Working with Network Profiles

Page last updated:

You can add, view and remove network profiles using the Enterprise PKS Management Console.

Using Network Profiles

Network profiles let you customize the NSX-T infrastructure networking and the runtime NCP networking for Kubernetes clusters provisioned by Enterprise PKS. For example, using a network profile you can change the size of the control plane load balancer, add an additional subnet for nodes, and enable the use of a third party ingress controller. For a complete list of use cases, see Network Profile Use Cases.

Requirements for Network Profiles

Network profiles are supported in NSX mode only; there is no support for Flannel mode. In addition, only management console root and pks.cluster.admin users can create, view, and delete network profiles. Cluster managers can use a network profile when creating a cluster, either using the Management Console or the PKS CLI.

Create Cluster with Network Profile

Use the Enterprise PKS Management Console to create a cluster with network profile.

  1. Select the Create Cluster tab.
  2. Select the Network Profile to use.
  3. Click Show More to view the profile.

    Create cluster with network profile View a larger version of this image

Define Network Profile

Use the Enterprise PKS Management Console to define a network profile.

NOTE: You must be at the console home page to view the Network Profiles tab.

  1. Select the Network Profiles tab.
  2. Click Create Profile.
  3. Enter a Name for the profile.
  4. Enter a suitable Description for the profile.
  5. Optionally you can set up Parameters for Advanced Network or Container Network.
  6. Configure the new profile as needed, or use the default values.
  7. Click Save.

    Define network profile with advanced networks parameters View a larger version of this image

    Define network profile with container network parameters View a larger version of this image

Delete Network Profile

Use the Enterprise PKS Management Console to delete network profile.

NOTE: You cannot delete a network profile that is in use by a cluster.

  1. Select the Network Profiles tab.
  2. Select the network profile to remove.
  3. Click Delete.
  4. Confirm deletion.

    Delete network profile View a larger version of this image

Advanced Network Parameters

The table lists and describes the available network profile options for customizing NSX-T.

Profile Option Description
Load Balancer Size Size of the control plane load balancer: Small, Medium, Large.
Pod IP Block IDs Array of Pod IP Block UUIDs defined in NSX-T.
Pod Subnet Prefix Size of the Pods IP Block subnet.
Pod Routability Make routable the custom Pods subnet: Yes or No.
Floating Pool IDs Array of floating IP pool UUIDs defined in NSX-T.
T0 Router ID Tenant Tier-0 Router UUID defined in NSX-T.
Master VMs NSGroup IDs Namespace Group UUID as defined in NSX-T.
Node IP Block IDs Array of Node IP Block UUIDs defined in NSX-T.
Node Routable Make routable the custom Node subnet: Yes or No.
Node Subnet Prefix Size of the Node IP Block subnet.
Nodes DNS Array of DNS server IP addresses for lookup of Kubernetes nodes and pods.
DNS Lookup Mode DNS lookup for the API LB (API) and ingress controller (API_INGRESS).
Ingress Prefix Ingress controller hostname prefix for DNS lookup.
Single Tier Topology Use a single Tier-1 Router per cluster: Yes or No.
Infrastructure Networks Array of IP addresses and subnets for use with a single tier topology in a multi-T0 environment.
Custom Infrastructure Networks Comma-separated array of custom IP addresses or network CIDRs to be used for Infrastructure Networks.

Container Networks Parameters

The table lists and describes the available network profile options for customizing NCP.

Profile Option Description
Use NSX-T L4 Virtual Server for K8s Load Balancer Use NSX-T layer 4 virtual server for each Kubernetes service of type LoadBalancer: Yes or No.
Use NSX-T L7 Virtual Server as the Ingress Controller for K8s Cluster Use NSX-T layer 7 virtual server as the ingress controller for the Kubernetes cluster: Yes or No.
Use Same Source IP for Calling Clients Use the same source IP for calling clients: Insert or Replace.
Ingress controller IP address IP address to use for the ingress controller.
NCP Log Level Configure NCP log levels: INFO, WARNING, DEBUG, ERROR, CRITICAL.
Log Dropped Firewall Traffic Log dropped firewall traffic: Yes or No.
Ingress Persistence Type Specify the ingress persistence type: none, cookie, source_ip.
Persistence Timeout Interval in Seconds Persistence timeout interval in seconds.
Maximum Number of L4 Servers Per Cluster Limit the number of L4 virtual servers per cluster.
L4 Persitence Type Connection stickiness based on source_ip.
L4 Load Balancer Behavior Customize the layer 4 load balancer behavior: round_robin, least_connection, ip_hash, weighted_round_robin.
Top Section-id for Distributed Firewall Section UUID of the top section-id for the distributed firewall (DFW) section as defined in NSX-T.
Bottom Section-id for Distributed Firewall Section UUID of the bottom section-id for the distributed firewall (DFW) section as defined in NSX-T.

Please send any feedback you have to pks-feedback@pivotal.io.