The system provisions TKG clusters with default networking for nodes, pods, and services. You can verify cluster networking using custom kubectl commands.

Custom Commands to Verify TKG Cluster Networking

Refer to the following commands to verify cluster networking.

These commands should be run from the vSphere Namespace where the TKG cluster is provisioned. For example: 
kubectl config use-context tkg2-cluster-ns
Table 1. Custom kubectl Commands to Verify Cluster Networking
Command Description
Command 
kubectl get tkgserviceconfigurations
Sample result 
NAME                        DEFAULT CNI
tkg-service-configuration   antrea

Returns the default CNI, which is antrea unless changed.

The default CNI is used for cluster creation unless explicitly overridden in the cluster YAML.
Command 
kubectl get virtualnetwork
Sample result 
NAME                   SNAT             READY   AGE
tkgs-cluster-12-vnet   10.191.152.133   True    4h3m

Returns the virtual network for cluster nodes.

Use to verify that the source network address translation (SNAT) IP address is assigned.
Command 
kubectl get virtualmachines -o wide
Sample result 
NAME                               POWERSTATE   CLASS               IMAGE                                     PRIMARY-IP    AGE
tkg2-cluster-12-control-plane-...  poweredOn    guaranteed-medium   ob-...-v1.23.8---vmware.1-tkg.1.b3d708a   10.244.0.66   4h6m
tkg2-cluster-12-worker-...         poweredOn    guaranteed-medium   ob-...-v1.22.9---vmware.1-tkg.1.b3d708a   10.244.0.68   4h3m
tkg2-cluster-12-worker-...         poweredOn    guaranteed-medium   ob-...-v1.21.6---vmware.1-tkg.1.b3d708a   10.244.0.67   4h3m

Returns the virtual network interface for cluster nodes.

Use to verify that the virtual machine for each cluster node has an IP address assigned.
Command 
kubectl get virtualmachineservices
Sample result 
NAME                                    TYPE           AGE
tkg2-cluster-12-control-plane-service   LoadBalancer   3h53m

Returns the virtual machine service for each cluster node.

Use to verify that the status is updated and includes the load balancer virtual IP (VIP) address.
Command 
kubectl get services -n NAMESPACE
Verify using cURL 
curl -k https://EXTERNAL-IP:PORT/healthz

Returns the Kubernetes service load balancer created for Cluster API access. Use to verify that an external IP is assigned.

Use curl to verify access to the API using the external IP address and port of the load balancer service.
Command 
kubectl get endpoints
Sample result 
NAME                                    ENDPOINTS          AGE
tkg2-cluster-12-control-plane-service   10.244.0.66:6443   3h44m

Returns the control plane nodes (endpoints) for the cluster. Use to verify that each endpoint is created and included in the endpoint pool.