Using Network Profiles (NSX-T Only)
Page last updated:
This topic describes how to use network profiles for Kubernetes clusters provisioned with VMware Enterprise PKS on vSphere with NSX-T integration.
Network profiles let you customize NSX-T configuration parameters.
Enterprise PKS cluster administrators can create and delete network profiles, as described in the Creating and Managing Network Profiles topic.
After an administrator creates a network profile, cluster managers can create clusters with it or assign it to existing clusters.
To list available network profiles, run the following command:
$ pks network-profiles Name Description lb-profile-medium Network profile for medium size NSX-T load balancer small-routable-pod Network profile with small load balancer and two routable pod networks
You can assign a network profile to a Kubernetes cluster at the time of cluster creation.
To create an Enterprise PKS-provisioned Kubernetes cluster with a network profile, run the following command:
pks create-cluster CLUSTER-NAME --external-hostname HOSTNAME --plan PLAN-NAME --network-profile NETWORK-PROFILE-NAME
CLUSTER-NAMEis a unique name for your cluster.
HOSTNAMEis your external hostname used for accessing the Kubernetes API.
PLAN-NAMEis the name of the Enterprise PKS plan you want to use for your cluster.
NETWORK-PROFILE-NAMEis the name of the network profile you want to use for your cluster.
PKS supports changing the network profile for an already created cluster. You can use this procedure to:
- assign a network profile to a cluster that does not have one, or
- change a cluster’s existing profile to a new one
Note: You cannot change a cluster’s network profile to remove pod IP block IDs. For more information, see Limitation: Pod IP Block Changes in Creating and Managing Network Profiles.
This is the procedure to change a cluster’s network profile:
Do one of the following
- Choose a new network profile for the cluster. See List Network Profiles.
- Have a Enterprise PKS cluster administrator define and create a new network profile as described in Create a Network Profile in Creating and Managing Network Profiles.
- The name of the new network profile must be unique and different from the previously assigned network profile.
Run the following command to update the cluster with the new network profile:
pks update-cluster CLUSTER-NAME --network-profile NEW-NETWORK-PROFILE-NAME
CLUSTER-NAMEis the name of the existing Kubernetes cluster
NEW-NETWORK-PROFILE-NAMEis the name of the new network profile you want to apply to the cluster.
There are strict validation rules for the
pks update-cluster --network-profile command:
- If a field in the original network profile is empty, the system ignores the empty field even if the field is included in the new network profile.
- If the existing
pod_ip_block_idsfield contains the same entries as the new network profile, the
update-cluster --network-profileoperation passes validation.
- If a field in the existing network profile conflicts with a field in the new network profile, the system reports the conflict and fails the validation.
- If the field is empty in the new network profile, then the system ignores the field even if the field is not empty in the original network profile.
Network profiles let you customize NSX-T configuration parameters for clusters when you create them or afterward. Use cases for network profiles include:
|Size a Load Balancer||Customize the size of the NSX-T load balancer service that is created when a Kubernetes cluster is provisioned.|
|Customize Pod Networks||Customize Kubernetes Pod Networks, including IP addresses, subnet size, and routability.|
|Customize Node Networks||Customize Kubernetes Node Networks, including the IP addresses, subnet size, and routability.|
|Customize Floating IP Pools||Specify a custom floating IP pool.|
|Configure Bootstrap NSGroups||Specify an NSX-T Namespace Group where Kubernetes master nodes will be added to during cluster creation.|
|Configure Edge Router Selection||Specify the NSX-T Tier-0 router where Kubernetes node and Pod networks will be connected to.|
|Specify Nodes DNS Servers||Specify one or more DNS servers for Kubernetes clusters.|
|Configure DNS for Pre-Provisioned IPs||Configure DNS lookup of the Kubernetes API load balancer or ingress controller.|
|Configure the TCP Layer 4 Load Balancer||Configure layer 4 TCP load balancer settings; use third-party load balancer.|
|Configure the HTTP/S Layer 7 Ingress Controller||Configure layer 7 HTTP/S ingress controller settings; use third-party ingress controller.|
|Define DFW Section Markers||Configure top or bottom section markers for explicit DFW rule placement.|
|Configure NCP Logging||Configure NCP logging.|
|Dedicated Tier-1 Topology||Use dedicated Tier-1 routers, rather than a shared router, for each cluster’s Kube node, Namespace, and NSX-T load balancer.|
Please send any feedback you have to firstname.lastname@example.org.