This topic describes how to define network profiles for Kubernetes clusters provisioned with VMware Tanzu Kubernetes Grid Integrated Edition on vSphere with NSX-T.
Using Tanzu Kubernetes Grid Integrated Edition on vSphere with NSX-T, you can deploy Kubernetes clusters on dedicated Tier-0 routers, creating a multi-tenant environment for each Kubernetes cluster. As shown in the diagram below, with this configuration a shared Tier-0 router hosts the TKGI control plane and connects to each customer Tier-0 router using BGP. To support multi-tenancy, configure firewall rules and security settings in NSX Manager.
To deploy Kubernetes clusters on tenancy-based Tier-0 router(s), follow the steps below:
Define a network profile per tenant that references the Tier-0 router UUID provisioned for that tenant. For example, the following network profiles define two tenant Tier-0 routers with a NATed topology.
np_customer_A-NAT.json
{
"description": "network profile for Customer A",
"name": "network-profile-Customer-A",
"parameters": {
"lb_size": "medium",
"t0_router_id": "82e766f7-67f1-45b2-8023-30e2725600ba",
"fip_pool_ids": ["8ec655f-009a-79b7-ac22-40d37598c0ff"],
"pod_ip_block_ids": ["fce766f7-aaf1-49b2-d023-90e272e600ba"]
}
}
np_customer_B-NAT.json
{
"description": "network profile for Customer B",
"name": "network-profile-Customer-B",
"parameters": {
"lb_size": "small",
"t0_router_id": "a4e766cc-87ff-15bd-9052-a0e2425612b7",
"fip_pool_ids": ["4ec625f-b09b-29b4-dc24-10d37598c0d1"],
"pod_ip_block_ids": ["91e7a3a1-c5f1-4912-d023-90e272260090"]
}
}
The following network profiles define two customer Tier-0 routers for a no-NAT topology:
np_customer_A.json
{
"description": "network profile for Customer A",
"name": "network-profile-Customer-A",
"parameters": {
"lb_size": "medium",
"t0_router_id": "82e766f7-67f1-45b2-8023-30e2725600ba",
"fip_pool_ids": [
"8ec655f-009a-79b7-ac22-40d37598c0ff",
"7ec625f-b09b-29b4-dc24-10d37598c0e0"
],
"pod_routable": "true",
"pod_ip_block_ids": [
"fce766f7-aaf1-49b2-d023-90e272e600ba",
"6faf46fd-ccce-4332-92d2-d918adcccce0"
]
}
}
np_customer_B.json
{
"description": "network profile for Customer B",
"name": "network-profile-Customer-B",
"parameters": {
"lb_size": "small",
"t0_router_id": "a4e766cc-87ff-15bd-9052-a0e2425612b7",
"fip_pool_ids": [
"4ec625f-b09b-29b4-dc24-10d37598c0d1",
"6ec625f-b09b-29b4-dc24-10d37598dDd1"
],
"pod_routable": "true",
"pod_ip_block_ids": [
"91e7a3a1-c5f1-4912-d023-90e272260090",
"6faf46fd-ccce-4332-92d2-d918adcccce0"
]
}
}
Note: The pod_routable
parameter controls the routing behavior of a tenant Tier-0 router. If the parameter is set to true
, the custom Pods IP Block subnet is routable and NAT is not used. If pod_routable
is not present or is set to false
, the custom Pods IP Block is not routable and the tenant Tier-0 is deployed in NAT mode.