VMware NSX Container Plugin 3.0

4.2 4.1 4.0 3.2 3.1 3.0
简体中文 Deutsch Español Français Italiano 日本語 한국어 繁體中文 English

Configuring NSX-T Resources

This section describes configuring resources in NSX Manager Policy mode.
In the NCP configuration file
ncp.ini
, you can specify NSX-T resources using their UUIDs or names.

Gateways and Segment

  1. Create a segment for the Kubernetes nodes, for example,
    ocp4-segment
    .
  2. Create a tier-0 gateway, for example,
    T0GW1
    . Set the
    top_tier_router
     option in the
    [nsx_v3]
     section of
    ncp.ini
     with the gateway's ID if you do not have a shared tier-1 topology. See below for information on configuring a shared tier-1 topology. Set the HA mode to active-standby if you plan to configure NAT rules on this gateway. Otherwise, set it to active-active. Enable route redistribution. Also configure this gateway for access to the external network.
  3. Create a tier-1 gateway, for example,
    T1GW1
    . Connect this gateway to the tier-0 gateway.
  4. Configure router advertisement for
    T1GW1
    . At the very least, NSX-connected and NAT routes should be enabled.
  5. Connect
    T1GW1
     to
    ocp4-segment
    . Make sure that the gateway port's IP address does not conflict with the IP addresses of the Kubernetes nodes.
  6. For each node VM, make sure that the vNIC for container traffic is attached to the segment that is automatically created. You can find it in
    Networking
    Segments
     with the same name as the segment, that is,
    ocp4-segment
    ).
  7. If you use DHCP you can provide DHCP static binding on the segment for the nodes.
NCP must know the VIF ID of the vNIC. You can see
ocp4-segment
's ports that are automatically created by navigating to
Networking
Segments
. These ports are not editable except for their tag property. These ports must have the following tags:
  • tag:
    <cluster_name>
    , scope:
    ncp/cluster
  • tag:
    <node_name>
    , scope:
    ncp/node_name
Note: No need to manually add the above tags. They will be automatically added by the NCP Network Operator.

IP Blocks for Kubernetes Pods

IP Blocks will be created automatically by NCP. NSX Network Operator will pass the value of the
cidr
 parameter in the
networking.clusterNetwork
 section of
install-config.yaml
. For example:
networking: 
  networkType: ncp 
  clusterNetwork: 
  - cidr: 10.4.0.0/16 
    hostPrefix: 23 
  machineCIDR: 10.114.16.0/24 
  serviceNetwork: 
  - 172.30.0.0/16
The Openshift 4 adaptor will create a new IP block for each CIDR configured in
install-config.yaml
 file. You must be careful if there is any existing IP block with the same CIDR. It is not recommended to use overlapping IP blocks as NCP enables connected subnet route advertisement between tier-0 and tier-1.

External IP Pools

An external IP pool is used for allocating IP addresses which will be used for translating pod IPs using SNAT rules, and for exposing Ingress controllers and LoadBalancer-type services using SNAT/DNAT rules, just like Openstack floating IPs. These IP addresses are also referred to as external IPs.
Navigate to
Networking
IP Address Management
IP Address Pools
 to create an IP pool. Set the
external_ip_pools
 option in the
[nsx_v3]
 section of
ncp.ini
 (part of NCP Network Operator) to the UUIDs of the IP pools. If you want NCP to automatically create IP pools, you can set the
external_ip_pools
 option with a comma-separated list of addresses in CIDR format or IP ranges.
Multiple Kubernetes clusters use the same external IP pool. Each NCP instance uses a subset of this pool for the Kubernetes cluster that it manages. By default, the same subnet prefix for pod subnets will be used. To use a different subnet size, update the
external_subnet_prefix
 option in the
[nsx_v3]
 section in
ncp.ini
.
You can change to a different IP pool by changing the
nsx-ncp-operator-config
 configmap in the
nsx-system-operator
 project once the cluster is deployed.

Shared Tier-1 Topology

The following diagram illustrates a shared tier-1 topology.
This is the only topology for Openshift 4. To set up this topology, perform the following configurations:
  • Set the
    top_tier_router
     option to the ID of the tier-1 gateway. Connect the tier-1 gateway to a tier-0 gateway for external connections.
  • Set the
    single_tier_topology
     option to
    True
    . The default value is
    False
    .
  • If you want NCP to automatically configure the top tier router as a tier-1 gateway, unset the
    top_tier_router
     option and set the
    tier0_gateway
     option. NCP will create a tier-1 gateway and uplink it to the tier-0 gateway specified in the
    tier0_gateway
     option.

Content feedback and comments