Kubernetes Cloud Provider for VMware Cloud Director supports the following features.

Multiple Virtual Services With Shared IP Address

This section details the virtual service shared IP address for VMware Cloud Director 10.4.0 and later.

Prior to Kubernetes Cloud Provider for VMware Cloud Director 1.2.0 and VMware Cloud Director 10.4.0, each virtual service required a distinct IP address. Therefore, multiple internal IP addresses were used, and DNAT rules were necessary to map the internal IP addresses to external IP addresses.

As of Kubernetes Cloud Provider for VMware Cloud Director 1.2.0, the enableVirtualServiceSharedIP feature allows utilizing a feature in VMware Cloud Director 10.4.0 and newer versions, in which you can create multiple virtual services with the same external IP address and different ports. This removes the need to create a DNAT rule, and preserves internal IP addresses. To use the feature, in the configmap, you must set enableVirtualServiceSharedIP to true.

Note: If enableVirtualServiceSharedIP is set to true, and oneArm is not nil, the virtual services share an internal IP address instead of an external IP address. DNAT rules are used to map the shared internal IP address to an external IP address.

IP Address for an Application Load Balancer

You can configure IP addresses for application load balancers.

With Kubernetes Cloud Provider for VMware Cloud Director 1.3.0 and later, you can define the IP address of the load balancer through specifying the IP address in the Service object. For more information, see Type LoadBalancer.

When you create a load balancer service in Kubernetes, use the following configuration to specify the load balancer IP address. 
apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: LoadBalancer
  loadBalancerIP: 10.10.10.10
Note:
  • You can also use an internal IP address, for example, 192.168.x.x, for loadBalancerIP.
  • In Kubernetes Cloud Provider for VMware Cloud Director 1.3.0, if the configuration is set to enableVirtualServiceSharedIP: true and oneArm: nil, you cannot update the user specifications of the load balancer IP address.

SSL Termination at NSX Advanced Load Balancer

With Kubernetes Cloud Provider for VMware Cloud Director 1.3.0 and later, you can deactivate SSL termination at NSX Advanced Load Balancer and allow Ingress to control SSL termination. To perform this task, add the following annotation to the Ingress load balancer service.

annotations:
  service.beta.kubernetes.io/vcloud-avi-ssl-no-termination: "true"

This feature allows using certs at an Ingress Controller and deactivating SSL at the controller.

IP Spaces

With Kubernetes Cloud Provider for VMware Cloud Director 1.6, you can use gateways that are configured to use IP spaces.

Kubernetes Cloud Provider for VMware Cloud Director automatically checks if a gateway connected to a cluster is using IP spaces and reserves an IP address for the load balancer it is supposed to deploy. The IP reservation is counted against the tenant users IP quota, as set by the service provider. If the load balancer is removed, Kubernetes Cloud Provider for VMware Cloud Director releases the IP address back to the IP space.
Note:
  • Tо use this feature, you must also use Kubernetes Cluster API Provider for VMware Cloud Director 1.3 or later.
  • Service providers are responsible for managing the creation of IP spaces, provider gateways, edge gateways, and their quota.
  • Gateways that are configured to use IP Blocks are also supported by Kubernetes Cloud Provider for VMware Cloud Director.