Using Network Profiles (NSX-T Only)

Page last updated:

This topic describes how to use network profiles for Kubernetes clusters provisioned with VMware Tanzu Kubernetes Grid Integrated Edition on vSphere with NSX-T integration.

Network profiles let you customize NSX-T configuration parameters.

How Network Profiles are Created

Tanzu Kubernetes Grid Integrated Edition cluster administrators can create and delete network profiles, as described in the Creating and Managing Network Profiles topic.

After an administrator creates a network profile, cluster managers can create clusters with it or assign it to existing clusters.

List Network Profiles

To list available network profiles, run the following command:

tkgi network-profiles

For example:

$ tkgi network-profiles

    Name                Description 
    lb-profile-medium   Network profile for medium size NSX-T load balancer
    small-routable-pod  Network profile with small load balancer and two routable pod networks

Create a Cluster with a Network Profile

You can assign a network profile to a Kubernetes cluster at the time of cluster creation.

To create an Tanzu Kubernetes Grid Integrated Edition-provisioned Kubernetes cluster with a network profile, run the following command:

tkgi create-cluster CLUSTER-NAME --external-hostname HOSTNAME --plan PLAN-NAME --network-profile NETWORK-PROFILE-NAME

Where:

  • CLUSTER-NAME is a unique name for your cluster.
  • HOSTNAME is your external hostname used for accessing the Kubernetes API.
  • PLAN-NAME is the name of the Tanzu Kubernetes Grid Integrated Edition plan you want to use for your cluster.
  • NETWORK-PROFILE-NAME is the name of the network profile you want to use for your cluster.

Assign a Network Profile to an Existing Cluster

TKGI supports assigning network profile to an already created cluster. You can use the following procedure to assign a network profile to a cluster that does not have a network profile already applied.

  1. Do one of the following

    • Choose a new network profile for the cluster. See List Network Profiles.
    • Have a Tanzu Kubernetes Grid Integrated Edition cluster administrator define and create a new network profile as described in Create a Network Profile in Creating and Managing Network Profiles.
      • The name of the new network profile must be unique and different from the previously assigned network profile.
  2. Run the following command to apply the network profile to the cluster:

    tkgi update-cluster CLUSTER-NAME --network-profile NEW-NETWORK-PROFILE-NAME
    

    Where:

    • CLUSTER-NAME is the name of the existing Kubernetes cluster
    • NEW-NETWORK-PROFILE-NAME is the name of the new network profile you want to apply to the cluster.

Update an Existing Network Profile

The use cases for updating an existing network profile are limited to adding to or changing the order of Pod IP Blocks. See Customize Pod Networks for details.

In terms of changing a network profile, there are strict network profile update validation rules governing the tkgi update-cluster --network-profile command applied against a cluster with an existing network profile:

  • If a field in the original network profile is empty, the system ignores the empty field even if the field is included in the new network profile.
  • If the existing pod_ip_block_ids field contains the same entries as the new network profile, the update-cluster --network-profile operation passes validation.
  • If a field in the existing network profile conflicts with a field in the new network profile, the system reports the conflict and fails the validation.
  • If the field is empty in the new network profile, then the system ignores the field even if the field is not empty in the original network profile.

See also Update Network Profile.

Network Profile Use Cases

Network profiles let you customize NSX-T configuration parameters for clusters when you create them or afterward. Use cases for network profiles include:

Topic Description
Size a Load Balancer Customize the size of the NSX-T load balancer service that is created when a Kubernetes cluster is provisioned.
Customize Pod Networks Customize Kubernetes Pod Networks, including adding pod IP addresses, subnet size, and routability.
Customize Node Networks Customize Kubernetes Node Networks, including the IP addresses, subnet size, and routability.
Customize Floating IP Pools Specify a custom floating IP pool.
Configure Bootstrap NSGroups Specify an NSX-T Namespace Group where Kubernetes master nodes will be added to during cluster creation.
Configure Edge Router Selection Specify the NSX-T Tier-0 router where Kubernetes node and Pod networks will be connected to.
Specify Nodes DNS Servers Specify one or more DNS servers for Kubernetes clusters.
Configure DNS for Pre-Provisioned IPs Configure DNS lookup of the Kubernetes API load balancer or ingress controller.
Configure the TCP Layer 4 Load Balancer Configure layer 4 TCP load balancer settings; use third-party load balancer.
Configure the HTTP/S Layer 7 Ingress Controller Configure layer 7 HTTP/S ingress controller settings; use third-party ingress controller.
Define DFW Section Markers Configure top or bottom section markers for explicit DFW rule placement.
Configure NCP Logging Configure NCP logging.
Dedicated Tier-1 Topology Use dedicated Tier-1 routers, rather than a shared router, for each cluster’s Kube node, Namespace, and NSX-T load balancer.

Please send any feedback you have to pks-feedback@pivotal.io.