VMware NSX Container Plugin 4.1

4.2 4.1 4.0 3.2 3.1 3.0
简体中文 Deutsch Español Français Italiano 日本語 한국어 繁體中文 English

Overview of
NSX Container Plugin

NSX Container Plugin
 (NCP) provides integration between
NSX
 and container orchestrators such as Kubernetes, as well as integration between
NSX
 and container-based PaaS (platform as a service) products such as OpenShift and Tanzu Application Service (TAS). This guide describes setting up NCP with Kubernetes and TAS.
The main component of NCP runs in a container and communicates with NSX Manager and with the Kubernetes control plane. NCP monitors changes to containers and other resources and manages networking resources such as logical ports, switches, routers, and security groups for the containers by calling the NSX API.
The NSX CNI plugin runs on each Kubernetes node. It monitors container life cycle events, connects a container interface to the guest vSwitch, and programs the guest vSwitch to tag and forward container traffic between the container interfaces and the VNIC.
NCP provides the following functionalities:
  • Automatically creates an
    NSX
     logical topology for a Kubernetes cluster, and creates a separate logical network for each Kubernetes namespace.
  • Connects Kubernetes pods to the logical network, and allocates IP and MAC addresses.
  • Supports network address translation (NAT) and allocates a separate SNAT IP for each Kubernetes namespace.
    When configuring NAT, the total number of translated IPs cannot exceed 1000.
  • Implements Kubernetes network policies with
    NSX
     distributed firewall.
    • Support for ingress and egress network policies.
    • Support for
      IPBlock
       selector in network policies.
    • Support for
      matchLabels
       and
      matchExpression
       when specifying label selectors for network policies.
    • Support for selecting pods in another namespace.
  • Implements Kubernetes service of type
    ClusterIP
     and service of type
    LoadBalancer
    .
  • Implements Kubernetes Ingress with
    NSX
     layer 7 load balancer.
    • Support for HTTP Ingress and HTTPS Ingress with TLS edge termination.
    • Support for Ingress default backend configuration.
    • Support for redirect to HTTPS, path rewrite, and path pattern matching.
  • Creates tags on the
    NSX
     logical switch port for the namespace, pod name, and labels of a pod, and allows the administrator to define
    NSX
     security groups and policies based on the tags.
  • Multicast is supported between pods in the same namespace, but is not supported between pods in different namespaces.
NCP supports a single Kubernetes cluster. You can have multiple Kubernetes clusters, each with its distinct NCP instance, using the same
NSX
 deployment.

Content feedback and comments