VMware Networking Community
Marcin4
Enthusiast
Enthusiast
‎05-14-2020 11:07 PM
Jump to solution

VMware 7.0 - Workload Management and NSX-T 3.0

Infrastrucuture:

Hypervisior: ESXi 7.0 + vCenter 7.0

Networking: NSX-T 3.0

So i've deployed my NSX-T 3.0, with all components so my T0 router exchange BGP routes with my phsyicial router.

When I depolyed my first Cluster and then Namespace withing VMware vCenter -> Workload Management.

I can not go in to my namespace CLI Tool, when i click Open, trying to move to CLI Tool I just got "cant reach this page"

pastedImage_5.png

Then i found out that, my physicial router dose not learn any routes from my NSX T-0 Router.

I've checked the T-0 "Route Redistribution" and i found out that while depolying Supervisor Cluster he also added an IP Prefix, that deny trafic to my Pods, any one knows why that happen ?

How can I connect to my pods ??

Best Regards
Marcin Gwóźdź
VCP-NV 6, VCIX-DCV 7, VCIX-DTM 7.
linkedin.com/in/marcin-gwóźdź-80b84b122
Tags (2)
1 Solution

Accepted Solutions
chesed82
Contributor
Contributor
‎06-21-2020 11:57 PM
Jump to solution

I understand that the deny policy applies to all traffic by default in vSphere with Kubernetes.

You can try to add network policy to allow traffic from any to pod.

Please refer to https://kubernetes.io/docs/concepts/services-networking/network-policies/

View solution in original post

0 Kudos
5 Replies
RaymundoEC
VMware Employee
VMware Employee
‎05-23-2020 08:10 PM
Jump to solution

this is using TKGi or native K8s on top of vSphere?

+vRay
0 Kudos
daphnissov
Immortal
Immortal
‎05-23-2020 08:28 PM
Jump to solution

This would be vSphere 7 with Kubernetes. And as to why, are you sure your BGP is set correctly?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
conyards
Expert
Expert
‎05-24-2020 07:28 AM
Jump to solution

HI, I can't comment on why this is the case.

The workaround is documented below;

Configure NSX Route Maps on Edge T0 Router

Thanks

Simon

https://virtual-simon.co.uk/
RaymundoEC
VMware Employee
VMware Employee
‎06-13-2020 12:56 PM
Jump to solution

nice to see it documented but wonder if there is a KB referring to, I have a peer having same problem and got it from the same source the solution.

+vRay
0 Kudos
chesed82
Contributor
Contributor
‎06-21-2020 11:57 PM
Jump to solution

I understand that the deny policy applies to all traffic by default in vSphere with Kubernetes.

You can try to add network policy to allow traffic from any to pod.

Please refer to https://kubernetes.io/docs/concepts/services-networking/network-policies/

0 Kudos