K8s/OCP Metadata / NSX Logical Port Mapping ▶ kubectl get pod nsx-demo-rc-c7x65 -o yaml apiVersion: v1 kind: Pod metadata: creationTimestamp: 2018-07-25T12:05:56Z generateName: nsx-demo-rc- labels: app: nsx-demo name: nsx-demo-rc-c7x65 namespace: nsx-ujo Metadata within Kubernetes like Namespace, Pod names, Labels all get copied to the NSX Logical Port as Port Tags
Pre-Created Security Groups / Firewall rules (admin rules) NSX can be configured to collect ports and switches in dynamic security groups based on Tags (Kubernetes Metadata) and apply Firewall rules on them Match on Port Tags Matching Pods are part of the Group Groups are used in Firewall sections as src and dst
Built-in Load Balancing NCM Infra K8s / OS Adapter CloudFoundry Adapter Libnetwork Adapter NSX Container Plugin More… NSX Manager API Client NSX Manager K8s/ocp master etcd API-Server Scheduler Virtual Server 10.114.209.209 HTTP and/or HTTPS traffic Server Pool 1 Server Pool 2 Rule 2 /bar/ Rule 1 /foo/ LB Service NCM Infra K8s / OS Adapter CloudFoundry Adapter Libnetwork Adapter NSX Container Plugin More… NSX Manager API Client NSX Manager K8s/ocp master etcd API-Server Scheduler Virtual Server 10.114.209.212 TCP and/or UDP traffic Server Pool LB Service Offload the Openshift Router to the highly performant NSX-T LoadBalancer. It creates one single VIP for router and creates L7 rules for every Route. It also create L4 VIP for every Service of Type LoadBalancer.
NSX-T Data Center Values for Containers Enterprise-class Networking Advanced Security Enhanced Operations Full Network Visibility Enterprise Support Unified VM-to- Container Networking Micro- Segmentation N S X - T Va l u e s f o r C o n t a i n e r s F e a t u r e s