If your Kubernetes cluster does not have Internet access or you have specific security restrictions, work with your infrastructure administrator to upload the NSX Application Platform Helm charts and Docker images to a private container registry that you can access and use to deploy the NSX Application Platform.

Note: The following steps were validated using a private Harbor container registry. If you are using another container registry, you might need to adjust some steps for that registry.
Your infrastructure administrator (or anyone who has access to the TKC or upstream Kubernetes cluster in which the private container registry is installed) must perform the following steps.

Prerequisites

  • Your infrastructure administrator must install a private container registry, such as Harbor, with chart repository service. For details, see the Harbor Installation with Chart Repository Service webpage. They are going to use this private container registry to host the NSX Application Platform Helm charts and Docker images.
    Important: If you are using a VMware Tanzu Kubernetes Cluster (TKC), do not use its embedded Harbor container registry for hosting the NSX Application Platform Helm charts and Docker images. Your infrastructure administrator must set up a separate Harbor container registry.
  • For a production environment, your infrastructure administrator must also obtain a CA certificate (signed by a reputable public Certificate Authority) to configure HTTPS access to the private Harbor container registry that they installed. For more information, see the Configure HTTPS Access to Harbor webpage.
  • Ensure that the Docker tool is installed and configured correctly on the system that will be used for uploading the images and charts. The Login succeeded must be displayed after running the following command. 
    docker login <private-registry-URL> --username <private-registry-account-name> --password <private-registry-account-password>
  • Verify that the curl tool is installed on the system that will be used for uploading the images. Use the following command to verify. The curl version is displayed if the curl is installed.
    curl --version

Procedure

  1. Download the NSX Application Platform deployment bundle from the VMware Product Download portal for NSX 3.2.1.1 or later. Save the bundle to a system from which you can upload the Helm charts and Docker images to your private container registry.
    Use the NSX download page appropriate for the latest NSX Application Platform version available or the version that you want to deploy.
  2. Extract the contents of the NSX Application Platform deployment bundle using the following command. The <version-number> is the specific version number and the build number of the bundle. For example, VMware-NSX-Application-Platform-4.0.1.0.0.59353010.tgz. 
    tar xvf VMware-NSX-Application-Platform-<version-number>.tgz

    This step might take several minutes to finish.

  3. Locate and edit the upload_artifacts_to_private_harbor.sh script file or the upload_oci_artifacts_to_private_harbor.sh file with a text editor.

    You use the upload_artifacts_to_private_harbor.sh to upload the extracted NSX Application Platform Helm charts and Docker images to a ChartMuseum-compatible private container registry.

    Important:

    You must use the default ChartMuseum-compatible private container registry if you are deploying NSX Application Platform version 4.0.1.x using NSX version 3.2.x or 4.0.0.1.

    If you are using an OCI-compatible private container registry, use the upload_oci_artifacts_to_private_harbor.sh script file to upload the extracted NSX Application Platform Helm charts and Docker images.

    1. Set the DOCKER_REPO property to the URL for your private container registry.
      For example, DOCKER_REPO=harbor-repo.vmware.com/nsx_intelligence
    2. Set the DOCKER_USERNAME property to the user name of the private container registry account.
    3. Set the DOCKER_PASSWORD property to the password of the private container registry account.
    4. Save the changes in the script file.
  4. Change the executable permission for the modified shell script file using one of the following commands, depending on the type of container registry you are using.
    For a ChartMuseum-compatible private container registry, use the following command. 
    chmod +x upload_artifacts_to_private_harbor.sh
    For an OCI-compatible private container registry, use the following command. 
    chmod +x upload_oci_artifacts_to_private_harbor.sh
  5. Run the script file using the following command.
    For a ChartMuseum-compatible private container registry, use the following command. 
    ./upload_artifacts_to_private_harbor.sh
    For an OCI-compatible private container registry, use the following command. 
    ./upload_oci_artifacts_to_private_harbor.sh

Results

The system uploads the NSX Application Platform Helm charts and Docker images to your private container registry.

What to do next

The NSX enterprise administrator must continue to ensure that the prerequisites listed in NSX Application Platform Deployment Prerequisites are met before continuing with the NSX Application Platform deployment.