Using Network Profiles (NSX-T Only)
Page last updated:
This topic describes how to use network profiles for Kubernetes clusters provisioned with VMware Tanzu Kubernetes Grid Integrated Edition on vSphere with NSX-T integration.
Network profiles let you customize NSX-T configuration parameters.
Tanzu Kubernetes Grid Integrated Edition cluster administrators can create and delete network profiles, as described in the Creating and Managing Network Profiles topic.
After an administrator creates a network profile, cluster managers can create clusters with it or assign it to existing clusters.
To list available network profiles, run the following command:
$ tkgi network-profiles Name Description lb-profile-medium Network profile for medium size NSX-T load balancer small-routable-pod Network profile with small load balancer and two routable pod networks
You can assign a network profile to a Kubernetes cluster at the time of cluster creation.
To create an Tanzu Kubernetes Grid Integrated Edition-provisioned Kubernetes cluster with a network profile, run the following command:
tkgi create-cluster CLUSTER-NAME --external-hostname HOSTNAME --plan PLAN-NAME --network-profile NETWORK-PROFILE-NAME
CLUSTER-NAMEis a unique name for your cluster.
HOSTNAMEis your external hostname used for accessing the Kubernetes API.
PLAN-NAMEis the name of the Tanzu Kubernetes Grid Integrated Edition plan you want to use for your cluster.
NETWORK-PROFILE-NAMEis the name of the network profile you want to use for your cluster.
TKGI supports assigning network profile to an already created cluster. You can use the following procedure to assign a network profile to a cluster that does not have a network profile already applied.
Do one of the following
- Choose a new network profile for the cluster. See List Network Profiles.
- Have a Tanzu Kubernetes Grid Integrated Edition cluster administrator define and create a new network profile as described in Create a Network Profile in Creating and Managing Network Profiles.
- The name of the new network profile must be unique and different from the previously assigned network profile.
Run the following command to apply the network profile to the cluster:
tkgi update-cluster CLUSTER-NAME --network-profile NEW-NETWORK-PROFILE-NAME
CLUSTER-NAMEis the name of the existing Kubernetes cluster
NEW-NETWORK-PROFILE-NAMEis the name of the new network profile you want to apply to the cluster.
The use cases for updating an existing network profile are limited to adding to or changing the order of Pod IP Blocks. See Customize Pod Networks for details.
In terms of changing a network profile, there are strict network profile update validation rules governing the
tkgi update-cluster --network-profile command applied against a cluster with an existing network profile:
- If a field in the original network profile is empty, the system ignores the empty field even if the field is included in the new network profile.
- If the existing
pod_ip_block_idsfield contains the same entries as the new network profile, the
update-cluster --network-profileoperation passes validation.
- If a field in the existing network profile conflicts with a field in the new network profile, the system reports the conflict and fails the validation.
- If the field is empty in the new network profile, then the system ignores the field even if the field is not empty in the original network profile.
See also Update Network Profile.
Network profiles let you customize NSX-T configuration parameters for clusters when you create them or afterward. Use cases for network profiles include:
|Size a Load Balancer||Customize the size of the NSX-T load balancer service that is created when a Kubernetes cluster is provisioned.|
|Customize Pod Networks||Customize Kubernetes Pod Networks, including adding pod IP addresses, subnet size, and routability.|
|Customize Node Networks||Customize Kubernetes Node Networks, including the IP addresses, subnet size, and routability.|
|Customize Floating IP Pools||Specify a custom floating IP pool.|
|Configure Bootstrap NSGroups||Specify an NSX-T Namespace Group where Kubernetes master nodes will be added to during cluster creation.|
|Configure Edge Router Selection||Specify the NSX-T Tier-0 router where Kubernetes node and Pod networks will be connected to.|
|Specify Nodes DNS Servers||Specify one or more DNS servers for Kubernetes clusters.|
|Configure DNS for Pre-Provisioned IPs||Configure DNS lookup of the Kubernetes API load balancer or ingress controller.|
|Configure the TCP Layer 4 Load Balancer||Configure layer 4 TCP load balancer settings; use third-party load balancer.|
|Configure the HTTP/S Layer 7 Ingress Controller||Configure layer 7 HTTP/S ingress controller settings; use third-party ingress controller.|
|Define DFW Section Markers||Configure top or bottom section markers for explicit DFW rule placement.|
|Configure NCP Logging||Configure NCP logging.|
|Dedicated Tier-1 Topology||Use dedicated Tier-1 routers, rather than a shared router, for each cluster’s Kube node, Namespace, and NSX-T load balancer.|
Please send any feedback you have to email@example.com.