Requirements for Cluster Supervisor Deployment with VDS Networking and HAProxy Load Balancer

Check out the system requirements for setting up a vSphere cluster as a Supervisor with the VDS networking stack and HAProxy Load Balancer. When you enable a vSphere cluster as a Supervisor, a vSphere zone is automatically created for the Supervisor.

Minimum Compute Requirements

Consider separating the management and workload domain as a best practice. The workload domain hosts the Supervisor where you run workloads. The management domain hosts all the management components such as vCenter Server.


System	Minimum Deployment Size	CPU	Memory	Storage
vCenter Server 8.0	Small	2	21 GB	290 GB
ESXi hosts 8.0	Without vSAN: 3 ESXi hosts with 1 static IP per host. With vSAN: 4 ESXi hosts with at least 2 physical NICs. The hosts must be joined in a cluster with vSphere DRS and HA enabled. vSphere DRS must be in Fully Automate or Partially Automate mode. Note: Make sure that the names of the hosts that join the cluster use lower case letters. Otherwise, the enablement of the cluster for Workload Management might fail.	8	64 GB per host	Not applicable
Kubernetes control plane VMs	3	4	16 GB	16 GB

Minimum Network Requirements

Note: You cannot create IPv6 clusters with a vSphere 8 Supervisor, or register IPv6 clusters with Tanzu Mission Control.

Table 1. Physical Network Requirements
Component	Minimum Quantity	Required Configuration
Physical Network MTU	1500	The MTU size must be 1500 or greater on any distributed port group.

Table 2. General Networking Requirements
Component	Minimum Quantity	Required Configuration
NTP and DNS Server	1	A DNS server and NTP server that can be used with vCenter Server. Note: Configure NTP on all ESXi hosts and vCenter Server .
DHCP Server	1	Optional. Configure a DHCP server to automatically acquire IP addresses for the Management and Workload Networks as well as floating IPs. The DHCP server must support Client Identifiers and provide compatible DNS servers, DNS search domains, and an NTP server. For the management network, all the IP addresses, such as control plane VM IPs, a Floating IP, DNS servers, DNS, search domains, and NTP server are acquired automatically from the DHCP server. The DHCP configuration is used by the Supervisor. Load balancers may require static IP addresses for Management. DHCP Scopes should not overlap these static IP’s. DHCP is not used for virtual IPs. (VIPs) Note: DHCP configuration for Workload Networks is not supported with Supervisor Services on a Supervisor configured with the VDS stack. To use Supervisor Services, configure workload networks with static IP addresses. You can still use DHCP for the Management Network.

Table 3. Management Network Requirements
Component	Minimum Quantity	Required Configuration
Static IPs for Kubernetes control plane VMs	Block of 5	A block of 5 consecutive static IP addresses to be assigned from the Management Network to the Kubernetes control plane VMs in the Supervisor.
Management traffic network	1	A Management Network that is routable to the ESXi hosts, vCenter Server, the Supervisor and load balancer.
Management Network Subnet	1	The subnet used for management traffic between ESXi hosts and vCenter Server, and the Kubernetes control plane. The size of the subnet must be the following: One IP address per host VMkernel adapter. One IP address for the vCenter Server Appliance. 5 IP addresses for the Kubernetes control plane. 1 for each of the 3 nodes, 1 for virtual IP, 1 for rolling cluster upgrade. Note: The Management Network and the Workload Network must be on different subnets. Assigning the same subnet to the Management and the Workload networks is not supported and can lead to system errors and problems.
Management Network VLAN	1	The VLAN ID of the Management Network subnet.

Table 4. Workload Network Requirements
Component	Minimum Quantity	Required Configuration
vSphere Distributed Switch	1	All hosts from the vSphere cluster must be connected to a VDS.
Workload Networks	1	At least one distributed port group must be created on the VDS that you configure as the Primary Workload Network. Depending on the topology of choice, you can use the same distributed port group as the Workload Network of namespaces or create more port groups and configure them as Workload Networks. Workload Networks must meet the following requirements: Routability between any Workload Network with the network that HAProxy uses for virtual IP allocation. No overlapping of IP address ranges across all Workload Networks within a Supervisor. Important: The workload network must be on a different subnet than the management network.
Kubernetes Services CIDR range	/16 Private IP addresses	A private CIDR range to assign IP addresses to Kubernetes services. You must specify a unique Kubernetes services CIDR range for each Supervisor.

Table 5. Load Balancer Networking Requirements

HAProxy load balancer	1	An instance of HAProxy load balancer configured with the vCenter Server instance. If the same the HAProxy instance is serving multiple Supervisors it must be able to route traffic to and from all Workload Networks across all Supervisors. IP ranges across Workload Networks in all Supervisors that the HAProxy serves must not overlap. The network that HAProxy uses to allocate Virtual IPs must be routable to the Workload Networks used across all Supervisors to which HAProxy is connected.
Virtual Server IP range	1	A dedicated IP range for virtual IPs. The HAProxy VM must be the only owner of this virtual IP range. The range must not overlap with any IP range assigned to any Workload Network owned by any Supervisor. The range must not reside on the same subnet as the Management network.


Component	Minimum Quantity	Required Configuration
NTP and DNS Server	1	A DNS server and NTP server that can be used with vCenter Server. Note: Configure NTP on all ESXi hosts and vCenter Server .
DHCP Server	1	Optional. Configure a DHCP server to automatically acquire IP addresses for the management and workload networks as well as floating IPs. The DHCP server must support Client Identifiers and provide compatible DNS servers, DNS search domains, and an NTP server. The DHCP configuration is used by the Supervisor. Load balancers may require static IP addresses for Management. DHCP Scopes should not overlap these static IP’s. DHCP is not used for virtual IPs. (VIPs)