This topic describes how to define Network Profiles for customizing Kubernetes node networks provisioned with VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) on vSphere with NSX.

For information on how to define Network Profiles for other cluster customizations, see Creating and Managing Network Profiles (NSX Only).

Configurable Node Network IP Blocks

You can use Network Profiles to configure a Kubernetes cluster with a custom Node Network IP Block.

A Network Profile Node IP Block is used by TKGI to assign address space to Kubernetes nodes when new clusters are deployed or a cluster increases its scale.

Your Network Profile Node IP Block configuration can define one or more custom Node IP Block networks, specify the size of the node subnet, and specify if the network is routable:

nodes-network.json
{
	"description": "DESCRIPTION",
	"name": "NAME",
	"parameters": {
		"node_ip_block_ids": [
			NODE-IP-BLOCK-IDS
		],
		"node_routable":ROUTABLE,
		"node_subnet_prefix":SIZE
	}
}

Where:

  • DESCRIPTION is the description of the Nodes Network IP Block.
  • NAME is the name of the Nodes Network IP Block.
  • NODE-IP-BLOCK-IDS is the comma-separated list of double-quoted node network Node IP Blocks for the cluster. For more information, see Node IP Block IDs below.
  • ROUTABLE whether the node network is routbale of non-routable. Accepts only true or false. For more information, see Node Routable below.
  • SIZE is the subnet size. Accepts only standard integer subnet size values. For more information, see Node Subnet Prefix below.

For example:

nodes-network.json
{
	"description": "Configurable Nodes Network IP Block",
	"name": "network-profile_nodes-ip-block",
	"parameters": {
		"node_ip_block_ids": [
			"2250dc43-63c8-4bb8-b8cf-c6e12ccfb7de", "3d577e5c-dcaf-4921-9458-d12b0e1318e6"
		],
		"node_routable":true,
		"node_subnet_prefix":20
	}
}


Node IP Block IDs

The network profile node_ip_block_ids parameter allows you to specify one or more Kubernetes node network Node IP Blocks for your clusters.

When a network profile is applied to a Kubernetes cluster, TKGI automatically creates a node subnet from one of the available IP blocks in the node_ip_block_ids configuration.

If the IP block is exhausted, the cluster uses one of the alternate IP blocks specified in the node_ip_block_ids configuration to create the node subnet.

The node_ip_block_ids configuration on an existing cluster cannot be updated.

If your network profile does not include a node_ip_block_ids configuration, TKGI creates a node subnet from one of the available IP blocks in the Node IP Blocks specified on the TKGI tile.

Note: When replacing a network profile that does not explicitly specify a node_ip_block_ids configuration, the replacement network profile must include the Node IP Blocks specified on the TKGI tile.


Node Routable

The node_routable boolean lets you specify if the node network is routable or non-routable. This is the equivalent of enabling or deactivating NAT mode in the TKGI tile.

If the node network is configured as non-routable, "node_routable":false, the node network uses NAT mode. In this case, you must make sure that Kubernetes nodes have access to BOSH and other TKGI Management Plane components. See Create Management Plane in Installing and Configuring NSX-T Data Center v3.0 for TKGI for more information.

If the node network is configured as routable, "node_routable":true, the IP address space must be an externally routable address block.

The node_routable configuration on an existing cluster cannot be updated.

Note: The default routable setting for the node network is determined based on the selection made in the TKGI tile. If NAT mode is selected, the node network is non-routable. To override the default selection, provide the node_routable parameter in the network profile.


Node Subnet Prefix

Configure the Node IP Block node_subnet_prefix parameter to specify a subnet size that optimizes the use of network address space for the number of nodes in your Kubernetes cluster.

For example, if the TKGI administrator has configured the default in the TKGI tile to be a routable network for the Node IP Block, the Kubernetes cluster administrator can deploy the cluster in the NAT’ed mode (non-routable) by specifying a network profile with an IP block that supports the NAT’ed address range.

By default, each Kubernetes cluster deployed by TKGI is allocated a /24 subnet, which allows up to 256 IP addresses to be assigned.

The node_subnet_prefix configuration on an existing cluster cannot be updated.

Note: Configure Node Subnet Prefix when your cluster nodes use a globally routable address space with the node_routable option set to true.

check-circle-line exclamation-circle-line close-line
Scroll to top icon