Configuring the vSphere Networking Stack for vSphere with Tanzu

To configure a Supervisor Cluster with the vSphere networking stack, you must connect all hosts from the cluster to a vSphere Distributed Switch. Depending on your topology, you must create one or more distributed port groups on the switch and configure them as workload networks to the vSphere Namespaces on the cluster.

Workload networks provide connectivity to the nodes of Tanzu Kubernetes clusters and to the Supervisor Cluster control planes. The workload network that provides connectivity to Supervisor Cluster control planes is called primary workload network. Each Supervisor Cluster must have one primary workload network represented by a distributed port group.

The Supervisor Cluster control planes on the cluster use three IP addresses from the IP address range that is assigned to the primary workload network. Each node of a Tanzu Kubernetes cluster has a separate IP address assigned from the address range of the workload network that is configured with the namespace where the Tanzu Kubernetes cluster runs.

To create a vSphere Distributed Switch and port groups for configuring the vSphere networking stack of a Supervisor Cluster, you can use the vSphere Web Services APIs as described in the vSphere Web Services SDK Programming Guide documentation. When you create a distributed virtual switch, vCenter Server automatically creates one distributed virtual port group. You can use this port group as the primary workload network and use it to handle the traffic for the Supervisor Cluster control planes. Then you can create as many distributed port groups for the workload networks as your topology requires. For a topology with one isolated workload network, create one distributed port group that you will use as a network for all namespaces on the Supervisor Cluster. For a topology with isolated networks for each vSphere Namespace, create the same number of distributed port groups as the number of namespaces.

To list all workload networks available for a Supervisor Cluster and retrieve information about the configuration of a specific workload network, use the Networks service from the vSphere Automation APIs. To associate a vSphere Distributed port group to a workload network, set the necessary information through the vsphere_network / setVsphereNetwork(NetworksTypes.VsphereDVPGNetworkInfo vsphereNetwork) parameter of the workload network Info object. Use the vsphere_DVPG_network_info / NetworksTypes.VsphereDVPGNetworkInfo structure to describe the configuration or retrieve information about the current configuration of the vSphere Distributed port group of a specific workload network.

If you want to retrieve a list of the distributed switches compatible with vSphere with Tanzu on a vCenter Server system, use the DistributedSwitchCompatibility service and filter the available switches by using VSPHERE_NETWORK as the networking provider.