Using Network Profiles (NSX-T Only)

Page last updated:

This topic describes how to use network profiles for Kubernetes clusters provisioned with Enterprise Pivotal Container Service (Enterprise PKS) on vSphere with NSX-T integration.

Network profiles let you customize NSX-T configuration parameters.

Assign a Network Profile to a Cluster

You can assign a network profile to a Kubernetes cluster at the time of cluster creation. To assign a network profile to a Kubernetes cluster, you must do the following:

  1. Define a network profile configuration in a JSON file. For instructions on how to define network profile configurations, see Defining Network Profiles.
  2. Create a network profile using the JSON file. For instructions on how to create network profiles, see Create a Network Profile.
  3. Create a Kubernetes cluster with the network profile. For instructions on how to create a Kubernetes cluster with a network profile, see Create a Cluster with a Network Profile.

Note: Only Enterprise PKS cluster administrators can create and delete network profiles. Cluster managers can list existing network profiles and assign them to clusters.

Create a Cluster with a Network Profile

To create an Enterprise PKS-provisioned Kubernetes cluster with a network profile, run the following command:

pks create-cluster CLUSTER-NAME --external-hostname HOSTNAME --plan PLAN-NAME --network-profile NETWORK-PROFILE-NAME

Where:

  • CLUSTER-NAME is a unique name for your cluster.
  • HOSTNAME is your external hostname used for accessing the Kubernetes API.
  • PLAN-NAME is the name of the Enterprise PKS plan you want to use for your cluster.
  • NETWORK-PROFILE-NAME is the name of the network profile you want to use for your cluster.

Manage Network Profiles

This section describes how to create, list, and delete network profiles.

Create a Network Profile

After you define your network profile configuration as described in Defining Network Profiles, run the following command:

pks create-network-profile PATH-TO-YOUR-NETWORK-PROFILE-CONFIGURATION

Where PATH-TO-YOUR-NETWORK-PROFILE-CONFIGURATION is the path to the JSON file you created when defining the network profile.

For example:

$ pks create-network-profile np-routable-pods.json

Network profile small-routable-pod successfully created

Only cluster administrators, pks.clusters.admin, can create network profiles. If a cluster manager, pks.clusters.manage, attempts to create a network profile, the following error occurs:

You do not have enough privileges to perform this action. Please contact the PKS administrator.

List Network Profiles

To list your network profiles, run the following command:

pks network-profiles

For example:

$ pks network-profiles

    Name                Description 
    lb-profile-medium   Network profile for medium size NSX-T load balancer
    small-routable-pod  Network profile with small load balancer and two routable pod networks

Delete a Network Profile

To delete a network profile, run the following command:

pks delete-network-profile NETWORK-PROFILE-NAME

Where NETWORK-PROFILE-NAME is the name of the network profile you want to delete.

Note: You cannot delete a network profile that is in use.

Only cluster administrators, pks.clusters.admin, can delete network profiles. If a cluster manager, pks.clusters.manage, attempts to delete a network profile, the following error occurs:

You do not have enough privileges to perform this action. Please contact the PKS administrator.

Change the Network Profile for a Cluster

PKS supports changing the network profile for an already created cluster.

To change the network profile, you create a new network profile and then apply it to the existing cluster.

Currently you only can change the pod_ip_block_ids field as follows:

  • Reorder the IP Block IDs in the array
  • Add more IP Block IDs in the array

For more information on the pod_ip_block_ids field, see Network Profile Parameters. For more information on the supported use cases for the pod_ip_block_ids field, see Network Profile Use Cases.

To update the pod_ip_block_ids network profile field for a cluster, do the following:

  1. Define a new network profile. In the pod_ip_block_ids field, reorder the IP Block IDs or add additional IP Block IDs. For more information on defining the network profile JSON file, see Defining Network Profiles.

    Note: If possible, start with the exact contents of the original network profile and update the pod_ip_block_ids field, as well as the name field. If it is not possible to obtain the original network profile, create a new network profile with a unique name and the original values in the pod_ip_block_ids field. Then reorder or add IPs as desired.

  2. Create a new network profile as described in the Create a Network Profile section.

    Note: The name that you specify for the new network profile must be unique and differ from the previously assigned network profile. Otherwise, you receive an error when you try to create the network profile.

  3. Run the following command to update the cluster with the new network profile:

    pks update-cluster CLUSTER-NAME --network-profile NEW-NETWORK-PROFILE-NAME
    

    Where:

    • CLUSTER-NAME is the name of the existing Kubernetes cluster
    • NEW-NETWORK-PROFILE-NAME is the name of the new network profile you want to apply to the cluster.

Network Profile Update Validation

There are strict validation rules for the pks update-cluster --network-profile command:

  • If a field in the original network profile is empty, the system ignores the empty field even if the field is included in the new network profile.
  • If the existing pod_ip_block_ids field contains the same entries as the new network profile, the update-cluster --network-profile operation passes validation.
  • If a field in the existing network profile conflicts with a field in the new network profile, the system reports the conflict and fails the validation.
  • If the field is empty in the new network profile, then the system ignores the field even if the field is not empty in the original network profile.

View NSX-T Network Details

You can use the following PKS CLI command to view NSX-T network details:

pks cluster CLUSTER-NAME --details

Where CLUSER-NAME is the name of a Kubernetes cluster provisioned by Enterprise PKS.

For example:

View NSX-T Network Details


Please send any feedback you have to pks-feedback@pivotal.io.