Installing NSX Container Plug-in (NCP) requires installing components on the master and Kubernetes nodes. Install NSX-T Data Center CNI Plug-inNSX-T Data Center CNI plug-in must be installed on the Kubernetes nodes. Install and Configure OVSInstall and configure OVS (Open vSwitch) on the minion nodes. Configure NSX-T Data Center Networking for Kubernetes NodesThis section describes how to configure NSX-T Data Center networking for Kubernetes master and worker nodes. Install NSX Node AgentThe NSX node agent is a DaemonSet where each pod runs two containers. One container runs the NSX node agent, whose main responsibility is to manage container network interfaces. It interacts with the CNI plugin and the Kubernetes API server. The other container runs NSX kube-proxy, whose only responsibility is to implement Kubernetes service abstraction by translating cluster IPs into pod IPs. It implements the same functionality as the upstream kube-proxy. Configmap for ncp.ini in nsx-node-agent-ds.ymlThe sample yaml file nsx-node-agent-ds.yml contains a ConfigMap for the configuration file ncp.ini for the NSX node agent. This ConfigMap section contains parameters that you can specify to customize your node agent installation. Install NSX Container Plug-inNSX Container Plug-in (NCP) is delivered as a Docker image. NCP should run on a node for infrastructure services. Running NCP on the master node is not recommended. Configmap for ncp.ini in ncp-rc.ymlThe sample YAML file ncp-rc.yml contains a ConfigMap for the configuration file ncp.ini. This ConfigMap section contains parameters that you must specify before you install NCP, as described in the previous section. Mount a PEM Encoded Certificate and a Private Key in the NCP PodIf you have a PEM encoded certificate and a private key, you can update the NCP pod definition in the yaml file to mount the TLS secrets in the NCP Pod. Mount a Certificate File in the NCP PodIf you have a certificate file in the node file system, you can update the NCP pod specification to mount the file in the NCP pod. Configuring SyslogYou can run a syslog agent such as rsyslog or syslog-ng in a container to send logs from NCP and related components to a syslog server. Security ConsiderationsWhen deploying NCP, it is important to take steps to secure both the Kubernetes and the NSX-T Data Center environments. Tips on Configuring Network ResourcesWhen configuring some network resources, you should be aware of certain restrictions.