To configure a Supervisor with the vSphere networking stack, you must connect all hosts from the cluster to a vSphere Distributed Switch. Depending on your topology, you must create one or more distributed port groups on the switch and configure them as workload networks to the vSphere Namespaces on the cluster.
Workload networks provide connectivity to the nodes of Tanzu Kubernetes clusters and to the Supervisor control planes. The workload network that provides connectivity to Supervisor control planes is called primary workload network. Each Supervisor must have one primary workload network represented by a distributed port group.
The Supervisor control planes on the cluster use three IP addresses from the IP address range that is assigned to the primary workload network. Each node of a Tanzu Kubernetes cluster has a separate IP address assigned from the address range of the workload network that is configured with the namespace where the Tanzu Kubernetes cluster runs.
To create a vSphere Distributed Switch and port groups for configuring the vSphere networking stack of a Supervisor, you can use the vSphere Web Services APIs as described in the vSphere Web Services SDK Programming Guide documentation. When you create a distributed virtual switch, vCenter Server automatically creates one distributed virtual port group. You can use this port group as the primary workload network and use it to handle the traffic for the Supervisor control planes. Then you can create as many distributed port groups for the workload networks as your topology requires. For a topology with one isolated workload network, create one distributed port group that you will use as a network for all namespaces on the Supervisor. For a topology with isolated networks for each vSphere Namespace, create the same number of distributed port groups as the number of namespaces.
To list all workload networks available for a Supervisor and retrieve information about the configuration of a specific workload network, use the Networks service from the vSphere Automation REST APIs. To associate a vSphere Distributed port group to a workload network, set the necessary information through the PUT https://<vcenter_ip_address_or_fqdn>/api/vcenter/namespace-management/clusters/cluster_id/networks/network_id
request and submit a NamespaceManagementNetworksSetSpec JSON object in the request body. The NamespaceManagementNetworksSetSpec data structure holds the NamespaceManagementNetworksVsphereDVPGNetworkSetSpec structure through which you define the parameters of the existing vSphere Distributed port group.
If you want to retrieve a list of the distributed switches compatible with vSphere IaaS control plane on a vCenter Server system, use the GET https://<vcenter_ip_address_or_fqdn>/api/vcenter/namespace-management/distributed-switch-compatibility
request and pass the VSPHERE_NETWORK value for the network_provider
query parameter.