Introduction
Modern applications running on VKS (vSphere Kubernetes Service) demand:
- Secure communication between microservices
- Seamless connectivity across clusters, VMs, and external services
- Centralized and scalable security policies
This is where the integration of Antrea and VMware NSX becomes powerful.
- Antrea → Kubernetes-native networking (CNI)
- NSX → Enterprise-grade networking and security platform
Together, they deliver:
- Unified networking across Pods and VMs
- Centralized security policy enforcement
- Deep visibility and troubleshooting capabilities
Antrea acts as the data plane, while NSX provides control, policy, and visibility.
Architecture Overview
Key Components
| Component | Description |
|---|---|
| NSX Manager | Central control plane for networking & security |
| Antrea NSX Adapter | Bridge between Antrea and NSX |
| Antrea CNI | Provides Kubernetes pod networking |
| Antrea Controller | Manages networking and policies |
How Antrea + NSX Connect VKS Applications
Installation Prerequisites for Configuring using Antrea Addon Config
To provision VKS clusters with Antrea Addonconfig, your environment must meet the following requirements:
- VKS version 3.6 or later
- VKr version 1.35 or later
Note : Registering VKS Cluster with NSX is supported with earlier VKr and VKS releases as well using AntreaConfig CR. Please refer the official guide for more details.
Bill of Materials (BOM) used in Demo:
- VKS 3.6.2
- VKr 1.35.2
- VCF 9.0.1
Antrea NSX Integration Workflow
In this example my VKS Cluster name is vks-cluster-with-nsx and VKS Cluster supervisor namespace name is vks-cluster-namespace, refer attached yaml for reference.
Step1 : Create a file named antrea_addon_config.yaml with the following content.
Step2 : Create a file named nsx_registered_vks.yaml with the following content.
Validate VKS Cluster is created successfully and running fine with desired replicas of Control Plane and Worker Nodes.
Validation Workflow in NSX
In the NSX Manager UI navigate to the System -> Fabric -> Nodes -> Container Clusters -> Antrea and verify your Antrea Cluster.
Navigate to Inventory -> Containers -> Clusters and verify VKS Cluster Objects Inventory like Nodes, Pods, Services.
Navigate to Plan & Troubleshoot -> Traffic Analysis and Run a trace between Pods/Services running within the Antrea Container Cluster
Trace Ouput
Request Antrea Agent Support Bundle Collection in NSX (System -> Support Bundle -> Request Bundle)
In the next part of this blog series, I will explain how to enforce network policies.
Disclaimer
This blog is for informational and educational purposes only. The configurations, examples, and architectural guidance provided are based on general best practices and publicly available references.
Always validate configurations in a non-production environment before applying them to live systems. Features and integrations may vary depending on the versions of VKr, VKS, Antrea, and VMware NSX being used. The author is not responsible for any unintended impact caused by the use of this information in production environments.