rutgerblom.com

Quick Tip: NSX Advanced Load Balancer for vSphere Tanzu with NSX Networking

As of NSX version 4.1.1, NSX Advanced Load Balancer version 22.1.4, and vSphere with Tanzu version 8.0 Update 2 we have the option to leverage the NSX Advanced Load Balancer as the load balancer provider for new vSphere with Tanzu backed by NSX networking deployments.

This deployment option is a very welcome addition knowing that the NSX “native” load balancer is scheduled for deprecation in a future release.

Registering NSX Advanced Load Balancer with NSX

After deployment and the initial configuration of NSX and the NSX Advanced Load Balancer (detailed steps available in the vSphere with Tanzu documentation) we register the NSX Advanced Load Balancer with NSX Manager. This is accomplished with a simple API call:

PUT /policy/api/v1/infra/alb-onboarding-workflow

The accompanying request body contains the following keys:

{
"owned_by": "LCM",
"cluster_ip": "<nsx-alb-controller-cluster-ip>",
"infra_admin_username" : "username",
"infra_admin_password" : "password",
"dns_servers": ["<dns-servers-ips>"],
"ntp_servers": ["<ntp-servers-ips>"]
}

Bringing this together in a curl one-liner could look something like this: 

curl -u admin --location --request PUT 'https://ams-nsxt-lm/policy/api/v1/infra/alb-onboarding-workflow' \
--header 'X-Allow-Overwrite: True' \
--header 'Content-Type: application/json' \
--data-raw '{
"owned_by": "LCM",
"cluster_ip": "10.203.200.15",
"infra_admin_username" : "admin",
"infra_admin_password" : "VMware1!",
"dns_servers": ["10.203.0.5"],
"ntp_servers": ["10.203.0.5"]
}'

More information about this method can be found in the NSX API documentation.

When the registration is done you’ll notice that a shortcut to the NSX Advanced Load Balancer Controller UI has been added to the NSX Manager UI. Handy!

But more important, when we enable Tanzu Supervisor and/or deploy a Tanzu Kubernetes cluster under this Supervisor, we see that it is the NSX Advanced Load Balancer that’s hosting the VIP(s) on its Service Engine(s):

Summary

A very short article just to make you aware of this option and how it’s configured. I’m happy to see that customers can now use the NSX Advanced Load Balancer for their new vSphere with Tanzu backed by NSX networking installations.

rutgerblom Avatar

Published by

rutgerblom
Categories:
Tags: , , , , , , ,

13 responses to “Quick Tip: NSX Advanced Load Balancer for vSphere Tanzu with NSX Networking”

  1. RL Avatar
    RL

    With that Setup, Do we still need to implement AKO in the guest cluster for the K8s Ingress ?
    Is there any AKOO in place automatically ?

    Like

    Reply
    1. rutgerblom Avatar
      rutgerblom

      AKO is implemented as part of this configuration.

      Like

      Reply
  2. Fahim Avatar
    Fahim

    I did the same. But i deployed AVI Controllers through NSX Manager. After that i register this with NSX Manager but still when i tried to deploy Tanzu Supervisor Cluster, It uses NSX Native Load Balancer. What should i do now ?

    Like

    Reply
    1. rutgerblom Avatar
      rutgerblom

      Sounds like you used the old and possibly unsupported way of deploying ALB controllers. My suggestion would be to deploy the ALB controllers independently to begin with.

      Like

      Reply
      1. Fahim Avatar
        Fahim

        There is a option to implement NSX ALB through NSX Manager in “Appliance” section. I used that. After full cluster deployment a shortcut to the NSX Advanced Load Balancer appear that you mention in the bloc. After that I register with NSX Manager

        Like

      2. rutgerblom Avatar
        rutgerblom

        What version of NSX are you running?

        Like

  3. Fahim Avatar
    Fahim

    NSX Version: 4.1.2.1.0

    Like

    Reply
    1. rutgerblom Avatar
      rutgerblom

      Although I see no reason why it shouldn’t work the way you’ve done it, my interpretation of the installation workflow in the documentation here: https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-with-tanzu-installation-configuration/GUID-7EE247EB-4736-4BC8-A6B0-0123B6ECC812.html
      is that the ALB controllers are deployed independently and not through the NSX Manager UI.
      Again not sure that it matters but could be worth a try.

      Like

      Reply
      1. Fahim Avatar
        Fahim

        The API Link you shared, The Output given like tihis

        “username”: “nsxt-alb”,
        “tenant”: “admin”,
        “expires_at”: “2021-08-30T23:47:58.275Z”,
        “enforcement_point_address”: “10.92.60.188”,

        I don’t know where the username “nsxt-alb” comes from, because in my output the result is:

        “connection_info”: {
        “username”: “?????????”
        “tenant”: “admin”,
        “expires_at”: “2024-01-21T17:59:34.429624275Z”,
        “managed_by”: “LCM”,
        “status”: “DEACTIVATE_PROVIDER”,

        I think in my output username is empty. filled with question mark
        I used postman and policy manager is my nsx vip fqdn.

        Like

  4. Ramy Avatar
    Ramy

    AKO still need to be deployed for L7 ingress to work on guest cluster.

    Like

    Reply
    1. rutgerblom Avatar
      rutgerblom

      No, that’s done automatically with this integration in place.

      Like

      Reply
      1. Ramy Avatar
        Ramy

        As per the Release Notes, Support of NSX Advanced Load Balancer for a Supervisor configured with NSX networking – You can now enable a Supervisor with NSX Advanced Load Balancer (Avi Networks) for L4 load balancing, as well as load balancing for the control plane nodes of Supervisor and Tanzu Kubernetes Grid clusters with NSX networking. No mention for L7/Ingress.

        Like

      2. rutgerblom Avatar
        rutgerblom

        My bad. AKO still needs to be deployed in the guest clusters in order to make L7 ingress work through ALB.

        Like

Leave a reply to Ramy Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.