The NSX node agent is a DaemonSet where each pod runs two containers. One container runs the NSX node agent, whose main responsibility is to manage container network interfaces. It interacts with the CNI plugin and the Kubernetes API server. The other container runs NSX kube-proxy, whose only responsibility is to implement Kubernetes service abstraction by translating cluster IPs into pod IPs. It implements the same functionality as the upstream kube-proxy.


  1. Download the NCP Docker image.

    The filename is nsx-ncp-xxxxxxx.tar, where xxxxxxx is the build number.

  2. Download the NSX node agent DaemonSet yaml template.

    The filename is nsx-node-agent-ds.yml. You can edit this file or use it as an example for your own template file.

  3. Load the NCP Docker image to your image registry.
        docker load -i <tar file>
  4. Edit nsx-node-agent-ds.yml.

    Change the image name to the one that was loaded.

    Make the following changes:

     node_type = 'BAREMETAL' 
     ovs_bridge = 'nsx-managed' 

    Uncomment the following lines:

          - NET_ADMIN
          - SYS_ADMIN
          - SYS_PTRACE
          - DAC_READ_SEARCH
          # For BMC usecase
          - DAC_OVERRIDE
    # mount nestdb-sock for baremetal node
    - name: nestdb-sock
    mountPath: /var/run/vmware/nestdb/nestdb-server.sock
    # volume for baremetal node
    - name: nestdb-sock
       path: /var/run/vmware/nestdb/nestdb-server.sock
       type: Socket


    In the yaml file, you must specify that the ConfigMap generated for ncp.ini must be mounted as a ReadOnly volume. The downloaded yaml file already has this specification, which should not be changed.

  5. Create the NSX node agent DaemonSet with the following command.
        oc apply -f nsx-node-agent-ds.yml