In the bootstrap-config.yaml file, enter values of mandatory arguments that are required to register an Antrea Kubernetes cluster to NSX.

If the VMware Container Networking™ with Antrea™ version in your Kubernetes cluster is 1.7.0 or earlier, follow the instructions in this documentation to manually edit the bootstrap-config.yaml file that is available in the antrea-interworking.zip file.

If the VMware Container Networking™ with Antrea™ version in your Kubernetes cluster is 1.8.0 or later, you can skip this documentation. Follow the instructions in task 6 of the Prerequisites for Registering an Antrea Kubernetes Cluster to NSX documentation to create the bootstrap configuration for the cluster.

Prerequisites
Ensure that you have completed the prerequisite tasks for registering an Antrea Kubernetes cluster to NSX. See Prerequisites for Registering an Antrea Kubernetes Cluster to NSX.
Bootstrap Configuration File

When you extract the antrea-interworking-version.zip file, you get a bootstrap-config.yaml file, which has some placeholder comments to help you fill the arguments in this file.

apiVersion: v1
kind: Namespace
metadata:
  name: vmware-system-antrea
  labels:
    app: antrea-interworking
    openshift.io/run-level: '0'
---
# NOTE: In production the bootstrap config and secret should be filled by admin
# manually or external automation mechanism.
apiVersion: v1
kind: ConfigMap
metadata:
  name: bootstrap-config
  namespace: vmware-system-antrea
data:
  bootstrap.conf: |
    # Fill in the cluster name. It should be unique across all clusters managed by NSX.
    clusterName: Name
    # Fill in the NSX manager IPs. If there are multiple IPs, separate them with commas.
    NSXManagers: [IP1, IP2, IP3]
    # vhcPath is deprecated and ignored. It is replaced by vpcPath.
    vhcPath: ""
    # vpcPath is supported only in Antrea-NSX interworking image v0.7 or later.
    vpcPath: ""
---
apiVersion: v1
kind: Secret
metadata:
  name: nsx-cert
  namespace: vmware-system-antrea
type: kubernetes.io/tls
data:
  # One line base64 encoded data. Can be generated by command: cat tls.crt | base64 -w 0
  tls.crt:
  # One line base64 encoded data. Can be generated by command: cat tls.key | base64 -w 0
  tls.key:
Specify Values of Mandatory Arguments

Each Kubernetes cluster that you want to register to NSX requires a separate bootstrap-config.yaml file. Specify values for the following mandatory arguments in this file.

clusterName

Enter a unique name for the Antrea Kubernetes cluster. This name must be unique across all Kubernetes clusters that are registered to NSX. For example, cluster-sales.

NSXManagers

Enter an NSX Manager IP address. To specify IP addresses of multiple NSX Manager nodes in an NSX Manager cluster, separate the IP addresses with a comma.

Note: You can register an Antrea Kubernetes cluster to a single NSX Manager cluster. A single cluster can have one to three NSX Manager nodes.

For example, if your NSX Manager cluster has three NSX Manager nodes, enter the configuration as [192.168.1.1, 192.168.1.2, 192.168.1.3]. If your cluster has a single NSX Manager node, enter the configuration as [192.168.1.1].

We recommended that you avoid adding the NSX Manager virtual IP (VIP) in this argument because the Antrea NSX Adapter needs to connect to all NSX Managers directly.

tls.crt

tls.crt is the self-signed certificate that you used to create the principal identity user in NSX.

Enter the one-line base64 encoded data of the TLS certificate for your Kubernetes cluster.

For example, to print the encoded data of the cluster-sales.crt certificate file on your terminal, run the following command at the Linux CLI:

cat cluster-sales.crt | base64 -w 0
tls.key

Enter the one-line base64 encoded data of the private key file for your Kubernetes cluster.

For example, to print the encoded data of the cluster-sales-private.key file on your terminal, run the following command at the Linux CLI:

cat cluster-sales-private.key | base64 -w 0

tls.key is not sent to NSX. The Management Plane Adapter and Central Control Plane Adapter use this key to prove that it owns the principal identity user.

Note: The vhcPath argument is deprecated and ignored, whereas the vpcPath argument is supported. However, the vpcPath argument is supported only in Antrea-NSX interworking image v0.7 or later, which is included with VMware Container Networking™ with Antrea™ v1.5.0. Earlier versions of Antrea-NSX interworking image does not support the vpcPath argument.

Example: Bootstrap Configuration File

apiVersion: v1
kind: Namespace
metadata:
  name: vmware-system-antrea
  labels:
    app: antrea-interworking
    openshift.io/run-level: '0'
---
# NOTE: In production the bootstrap config and secret should be filled by admin
# manually or external automation mechanism.
apiVersion: v1
kind: ConfigMap
metadata:
  name: bootstrap-config
  namespace: vmware-system-antrea
data:
  bootstrap.conf: |
    clusterName: cluster-sales
    NSXManagers: [10.196.239.128, 10.196.239.129]
    vpcPath: ""
---
apiVersion: v1
kind: Secret
metadata:
  name: nsx-cert
  namespace: vmware-system-antrea
type: kubernetes.io/tls
data:
  tls.crt: LS0tLS1CRUd…LS0tLS0K
  tls.key: LS0tLS1CRUd…S0tLS0tCg==

What to do next

Submit the bootstrap-config.yaml file and the interworking.yaml Deployment manifest file to the Kubernetes API server to register the Antrea Kubernetes cluster to NSX.