VMware NSX Plugin Installation#

This guide provides detailed instructions for installing the EDA Connect VMware NSX plugin.

Prerequisites#

Before installing or deploying the VMware NSX plugin components, ensure that:

The Cloud Connect Core application is properly installed in the cluster (see Cloud Connect Installation)
VMware vSphere Plugin is deployed for each vCenter managed by NSX (see VMware vSphere Plugin Installation)
You have read-only access credentials to the VMware NSX environment

Installation Steps#

To deploy the VMware NSX plugin, complete the following tasks:

Deploy the plugin app
Deploy the plugin instance

Step 1: Connect VMware NSX Plugin App Deployment#

The VMware NSX plugin app is an application in the EDA app ecosystem. It can be easily installed using the EDA Store UI.

Installation Using EDA Store UI#

Navigate to the EDA Store in the EDA UI
Locate the VMware NSX Plugin App
Click Install
Complete the installation

Installation Using Kubernetes API#

If you prefer installing the plugin using the Kubernetes API, you can do so by creating the following Workflow resource:

YAML Resourcekubectl apply command

apiVersion: appstore.eda.nokia.com/v1
kind: AppInstaller
metadata:
  name: nsx-plugin
  namespace: eda-system
spec:
  operation: install
  apps:
    - appId: nsx.eda.nokia.com
      catalog: eda-catalog-builtin-apps
      version:
        type: semver
        value: v5.0.0

kubectl apply -f - <<EOF
apiVersion: appstore.eda.nokia.com/v1
kind: AppInstaller
metadata:
  name: nsx-plugin
  namespace: eda-system
spec:
  operation: install
  apps:
    - appId: nsx.eda.nokia.com
      catalog: eda-catalog-builtin-apps
      version:
        type: semver
        value: v5.0.0

EOF

Step 2: Connect VMware NSX Plugin Deployment#

Create a Secret for NSX Credentials#

A prerequisite for creating a NsxPluginInstance resource is a Secret resource with username and password fields that contain the account information for an account that can connect to the VMware NSX environment and has read-only access to the cluster so that it can monitor the necessary resources.

YAML Resourcekubectl apply command

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: my-vmware-creds
  namespace: eda-system
  labels:
    "eda.nokia.com/backup": "true"
data: 
  username: YWRtaW4K # base64 encoded
  password: YWRtaW4K # base64 encoded

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: my-vmware-creds
  namespace: eda-system
  labels:
    "eda.nokia.com/backup": "true"
data: 
  username: YWRtaW4K # base64 encoded
  password: YWRtaW4K # base64 encoded

EOF

Base64 encoding

Use the following command to base64 encode your username and password:

echo -n myUsernameOrPassword | base64

mandatory label

The secrets used by the EDA plugins must have the eda.nokia.com/backup: "true" label.

Create the NSX Plugin Instance#

As the VMware NSX plugins are managed through the operator, you can use the EDA UI to create a new NsxPluginInstance resource under the System Administration > Connect > NSX Plugins menu item.

As an alternative, you can also create the same NsxPluginInstance using the following custom resource example. Make sure to replace the specified values with their relevant content.

vCenterFQDN

The vCenterFQDN field has to correspond to the "FQDN or IP Address" field when creating the compute manager in NSX.

Note

A VMware NSX instance can manage multiple VMware vCenter servers. This is reflected by referencing the vCenters and the corresponding Connect VMware vCenter plugins in the NsxPluginInstance.

YAML Resourcekubectl apply command

apiVersion: vmware.eda.nokia.com/v1
kind: NsxPluginInstance
metadata:
  name: my-nsx-plugin-instance # A unique name for the plugin resource (can be the same as the spec.name, or different)
  namespace: eda-system # The system namespace.
spec:
  pluginNamespace: eda # The namespace in the EDA deployment holding the fabric associated with this plugin
  externalId: example-external-id # A unique Identifier for the plugin (can be same as the name)
  heartbeatInterval: 30
  name: example-NSX # A unique name for the plugin
  nsxManagementIP: exampleHost # The IP address of the NSX Server
  nsxPollInterval: 2 # The plugin will poll NSX for changes every x seconds
  nsxTlsVerify: false # To verify TLS of the NSX server
  nsxCertificate: "" # If the NSX certificate is self signed, add it here to be able to verify from the plugin
  authSecretRef: my-nsx-creds # Credentials are hosted in a separate Secret
  vCenters:
    - vCenterFQDN: x.y.z # FQDN or IP of the Vcenter as defined in NSX
      vmwarePluginID: example-VMWARE # Name of the Vcenter Plugin

kubectl apply -f - <<EOF
apiVersion: vmware.eda.nokia.com/v1
kind: NsxPluginInstance
metadata:
  name: my-nsx-plugin-instance # A unique name for the plugin resource (can be the same as the spec.name, or different)
  namespace: eda-system # The system namespace.
spec:
  pluginNamespace: eda # The namespace in the EDA deployment holding the fabric associated with this plugin
  externalId: example-external-id # A unique Identifier for the plugin (can be same as the name)
  heartbeatInterval: 30
  name: example-NSX # A unique name for the plugin
  nsxManagementIP: exampleHost # The IP address of the NSX Server
  nsxPollInterval: 2 # The plugin will poll NSX for changes every x seconds
  nsxTlsVerify: false # To verify TLS of the NSX server
  nsxCertificate: "" # If the NSX certificate is self signed, add it here to be able to verify from the plugin
  authSecretRef: my-nsx-creds # Credentials are hosted in a separate Secret
  vCenters:
    - vCenterFQDN: x.y.z # FQDN or IP of the Vcenter as defined in NSX
      vmwarePluginID: example-VMWARE # Name of the Vcenter Plugin

EOF

Name and External ID constraints

The plugin name and external ID must comply with the regex check of '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]' and can only contain alphanumerical characters and ., _ and -. It must start with an alphanumerical character, and have a length of 63 characters or fewer.

Post-Installation Verification#

After deploying the plugin instance, verify that it is running:

kubectl get pods -n eda-system | grep nsx

Check that the plugin has registered with Connect:

kubectl get connectplugins -n <plugin-namespace>

You should see your NSX plugin listed with status information.

Configuration Parameters#

The NsxPluginInstance resource supports the following key parameters:

Parameter	Description	Required
`name`	Unique name for the plugin instance	Yes
`namespace`	EDA namespace containing the fabric	Yes
`externalID`	Unique identifier for the NSX environment	Yes
`nsxManagementIP`	FQDN or IP address of the NSX Manager (eg. nsx.example.com). Note that no URI scheme should be provided.	Yes
`authSecretRef`	Reference to the Kubernetes Secret with credentials	Yes
`heartbeatInterval`	Interval in seconds for heartbeat updates	No (default: 30)
`nsxTlsVerify`	Whether to verify the TLS certificate of NSX (default: true).	No
`nsxCertificate`	PEM encoded certificate for NSX if self-signed (default: empty).	No
`nsxPollInterval`	Interval in seconds for polling NSX for changes (default: 2).	No (default: 60)
`vCenters`	List of vCenter references with FQDN and plugin names	Yes

Next Steps#

After installation, proceed to:

Configure VLAN or overlay segments in NSX
Set up NSX tags for EDA-managed mode (if required)
Review the VMware NSX Plugin documentation for usage and operational modes