When you extract the antrea-interworking-version.zip file, you get a bootstrap-config.yaml file, which has some placeholder comments to help you fill the arguments in this file.

apiVersion: v1
kind: Namespace
metadata:
  name: vmware-system-antrea
  labels:
    app: antrea-interworking
    openshift.io/run-level: '0'
---
# NOTE: In production the bootstrap config and secret should be filled by admin
# manually or external automation mechanism.
apiVersion: v1
kind: ConfigMap
metadata:
  name: bootstrap-config
  namespace: vmware-system-antrea
data:
  bootstrap.conf: |
    # Fill in the cluster name. It should be unique across all clusters managed by NSX-T.
    clusterName: Name
    # Fill in the NSX manager IPs. If there are multiple IPs, separate them with commas.
    NSXManagers: [IP1, IP2, IP3]
    # vhcPath is optional. By default it is empty.
    vhcPath: ""
---
apiVersion: v1
kind: Secret
metadata:
  name: nsx-cert
  namespace: vmware-system-antrea
type: kubernetes.io/tls
data:
  # One line base64 encoded data. Can be generated by command: cat tls.crt | base64 -w 0
  tls.crt:
  # One line base64 encoded data. Can be generated by command: cat tls.key | base64 -w 0
  tls.key:

Each container cluster that you want to register to NSX-T requires a separate bootstrap-config.yaml file. Specify values for the following mandatory arguments in this file.

clusterName

Enter a unique name for the Antrea container cluster. This name must be unique across all container clusters that are registered to NSX-T. For example, cluster-sales.

NSXManagers

Enter an NSX Manager IP address. To specify IP addresses of multiple NSX Manager nodes in an NSX Manager cluster, separate the IP addresses with a comma.

Note: You can register an Antrea container cluster to a single NSX Manager cluster. A single cluster can have one to three NSX Manager nodes.

For example, if your NSX Manager cluster has three NSX Manager nodes, enter the configuration as [192.168.1.1, 192.168.1.2, 192.168.1.3]. If your cluster has a single NSX Manager node, enter the configuration as [192.168.1.1].

tls.crt

tls.crt is the self-signed certificate that you used to create the principal identity user in NSX-T.

Enter the one-line base64 encoded data of the TLS certificate for your container cluster.

For example, to print the encoded data of the cluster-sales.crt certificate file on your terminal, run the following command at the Linux CLI:

cat cluster-sales.crt | base64 -w 0

tls.key

Enter the one-line base64 encoded data of the private key file for your container cluster.

For example, to print the encoded data of the cluster-sales-private.key file on your terminal, run the following command at the Linux CLI:

cat cluster-sales-private.key | base64 -w 0

tls.key is not sent to NSX-T. The Management Plane Adapter and Central Control Plane Adapter use this key to prove that it owns the principal identity user.