This topic describes how to create NSX objects for the VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) control plane where Kubernetes clusters run.

Prerequisites

Before completing this section, make sure you have completed the following sections:

Required NSX Objects for the Tanzu Kubernetes Grid Integrated Edition Control Plane

To install TKGI on vSphere with NSX, you need to create the following NSX objects:

  • Tier-0 Gateway (also known as a Router)
  • Pods IP Block
  • Nodes IP Block
  • Floating IP Pool

For more information, see Network Planning for TKGI.

When you configure the TKGI tile, you specify the object IDs:

The following instructions describe how to create these objects. You will need to create these objects using the appropriate interface. If you are using the Management API, create them using the Manager tab. If you are using the Policy API, create these objects using the Policy tab.

Create NSX Objects for Kubernetes Clusters Using the Management Interface

This section provides instructions for creating the required NSX objects for Kubernetes clusters using the Management interface.

Create Tier-0 Router Using the Management Interface

  1. Log in to the NSX Manager and select the Networking tab.

  2. Verify that the Manager interface is selected. If not, select it.

  3. Select Tier-0 Logical Routers.

  4. Click Add.

  5. Configure a new Tier-0 Router as follows:

    • Name: T0-router
    • Edge Cluster: edge-cluster-1
    • HA mode: Either Active-Active or Active-Standby
    • Failover mode: Non-Preemptive

    Note: Configuring Failover mode is optional if HA mode is configured as Active-Active. For more information on NSX HA mode configuration, see Add a Tier-0 Gateway in the VMware NSX-T Data Center documentation.

  6. Click Save and verify.

  7. Select the T0-router you created.

  8. Select Configuration > Router Ports.

  9. Click Add.

  10. Configure a new router port as follows:

    • Name: T0-uplink-1
    • Type: uplink
    • Transport Node: edge-node-1
    • Logical Switch: LS-T0-uplink
    • Logical Switch Port: Attach to a new switch port
    • Subnet: 10.173.62.50 / 24
  11. Click Add and verify.

  12. Select the T0-router you created.

  13. Select Configuration > Router Ports.

  14. Add a second uplink by creating a second router port for edge-node-2:

    • Name: T0-uplink-1
    • Type: uplink
    • Transport Node: edge-node-2
    • Logical Switch: LS-T0-uplink
    • Logical Switch Port: Attach to a new switch port
    • Subnet: 10.173.62.51 / 24
  15. Once completed, verify that the T0-router you created has two connected router ports.

Configure and Test the Tier-0 Router

Create an HA VIP for the T0 router, and a default route for the T0 router. Then test the T0 router.

  1. Select the T0-router you created.

  2. Select Configuration > HA VIP.

  3. Click Add.

  4. Configure the HA VIP as follows:

    • VIP address: 10.173.62.52/24, for example.
    • Uplink ports: T0-uplink-1 and T0-uplink-2.
  5. Click Add and verify.

  6. Select Routing > Static Routes.

  7. Click Add.

    • Network: 0.0.0.0/0
    • Next Hop: 10.173.62.253
  8. Click Add and verify.

  9. Verify the Tier 0 router by making sure the T0 uplinks and HA VIP are reachable from your laptop.

For example:

> ping 10.173.62.50
PING 10.173.62.50 (10.173.62.50): 56 data bytes
Request timeout for icmp_seq 0
64 bytes from 10.173.62.50: icmp_seq=1 ttl=58 time=71.741 ms
64 bytes from 10.173.62.50: icmp_seq=0 ttl=58 time=1074.679 ms

> ping 10.173.62.51
PING 10.173.62.51 (10.173.62.51): 56 data bytes
Request timeout for icmp_seq 0
64 bytes from 10.173.62.51: icmp_seq=0 ttl=58 time=1156.627 ms
64 bytes from 10.173.62.51: icmp_seq=1 ttl=58 time=151.413 ms

> ping 10.173.62.52
PING 10.173.62.52 (10.173.62.52): 56 data bytes
64 bytes from 10.173.62.52: icmp_seq=0 ttl=58 time=6.864 ms
64 bytes from 10.173.62.52: icmp_seq=1 ttl=58 time=7.776 ms

Create the Nodes IP Block for Kubernetes Clusters Using the Management Interface

TKGI requires a dedicated IP Block for Kubernetes nodes. When you configure the TKGI tile, you will need to provide the ID for this IP Block. The recommended size for this IP Bock is /16. For more information, see Nodes IP Block.

In the example that follows, we create the following Nodes IP block: TKGI-NODES-IP-BLOCK: 172.23.0.0/16.

To create the required Nodes IP Block using the Management interface, complete the following steps:

  1. Log in to the NSX Manager and select the Networking tab.

  2. Verify that the Manager interface is selected. If not, select it.

  3. Select Network Services > IP Address Pools > IP Block.

  4. Click Add.

  5. Configure the Nodes IP Block as follows:

    • Name: TKGI-NODES-IP-BLOCK
    • CIDR: 172.23.0.0/16
  6. Click Add and verify.

Create the Pods IP Block for Kubernetes Clusters Using the Management Interface

TKGI requires a dedicated IP Block for Kubernetes pods. When you configure the TKGI tile, you will need to provide the ID for this IP Block. The recommended size for this IP Bock is /16. For more information, see Pods IP Block.

In the example that follows, we create the following Pods IP block: TKGI-PODS-IP-BLOCK: 172.16.0.0/16.

To create the required Pods IP Block using the Management interface, complete the following steps:

  1. Log in to the NSX Manager and select the Networking tab.

  2. Verify that the Manager interface is selected. If not, select it.

  3. Select Network Services > IP Address Pools > IP Block.

  4. Click Add.

  5. Configure the Pods IP Block as follows:

    • Name: TKGI-PODS-IP-BLOCK
    • CIDR: 172.16.0.0/16
  6. Click Add and verify.

Create the Floating IP Pool for Kubernetes Clusters Using the Management Interface

TKGI requires a floating IP pool for Kubernetes services such as load balancer instances. When you configure the TKGI tile, you will need to provide the ID for this IP Pool. For more information, see Plan Network CIDRs.

To create the required Floating IP Pool using the Management interface, complete the following steps:

  1. Log in to the NSX Manager and select the Networking tab.

  2. Verify that the Manager interface is selected. If not, select it.

  3. Select Network Services > IP Address Pools > IP Block.

  4. Click Add.

  5. Configure the IP pool as follows:

    • Name: TKGI-FLOATING-IP-POOL
    • IP ranges: 10.173.62.111 - 10.173.62.150
    • CIDR: 10.173.62.0/24
  6. Click Add and verify.

Create NSX Objects for Kubernetes Clusters Using the Policy Interface

This section provides instructions for creating the required NSX objects for Kubernetes clusters using the Policy interface.

Create a Tier-0 Gateway Using the Policy Interface

  1. Log in to the NSX Manager and select the Networking tab.

  2. Verify that the Policy interface is selected. If not, select it.

  3. Select Tier-0 Gateways from the navigation on the left.

  4. Click Add Gateway.

  5. Select Tier-0.

  6. Create a new Tier-0 Gateway as follows:

    • Name: Enter t0-shared, for example
    • HA Mode: Select Active Standby
    • Fail Over: Select Non Preemptive
    • Click Save
    • At the prompt select Yes to continue creating the gateway
    • Edge Cluster: Select the Edge Cluster you created previously, such as edge-cluster-0
    • Click Close Editing to complete the creation of the Tier-0 Gateway

Configure the Tier-0 Gateway Using the Policy Interface

Now that the Tier-0 Gateway is created, you need to configure it for TKGI. This requires configuring two interfaces, an HA VIP, and a static route.

  1. Edit the t0-shared gateway you created.

  2. Select Interfaces > Set.

  3. Select Add Interface and configure the first interface as follows:

    • Name: Uplink1EdgeFirst (for example)
    • Type: External
    • Edge Node: tn-cluster-0-edge-0
    • MTU: 1500
    • Connected To (Segment): internet-vlan-0
    • Subnet: 192.168.115.10/24 (for example)
    • Click Save and verify.
  4. Select Add Interface and configure the second interface as follows:

    • Name: Uplink2EdgeFirst (for example)
    • Type: External
    • Edge Node: tn-cluster-0-edge-1
    • MTU: 1500
    • Connected To (Segment): internet-vlan-0
    • Subnet: 192.168.115.11/24 (for example)
    • Click Save and verify.
  5. When you are done adding the interfaces, click Apply.

  6. Configure the HA VIP as follows:

    • For the HA VIP Configuration field, click Set.
    • Click Add HA VIP Configuration.
    • For the IP Address / Mask field, enter a valid IP address and subnet mask
    • For the Interface field, select the 2 interfaces you created
    • Click Apply
  7. Configure a static route as follows:

    • Select Routing > Static Routes.
    • Click Set.
    • Click Add Static Route.
    • Name: default
    • Network: 0.0.0.0/0
    • For Next Hops, click Set.
    • Click Set Next Hops.
    • Next Hop: 192.168.115.1 (for example)
    • Admin Distance: 1
    • Scope: None
    • Click Save.
    • Click Close.
  8. Click Close Editing and verify the configuration of the t0-shared gateway.

Test the Tier-0 Gateway

Now that the t0-shared gateway is configured, it is time to test it.

  1. Verify the T0-gateway by making sure the T0 uplinks and HA VIP are reachable from your laptop.

For example:

> ping 10.173.62.50
PING 10.173.62.50 (10.173.62.50): 56 data bytes
Request timeout for icmp_seq 0
64 bytes from 10.173.62.50: icmp_seq=1 ttl=58 time=71.741 ms
64 bytes from 10.173.62.50: icmp_seq=0 ttl=58 time=1074.679 ms

> ping 10.173.62.51
PING 10.173.62.51 (10.173.62.51): 56 data bytes
Request timeout for icmp_seq 0
64 bytes from 10.173.62.51: icmp_seq=0 ttl=58 time=1156.627 ms
64 bytes from 10.173.62.51: icmp_seq=1 ttl=58 time=151.413 ms

> ping 10.173.62.52
PING 10.173.62.52 (10.173.62.52): 56 data bytes
64 bytes from 10.173.62.52: icmp_seq=0 ttl=58 time=6.864 ms
64 bytes from 10.173.62.52: icmp_seq=1 ttl=58 time=7.776 ms

Create the Nodes IP Block for Kubernetes Clusters Using the Policy Interface

TKGI requires a dedicated IP Block for Kubernetes nodes. When you configure the TKGI tile, you will need to provide the ID for this IP Block. The recommended size for this IP Bock is /16. For more information, see Nodes IP Block.

In the example that follows, we create the following Nodes IP block: TKGI-NODES-IP-BLOCK: 172.23.0.0/16.

To create the required Nodes IP Block using the Management interface, complete the following steps:

  1. Log in to the NSX Manager and select the Networking tab.

  2. Verify that the Policy interface is selected. If not, select it.

  3. Select IP Management > IP Address Pools > IP Address Blocks.

  4. Click Add IP Address Block.

  5. Configure the Nodes IP Block as follows:

    • Name: TKGI-NODES-IP-BLOCK
    • CIDR: 172.23.0.0/16
  6. Click Add and verify.

Create the Pods IP Block for Kubernetes Clusters Using the Policy Interface

TKGI requires a dedicated IP Block for Kubernetes pods. When you configure the TKGI tile, you will need to provide the ID for this IP Block. The recommended size for this IP Bock is /16. For more information, see Pods IP Block.

For example:

  • TKGI-PODS-IP-BLOCK: 172.16.0.0/16

To create the required Pods IP Block using the Management interface, complete the following steps:

  1. Log in to the NSX Manager and select the Networking tab.

  2. Verify that the Policy interface is selected. If not, select it.

  3. Select IP Management > IP Address Pools > IP Address Blocks.

  4. Click Add IP Address Block.

  5. Configure the Pods IP Block as follows:

    • Name: TKGI-PODS-IP-BLOCK
    • CIDR: 172.16.0.0/16
  6. Click Add and verify.

Create the Floating IP Pool for Kubernetes Clusters Using the Management Interface

TKGI requires a floating IP pool for Kubernetes services such as load balancer instances. When you configure the TKGI tile, you will need to provide the ID for this IP Pool. For more information, see Plan Network CIDRs.

To create the required Floating IP Pool using the Management interface, complete the following steps:

  1. Log in to the NSX Manager and select the Networking tab.

  2. Verify that the Policy interface is selected. If not, select it.

  3. Select IP Management > IP Address Pools > IP Address Pools.

  4. Click Add IP Address Pool.

  5. Configure the IP pool as follows:

    • Name: TKGI-FLOATING-IP-POOL
    • IP ranges: 10.173.62.111 - 10.173.62.150
    • CIDR: 10.173.62.0/24
  6. Click Add and verify.

Next Steps

Create NSX Objects for TKGI Management Plane Components

check-circle-line exclamation-circle-line close-line
Scroll to top icon