The NSX node agent is a DaemonSet where each pod runs two containers. One container runs the NSX node agent, whose main responsibility is to manage container network interfaces. It interacts with the CNI plugin and the Kubernetes API server. The other container runs NSX kube-proxy, whose only responsibility is to implement Kubernetes service abstraction by translating cluster IPs into pod IPs. It implements the same functionality as the upstream kube-proxy.
- Download the NCP Docker image.
The filename is nsx-ncp-xxxxxxx.tar, where xxxxxxx is the build number.
- Download the NSX node agent DaemonSet yaml template.
The filename is nsx-node-agent-ds.yml. You can edit this file or use it as an example for your own template file.
- Load the NCP Docker image to your image registry.
docker load -i <tar file>
- Edit nsx-node-agent-ds.yml.
Change the image name to the one that was loaded.
Make the following changes:
[coe] node_type = 'BAREMETAL' ... [nsx_node_agent] ovs_bridge = 'nsx-managed'
Uncomment the following lines:
securityContext: capabilities: add: - NET_ADMIN - SYS_ADMIN - SYS_PTRACE - DAC_READ_SEARCH # For BMC usecase - DAC_OVERRIDE volumeMounts: … # mount nestdb-sock for baremetal node - name: nestdb-sock mountPath: /var/run/vmware/nestdb/nestdb-server.sock volumes: … # volume for baremetal node - name: nestdb-sock hostPath: path: /var/run/vmware/nestdb/nestdb-server.sock type: SocketNote:
In the yaml file, you must specify that the ConfigMap generated for ncp.ini must be mounted as a ReadOnly volume. The downloaded yaml file already has this specification, which should not be changed.
- Create the NSX node agent DaemonSet with the following command.
oc apply -f nsx-node-agent-ds.yml