Mount a Certificate
File in the NCP Pod
You need to mount a certificate
file in the NCP Pod to configure certificate-based authentication with
NSX
API, or to configure a default certificate for SSL
offloading for the NSX
load balancer.For both cases, do the following:
- Create a secret with a certificate and a private key.
- Attach a secret volume to the NCP pod and mount the volume (see the ConfigMap sample below).
For certificate-based authentication with
NSX
API, specify the options
nsx_api_cert_file
and nsx_api_private_key_file
under [nsx_v3]
in the nsx-ncp-config ConfigMap with the mount path for
the certificate and key.For
NSX
load balancer SSL offloading, specify the options
lb_default_cert_path
and lb_priv_key_path
under
[nsx_v3]
in the nsx-ncp-config ConfigMap with the mount path for the
certificate and key.ConfigMap section where you specify the paths to
the certificate and
key:
volumes: - name: projected-volume projected: sources: # ConfigMap nsx-ncp-config is expected to supply ncp.ini - configMap: name: nsx-ncp-config items: - key: ncp.ini path: ncp.ini # To use cert based auth, uncomment and update the secretName, # then update ncp.ini with the mounted cert and key file paths #- secret: # name: nsx-secret # items: # - key: tls.crt # path: nsx-cert/tls.crt # - key: tls.key # path: nsx-cert/tls.key #- secret: # name: lb-secret # items: # - key: tls.crt # path: lb-cert/tls.crt # - key: tls.key # path: lb-cert/tls.key # To use JWT based auth, uncomment and update the secretName. #- secret: # name: wcp-cluster-credentials # items: # - key: username # path: vc/username # - key: password # path: vc/password