Antrea is a container network interface (CNI) plugin from VMware that provides network connectivity and security features to pods in container clusters that are based on Kubernetes.
The objective is to connect container clusters that use Antrea CNI plug-in to the NSX Management Plane and Central Control Plane (CCP). To achieve this integration, you must deploy Antrea NSX Adapter on all the container clusters that you want to integrate to NSX.
Benefits of Integration
- View Antrea container cluster resources in the NSX Manager UI (Policy mode).
- Define groups and security policies in NSX that reference Antrea container cluster resources.
- Distribute the NSX security policies to the container clusters for enforcement in the cluster by the Antrea CNI network plug-in.
- Extend the NSX network diagnostic and troubleshooting features to the Antrea container clusters, such as collecting Support Bundles, logs and creating Traceflow.
- Monitor the runtime state and health status of Antrea container cluster components and Antrea Agents in the NSX Manager UI.
All NSX-Antrea integration features can work when Antrea is either a primary or a secondary CNI in a container cluster.
Interoperability Requirements
For NSX and Antrea integration, specific interoperability requirements must be met. For more details, see VMware Product Interoperability Matrix.
Antrea CNI in networkPolicyOnly Mode
NSX can be integrated to Antrea container clusters in which Antrea CNI is deployed to run in a networkPolicyOnly mode. In such a case, Antrea runs as a secondary CNI and does the task of enforcing network policies in the cluster. The native routed CNI (primary CNI) does the IP address management and pod network connectivity tasks.
To set up Antrea CNI to run in a networkPolicyOnly mode, you need to deploy VMware Container Networking™ with Antrea™ v1.8 or later in your container cluster.
All NSX-Antrea integration features that are discussed in this chapter are supported when Antrea CNI is deployed in a networkPolicyOnly mode.