Add Workload Networks to a Supervisor Cluster Configured with VDS Networking

For a Supervisor Cluster that is configured with the vSphere networking stack, you can provide Layer 2 isolation for your Kubernetes workloads by creating Workload Networks and assigning them to namespaces. Workload Networks provide connectivity to Tanzu Kubernetes clusters in the namespace and are backed by distributed port groups on the switch that is connected to the hosts in the Supervisor Cluster.

For more information on the topologies that you can implement for the Supervisor Cluster, see Topology for Supervisor Cluster with vSphere Networking and NSX Advanced Load Balancer or Topologies for Deploying the HAProxy Load Balancer.

Note:

If you have configured the Supervisor Cluster with a DHCP server providing networking settings for Workload Networks, you cannot create new Workload Networks post Supervisor Cluster configuration.

Prerequisites

Create a distributed port group that will back the Workload Network.
Verify that the IP range that you will assign to the Workload Network is unique within all Supervisor Clusters available in your environment.

Procedure

In the vSphere Client, navigate to the Supervisor Cluster.
Select Configure.
Under Supervisor Cluster, select Network.

Select Workload Network and click Add.

Option	Description
Port Group	Select the distributed port group to be associated with this Workload Network. The vSphere Distributed Switch (VDS) that is configured for the Supervisor Cluster networking contains the port groups from which you can select.
Network Name	The network name that identifies the Workload Network when assigned to namespaces. This value is automatically populated from the name of the port group that you select, but you can change it as appropriate.
IP Address Ranges	Enter an IP range for allocating IP addresses of Tanzu Kubernetes cluster nodes. . The IP range must be in the subnet indicated by the subnet mask. Note: You must use a unique IP address ranges for each Workload Network. Do not configure the same IP address ranges for multiple networks.
Subnet Mask	Enter the IP address of the subnet mask for the network on the port group.
Gateway	Enter the default gateway for the network on the port group. The gateway must be in the subnet indicated by the subnet mask. Note: Do not use the gateway that is assigned to the HAProxy loadbalancer.

Click Add.

What to do next

Assign the newly-created Workload Network to vSphere Namespaces.