You can add, view and remove network profiles using the Tanzu Kubernetes Grid Integrated Edition Management Console on vSphere.
Network profiles let you customize the NSX infrastructure networking and the runtime NCP networking for Kubernetes clusters provisioned by Tanzu Kubernetes Grid Integrated Edition. For example, using a network profile you can change the size of the control plane load balancer, add an additional subnet for nodes, and enable the use of a third party ingress controller. For a complete list of use cases, see Network Profile Use Cases.
Network profiles are supported in NSX mode only; there is no support for vSphere without NSX mode. In addition, only management console root
and pks.clusters.admin
users can create, view, and delete network profiles. Cluster managers can use a network profile when creating a cluster, either using the management console or the TKGI CLI.
Use the Tanzu Kubernetes Grid Integrated Edition Management Console to create a cluster with an existing network profile.
Click Show More to view the profile.
Use the Tanzu Kubernetes Grid Integrated Edition Management Console to define a network profile.
NOTE: You must be at the console home page to view the Network Profiles tab.
Click Save.
Use the Tanzu Kubernetes Grid Integrated Edition Management Console to delete network profile.
NOTE: You cannot delete a network profile that is in use by a cluster.
Confirm deletion.
The table lists and describes the available network profile options for customizing NSX.
Profile Option | Description |
---|---|
Load Balancer Size | Size of the control plane load balancer: Small , Medium , Large . |
Pod IP Block IDs | Array of Pod IP Block UUIDs defined in NSX. |
Pod Subnet Prefix | Size of the Pods IP Block subnet. |
Pod Routability | Make routable the custom Pods subnet: Yes or No . |
Floating Pool IDs | Array of floating IP pool UUIDs defined in NSX. |
T0 Router ID | Tenant Tier-0 Router UUID defined in NSX. |
Failover Mode | Select Preemptive or Non-preemptive. |
Master VMs NSGroup IDs | Namespace Group UUID as defined in NSX. |
Node IP Block IDs | Array of Node IP Block UUIDs defined in NSX. |
Node Routable | Make routable the custom Node subnet: Yes or No . |
Node Subnet Prefix | Size of the Node IP Block subnet. |
Nodes DNS | Array of DNS server IP addresses for lookup of Kubernetes nodes and pods. |
DNS Lookup Mode | DNS lookup for the API LB (API ) and ingress controller (API_INGRESS ). |
Ingress Prefix | Ingress controller hostname prefix for DNS lookup. |
Single Tier Topology | Use a single Tier-1 Router per cluster: Yes or No . |
Infrastructure Networks | Array of IP addresses and subnets for use with a single tier topology in a multi-T0 environment. |
Custom Infrastructure Networks | Comma-separated array of custom IP addresses or network CIDRs to be used for Infrastructure Networks. |
The table lists and describes the available network profile options for customizing NCP.
Profile Option | Description |
---|---|
Use NSX L4 Virtual Server for K8s Load Balancer | Use NSX layer 4 virtual server for each Kubernetes service of type LoadBalancer: Yes or No . |
Use NSX L7 Virtual Server as the Ingress Controller for K8s Cluster | Use NSX layer 7 virtual server as the ingress controller for the Kubernetes cluster: Yes or No . |
Use Same Source IP for Calling Clients | Use the same source IP for calling clients: Insert or Replace . |
Ingress controller IP address | IP address to use for the ingress controller. |
NCP Log Level | Configure NCP log levels: INFO , WARNING , DEBUG , ERROR , CRITICAL . |
Log Dropped Firewall Traffic | Log dropped firewall traffic: Yes or No . |
Log Firewall Traffic | Select All, None, or Deny. |
Ingress Persistence Type | Specify the ingress persistence type: none , cookie , source_ip . |
Persistence Timeout Interval in Seconds | Persistence timeout interval in seconds. |
Maximum Number of L4 Servers Per Cluster | Limit the number of L4 virtual servers per cluster. |
L4 Persistence Type | Connection stickiness based on source_ip . |
L4 Load Balancer Behavior | Customize the layer 4 load balancer behavior: round_robin , least_connection , ip_hash , weighted_round_robin . |
Top Section-id for Distributed Firewall Section | UUID of the top section-id for the distributed firewall (DFW) section as defined in NSX. |
Bottom Section-id for Distributed Firewall Section | UUID of the bottom section-id for the distributed firewall (DFW) section as defined in NSX. |
Lb Http Request Header Size | The default maximum request header size is 10,240 characters. |
Lb Http Response Header Size | The default maximum response header size is 10,240 characters. |
Lb Http Response Timeout | Timeout in seconds. |
Connect Retry Timeout | Timeout in seconds. |