NSX-T Deployment Topologies for Enterprise PKS

Page last updated:

There are three supported topologies in which to deploy NSX-T with Enterprise Pivotal Container Service (Enterprise PKS).

NAT Topology

The following figure shows a Network Address Translation (NAT) deployment:

NAT Topology

View a larger version of this image.

This topology has the following characteristics:

  • PKS control plane (Ops Manager, BOSH Director, and PKS VM) components are all located on a logical switch that has undergone Network Address Translation on a T0.
  • Kubernetes cluster master and worker nodes are located on a logical switch that has undergone Network Address Translation on a T0. This requires DNAT rules to allow access to Kubernetes APIs.

No-NAT Topology

A No-NAT topology uses a routable IP subnet for the PKS Management network and for Kubernetes nodes and pods.

There are two flavors of No-NAT topology: No-NAT with Virtual Switch or No-NAT with Logical Switch.

No-NAT with Virtual Switch (VSS/VDS) Topology

The following figure shows a No-NAT with Virtual Switch (VSS/VDS) deployment:

No-NAT Topology with Virtual Switch

View a larger version of this image.

This topology has the following characteristics:

  • PKS control plane (Ops Manager, BOSH Director, and PKS VM) components are using corporate routable IP addresses.
  • Kubernetes cluster master and worker nodes are using corporate routable IP addresses.
  • The PKS control plane is deployed outside of the NSX-T network and the Kubernetes clusters are deployed and managed within the NSX-T network. Since BOSH needs routable access to the Kubernetes Nodes to monitor and manage them, the Kubernetes Nodes need routable access.

No-NAT with Logical Switch (NSX-T) Topology

The following figure shows a No-NAT with Logical Switch (NSX-T) deployment:

No-NAT Topology with Logical Switch

View a larger version of this image.

This topology has the following characteristics:

  • PKS control plane (Ops Manager, BOSH Director, and PKS VM) components are using corporate routable IP addresses.
  • Kubernetes cluster master and worker nodes are using corporate routable IP addresses.
  • The PKS control plane is deployed inside of the NSX-T network. Both the PKS control plane components (VMs) and the Kubernetes Nodes use corporate routable IP addresses.

Hybrid Topology

With a hybrid topology, the PKS Management Network is on a routable subnet, while the Kubernetes Nodes Network uses a non-routable subnet (NAT mode is checked in the PKS tile).

The following figure shows a hybrid topology deployment:

Hybrid Topology

View a larger version of this image.

This topology has the following characteristics:

  • PKS control plane (Ops Manager, BOSH Director, and PKS VM) components are using corporate routable IP addresses.
  • Kubernetes cluster master and worker nodes are located on a logical switch that has undergone Network Address Translation on a T0. This requires DNAT rules to allow access to Kubernetes APIs.

Please send any feedback you have to pks-feedback@pivotal.io.