This topic describes how VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) cluster managers can manage and use network profiles with Kubernetes clusters provisioned by TKGI on vSphere with NSX‑T integration.
Network profiles let you customize NSX-T configuration parameters.
Prerequisite
To use or manage a network profile, you must be a cluster manager, pks.clusters.manage.
TKGI supports network profiles on TKGI on vSphere with NSX‑T only.
Overview
TKGI cluster managers can manage network profiles and apply network profiles to clusters:
- List Network Profiles
- Create a Cluster with a Network Profile
- Assign a Network Profile to an Existing Cluster
- Update an Existing Network Profile
For information on when to use network profiles, see Network Profile Use Cases below.
TKGI cluster administrators can create and delete network profiles. For more information on how cluster administrators manage network profiles, see Creating and Deleting Network Profiles.
List Network Profiles
To list available network profiles:
-
Run the following command:
tkgi network-profilesFor example:
$ tkgi network-profiles
Name Description
lb-profile-medium Network profile for medium size NSX-T load balancer
small-routable-pod Network profile with small load balancer and two routable pod networks
Create a Cluster with a Network Profile
You can assign a network profile to a TKGI-provisioned Kubernetes cluster at the time of cluster creation.
To create a Kubernetes cluster with a network profile:
- If you do not have a network profile with the desired configuration, have a TKGI cluster administrator define and create a new network profile. For more information, see Create a Network Profile in Creating and Managing Network Profiles.
- Choose a network profile for the cluster. See List Network Profiles.
-
To create the cluster, run the following command:
tkgi create-cluster CLUSTER-NAME --external-hostname HOSTNAME --plan PLAN-NAME --network-profile NETWORK-PROFILE-NAMEWhere:
CLUSTER-NAMEis a unique name for your cluster.Note: Use only lowercase characters when naming your cluster if you manage your clusters with Tanzu Mission Control (TMC). Clusters with names that include an uppercase character cannot be attached to TMC.
HOSTNAMEis your external hostname used for accessing the Kubernetes API.PLAN-NAMEis the name of the TKGI plan you want to use for your cluster.NETWORK-PROFILE-NAMEis the name of the network profile you want to use for your cluster.
Assign a Network Profile to an Existing Cluster
TKGI supports assigning a network profile to an existing cluster.
To assign a network profile to a cluster that does not have a network profile already applied:
- If you do not have a network profile with the desired configuration, have a TKGI cluster administrator define and create a new network profile. For more information, see Create a Network Profile in Creating and Managing Network Profiles.
- Choose a network profile for the cluster. See List Network Profiles.
-
To apply the network profile to the cluster, run the following command:
tkgi update-cluster CLUSTER-NAME --network-profile NEW-NETWORK-PROFILE-NAMEWhere:
CLUSTER-NAMEis the name of the existing Kubernetes clusterNEW-NETWORK-PROFILE-NAMEis the name of the new network profile you want to apply to the cluster.
Note: When you when you use tkg update-cluster to update an existing cluster, the attached network-profile must consist of only updatable settings.
Update an Existing Network Profile
The use cases for updating an existing network profile are limited to adding to or changing the order of Pod IP Blocks on your existing cluster. For more information, see Customizing Pod Networks.
Only TKGI cluster administrators can modify an existing network profile. For information on updating an existing network profile, see Update an Existing Network Profile in Creating and Deleting Network Profiles.
Network Profile Use Cases
Network profiles let you customize configuration parameters for Kubernetes clusters provisioned by TKGI on vSphere with NSX‑T.
You can apply a network profile to a Kubernetes cluster for the following scenarios:
| Topic | Description |
|---|---|
| Size a Load Balancer | Customize the size of the NSX-T load balancer service that is created when a Kubernetes cluster is provisioned. |
| Customizing Pod Networks | Customize Kubernetes Pod Networks, including adding pod IP addresses, subnet size, and routability. |
| Customize Node Networks | Customize Kubernetes Node Networks, including the IP addresses, subnet size, and routability. |
| Customize Floating IP Pools | Specify a custom floating IP pool. |
| Configure Bootstrap NSGroups | Specify an NSX-T Namespace Group where the Kubernetes control plane nodes will be added to during cluster creation. |
| Configure Edge Router Selection | Specify the NSX-T Tier-0 router where Kubernetes node and Pod networks will be connected to. |
| Specify Nodes DNS Servers | Specify one or more DNS servers for Kubernetes clusters. |
| Configure DNS for Pre-Provisioned IPs | Configure DNS lookup of the Kubernetes API load balancer or ingress controller. |
| Configure the TCP Layer 4 Load Balancer | Configure layer 4 TCP load balancer settings; use a third-party load balancer. |
| Configure the HTTP/S Layer 7 Ingress Controller | Configure layer 7 HTTP/S ingress controller settings; use third-party ingress controller. |
| Define DFW Section Markers | Configure top or bottom section markers for explicit DFW rule placement. |
| Configure NCP Logging | Configure NCP logging. |
| Dedicated Tier-1 Topology | Use dedicated Tier-1 routers, rather than a shared router, for each cluster’s Kube node, Namespace, and NSX-T load balancer. |
