Using Network Profiles (NSX-T Only)
Page last updated:
Warning: VMware Enterprise PKS v1.6 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.
This topic describes how to use network profiles for Kubernetes clusters provisioned with VMware Enterprise PKS on vSphere with NSX-T integration.
Network profiles let you customize NSX-T configuration parameters.
Assign a Network Profile to a Cluster
You can assign a network profile to a Kubernetes cluster at the time of cluster creation. To assign a network profile to a Kubernetes cluster, you must do the following:
- Define a network profile configuration in a JSON file. For instructions on how to define network profile configurations, see Defining Network Profiles.
- Create a network profile using the JSON file. For instructions on how to create network profiles, see Create a Network Profile.
- Create a Kubernetes cluster with the network profile. For instructions on how to create a Kubernetes cluster with a network profile, see Create a Cluster with a Network Profile.
Note: Only Enterprise PKS cluster administrators can create and delete network profiles. Cluster managers can list existing network profiles and assign them to clusters.
Create a Cluster with a Network Profile
To create an Enterprise PKS-provisioned Kubernetes cluster with a network profile, run the following command:
pks create-cluster CLUSTER-NAME --external-hostname HOSTNAME --plan PLAN-NAME --network-profile NETWORK-PROFILE-NAME
Where:
CLUSTER-NAMEis a unique name for your cluster.HOSTNAMEis your external hostname used for accessing the Kubernetes API.PLAN-NAMEis the name of the Enterprise PKS plan you want to use for your cluster.NETWORK-PROFILE-NAMEis the name of the network profile you want to use for your cluster.
Manage Network Profiles
This section describes how to create, list, and delete network profiles.
Create a Network Profile
After you define your network profile configuration as described in Defining Network Profiles, run the following command:
pks create-network-profile PATH-TO-YOUR-NETWORK-PROFILE-CONFIGURATION
Where PATH-TO-YOUR-NETWORK-PROFILE-CONFIGURATION is the path to the JSON file
you created when defining the network profile.
For example:
$ pks create-network-profile np-routable-pods.json Network profile small-routable-pod successfully created
Only cluster administrators, pks.clusters.admin, can create network profiles.
If a cluster manager, pks.clusters.manage, attempts to create a network profile,
the following error occurs:
You do not have enough privileges to perform this action. Please contact the PKS administrator.
List Network Profiles
To list your network profiles, run the following command:
pks network-profiles
For example:
$ pks network-profiles
Name Description
lb-profile-medium Network profile for medium size NSX-T load balancer
small-routable-pod Network profile with small load balancer and two routable pod networks
Delete a Network Profile
To delete a network profile, run the following command:
pks delete-network-profile NETWORK-PROFILE-NAME
Where NETWORK-PROFILE-NAME is the name of the network profile you want to delete.
Note: You cannot delete a network profile that is in use.
Only cluster administrators, pks.clusters.admin, can delete network profiles.
If a cluster manager, pks.clusters.manage, attempts to delete a network profile,
the following error occurs:
You do not have enough privileges to perform this action. Please contact the PKS administrator.
Change the Network Profile for a Cluster
PKS supports changing the network profile for an already created cluster.
To change the network profile, you create a new network profile and then apply it to the existing cluster.
Currently you only can change the pod_ip_block_ids field as follows:
- Reorder the IP Block IDs in the array
- Add more IP Block IDs in the array
For more information on the pod_ip_block_ids field, see Network Profile Parameters.
For more information on the supported use cases for the pod_ip_block_ids field, see Network Profile Use Cases.
To update the pod_ip_block_ids network profile field for a cluster, do the following:
Define a new network profile. In the
pod_ip_block_idsfield, reorder the IP Block IDs or add additional IP Block IDs. For more information on defining the network profile JSON file, see Defining Network Profiles.Note: If possible, start with the exact contents of the original network profile and update the
pod_ip_block_idsfield, as well as thenamefield. If it is not possible to obtain the original network profile, create a new network profile with a uniquenameand the original values in thepod_ip_block_idsfield. Then reorder or add IPs as desired.Create a new network profile as described in the Create a Network Profile section.
Note: The name that you specify for the new network profile must be unique and differ from the previously assigned network profile. Otherwise, you receive an error when you try to create the network profile.
Run the following command to update the cluster with the new network profile:
pks update-cluster CLUSTER-NAME --network-profile NEW-NETWORK-PROFILE-NAMEWhere:
CLUSTER-NAMEis the name of the existing Kubernetes clusterNEW-NETWORK-PROFILE-NAMEis the name of the new network profile you want to apply to the cluster.
Network Profile Update Validation
There are strict validation rules for the pks update-cluster --network-profile command:
- If a field in the original network profile is empty, the system ignores the empty field even if the field is included in the new network profile.
- If the existing
pod_ip_block_idsfield contains the same entries as the new network profile, theupdate-cluster --network-profileoperation passes validation. - If a field in the existing network profile conflicts with a field in the new network profile, the system reports the conflict and fails the validation.
- If the field is empty in the new network profile, then the system ignores the field even if the field is not empty in the original network profile.
View NSX-T Network Details
You can use the following PKS CLI command to view NSX-T network details:
pks cluster CLUSTER-NAME --details
Where CLUSER-NAME is the name of a Kubernetes cluster provisioned by Enterprise PKS.
For example:
Please send any feedback you have to pks-feedback@pivotal.io.