This topic describes how to create and manage network profiles using VMware Tanzu Kubernetes Grid Integrated Edition Management Console (TKGI MC).
Network profiles let you customize the NSX-T infrastructure networking and the runtime NCP networking for Kubernetes clusters provisioned by Tanzu Kubernetes Grid Integrated Edition. For example, using a network profile you can change the size of the control plane load balancer, add an additional subnet for nodes, and enable the use of a third party ingress controller. For a complete list of use cases, see Network Profile Use Cases.
You can add, view and remove network profiles using the Tanzu Kubernetes Grid Integrated Edition Management Console on vSphere:
Network profiles are supported in NSX mode only; there is no support for vSphere without NSX-T mode. In addition, only management console root
and pks.clusters.admin
users can create, view, and delete network profiles. Cluster managers can use a network profile when creating a cluster, either using the management console or the TKGI CLI.
Use the Tanzu Kubernetes Grid Integrated Edition Management Console to create a cluster with an existing network profile.
Click Show More to view the profile.
Use the Tanzu Kubernetes Grid Integrated Edition Management Console to define a network profile.
NOTE: You must be at the console home page to view the Network Profiles tab.
Click Save.
Use the Tanzu Kubernetes Grid Integrated Edition Management Console to delete network profile.
NOTE: You cannot delete a network profile that is in use by a cluster.
Confirm deletion.
The table lists and describes the available network profile options for customizing NSX-T.
Profile Option | Description |
---|---|
Load Balancer Size | Size of the control plane load balancer: Small , Medium , Large . |
Pod IP Block IDs | Array of Pod IP Block UUIDs defined in NSX-T. |
Pod Subnet Prefix | Size of the Pods IP Block subnet. |
Pod Routability | Make routable the custom Pods subnet: Yes or No . |
Floating Pool IDs | Array of floating IP pool UUIDs defined in NSX-T. |
T0 Router ID | Tenant Tier-0 Router UUID defined in NSX-T. |
Failover Mode | Select Preemptive or Non-preemptive. |
Master VMs NSGroup IDs | Namespace Group UUID as defined in NSX-T. |
Node IP Block IDs | Array of Node IP Block UUIDs defined in NSX-T. |
Node Routable | Make routable the custom Node subnet: Yes or No . |
Node Subnet Prefix | Size of the Node IP Block subnet. |
Nodes DNS | Array of DNS server IP addresses for lookup of Kubernetes nodes and pods. |
DNS Lookup Mode | DNS lookup for the API LB (API ) and ingress controller (API_INGRESS ). |
Ingress Prefix | Ingress controller hostname prefix for DNS lookup. |
Single Tier Topology | Use a single Tier-1 Router per cluster: Yes or No . |
Infrastructure Networks | Array of IP addresses and subnets for use with a single tier topology in a multi-T0 environment. |
Custom Infrastructure Networks | Comma-separated array of custom IP addresses or network CIDRs to be used for Infrastructure Networks. |
The table lists and describes the available network profile options for customizing NCP.
Profile Option | Description |
---|---|
Use NSX-T L4 Virtual Server for K8s Load Balancer | Use NSX-T layer 4 virtual server for each Kubernetes service of type LoadBalancer: Yes or No . |
Use NSX-T L7 Virtual Server as the Ingress Controller for K8s Cluster | Use NSX-T layer 7 virtual server as the ingress controller for the Kubernetes cluster: Yes or No . |
Use Same Source IP for Calling Clients | Use the same source IP for calling clients: Insert or Replace . |
Ingress controller IP address | IP address to use for the ingress controller. |
NCP Log Level | Configure NCP log levels: INFO , WARNING , DEBUG , ERROR , CRITICAL . |
Log Dropped Firewall Traffic | Log dropped firewall traffic: Yes or No . |
Log Firewall Traffic | Select All, None, or Deny. |
Ingress Persistence Type | Specify the ingress persistence type: none , cookie , source_ip . |
Persistence Timeout Interval in Seconds | Persistence timeout interval in seconds. |
Maximum Number of L4 Servers Per Cluster | Limit the number of L4 virtual servers per cluster. |
L4 Persistence Type | Connection stickiness based on source_ip . |
L4 Load Balancer Behavior | Customize the layer 4 load balancer behavior: round_robin , least_connection , ip_hash , weighted_round_robin . |
Top Section-id for Distributed Firewall Section | UUID of the top section-id for the distributed firewall (DFW) section as defined in NSX-T. |
Bottom Section-id for Distributed Firewall Section | UUID of the bottom section-id for the distributed firewall (DFW) section as defined in NSX-T. |
Lb Http Request Header Size | The default maximum request header size is 10,240 characters. |
Lb Http Response Header Size | The default maximum response header size is 10,240 characters. |
Lb Http Response Timeout | Timeout in seconds. |
Connect Retry Timeout | Timeout in seconds. |