can normally use its own networks and any networks shared with it. In addition, this field provides extra networks that are usable by all tenants. If VirtualService does not specify a network and auto_allocate_ip is set, then the first available network from this list will be chosen for IP allocation.
nuage_vsd_host
- Type
- string
- Category
- optional
- Description
- Nuage VSD host name or IP address
nuage_port
- Type
- uint32
- Category
- optional
- Description
- Default
- 8443
nuage_username
- Type
- string
- Category
- optional
- Description
nuage_password
- Type
- string
- Category
- optional
- Description
nuage_organization
- Type
- string
- Category
- optional
- Description
se_group_uuid
- Type
- string
- Category
- optional
- Description
- The Service Engine Group to use as template.
contrail_plugin
- Type
- bool
- Category
- optional
- Description
- Enable Contrail plugin mode. (deprecated)
- Default
- False
contrail_endpoint
- Type
- string
- Category
- optional
- Description
- Contrail VNC endpoint url (example http://10.10.10.100:8082). By default, 'http://' scheme and 8082 port will be used if not provided in the url
name_owner
- Type
- bool
- Category
- optional
- Description
- If True, embed owner info in VIP port 'name', else embed owner info in 'device_id' field
- Default
- True
OpenStackRoleMapping
os_role
- Type
- string
- Category
- required
- Description
- Role name in OpenStack
avi_role
- Type
- string
- Category
- required
- Description
- Role name in Avi
AwsConfiguration
access_key_id
- Type
- string
- Category
- optional
- Description
- AWS access key ID
secret_access_key
- Type
- string
- Category
- optional
- Description
- AWS secret access key
region
- Type
- string
- Category
- optional
- Description
- AWS region
- Default
- us-west-1
vpc
- Type
- string
- Category
- optional
- Description
- VPC name
vpc_id
- Type
- string
- Category
- required
- Description
- VPC ID
zones
- Type
- AwsZoneConfig
- Category
- repeated
- Description
route53_integration
- Type
- bool
- Category
- optional
- Description
- If enabled, create/update DNS entries in Amazon Route 53 zones
- Default
- False
free_elasticips
- Type
- bool
- Category
- optional
- Description
- Free unused elastic IP addresses.
- Default
- True
use_iam_roles
- Type
- bool
- Category
- optional
- Description
- Use IAM roles instead of access and secret key.
- Default
- False
iam_assume_role
- Type
- string
- Category
- optional
- Description
- IAM assume role for cross-account access.
AwsZoneConfig
availability_zone
- Type
- string
- Category
- required
- Description
- Availability zone
mgmt_network_name
- Type
- string
- Category
- required
- Description
- Name or CIDR of the network in the Availability Zone that will be used as management network.
mgmt_network_uuid
- Type
- string
- Category
- optional
- Description
- UUID of the network in the Availability Zone that will be used as management network.
APICConfiguration
apic_name
- Type
- string
- Category
- repeated
- Description
- The hostname or IP address of the APIC controller.
apic_username
- Type
- string
- Category
- optional
- Description
- The username Avi Vantage will use when authenticating with APIC.
apic_password
- Type
- string
- Category
- optional
- Description
- The password Avi Vantage will use when authenticating with APIC.
apic_admin_tenant
- Type
- string
- Category
- optional
- Description
- Name of the Avi specific tenant created within APIC.
- Default
- common
apic_vendor
- Type
- string
- Category
- optional
- Description
- Default
- Avi
apic_product
- Type
- string
- Category
- optional
- Description
- Default
- ASP
deployment
- Type
- string
- Category
- optional
- Description
- Default
apic_domain
- Type
- string
- Category
- optional
- Description
- vCenter's virtual machine manager domain within APIC.
avi_controller_username
- Type
- string
- Category
- optional
- Description
- The username APIC will use when authenticating with Avi Vantage.
- Default
- admin
avi_controller_password
- Type
- string
- Category
- optional
- Description
- The password APIC will use when authenticating with Avi Vantage.
version
- Type
- string
- Category
- optional
- Description
- AVI Device Package Version
- Default
- 1.0
minor
- Type
- string
- Category
- optional
- Description
- AVI Device Package Minor Version
- Default
- 2
context_aware
- Type
- enum
- Category
- optional
- Description
- Context aware for supporting Service Graphs across VRFs
- Default
- SINGLE_CONTEXT
- Choices
- SINGLE_CONTEXT, MULTI_CONTEXT
managed_mode
- Type
- bool
- Category
- optional
- Description
- Use Managed Mode for APIC Service Insertion
- Default
- True
CloudStackConfiguration
api_url
- Type
- string
- Category
- required
- Description
- CloudStack API URL
access_key_id
- Type
- string
- Category
- required
- Description
- CloudStack API Key
secret_access_key
- Type
- string
- Category
- required
- Description
- CloudStack Secret Key
mgmt_network_name
- Type
- string
- Category
- required
- Description
- Avi Management network name
mgmt_network_uuid
- Type
- string
- Category
- optional
- Description
- Avi Management network name
cntr_public_ip
- Type
- string
- Category
- optional
- Description
- If controller's management IP is in a private network, a publicly accessible IP to reach the controller.
hypervisor
- Type
- enum
- Category
- optional
- Description
- Default hypervisor type
- Default
- KVM
- Choices
- DEFAULT, VMWARE_ESX, KVM, VMWARE_VSAN, XEN
vCloudAirConfiguration
vca_username
- Type
- string
- Category
- required
- Description
- vCloudAir username
vca_password
- Type
- string
- Category
- required
- Description
- vCloudAir password
vca_host
- Type
- string
- Category
- required
- Description
- vCloudAir host address
privilege
- Type
- enum
- Category
- required
- Description
- vCloudAir access mode
- Default
- WRITE_ACCESS
- Choices
- NO_ACCESS, READ_ACCESS, WRITE_ACCESS
vca_instance
- Type
- string
- Category
- required
- Description
- vCloudAir instance ID
vca_orgnization
- Type
- string
- Category
- required
- Description
- vCloudAir orgnization ID
vca_vdc
- Type
- string
- Category
- required
- Description
- vCloudAir virtual data center name
vca_mgmt_network
- Type
- string
- Category
- required
- Description
- vCloudAir management network
MesosConfiguration
marathon_configurations
- Type
- MarathonConfiguration
- Category
- repeated
- Description
- List of Marathon frameworks.
mesos_url
- Type
- string
- Category
- optional
- Description
- Mesos URL of the form http://host:port
- Default
- http://leader.mesos:5050
vip
- Type
- IpAddr
- Category
- optional
- Description
- VIP to be used by all East-West apps on all Hosts. Preferrably use an address from outside the subnet
use_bridge_ip_as_vip
- Type
- bool
- Category
- optional
- Description
- Use Bridge IP on each Host as VIP
- Default
- False
container_port_match_http_service
- Type
- bool
- Category
- optional
- Description
- Perform container port matching to create a HTTP Virtualservice instead of a TCP/UDP VirtualService
- Default
- True
http_container_ports
- Type
- uint32
- Category
- repeated
- Description
- List of container ports that create a HTTP Virtualservice instead of a TCP/UDP VirtualService. Defaults to 80
east_west_placement_subnet
- Type
- IpAddrPrefix
- Category
- optional
- Description
- Match against this prefix when placing east-west VSs on SEs (Mesos mode only)
se_deployment_method
- Type
- enum
- Category
- optional
- Description
- Use Fleet/SSH for deploying Service Engines
- Default
- MESOS_SE_CREATE_FLEET
- Choices
- MESOS_SE_CREATE_FLEET, MESOS_SE_CREATE_SSH, MESOS_SE_CREATE_MARATHON
use_controller_image
- Type
- bool
- Category
- optional
- Description
- If true, use controller generated SE docker image via fileservice, else use docker repository image as defined by docker_registry_se
- Default
- False
marathon_se_deployment
- Type
- MarathonSeDeployment
- Category
- optional
- Description
- Options for Marathon SE deployment
fleet_endpoint
- Type
- string
- Category
- optional
- Description
- Optional fleet remote endpoint if fleet is used for SE deployment
docker_registry_se
- Type
- DockerRegistry
- Category
- optional
- Description
- Docker registry for ServiceEngine image
se_spawn_rate
- Type
- uint32
- Category
- optional
- Description
- New SE spawn rate per minute
- Default
- 25
app_sync_frequency
- Type
- uint32
- Category
- optional
- Description
- Sync frequency in seconds with frameworks
- Default
- 60
disable_auto_se_creation
- Type
- bool
- Category
- optional
- Description
- Disable SE creation
- Default
- False
disable_auto_frontend_service_sync
- Type
- bool
- Category
- optional
- Description
- Disable auto service sync for front end services
- Default
- False
disable_auto_backend_service_sync
- Type
- bool
- Category
- optional
- Description
- Disable auto service sync for back end services
- Default
- False
use_container_ip_port
- Type
- bool
- Category
- optional
- Description
- Use container IP address:port for pool instead of host IP address:hostport. This mode is applicable if the container IP is reachable (not a private NATed IP) from other hosts in a routed environment for containers
- Default
- False
feproxy_route_publish
- Type
- FeProxyRoutePublishConfig
- Category
- optional
- Description
- Publish ECMP route to upstream router for VIP
feproxy_bridge_name
- Type
- string
- Category
- optional
- Description
- Name of second Linux bridge on Host providing connectivity for Front End proxies. This is a disruptive change
- Default
- cbr1
se_resources
- Type
- MesosSeResources
- Category
- repeated
- Description
- Obsolete - ignored
se_volume
- Type
- string
- Category
- optional
- Description
- Host volume to be used as a disk for Avi SE, This is a disruptive change
- Default
- /opt/avi/se
coredump_directory
- Type
- string
- Category
- optional
- Description
- Directory to mount to check for core dumps on Service Engines. This will be mapped read only to /var/crash on any new Service Engines. This is a disruptive change
- Default
- /var/lib/systemd/coredump
ssh_se_deployment
- Type
- SSHSeDeployment
- Category
- optional
- Description
- Parameters for SSH SE deployment
enable_event_subscription
- Type
- bool
- Category
- optional
- Description
- Enable Marathon event subscriptions
- Default
- True
nuage_controller
- Type
- NuageSDNController
- Category
- optional
- Description
- Nuage Overlay SDN Controller information
all_vses_are_feproxy
- Type
- bool
- Category
- optional
- Description
- Consider all Virtualservices as Front End Proxies. Front End proxies are placed on specific SEs as opposed to Back End proxies placed on all SEs. Applicable where each service has its own VIP and VIP is reachable from anywhere
- Default
- False
feproxy_container_port_as_service
- Type
- bool
- Category
- optional
- Description
- For Front End proxies, use container port as service port
- Default
- True
services_accessible_all_interfaces
- Type
- bool
- Category
- optional
- Description
- Make service ports accessible on all Host interfaces in addition to East-West VIP and/or bridge IP. Usually enabled AWS Mesos clusters to export East-West services on Host interface
- Default
- False
feproxy_vips_enable_proxy_arp
- Type
- bool
- Category
- optional
- Description
- Enable proxy ARP from Host interface for Front End proxies
- Default
- True
se_exclude_attributes
- Type
- MesosAttribute
- Category
- repeated
- Description
- Exclude hosts with attributes for SE creation
se_include_attributes
- Type
- MesosAttribute
- Category
- repeated
- Description
- Create SEs just on hosts with include attributes
ssh_user_ref
- Type
- Reference to CloudConnectorUser
- Category
- optional
- Description
- Cloud connector user uuid for SSH to hosts
node_availability_zone_label
- Type
- string
- Category
- optional
- Description
- Mesos Node label to be used as Mesos Node's availability zone in a dual availability zone deployment. ServiceEngines belonging to the availability zone will be rebooted during a manual DR failover
disable_auto_gs_sync
- Type
- bool
- Category
- optional
- Description
- Disable auto sync for GSLB services
- Default
- False
use_vips_for_east_west_services
- Type
- bool
- Category
- optional
- Description
- Use unique virtual IP address for every east west service in Mesos/Marathon. 'use_bridge_ip_as_vip' and 'vip' fields , if set, will not be used if this field is set.
- Default
- True
MarathonConfiguration
marathon_url
- Type
- string
- Category
- optional
- Description
- Marathon API URL of the form http://host:port
- Default
- http://leader.mesos:8080
marathon_username
- Type
- string
- Category
- optional
- Description
- Username for Marathon authentication
marathon_password
- Type
- string
- Category
- optional
- Description
- Password for Marathon authentication
public_port_range
- Type
- PortRange
- Category
- optional
- Description
- Public port range allocated to this Marathon framework instance
private_port_range
- Type
- PortRange
- Category
- optional
- Description
- Private port range allocated to this Marathon framework instance
framework_tag
- Type
- string
- Category
- optional
- Description
- Framework tag to be used in Virtualservice name. Default is framework name from Mesos. If this tag is altered atruntime, Virtualservices will be deleted and re-created
vs_name_tag_framework
- Type
- bool
- Category
- optional
- Description
- Tag VS name with framework name or framework_tag. Useful in deployments with multiple frameworks
- Default
- False
use_token_auth
- Type
- bool
- Category
- optional
- Description
- Use Token based authentication instead of basic authentication. Token is refreshed every 5 minutes.
- Default
- False
tenant
- Type
- string
- Category
- optional
- Description
- Tenant to pin this Marathon instance to. If set, a tenant object will be created in Avi bearing this name and all applications created in this marathon will be associated with this tenant regardless of, if any, tenant configuration in marathon label for this application.
- Default
- admin
PortRange
start
- Type
- uint32
- Category
- required
- Description
- TCP/UDP port range start (inclusive).
end
- Type
- uint32
- Category
- required
- Description
- TCP/UDP port range end (inclusive).
MarathonSeDeployment
host_os
- Type
- string
- Category
- optional
- Description
- Host OS distribution e.g. COREOS, UBUNTU, REDHAT
- Default
- COREOS
docker_image
- Type
- string
- Category
- optional
- Description
- Docker image to be used for Avi SE installation e.g. fedora, ubuntu
- Default
- fedora
uris
- Type
- string
- Category
- repeated
- Description
- URIs to be resolved for starting the application
resource_roles
- Type
- string
- Category
- repeated
- Description
- Accepted resource roles for SEs
DockerRegistry
registry
- Type
- string
- Category
- optional
- Description
- Avi ServiceEngine repository name. For private registry, it's registry:port/repository, for public registry, it's registry/repository, for openshift registry, it's registry:port//
- Default
- avinetworks/se
private
- Type
- bool
- Category
- optional
- Description
- Set if docker registry is private. Avi controller will not attempt to push SE image to the registry, unless se_repository_push is set
- Default
- False
username
- Type
- string
- Category
- optional
- Description
- Username for docker registry. Authorized 'regular user' if registry is Openshift integrated registry.
password
- Type
- string
- Category
- optional
- Description
- Password for docker registry. Authorized 'regular user' password if registry is Openshift integrated registry.
se_repository_push
- Type
- bool
- Category
- optional
- Description
- Avi Controller will push ServiceEngine image to docker repository
- Default
- False
oshift_registry
- Type
- OshiftDockerRegistryMetaData
- Category
- optional
- Description
- Openshift integrated registry config.
FeProxyRoutePublishConfig
mode
- Type
- enum
- Category
- optional
- Description
- Publish ECMP route to upstream router for VIP
- Default
- FE_PROXY_ROUTE_PUBLISH_NONE
- Choices
- FE_PROXY_ROUTE_PUBLISH_NONE, FE_PROXY_ROUTE_PUBLISH_QUAGGA_WEBAPP
token
- Type
- string
- Category
- optional
- Description
- Token for tracking changes
subnet
- Type
- uint32
- Category
- optional
- Description
- Subnet for publisher
- Default
- 32
publisher_port
- Type
- uint32
- Category
- optional
- Description
- Listener port for publisher
- Default
- 80
MesosSeResources
attribute_key
- Type
- string
- Category
- required
- Description
- Attribute (Fleet or Mesos) key of Hosts
attribute_value
- Type
- string
- Category
- required
- Description
- Attribute (Fleet or Mesos) value of Hosts
cpu
- Type
- float
- Category
- optional
- Description
- Obsolete - ignored
- Default
- 2.0
memory
- Type
- uint32
- Category
- optional
- Description
- Obsolete - ignored
- Default
- 4096
SSHSeDeployment
ssh_user
- Type
- string
- Category
- optional
- Description
- Username for SSH access to hosts
sudo_user
- Type
- string
- Category
- optional
- Description
- Username for sudo
password
- Type
- string
- Category
- optional
- Description
- Password for ssh and/or sudo
host_os
- Type
- string
- Category
- optional
- Description
- Host OS distribution e.g. COREOS, UBUNTU, REDHAT
- Default
- COREOS
NuageSDNController
nuage_vsd_host
- Type
- string
- Category
- optional
- Description
- Nuage VSD host name or IP address
nuage_port
- Type
- uint32
- Category
- optional
- Description
- Default
- 8443
nuage_username
- Type
- string
- Category
- optional
- Description
nuage_password
- Type
- string
- Category
- optional
- Description
nuage_organization
- Type
- string
- Category
- optional
- Description
se_domain
- Type
- string
- Category
- optional
- Description
- Domain to be used for SE creation
se_zone
- Type
- string
- Category
- optional
- Description
- Zone to be used for SE creation
se_network
- Type
- string
- Category
- optional
- Description
- Network to be used for SE creation
se_enterprise
- Type
- string
- Category
- optional
- Description
- Enterprise to be used for SE creation
se_user
- Type
- string
- Category
- optional
- Description
- User to be used for SE creation
se_policy_group
- Type
- string
- Category
- optional
- Description
- Policy Group to be used for SE creation
MesosAttribute
attribute
- Type
- string
- Category
- required
- Description
- Attribute to match
value
- Type
- string
- Category
- optional
- Description
- Attribute value. If not set, match any value
ProxyConfiguration
host
- Type
- string
- Category
- required
- Description
- Proxy hostname or IP address
port
- Type
- uint32
- Category
- required
- Description
- Proxy port
username
- Type
- string
- Category
- optional
- Description
- Username for proxy
password
- Type
- string
- Category
- optional
- Description
- Password for proxy
LinuxServerConfiguration
ssh_attr
- Type
- SSHSeDeployment
- Category
- optional
- Description
- Parameters for SSH to hosts
docker_registry_se
- Type
- DockerRegistry
- Category
- optional
- Description
- Private docker registry for SE image storage
hosts
- Type
- LinuxServerHost
- Category
- repeated
- Description
se_sys_disk_path
- Type
- string
- Category
- optional
- Description
- SE System Logs disk path for cloud
se_sys_disk_size_GB
- Type
- uint32
- Category
- optional
- Description
- SE System Logs disk size for cloud
- Default
- 10
se_log_disk_path
- Type
- string
- Category
- optional
- Description
- SE Client Logs disk path for cloud
se_log_disk_size_GB
- Type
- uint32
- Category
- optional
- Description
- SE Client Log disk size for cloud
- Default
- 5
se_inband_mgmt
- Type
- bool
- Category
- optional
- Description
- Flag to notify the SE's in this cloud have an inband management interface, this can be overridden at SE host level by setting host_attr attr_key as SE_INBAND_MGMT with value of true or false
- Default
- False
ssh_user_ref
- Type
- Reference to CloudConnectorUser
- Category
- optional
- Description
- Cloud connector user uuid for SSH to hosts
LinuxServerHost
host_ip
- Type
- IpAddr
- Category
- required
- Description
host_attr
- Type
- HostAttributes
- Category
- repeated
- Description
node_availability_zone
- Type
- string
- Category
- optional
- Description
- Node's availability zone. ServiceEngines belonging to the availability zone will be rebooted during a manual DR failover
HostAttributes
attr_key
- Type
- string
- Category
- required
- Description
attr_val
- Type
- string
- Category
- optional
- Description
DockerConfiguration
ucp_nodes
- Type
- string
- Category
- repeated
- Description
- List of Docker UCP nodes; In case of a load balanced UCP cluster, use Virtual IP of the cluster
client_tls_key_and_certificate_ref
- Type
- Reference to SSLKeyAndCertificate
- Category
- optional
- Description
- UUID of the client TLS cert and key
ca_tls_key_and_certificate_ref
- Type
- Reference to SSLKeyAndCertificate
- Category
- optional
- Description
- UUID of the UCP CA TLS cert and key
container_port_match_http_service
- Type
- bool
- Category
- optional
- Description
- Perform container port matching to create a HTTP Virtualservice instead of a TCP/UDP VirtualService
- Default
- True
http_container_ports
- Type
- uint32
- Category
- repeated
- Description
- List of container ports that create a HTTP Virtualservice instead of a TCP/UDP VirtualService. Defaults to 80
east_west_placement_subnet
- Type
- IpAddrPrefix
- Category
- optional
- Description
- Match against this prefix when placing east-west VSs on SEs
se_deployment_method
- Type
- enum
- Category
- optional
- Description
- Use Fleet/SSH for SE deployment
- Default
- SE_CREATE_SSH
- Choices
- SE_CREATE_FLEET, SE_CREATE_SSH, SE_CREATE_POD
fleet_endpoint
- Type
- string
- Category
- optional
- Description
- Optional fleet remote endpoint if fleet is used for SE deployment
docker_registry_se
- Type
- DockerRegistry
- Category
- optional
- Description
- Docker registry for ServiceEngine image
se_spawn_rate
- Type
- uint32
- Category
- optional
- Description
- New SE spawn rate per minute
- Default
- 25
app_sync_frequency
- Type
- uint32
- Category
- optional
- Description
- Sync frequency in seconds with frameworks
- Default
- 60
disable_auto_se_creation
- Type
- bool
- Category
- optional
- Description
- Disable SE creation
- Default
- False
disable_auto_frontend_service_sync
- Type
- bool
- Category
- optional
- Description
- Disable auto service sync for front end services
- Default
- False
disable_auto_backend_service_sync
- Type
- bool
- Category
- optional
- Description
- Disable auto service sync for back end services
- Default
- False
use_container_ip_port
- Type
- bool
- Category
- optional
- Description
- Use container IP address:port for pool instead of host IP address:hostport. This mode is applicable if the container IP is reachable (not a private NATed IP) from other hosts in a routed environment for containers
- Default
- False
se_volume
- Type
- string
- Category
- optional
- Description
- Host volume to be used as a disk for Avi SE, This is a disruptive change
- Default
- /opt/avi
coredump_directory
- Type
- string
- Category
- optional
- Description
- Directory to mount to check for core dumps on Service Engines. This will be mapped read only to /var/crash on any new Service Engines. This is a disruptive change
- Default
- /var/lib/systemd/coredump
ssh_se_deployment
- Type
- SSHSeDeployment
- Category
- optional
- Description
- Parameters for SSH SE deployment
enable_event_subscription
- Type
- bool
- Category
- optional
- Description
- Enable Docker event subscription
- Default
- True
feproxy_container_port_as_service
- Type
- bool
- Category
- optional
- Description
- For Front End proxies, use container port as service port
- Default
- False
services_accessible_all_interfaces
- Type
- bool
- Category
- optional
- Description
- Make service ports accessible on all Host interfaces in addition to East-West VIP and/or bridge IP. Usually enabled AWS clusters to export East-West services on Host interface
- Default
- False
feproxy_vips_enable_proxy_arp
- Type
- bool
- Category
- optional
- Description
- Enable proxy ARP from Host interface for Front End proxies
- Default
- True
se_exclude_attributes
- Type
- MesosAttribute
- Category
- repeated
- Description
- Exclude hosts with attributes for SE creation
se_include_attributes
- Type
- MesosAttribute
- Category
- repeated
- Description
- Create SEs just on hosts with include attributes
use_controller_image
- Type
- bool
- Category
- optional
- Description
- If true, use controller generated SE docker image via fileservice, else use docker repository image as defined by docker_registry_se
- Default
- False
ssh_user_ref
- Type
- Reference to CloudConnectorUser
- Category
- optional
- Description
- Cloud connector user uuid for SSH to hosts
RancherConfiguration
rancher_servers
- Type
- string
- Category
- repeated
- Description
- List of Rancher servers; In case of a load balanced Rancher multi cluster, use Virtual IP of the cluster
access_key
- Type
- string
- Category
- optional
- Description
- Access key
secret_key
- Type
- string
- Category
- optional
- Description
- Secret key
container_port_match_http_service
- Type
- bool
- Category
- optional
- Description
- Perform container port matching to create a HTTP Virtualservice instead of a TCP/UDP VirtualService
- Default
- True
http_container_ports
- Type
- uint32
- Category
- repeated
- Description
- List of container ports that create a HTTP Virtualservice instead of a TCP/UDP VirtualService. Defaults to 80
east_west_placement_subnet
- Type
- IpAddrPrefix
- Category
- optional
- Description
- Match against this prefix when placing east-west VSs on SEs
se_deployment_method
- Type
- enum
- Category
- optional
- Description
- Use Fleet/SSH for SE deployment
- Default
- SE_CREATE_SSH
- Choices
- SE_CREATE_FLEET, SE_CREATE_SSH, SE_CREATE_POD
fleet_endpoint
- Type
- string
- Category
- optional
- Description
- Optional fleet remote endpoint if fleet is used for SE deployment
docker_registry_se
- Type
- DockerRegistry
- Category
- optional
- Description
- Docker registry for ServiceEngine image
se_spawn_rate
- Type
- uint32
- Category
- optional
- Description
- New SE spawn rate per minute
- Default
- 25
app_sync_frequency
- Type
- uint32
- Category
- optional
- Description
- Sync frequency in seconds with frameworks
- Default
- 60
disable_auto_se_creation
- Type
- bool
- Category
- optional
- Description
- Disable SE creation
- Default
- False
disable_auto_frontend_service_sync
- Type
- bool
- Category
- optional
- Description
- Disable auto service sync for front end services
- Default
- False
disable_auto_backend_service_sync
- Type
- bool
- Category
- optional
- Description
- Disable auto service sync for back end services
- Default
- False
use_container_ip_port
- Type
- bool
- Category
- optional
- Description
- Use container IP address:port for pool instead of host IP address:hostport. This mode is applicable if the container IP is reachable (not a private NATed IP) from other hosts in a routed environment for containers
- Default
- False
se_volume
- Type
- string
- Category
- optional
- Description
- Host volume to be used as a disk for Avi SE, This is a disruptive change
- Default
- /opt/avi
coredump_directory
- Type
- string
- Category
- optional
- Description
- Directory to mount to check for core dumps on Service Engines. This will be mapped read only to /var/crash on any new Service Engines. This is a disruptive change
- Default
- /var/lib/systemd/coredump
ssh_se_deployment
- Type
- SSHSeDeployment
- Category
- optional
- Description
- Parameters for SSH SE deployment
enable_event_subscription
- Type
- bool
- Category
- optional
- Description
- Enable Docker event subscription
- Default
- True
feproxy_container_port_as_service
- Type
- bool
- Category
- optional
- Description
- For Front End proxies, use container port as service port
- Default
- False
services_accessible_all_interfaces
- Type
- bool
- Category
- optional
- Description
- Make service ports accessible on all Host interfaces in addition to East-West VIP and/or bridge IP. Usually enabled AWS clusters to export East-West services on Host interface
- Default
- False
feproxy_vips_enable_proxy_arp
- Type
- bool
- Category
- optional
- Description
- Enable proxy ARP from Host interface for Front End proxies
- Default
- True
se_exclude_attributes
- Type
- MesosAttribute
- Category
- repeated
- Description
- Exclude hosts with attributes for SE creation
se_include_attributes
- Type
- MesosAttribute
- Category
- repeated
- Description
- Create SEs just on hosts with include attributes
nuage_controller
- Type
- NuageSDNController
- Category
- optional
- Description
- Nuage Overlay SDN Controller information
use_controller_image
- Type
- bool
- Category
- optional
- Description
- If true, use controller generated SE docker image via fileservice, else use docker repository image as defined by docker_registry_se
- Default
- False
ssh_user_ref
- Type
- Reference to CloudConnectorUser
- Category
- optional
- Description
- Cloud connector user uuid for SSH to hosts
OShiftK8SConfiguration
master_nodes
- Type
- string
- Category
- repeated
- Description
- List of OpenShift/Kubernetes master nodes; In case of a load balanced OpenShift/K8S cluster, use Virtual IP of the cluster. Each node is of the form node:8443 or http://node:8080. If scheme is not provided, https is assumed
client_tls_key_and_certificate_ref
- Type
- Reference to SSLKeyAndCertificate
- Category
- optional
- Description
- UUID of the client TLS cert and key instead of service account token. One of client certificate or token is required
ca_tls_key_and_certificate_ref
- Type
- Reference to SSLKeyAndCertificate
- Category
- optional
- Description
- UUID of the UCP CA TLS cert and key
avi_bridge_subnet
- Type
- IpAddrPrefix
- Category
- optional
- Description
- Avi Linux bridge subnet on OpenShift/K8s nodes
container_port_match_http_service
- Type
- bool
- Category
- optional
- Description
- Perform container port matching to create a HTTP Virtualservice instead of a TCP/UDP VirtualService
- Default
- True
http_container_ports
- Type
- uint32
- Category
- repeated
- Description
- List of container ports that create a HTTP Virtualservice instead of a TCP/UDP VirtualService. Defaults to 80
east_west_placement_subnet
- Type
- IpAddrPrefix
- Category
- optional
- Description
- Match against this prefix when placing east-west VSs on SEs
se_deployment_method
- Type
- enum
- Category
- optional
- Description
- Use SSH/Pod for SE deployment
- Default
- SE_CREATE_SSH
- Choices
- SE_CREATE_FLEET, SE_CREATE_SSH, SE_CREATE_POD
fleet_endpoint
- Type
- string
- Category
- optional
- Description
- Optional fleet remote endpoint if fleet is used for SE deployment
docker_registry_se
- Type
- DockerRegistry
- Category
- optional
- Description
- Docker registry for ServiceEngine image
se_spawn_rate
- Type
- uint32
- Category
- optional
- Description
- New SE spawn rate per minute
- Default
- 25
app_sync_frequency
- Type
- uint32
- Category
- optional
- Description
- Sync frequency in seconds with frameworks
- Default
- 60
disable_auto_se_creation
- Type
- bool
- Category
- optional
- Description
- Disable SE creation
- Default
- False
disable_auto_frontend_service_sync
- Type
- bool
- Category
- optional
- Description
- Disable auto service sync for front end services
- Default
- False
disable_auto_backend_service_sync
- Type
- bool
- Category
- optional
- Description
- Disable auto service sync for back end services
- Default
- False
se_volume
- Type
- string
- Category
- optional
- Description
- Host volume to be used as a disk for Avi SE, This is a disruptive change
- Default
- /opt/avi
coredump_directory
- Type
- string
- Category
- optional
- Description
- Directory to mount to check for core dumps on Service Engines. This will be mapped read only to /var/crash on any new Service Engines. This is a disruptive change
- Default
- /var/lib/systemd/coredump
ssh_se_deployment
- Type
- SSHSeDeployment
- Category
- optional
- Description
- Parameters for SSH SE deployment
enable_event_subscription
- Type
- bool
- Category
- optional
- Description
- Enable Kubernetes event subscription
- Default
- True
feproxy_vips_enable_proxy_arp
- Type
- bool
- Category
- optional
- Description
- Enable proxy ARP from Host interface for Front End proxies
- Default
- True
se_exclude_attributes
- Type
- MesosAttribute
- Category
- repeated
- Description
- Exclude hosts with attributes for SE creation
se_include_attributes
- Type
- MesosAttribute
- Category
- repeated
- Description
- Create SEs just on hosts with include attributes
nuage_controller
- Type
- NuageSDNController
- Category
- optional
- Description
- Nuage Overlay SDN Controller information
use_service_cluster_ip_as_ew_vip
- Type
- bool
- Category
- optional
- Description
- Use Cluster IP of service as VIP for East-West services; This option requires that kube proxy is disabled on all nodes
- Default
- False
default_service_as_east_west_service
- Type
- bool
- Category
- optional
- Description
- If there is no explicit east_west_placement field in virtualservice configuration, treat service as a East-West service; default services such a OpenShift API server do not have virtualservice configuration
- Default
- True
sdn_overlay
- Type
- bool
- Category
- optional
- Description
- Cluster uses overlay based SDN. Enable this flag if cluster uses a overlay based SDN for OpenShift, Flannel, Weave, Nuage. Disable for routed mode
- Default
- True
use_controller_image
- Type
- bool
- Category
- optional
- Description
- If true, use controller generated SE docker image via fileservice, else use docker repository image as defined by docker_registry_se
- Default
- False
service_account_token
- Type
- string
- Category
- optional
- Description
- Authorization token for service account instead of client certificate. One of client certificate or token is required
use_scheduling_disabled_nodes
- Type
- bool
- Category
- optional
- Description
- Enable VirtualService placement on Service Engines on nodes with scheduling disabled. When false, Service Engines are disabled on nodes where scheduling is disabled
- Default
- False
l4_health_monitoring
- Type
- bool
- Category
- optional
- Description
- Perform Layer4 (TCP/UDP) health monitoring even for Layer7 (HTTP) Pools
- Default
- False
ssh_user_ref
- Type
- Reference to CloudConnectorUser
- Category
- optional
- Description
- Cloud connector user uuid for SSH to hosts
routes_share_virtualservice
- Type
- bool
- Category
- optional
- Description
- Routes use shared virtualservices. If configured, all OpenShift Routes will be created under a parent VirtualService. OpenShift Services will not trigger a VirtualService creation
- Default
- False
default_shared_virtualservice
- Type
- OshiftSharedVirtualService
- Category
- optional
- Description
- Default shared virtualservice that acts as the parent for all OpenShift Routes
node_availability_zone_label
- Type
- string
- Category
- optional
- Description
- OpenShift/K8S Node label to be used as OpenShift/K8S Node's availability zone in a dual availability zone deployment. ServiceEngines belonging to the availability zone will be rebooted during a manual DR failover
secure_egress_mode
- Type
- bool
- Category
- optional
- Description
- Allow Avi Vantage to create Security Context Constraints and Service Accounts which allow Egress Pods to run in privileged mode in an Openshift environment. Assumption is that credentials provided have cluster-admin role when this mode is enabled.
- Default
- False
OshiftSharedVirtualService
virtualservice_name
- Type
- string
- Category
- optional
- Description
- Name of shared virtualservice. VirtualService will be created automatically by Cloud Connector
NsxConfiguration
nsx_manager_name
- Type
- string
- Category
- optional
- Description
- The hostname or IP address of the NSX MGr.
nsx_manager_username
- Type
- string
- Category
- optional
- Description
- The username Avi Vantage will use when authenticating with NSX Mgr.
nsx_manager_password
- Type
- string
- Category
- optional
- Description
- The password Avi Vantage will use when authenticating with NSX Mgr.
avi_nsx_prefix
- Type
- string
- Category
- optional
- Description
- This prefix will be added to the names of all NSX objects created by Avi Controller. It should be unique across all the Avi Controller clusters
nsx_poll_time
- Type
- uint32
- Category
- optional
- Description
- The interval (in secs) with which Avi Controller polls the NSX Manager for updates
- Default
- 300