If you have a PEM encoded certificate and a private key, you can update the NCP pod definition in the yaml file to mount the TLS secrets in the NCP Pod.

  1. Create a TLS secret for the certificate and private key.

      kubectl create secret tls SECRET_NAME --cert=/path/to/tls.crt --key=/path/to/tls.key
  2. Update the NCP pod specification yaml to mount the secret as files in the NCP Pod specification.

      spec:
        ...
        containers:
        - name: nsx-ncp
          ...
          volumeMounts:
          ... 
          - name: nsx-cert
            mountPath: /etc/nsx-ujo/nsx-cert
            readOnly: true
        volumes:
        ...
        - name: nsx-cert
          secret:
            secretName: SECRET_NAME
  3. Update the nsx_v3 options nsx_api_cert_file and nsx_api_private_key_file in the yaml file.

      nsx_api_cert_file = /etc/nsx-ujo/nsx-cert/tls.crt
      nsx_api_private_key_file = /etc/nsx-ujo/nsx-cert/tls.key