Blog
21 April, 2024
During my participation at VMware Explore 2022 in Barcelona, Spain, I decided to attend a session called “Securing and Monitoring Kubernetes Clusters with VMware Antrea, NSX, and vRealize Network Insight,” given by VMware Sr. TAM Bassem Rezkalla.
It was a very interesting session, particularly the conversation around the integration of Antrea CNI with NSX-T 3.2. This integration makes it possible to manage Network Policies for container workloads running in a Kubernetes cluster with NSX-T. We all know how challenging it is to manage network policies in K8s. This integration simplifies our work and helps us manage policies easily in one central location.
At the beginning of the session, we reviewed the architecture of Antrea CNI and what advantages we have in using it. It is amazing how many capabilities this product has and how dedicated VMware is to consistently improving it. The integration is made by deploying the Antrea NSX Adapter, which is the interworking pod in a K8s cluster.
Along with managing Network Policies, NSX-T provides us with visibility of K8s resources like Cluster, Namespaces, Pods, and Labels in NSX UI. Moreover, if we enable the FlowExporter feature in Antrea configuration, we can use Antrea Netflow (IPFIX) to get container network observability in vRealize Network Insight as well as create firewall rules in NSX-T based on the data in vRealize Network Insight.
The way I see things, this integration will be helpful not only to K8s administrators but also to network administrators that use NSX-T in their day-to-day job to get familiar with K8s networking and K8s in general. It’s impressive to see how VMware integrates its products to improve customer experience and technological aspects.
Written by: Anatoliy Sukhotin, DevOps Engineer