NSX Container Plugin (NCP) Architecture

The purpose of this blog post is to describe the NSX Container Plugin (NCP) Architecture in detail so that you will have a good understanding of why is it created, what are the components and how it works. With that knowledge, hopefully it will comes in handy when you require to perform troubleshooting when things does not goes well as you expected.

NCP Architecture

Screen Shot 2019-09-04 at 9.24.34 AM

These are the NCP components and its purpose.

  • NCP

    Translating Kubernetes resources to NSX-T objects

  • NSX-Node-Agent

    Forward pod network information

    Plumb pod interface to OpenvSwitch inside node vm

  • NSX CNI plugin

    CNI interface between kubelet and nsx-node-agent

  • NSX-Kube-Proxy

    Translate Service(ClusterIP) of Kubernetes Resources into OpenvSwitch configuration

  • OpenvSwitch

    Provide container networking and Service(Cluster IP)

    Isolate Pod traffic in VM

Where are the components running?

Screen Shot 2019-09-04 at 9.37.07 AM

  • NCP

    • Deployed as a Pod of Kubernetes.
    • Only single instance is running on one of kubernetes node

  • NSX Node Agent

    • Deployed as a DaemonSet of Kubernetes
    • Every Kubernetes nodes has NSX-Node-Agent

  • OpenvSwitch

    • Virtual switch installed inside Kuberntes nodes
    • Every Kubernetes nodes has OpenvSwitch

  • NSX CNI plugin

    • CNI plugin used in NSX-T integration.
    • Installed in every Kubernetes nodes

Purpose of OpenvSwitch

Screen Shot 2019-09-04 at 9.40.17 AM

  • Distributed Firewall (DFW) at Host
  • Micro-segmentation Pod to Pod traffic

Watch a video recording on NCP Architecture

Credits

I would like to thank the following people:-

– Yuki Tsuboi, Customer Success Architect, APJ for the architecture diagrams and explains.

– Yasen, Snr Technical Product Manager, NSBU for his guidance, especially on the installation.