The NSX-T Data Center load balancer is integrated with Kubernetes. Configuring Load BalancingYou can configure NSX-T load balancer integration with NCP for Kubernetes LoadBalancer services and Ingress resources. Setting Persistence for Layer 4 and Layer 7 Load BalancerYou can specify a persistence setting with the parameters l4_persistence and l7_persistence in the NCP ConfigMap. IngressNCP will create one layer 7 load balancer for Ingresses with TLS specification, and one layer 7 load balancer for Ingresses without TLS specification. You can also create CRDs (CustomResourceDefinitions) to handle Ingress scaling. LoadBalancer CRDs to Handle Ingress ScalingYou can create CRDs (CustomResourceDefinitions) to monitor the usage of NSX load balancers and to create additional NSX layer 7 load balancers to handle Ingress workloads that the default load balancer cannot handle. These CRDs are not for scaling layer 4 load balancers that are created for Kubernetes LoadBalancer services. Service of Type LoadBalancerNCP will create a layer 4 load balancer virtual server and pool for each service port. Load Balancer and Network PolicyWhen traffic is forwarded to the pods from the NSX load balancer virtual server, the source IP is the tier-1 router's uplink port's IP address. This address is on the private tier-1 transit network, and can cause the CIDR-based network policies to disallow traffic that should be allowed. Sample Script to Generate a CA-Signed CertificateYou can create a script to generate a CA-signed certificate and a private key stored in the files <filename>.crt and <finename>.key, respectively. Third-party Ingress ControllersYou can configure NCP to support third-party Ingress controllers.