This topic describes how to create NSX objects for the VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) Management Plane.
Before completing this section, make sure you have completed the following sections:
Networking for the TKGI Management Plane consists of a Tier-1 Router and Switch with NAT Rules for the Management Plane VMs.
Create Tier-1 Logical Switch and Router for TKGI Management Plane VMs. Complete the configuration by enabling Route Advertisement on the T1 router.
In the NSX Management console, navigate to Networking > Logical Switches.
Click Add.
Create the LS for TKGI Management plane VMs:
Click Add and verify creation of the T1 logical switch.
Go to Networking > Tier-1 Logical Router.
Click Add.
Configure the Tier-1 logical router as follows:
Click Add and verify.
Select the T1 router and go to Configuration > Router port.
Click Add.
Configure the T1 router port as follows:
Click Add and verify.
Select Routing tab.
Click Edit and configure route advertisement as follows:
Click Save and verify.
You need to create the following NAT rules on the Tier-0 router for the TKGI Management Plane VMs.
10.173.62.220
(for example) to access Ops Manager10.173.62.221
(for example) to access HarborSNAT: 10.173.62.222
(for example) for all TKGI management plane VM traffic destined to the outside world
In the NSX Management console, navigate to Networking > NAT.
In the Logical Router field, select the T0-router you defined for TKGI.
Click Add.
Configure the Ops Manager DNAT rule as follows:
1000
DNAT
Any Protocol
10.173.62.220
, for example10.1.1.2
, for exampleClick Add and verify.
Add a second DNAT rule for Harbor by repeating the same operation.
1000
DNAT
Any Protocol
10.173.62.221
, for example10.1.1.6
, for exampleVerify the creation of the DNAT rules.
Create the SNAT rule for the management plane traffic as follows:
9024
SNAT
Any Protocol
10.1.1.0/24
, for example10.173.62.222
, for exampleVerify the creation of the SNAT rule.