This topic describes how to define network profiles for Kubernetes clusters provisioned with VMware Tanzu Kubernetes Grid Integrated Edition on vSphere with NSX-T.
Most of the NSX-T virtual interface tags used by Tanzu Kubernetes Grid Integrated Edition are added to the Kubernetes control plane node or nodes during the node initialization phase of cluster provisioning. To add tags to virtual interfaces, the Kubernetes control plane node needs to connect to the NSX-T Manager API. Network security rules provisioned prior to cluster creation time do not allow nodes to connect to NSX-T if the rules are based on a Namespace Group (NSGroup) managed by Tanzu Kubernetes Grid Integrated Edition.
To address this bootstrap issue, Tanzu Kubernetes Grid Integrated Edition exposes an optional configuration parameter in Network Profiles to systematically add Kubernetes control plane nodes to a pre-provisioned NSGroup. The BOSH vSphere cloud provider interface (CPI) has the ability to use the NSGroup to automatically manage members following the BOSH VM lifecycle for Kubernetes control plane nodes.
To configure a Bootstrap Security Group, complete the following steps:
{
"name": "np-boot-nsgroups",
"description": "Network Profile for Customer B",
"parameters": {
"master_vms_nsgroup_id": "9b8d535a-d3b6-4735-9fd0-56305c4a5293"
}
}