This topic describes how to define Network Profiles for customizing Kubernetes node networks provisioned with VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) on vSphere with NSX.
For information on how to define Network Profiles for other cluster customizations, see Creating and Managing Network Profiles (NSX Only).
You can use Network Profiles to configure a Kubernetes cluster with a custom Node Network IP Block.
A Network Profile Node IP Block is used by TKGI to assign address space to Kubernetes nodes when new clusters are deployed or a cluster increases its scale.
Your Network Profile Node IP Block configuration can define one or more custom Node IP Block networks, specify the size of the node subnet, and specify if the network is routable:
nodes-network.json
{
"description": "DESCRIPTION",
"name": "NAME",
"parameters": {
"node_ip_block_ids": [
NODE-IP-BLOCK-IDS
],
"node_routable":ROUTABLE,
"node_subnet_prefix":SIZE
}
}
Where:
true
or false
. For more information, see Node Routable below.For example:
nodes-network.json
{
"description": "Configurable Nodes Network IP Block",
"name": "network-profile_nodes-ip-block",
"parameters": {
"node_ip_block_ids": [
"2250dc43-63c8-4bb8-b8cf-c6e12ccfb7de", "3d577e5c-dcaf-4921-9458-d12b0e1318e6"
],
"node_routable":true,
"node_subnet_prefix":20
}
}
The network profile node_ip_block_ids
parameter allows you to specify one or more Kubernetes node network Node IP Blocks for your clusters.
When a network profile is applied to a Kubernetes cluster, TKGI automatically creates a node subnet from one of the available IP blocks in the node_ip_block_ids
configuration.
If the IP block is exhausted, the cluster uses one of the alternate IP blocks specified in the node_ip_block_ids
configuration to create the node subnet.
The node_ip_block_ids
configuration on an existing cluster cannot be updated.
If your network profile does not include a node_ip_block_ids
configuration, TKGI creates a node subnet from one of the available IP blocks in the Node IP Blocks specified on the TKGI tile.
Note: When replacing a network profile that does not explicitly specify a node_ip_block_ids
configuration, the replacement network profile must include the Node IP Blocks specified on the TKGI tile.
The node_routable
boolean lets you specify if the node network is routable or non-routable. This is the equivalent of enabling or deactivating NAT mode in the TKGI tile.
If the node network is configured as non-routable, "node_routable":false
, the node network uses NAT mode. In this case, you must make sure that Kubernetes nodes have access to BOSH and other TKGI Management Plane components. See Create Management Plane in Installing and Configuring NSX-T Data Center v3.0 for TKGI for more information.
If the node network is configured as routable, "node_routable":true
, the IP address space must be an externally routable address block.
The node_routable
configuration on an existing cluster cannot be updated.
Note: The default routable setting for the node network is determined based on the selection made in the TKGI tile. If NAT mode is selected, the node network is non-routable. To override the default selection, provide the node_routable
parameter in the network profile.
Configure the Node IP Block node_subnet_prefix
parameter to specify a subnet size that optimizes the use of network address space for the number of nodes in your Kubernetes cluster.
For example, if the TKGI administrator has configured the default in the TKGI tile to be a routable network for the Node IP Block, the Kubernetes cluster administrator can deploy the cluster in the NAT’ed mode (non-routable) by specifying a network profile with an IP block that supports the NAT’ed address range.
By default, each Kubernetes cluster deployed by TKGI is allocated a /24 subnet, which allows up to 256 IP addresses to be assigned.
The node_subnet_prefix
configuration on an existing cluster cannot be updated.
Note: Configure Node Subnet Prefix when your cluster nodes use a globally routable address space with the node_routable
option set to true
.