Infrastrucuture:
Hypervisior: ESXi 7.0 + vCenter 7.0
Networking: NSX-T 3.0
So i've deployed my NSX-T 3.0, with all components so my T0 router exchange BGP routes with my phsyicial router.
When I depolyed my first Cluster and then Namespace withing VMware vCenter -> Workload Management.
I can not go in to my namespace CLI Tool, when i click Open, trying to move to CLI Tool I just got "cant reach this page"
Then i found out that, my physicial router dose not learn any routes from my NSX T-0 Router.
I've checked the T-0 "Route Redistribution" and i found out that while depolying Supervisor Cluster he also added an IP Prefix, that deny trafic to my Pods, any one knows why that happen ?
How can I connect to my pods ??
I understand that the deny policy applies to all traffic by default in vSphere with Kubernetes.
You can try to add network policy to allow traffic from any to pod.
Please refer to https://kubernetes.io/docs/concepts/services-networking/network-policies/
this is using TKGi or native K8s on top of vSphere?
This would be vSphere 7 with Kubernetes. And as to why, are you sure your BGP is set correctly?
HI, I can't comment on why this is the case.
The workaround is documented below;
Configure NSX Route Maps on Edge T0 Router
Thanks
Simon
nice to see it documented but wonder if there is a KB referring to, I have a peer having same problem and got it from the same source the solution.
I understand that the deny policy applies to all traffic by default in vSphere with Kubernetes.
You can try to add network policy to allow traffic from any to pod.
Please refer to https://kubernetes.io/docs/concepts/services-networking/network-policies/