In the bootstrap-config.yaml file, enter values of mandatory arguments that are required to register an Antrea container cluster to NSX-T Data Center.

If the VMware Container Networking™ with Antrea™ version in your container cluster is 1.7.0 or earlier, follow the instructions in this documentation to manually edit the bootstrap-config.yaml file that is available in the antrea-interworking.zip file.

If the VMware Container Networking™ with Antrea™ version in your container cluster is 1.8.0 or later, you can skip this documentation. Follow the instructions in task 6 of the Prerequisites for Registering an Antrea Container Cluster to NSX-T Data Center documentation to create the bootstrap configuration for the cluster.

Prerequisites
Ensure that you complete the prerequisite tasks for registering an Antrea container cluster to NSX-T. See Prerequisites for Registering an Antrea Container Cluster to NSX-T Data Center.
Bootstrap Configuration File

When you extract the antrea-interworking-version.zip file, you get a bootstrap-config.yaml file, which has some placeholder comments to help you fill the arguments in this file.

apiVersion: v1
kind: Namespace
metadata:
  name: vmware-system-antrea
  labels:
    app: antrea-interworking
    openshift.io/run-level: '0'
---
# NOTE: In production the bootstrap config and secret should be filled by admin
# manually or external automation mechanism.
apiVersion: v1
kind: ConfigMap
metadata:
  name: bootstrap-config
  namespace: vmware-system-antrea
data:
  bootstrap.conf: |
    # Fill in the cluster name. It should be unique across all clusters managed by NSX-T.
    clusterName: Name
    # Fill in the NSX manager IPs. If there are multiple IPs, separate them with commas.
    NSXManagers: [IP1, IP2, IP3]
    # vhcPath is optional. By default it is empty.
    vhcPath: ""
---
apiVersion: v1
kind: Secret
metadata:
  name: nsx-cert
  namespace: vmware-system-antrea
type: kubernetes.io/tls
data:
  # One line base64 encoded data. Can be generated by command: cat tls.crt | base64 -w 0
  tls.crt:
  # One line base64 encoded data. Can be generated by command: cat tls.key | base64 -w 0
  tls.key:
Specify Values of Mandatory Arguments

Each container cluster that you want to register to NSX-T requires a separate bootstrap-config.yaml file. Specify values for the following mandatory arguments in this file.

clusterName

Enter a unique name for the Antrea container cluster. This name must be unique across all container clusters that are registered to NSX-T. For example, cluster-sales.

NSXManagers

Enter an NSX Manager IP address. To specify IP addresses of multiple NSX Manager nodes in an NSX Manager cluster, separate the IP addresses with a comma.

Note: You can register an Antrea container cluster to a single NSX Manager cluster. A single cluster can have one to three NSX Manager nodes.

For example, if your NSX Manager cluster has three NSX Manager nodes, enter the configuration as [192.168.1.1, 192.168.1.2, 192.168.1.3]. If your cluster has a single NSX Manager node, enter the configuration as [192.168.1.1].

We recommended that you avoid adding the NSX Manager virtual IP (VIP) in this argument because the Antrea NSX Adapter needs to connect to all NSX Managers directly.

tls.crt

tls.crt is the self-signed certificate that you used to create the principal identity user in NSX-T.

Enter the one-line base64 encoded data of the TLS certificate for your container cluster.

For example, to print the encoded data of the cluster-sales.crt certificate file on your terminal, run the following command at the Linux CLI:

cat cluster-sales.crt | base64 -w 0
tls.key

Enter the one-line base64 encoded data of the private key file for your container cluster.

For example, to print the encoded data of the cluster-sales-private.key file on your terminal, run the following command at the Linux CLI:

cat cluster-sales-private.key | base64 -w 0

tls.key is not sent to NSX-T. The Management Plane Adapter and Central Control Plane Adapter use this key to prove that it owns the principal identity user.

Note: vhcPath argument is not used in NSX-T 3.2. Keep it empty.

Example: Bootstrap Configuration File

apiVersion: v1
kind: Namespace
metadata:
  name: vmware-system-antrea
  labels:
    app: antrea-interworking
    openshift.io/run-level: '0'
---
# NOTE: In production the bootstrap config and secret should be filled by admin
# manually or external automation mechanism.
apiVersion: v1
kind: ConfigMap
metadata:
  name: bootstrap-config
  namespace: vmware-system-antrea
data:
  bootstrap.conf: |
    clusterName: cluster-sales
    NSXManagers: [10.196.239.128, 10.196.239.129]
    vhcPath: ""
---
apiVersion: v1
kind: Secret
metadata:
  name: nsx-cert
  namespace: vmware-system-antrea
type: kubernetes.io/tls
data:
  tls.crt: LS0tLS1CRUd…LS0tLS0K
  tls.key: LS0tLS1CRUd…S0tLS0tCg==

What to do next

Submit the bootstrap-config.yaml file and the interworking.yaml Deployment manifest file to the Kubernetes API server to register the Antrea container cluster to NSX-T.