As of NSX version 4.1.1, NSX Advanced Load Balancer version 22.1.4, and vSphere with Tanzu version 8.0 Update 2 we have the option to leverage the NSX Advanced Load Balancer as the load balancer provider for new vSphere with Tanzu backed by NSX networking deployments.
This deployment option is a very welcome addition knowing that the NSX “native” load balancer is scheduled for deprecation in a future release.
Registering NSX Advanced Load Balancer with NSX
After deployment and the initial configuration of NSX and the NSX Advanced Load Balancer (detailed steps available in the vSphere with Tanzu documentation) we register the NSX Advanced Load Balancer with NSX Manager. This is accomplished with a simple API call:
PUT /policy/api/v1/infra/alb-onboarding-workflow
The accompanying request body contains the following keys:
{ "owned_by": "LCM", "cluster_ip": "<nsx-alb-controller-cluster-ip>", "infra_admin_username" : "username", "infra_admin_password" : "password", "dns_servers": ["<dns-servers-ips>"], "ntp_servers": ["<ntp-servers-ips>"] }
Bringing this together in a curl one-liner could look something like this:
curl -u admin --location --request PUT 'https://ams-nsxt-lm/policy/api/v1/infra/alb-onboarding-workflow' \ --header 'X-Allow-Overwrite: True' \ --header 'Content-Type: application/json' \ --data-raw '{ "owned_by": "LCM", "cluster_ip": "10.203.200.15", "infra_admin_username" : "admin", "infra_admin_password" : "VMware1!", "dns_servers": ["10.203.0.5"], "ntp_servers": ["10.203.0.5"] }'
More information about this method can be found in the NSX API documentation.
When the registration is done you’ll notice that a shortcut to the NSX Advanced Load Balancer Controller UI has been added to the NSX Manager UI. Handy!
But more important, when we enable Tanzu Supervisor and/or deploy a Tanzu Kubernetes cluster under this Supervisor, we see that it is the NSX Advanced Load Balancer that’s hosting the VIP(s) on its Service Engine(s):
Summary
A very short article just to make you aware of this option and how it’s configured. I’m happy to see that customers can now use the NSX Advanced Load Balancer for their new vSphere with Tanzu backed by NSX networking installations.
With that Setup, Do we still need to implement AKO in the guest cluster for the K8s Ingress ?
Is there any AKOO in place automatically ?
LikeLike
AKO is implemented as part of this configuration.
LikeLike
I did the same. But i deployed AVI Controllers through NSX Manager. After that i register this with NSX Manager but still when i tried to deploy Tanzu Supervisor Cluster, It uses NSX Native Load Balancer. What should i do now ?
LikeLike
Sounds like you used the old and possibly unsupported way of deploying ALB controllers. My suggestion would be to deploy the ALB controllers independently to begin with.
LikeLike
There is a option to implement NSX ALB through NSX Manager in “Appliance” section. I used that. After full cluster deployment a shortcut to the NSX Advanced Load Balancer appear that you mention in the bloc. After that I register with NSX Manager
LikeLike
What version of NSX are you running?
LikeLike
NSX Version: 4.1.2.1.0
LikeLike
Although I see no reason why it shouldn’t work the way you’ve done it, my interpretation of the installation workflow in the documentation here: https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-with-tanzu-installation-configuration/GUID-7EE247EB-4736-4BC8-A6B0-0123B6ECC812.html
is that the ALB controllers are deployed independently and not through the NSX Manager UI.
Again not sure that it matters but could be worth a try.
LikeLike
The API Link you shared, The Output given like tihis
”
“username”: “nsxt-alb”,
“tenant”: “admin”,
“expires_at”: “2021-08-30T23:47:58.275Z”,
“enforcement_point_address”: “10.92.60.188”,
”
I don’t know where the username “nsxt-alb” comes from, because in my output the result is:
“connection_info”: {
“username”: “?????????”
“tenant”: “admin”,
“expires_at”: “2024-01-21T17:59:34.429624275Z”,
“managed_by”: “LCM”,
“status”: “DEACTIVATE_PROVIDER”,
I think in my output username is empty. filled with question mark
I used postman and policy manager is my nsx vip fqdn.
LikeLike