After you deploy a cluster using Antrea Operator, you can install the interworking pods.

  1. Create a Principal Identity user in NSX. This involves creating a certificate (self-signed or CA signed), uploading the certificate to NSX and selecting the Enterprise Admin role. For more information, see https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-DC9552EA-D324-4959-BEE8-8609BC1FF1C3.html. This involves creating a certificate (self-signed or CA-signed), uploading the certificate to NSX and selecting the Enterprise Admin role.

    Screenshot of step 1

  2. Edit the Antrea configuration in the openshift/operator.antrea.vmware.com_v1_antreainstall_cr.yaml file.
    1. Edit the bootstrapConfig section:
      • clusterName: Name of the Antrea cluster. This name is visible in the NSX UI/API and identifies the Antrea cluster.
      • NSXManagers: The IP addresses or FQDNs of the NSX Managers of an NSX instance. Each Antrea cluster can be registered with only one NSX instance. However, a single NSX instance can have multiple Antrea clusters registered to it. An NSX instance can have one NSX Manager or a cluster of three NSX Managers.
      • vhcPath: For future use.
    2. For the parameter interworkingImage, specify the location of the antrea-operator-interworking image.
    3. Set the parameter enableInterworking to true to deploy the Antrea cluster. Set it to false to deregister the Antrea cluster.

      If you want to make changes to the Antrea configuration, you must deregister the cluster, make the changes, and re-deploy the cluster.

    Screenshot of step 2

  3. Verify that the Operator pod is running. If the Operator pod is not running, the Antrea interworking will not succeed.

    Screenshot of step 3

  4. Check the antreainstall configuration. The enableInterworking parameter should be false, meaning disabled.

    Screenshot of step 4

  5. Edit nsx-cert.yaml and add the certificate information of the principal identity created in step 1. Note that tls.crt and tls.key are one-line base64-encoded data.

  6. Apply the Operator configuration changes.
    oc apply -f operator.antrea.vmware.com_v1_antreainstall_cr.yaml
  7. Apply the nsx-cert yaml file.
    oc apply -f nsx-cert.yaml
  8. Check the status.
    oc get pods -n vmware-system-antrea

    Screenshot of step 8

    After a few seconds, the Antrea cluster should be registered with NSX. In the NSX Manager UI, under System > Fabric > Nodes > Container Clusters > Antrea, you should see the cluster and the status should be green.

    Under Inventory > Containers > Clusters, you can see information about the cluster.

    Screenshot of step 8

    The Antrea cluster is now controlled by NSX.