VMware Cloud Community
niceguy001
Enthusiast
Enthusiast
‎03-23-2021 11:57 PM

workload management control plane node and LB IP problem

Got a vSphere 7 environment and is enabling the workload management with HAProxy networking.

Currently the network that utilized are two vlans: vlan 19(gw=10.19.0.254/24) and vlan 20(gw=10.20.0.254/24), and are routable.

Two VDS portgroups are created and configured properly for these 2 VLANs.

 

The deployment of HAProxy had some settings including:

1. default network(2 vNIC, not frontend network); a management network using vlan 20 and a workload netword using vlan19.

2. the workload IP was set to 10.19.0.192/24 and obviously the gw is 10.19.0.254

3. the Load Balancer IP range was set to 10.19.0.160/27

For the Workload Management, the network related settings are :

1. "IP Address Ranges for Virtual Servers" is 10.19.0.155-159

2. the management network(for control plane and worker) is vlan 20. No problem with this so I'm skipping.

3. for the workload network, the service IP range is by default 10.96.0.0/24, the actual workload IP range was set to 10.19.0.130-150 with gw 10.19.0.254.

 

Now here's the problem,

After the deployment of workload management succeeded, the cluster is in running state and the control plane IP is set to 10.19.0.155 by system.

However, I couldn't connect to(ping or web) this control plane IP 10.19.0.155 from any place such as other vlan or even from the HAProxy. Don't know why.

Note that the vCenter server is utilizing the vlan 20 as management network, the supervisor VMs's networking are normal(at least pingable).

 

Did some googling such as referencing this post https://cormachogan.com/2020/09/28/enabling-vsphere-with-tanzu-using-ha-proxy/ or other technical blogs but still can't resolve this doubt.

Is it normal that the control plane node IP is unreachable?

Should the Load Balancer IP range(set while deploying HAProxy) be the same as "IP Address Ranges for Virtual Servers" in workload management?

Reply
0 Kudos
2 Replies
campbj70
Contributor
Contributor
‎06-30-2021 05:42 AM

Hi Niceguy.

I am also fighting with this problem, which I am starting to think is a bug. I am using v1.19.1+vmware.2-vsc0.0.9-17882987

In answer to your questions.

1. I believe that the IP address displayed in the "workload management" "clusters" should be pingable. I have reinstalled several times and seem to get a different Control plane IP address each time. Only once has it been pingable.

2. The Load Balancer IP range(set while deploying HAProxy) should be the same as "IP Address Ranges for Virtual Servers" in workload management, according to this youtube video:-

https://www.youtube.com/watch?v=zUSn0pjCMLw

If you take any of the IP addresses allocated to any one of the three SupervisorControlPlaneVM's and use that in a browser then that should take you to the Kubernetes CLI Tools download screen on the SupervisorControlPlaneVM.

 

Reply
0 Kudos
campbj70
Contributor
Contributor
‎07-05-2021 02:00 AM

your subnet ID of 10.19.0.160/27 entered while installing HAproxy, for the Load Balancer IP range, results in a range of 192.19.0.161 - 192.19.0.190 (using https://www.subnet-calculator.com/) . This subnet range should then be entered as the "IP Address Ranges for Virtual Servers" i.e. 192.19.0.161 - 192.19.0.190 when setting up the new workload. If the ranges do not coincide then the Control plane node IP may be unpingable.

The other cause of this problem can be due to using an invalid subnet ID. HAproxy does not validate the subnet ID you use (this is a bug in my view). e.g. you can enter an invalid subnet id e.g. 172.16.20.193/28 when installing HAproxy and it will not flag an error, even if you use the correct range when setting up the workload, the control plane node will be unpingable.

You can repair the invalid subnet ID problem using this method:-

 https://rguske.github.io/post/vsphere-with-tanzu-troubleshooting-haproxy/

 

Jamie

 

Reply
0 Kudos