For a Supervisor that is configured with the vSphere networking stack, you can provide Layer 2 isolation for your Kubernetes workloads by creating Workload Networks and assigning them to namespaces. Workload Networks provide connectivity to TKG clusters in the namespace and are backed by distributed port groups on the switch that is connected to the hosts in the Supervisor.

For more information on the topologies that you can implement for the Supervisor, see Topology for Supervisor with vSphere Networking and NSX Advanced Load Balancer or Topologies for Deploying the HAProxy Load Balancer in vSphere IaaS Control Plane Concepts and Planning.

Note:

If you have configured the Supervisor with a DHCP server providing networking settings for Workload Networks, you cannot create new Workload Networks post Supervisor configuration.

Prerequisites

  • Create a distributed port group that will back the Workload Network.

  • Verify that the IP range that you will assign to the Workload Network is unique within all Supervisors available in your environment.

Procedure

  1. In the vSphere Client, navigate to the Workload Management.
  2. Under Supervisors and select the Supervisor.
  3. Select Configure and select Network.
    Figure 1. Adding a Supervisor workload network

    Adding a Supervisor workload network
  4. Select Workload Network and click Add.
    Option Description

    Port Group

    Select the distributed port group to be associated with this Workload Network. The vSphere Distributed Switch (VDS) that is configured for the Supervisor networking contains the port groups from which you can select.

    Network Name

    The network name that identifies the Workload Network when assigned to namespaces. This value is automatically populated from the name of the port group that you select, but you can change it as appropriate.

    IP Address Ranges

    Enter an IP range for allocating IP addresses of TKG cluster nodes. . The IP range must be in the subnet indicated by the subnet mask.

    Note:

    You must use a unique IP address ranges for each Workload Network. Do not configure the same IP address ranges for multiple networks.

    Subnet Mask

    Enter the IP address of the subnet mask for the network on the port group.

    Gateway

    Enter the default gateway for the network on the port group. The gateway must be in the subnet indicated by the subnet mask.

    Note:

    Do not use the gateway that is assigned to the HAProxy loadbalancer.

  5. Click Add.

What to do next

Assign the newly-created Workload Network to vSphere Namespaces.