For a Supervisor that is configured with the vSphere networking stack, you can provide Layer 2 isolation for your Kubernetes workloads by creating Workload Networks and assigning them to namespaces. Workload Networks provide connectivity to TKG clusters in the namespace and are backed by distributed port groups on the switch that is connected to the hosts in the Supervisor.
If you have configured the Supervisor with a DHCP server providing networking settings for Workload Networks, you cannot create new Workload Networks post Supervisor configuration.
Prerequisites
Create a distributed port group that will back the Workload Network.
Verify that the IP range that you will assign to the Workload Network is unique within all Supervisors available in your environment.
Procedure
In the vSphere Client, navigate to the Workload Management.
Under Supervisors and select the Supervisor.
Select Configure and select Network.
Select Workload Network and click Add.
Option
Description
Port Group
Select the distributed port group to be associated with this Workload Network. The vSphere Distributed Switch (VDS) that is configured for the Supervisor networking contains the port groups from which you can select.
Network Name
The network name that identifies the Workload Network when assigned to namespaces. This value is automatically populated from the name of the port group that you select, but you can change it as appropriate.
IP Address Ranges
Enter an IP range for allocating IP addresses of TKG cluster nodes. . The IP range must be in the subnet indicated by the subnet mask.
Note:
You must use a unique IP address ranges for each Workload Network. Do not configure the same IP address ranges for multiple networks.
Subnet Mask
Enter the IP address of the subnet mask for the network on the port group.
Gateway
Enter the default gateway for the network on the port group. The gateway must be in the subnet indicated by the subnet mask.
Note:
Do not use the gateway that is assigned to the HAProxy loadbalancer.
Click Add.
What to do next
Assign the newly-created Workload Network to vSphere Namespaces.