vSphere with Tanzu with NSX-T medium sized edge

vSphere with Tanzu automatically deploys an NSX-T based load balancer for its supervisor cluster control plane. The load balancer size is defined as MEDIUM and requires an EDGE node of large size which is defined with 8 vCPU and 32GB RAM. While the creation of a supervisor cluster does also work with a medium sized EDGE node, the creation of subsequent guest clusters will fail as only one MEDIUM load balancer (and no additional SMALL load balancers) can be run on a medium sized EDGE node. Especially in demo environments there’s limited resources which requires to reduce the configuration size of the load balancer. This blog describes how to change the load balancer for the supervisor cluster to SMALL size which enables additional provisioning of guest clusters with SMALL size even when EDGE nodes are configured for medium size only. It will reduce the required size of the EDGE to 4 vCPU and 8GB RAM.

William Lam has already written a blog post that explains a method to reduce the load balancer size. However, in later releases it appears that changes on NSX side have been done which won’t work with the commands described in the blog linked. The steps described in the blog here have been verified with NSX-T 3.1.

Note: This is not a supported configuration and must not be used outside of demo purposes!

Postman

This blog uses Postman for execution of API requests. Basically, any other method like e.g. curl can be used as well. I will not go into details of postman handling.

For the single examples you must replace the {{baseUrl}} with the FDQN name of your NSX manager.

You also need to provide proper authorization parameters as shown in the screenshot.

Step 1: Create temporary tier-1 router

Create temporary tier-1 router with “Edges Pool Allocation Size” set to ROUTING.

Capture temporary tier-1 router name: T1-ROUTER (in this case)

Step 2: Get Tanzu load balancer details

List all NSX load balancers:

Search for the proper section of Tanzu MEDIUM load balancer in previous output and extract “path” parameter (not connectivity_path !!). Attach “path” parameter load balancer name to URL to retrieve load balancer details.

Save response body to json file (tanzu-lb.json)

Step 3: Temporarily attach Tanzu load balancer to temporary tier-1 router

Modify tanzu-lb.json and change connectivity_path to your temporary tier-1 router (use tier-1 router name from step 1).

{
    "connectivity_path": "/infra/tier-1s/T1-ROUTER",
    "enabled": true,
    "relax_scale_validation": true,
    "size": "MEDIUM",
    "error_log_level": "INFO",
    "resource_type": "LBService",
    "id": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450_0_rwyfm",
    "display_name": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450-0",
    "tags": [
        {
            "scope": "ncp/version",
            "tag": "1.2.0"
        },
        {
            "scope": "ncp/cluster",
            "tag": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450"
        },
        {
            "scope": "external_id",
            "tag": "228a7a2b-d232-51ae-9270-f7542fb75c42"
        },
        {
            "scope": "ncp/created_for",
            "tag": "SLB"
        },
        {
            "scope": "ncp/lb_t1_link_ip",
            "tag": "100.64.160.3"
        }
    ],
    "path": "/infra/lb-services/domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450_0_rwyfm",
    "relative_path": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450_0_rwyfm",
    "parent_path": "/infra",
    "unique_id": "e6b59d83-41ba-40fe-9c29-cb0e4850379f",
    "marked_for_delete": false,
    "overridden": false,
    "_create_user": "wcp-cluster-user-domain-c64-5e20e5d4-9b01-439f-86a6-7dfabad1e3a9",
    "_create_time": 1610021354058,
    "_last_modified_user": "admin",
    "_last_modified_time": 1610090316082,
    "_system_owned": false,
    "_protection": "REQUIRE_OVERRIDE",
    "_revision": 3
}

Create patch command in postman to patch load balancer configuration.

Add content of modified tanzu-lb.json to body in raw format

Verify in load balancer config UI that attached router has changed to temporary router from step1.

Step 4: Modify Tanzu tier-1 router

Get Tanzu tier-1 router ID from UI

Get Tanzu tier-1 router details from API by adding retrieved Tanzu tier-1 router ID to URL like in screenshot below.

Save response body to json file tanzu-router.json.

Modify tanzu-router.json and change pool_allocation to ROUTING

{
    "tier0_path": "/infra/tier-0s/T0-ROUTER",
    "failover_mode": "NON_PREEMPTIVE",
    "enable_standby_relocation": false,
    "route_advertisement_types": [
        "TIER1_CONNECTED",
        "TIER1_STATIC_ROUTES",
        "TIER1_LB_VIP",
        "TIER1_NAT"
    ],
    "force_whitelisting": false,
    "default_rule_logging": false,
    "disable_firewall": false,
    "ipv6_profile_paths": [
        "/infra/ipv6-ndra-profiles/default",
        "/infra/ipv6-dad-profiles/default"
    ],
    "pool_allocation": "ROUTING",
    "resource_type": "Tier1",
    "id": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450",
    "display_name": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450",
    "description": "Automatically created from NCP config",
    "tags": [
        {
            "scope": "ncp/version",
            "tag": "1.2.0"
        },
        {
            "scope": "ncp/cluster",
            "tag": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450"
        },
        {
            "scope": "external_id",
            "tag": "228a7a2b-d232-51ae-9270-f7542fb75c42"
        }
    ],
    "path": "/infra/tier-1s/domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450",
    "relative_path": "domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450",
    "parent_path": "/infra",
    "unique_id": "29d6a0de-a9d6-4652-bcc4-7899b015dab2",
    "marked_for_delete": false,
    "overridden": false,
    "_create_user": "wcp-cluster-user-domain-c64-5e20e5d4-9b01-439f-86a6-7dfabad1e3a9",
    "_create_time": 1610021321779,
    "_last_modified_user": "admin",
    "_last_modified_time": 1610089900255,
    "_system_owned": false,
    "_protection": "REQUIRE_OVERRIDE",
    "_revision": 1
}

Patch Tanzu tier-1 router config and use retrieved Tanzu router ID previously retrieved in UI for patch URL.

Add tanzu-router.json content to request body in raw format.

Verify that Tanzu tier-1 router “Edges Pool Allocation Size” has changed to ROUTING.

Step 5: Attach Tanzu load balancer back to Tanzu tier-1 router

Modify tanzu-lb.json to change connectivity_path back to the Tanzu tier-1 router (use router ID retrieved step 4). Also change size to SMALL in json.

…
"connectivity_path": "/infra/tier-1s/domain-c64:aad92d17-8b5e-4d2d-b21a-f80f1f3b1450",
  "enabled" : true,
  "relax_scale_validation" : true,
  "size" : "SMALL",
…

Patch Tanzu load balancer to attach to Tanzu tier-1 router using the tanzu-lb.json as body in raw format (same procedure as in step 3)

Verify that the Tanzu load balancer is now represented in SMALL size and connected to Tanzu tier-1 router.

Step 6: Remove temporary tier-1 router

• Author
• Recent Posts

Christian Ferber

Senior Staff Solution Architect Cloud Management at VMware by Broadcom

Christian has joined VMware in July 2015 as Senior Systems Engineer Cloud Management. Through his work in various cloud projects before and at VMware he has gained experience in datacenter, server, storage, networking and cloud management technologies. Today his primary focus is on automation and operation topics with integration into many surrounding solutions like containers, configuration management, directory services and others. He is responsible for the management components in the VMware Cloud Foundation (VCF) product family for enterprise customers in Germany.

Latest posts by Christian Ferber (see all)

• 1-node Kubernetes Template for CentOS Stream 9 in VCF Automation - 30. September 2024
• Aria Automation custom resources with dynamic types - 9. August 2024
• Database-as-a-Service with Data Services Manager and Aria Automation - 4. July 2024