In the bootstrap-config.yaml file, enter values of mandatory arguments that are required to register an Antrea Kubernetes cluster to NSX.
If the VMware Container Networking™ with Antrea™ version in your Kubernetes cluster is 1.7.0 or earlier, follow the instructions in this documentation to manually edit the bootstrap-config.yaml file that is available in the antrea-interworking.zip file.
If the VMware Container Networking™ with Antrea™ version in your Kubernetes cluster is 1.8.0 or later, you can skip this documentation. Follow the instructions in task 6 of the Prerequisites for Registering an Antrea Kubernetes Cluster to NSX documentation to create the bootstrap configuration for the cluster.
- Prerequisites
- Ensure that you have completed the prerequisite tasks for registering an Antrea Kubernetes cluster to NSX. See Prerequisites for Registering an Antrea Kubernetes Cluster to NSX.
- Bootstrap Configuration File
-
When you extract the antrea-interworking-version.zip file, you get a bootstrap-config.yaml file, which has some placeholder comments to help you fill the arguments in this file.
apiVersion: v1 kind: Namespace metadata: name: vmware-system-antrea labels: app: antrea-interworking openshift.io/run-level: '0' --- # NOTE: In production the bootstrap config and secret should be filled by admin # manually or external automation mechanism. apiVersion: v1 kind: ConfigMap metadata: name: bootstrap-config namespace: vmware-system-antrea data: bootstrap.conf: | # Fill in the cluster name. It should be unique across all clusters managed by NSX. clusterName: Name # Fill in the NSX manager IPs. If there are multiple IPs, separate them with commas. NSXManagers: [IP1, IP2, IP3] # vhcPath is deprecated and ignored. It is replaced by vpcPath. vhcPath: "" # vpcPath is supported only in Antrea-NSX interworking image v0.7 or later. vpcPath: "" --- apiVersion: v1 kind: Secret metadata: name: nsx-cert namespace: vmware-system-antrea type: kubernetes.io/tls data: # One line base64 encoded data. Can be generated by command: cat tls.crt | base64 -w 0 tls.crt: # One line base64 encoded data. Can be generated by command: cat tls.key | base64 -w 0 tls.key:
- Specify Values of Mandatory Arguments
-
Each Kubernetes cluster that you want to register to NSX requires a separate bootstrap-config.yaml file. Specify values for the following mandatory arguments in this file.
- clusterName
-
Enter a unique name for the Antrea Kubernetes cluster. This name must be unique across all Kubernetes clusters that are registered to NSX. For example, cluster-sales.
- NSXManagers
-
Enter an NSX Manager IP address. To specify IP addresses of multiple NSX Manager nodes in an NSX Manager cluster, separate the IP addresses with a comma.
Note: You can register an Antrea Kubernetes cluster to a single NSX Manager cluster. A single cluster can have one to three NSX Manager nodes.For example, if your NSX Manager cluster has three NSX Manager nodes, enter the configuration as [192.168.1.1, 192.168.1.2, 192.168.1.3]. If your cluster has a single NSX Manager node, enter the configuration as [192.168.1.1].
We recommended that you avoid adding the NSX Manager virtual IP (VIP) in this argument because the Antrea NSX Adapter needs to connect to all NSX Managers directly.
- tls.crt
-
tls.crt is the self-signed certificate that you used to create the principal identity user in NSX.
Enter the one-line base64 encoded data of the TLS certificate for your Kubernetes cluster.
For example, to print the encoded data of the cluster-sales.crt certificate file on your terminal, run the following command at the Linux CLI:
cat cluster-sales.crt | base64 -w 0
- tls.key
-
Enter the one-line base64 encoded data of the private key file for your Kubernetes cluster.
For example, to print the encoded data of the cluster-sales-private.key file on your terminal, run the following command at the Linux CLI:
cat cluster-sales-private.key | base64 -w 0
tls.key is not sent to NSX. The Management Plane Adapter and Central Control Plane Adapter use this key to prove that it owns the principal identity user.
Example: Bootstrap Configuration File
apiVersion: v1 kind: Namespace metadata: name: vmware-system-antrea labels: app: antrea-interworking openshift.io/run-level: '0' --- # NOTE: In production the bootstrap config and secret should be filled by admin # manually or external automation mechanism. apiVersion: v1 kind: ConfigMap metadata: name: bootstrap-config namespace: vmware-system-antrea data: bootstrap.conf: | clusterName: cluster-sales NSXManagers: [10.196.239.128, 10.196.239.129] vpcPath: "" --- apiVersion: v1 kind: Secret metadata: name: nsx-cert namespace: vmware-system-antrea type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUd…LS0tLS0K tls.key: LS0tLS1CRUd…S0tLS0tCg==
What to do next
Submit the bootstrap-config.yaml file and the interworking.yaml Deployment manifest file to the Kubernetes API server to register the Antrea Kubernetes cluster to NSX.