Highlighted
Enthusiast
Enthusiast

VMware 7.0 - Workload Management and NSX-T 3.0

Jump to solution

Infrastrucuture:

Hypervisior: ESXi 7.0 + vCenter 7.0

Networking: NSX-T 3.0

So i've deployed my NSX-T 3.0, with all components so my T0 router exchange BGP routes with my phsyicial router.

When I depolyed my first Cluster and then Namespace withing VMware vCenter -> Workload Management.

I can not go in to my namespace CLI Tool, when i click Open, trying to move to CLI Tool I just got "cant reach this page"

pastedImage_5.png

Then i found out that, my physicial router dose not learn any routes from my NSX T-0 Router.

I've checked the T-0 "Route Redistribution" and i found out that while depolying Supervisor Cluster he also added an IP Prefix, that deny trafic to my Pods, any one knows why that happen ?

How can I connect to my pods ??

Best Regards
Marcin Gwóźdź
VCP-NV 6, VCAP-DCV 7, VCP-DTM 7.
linkedin.com/in/marcin-gwóźdź-80b84b122
Tags (2)
1 Solution

Accepted Solutions
Highlighted
Contributor
Contributor

I understand that the deny policy applies to all traffic by default in vSphere with Kubernetes.

You can try to add network policy to allow traffic from any to pod.

Please refer to https://kubernetes.io/docs/concepts/services-networking/network-policies/

View solution in original post

0 Kudos
5 Replies
Highlighted
VMware Employee
VMware Employee

this is using TKGi or native K8s on top of vSphere?

+vRay
0 Kudos
Highlighted
Immortal
Immortal

This would be vSphere 7 with Kubernetes. And as to why, are you sure your BGP is set correctly?

0 Kudos
Highlighted
Expert
Expert

HI, I can't comment on why this is the case.

The workaround is documented below;

Configure NSX Route Maps on Edge T0 Router

Thanks

Simon

https://virtual-simon.co.uk/
Highlighted
VMware Employee
VMware Employee

nice to see it documented but wonder if there is a KB referring to, I have a peer having same problem and got it from the same source the solution.

+vRay
0 Kudos
Highlighted
Contributor
Contributor

I understand that the deny policy applies to all traffic by default in vSphere with Kubernetes.

You can try to add network policy to allow traffic from any to pod.

Please refer to https://kubernetes.io/docs/concepts/services-networking/network-policies/

View solution in original post

0 Kudos