![]() ![]() The cluster name must be unique in NSX-T. NSX-T prevents other users from accidentally overwriting the inventory resources.Įach Antrea container cluster requires a different PI user. The PI user owns the inventory resources that are reported by the adapters. The Management Plane Adapter and Central Control Plane Adapter use the principal identity (PI) user account to authenticate with an NSX Manager and identify themselves as the principal identity. csr file, ensure that the Common Name (CN) is different for each Openssl req command that you use to create the Openssl x509 -req -days 3650 -sha256 -in cluster-sales.csr -signkey cluster-sales-private.key -out cluster-sales.crt Openssl req -new -key cluster-sales-private.key -out cluster-sales.csr -subj "/C=US/ST=CA/L=Palo Alto/O=VMware/OU=Antrea Cluster/CN=cluster-sales" openssl genrsa -out cluster-sales-private.key 2048 The following OpenSSL commands generate a private key file, a certificate signing request file, and a self-signed certificate file for this cluster. Using OpenSSL commands, create a self-signed security certificate for each Antrea container cluster that you want register to NSX-T.įor example, assume that you want to create a self-signed OpenSSL certificate of length 2048 bits for an Antrea container cluster called cluster-sales. In NSX Manager, navigate to System > Licenses > Add Licenses.Ĭreate a Self-Signed Security CertificateĪ self-signed security certificate is required to create a principal identity user account in NSX-T, which is explained later in this topic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |