Revisiting installing NSX Advanced Load Balancer for use with Tanzu Kubernetes Grid and vSphere with Tanzu

Several months ago, I did a walkthrough of installing NSX Advanced Load Balancer (NSX ALB) for use with both Tanzu Kubernetes Grid (TKG) and vSphere with Tanzu. This was on the 20.1.3 version and there have been a few updates since then. I also wrote a post on upgrading NSX ALB a month later but this was a fairly minor update and missed some of the enhancements in the installer UI. In this post, I’ll focus on some of the differences between the earlier versions of NSX ALB and the later versions, primarily with regards to the initial setup and configuration. The AVI Networks installation guide still uses screenshots from the older interface so I hope this guide helps to call out the differences.

One of my first concerns was what version of NSX ALB to go with. The latest as of this writing was 20.1.7 The VMware Product Interoperability Matrix does not show anything for vSphere with Tanzu and NSX ALB but does list 20.1.3 and 20.16 as being compatible with TKG. There is not alignment between the TKG 1.4 Release Notes (20.1.3 and 20.1.6), the TKG 1.4 installation instructions (20.1.3). The vSphere with Tanzu Release Notes call out version 20.1.6 but elsewhere in the documentation (Tanzu Kubernetes Service Load Balancer with Static IP Address Example), 20.1.x is noted. After some asking around, it was determined that 20.1.6 is the highest supported version for both TKG and vSphere with Tanzu (and hopefully we’ll see the various documents updated to be a little more clear in the future).

While deploying the NSX ALB controller OVA, there were several new items on the Customize Template page related to NSX-T: NSX-T Node ID, NSX-T IP Address, Authentication Token of NSX-T, NSX-T thumbprint, Hostname of Avi Controller. Regardless of whether you are using NSX-T or not, these fields are not meant to be filled out by a user during deployment so leave them blank. You can see these on the screenshot below detailing the installation summary:

Note: Once the OVA was deployed and the controller VM was powered on, I did not initially get prompted to set an admin user password when browsing to the IP address of the controller VM. I was presented with a standard NSX ALB login page. This is no uncommon with some VMware products if the same product has previously been access from your local system. I simply had to delete the cookie for NSX ALB and reload the page, which presented me with the following:

This is quite a bit different from the starting page in the older versions of NSX ALB:

Proceeding through the initial configuration the rest of the pages were also updated to the standard, clarity-based UI in most other VMware products.

One thing I immediately saw that was missing here was the page for configuring NTP, like the following:

This wasn’t a huge concern as I knew I could configure NTP later but something to make note of so you don’t forget to do it.

The Multi-Tenant configuration page was new but something that wouldn’t play into my configuration so I was able to leave the settings at default values.

One thing I missed the first time around with the new installer UI was the small check box present on all of the previous screens titled “Setup Cloud After” at the bottom right. This is unchecked by default and if left unchecked you will be dropped into a deployed but entirely unconfigured NSX ALB installation. You can still manually configure your cloud but I wanted to run through the semi-automated process.

Again, selecting your cloud platform is similar to the older version…

At this point, if you’ve used NSX ALB before, you’ll likely recognize that you are actually in part of the NSX ALB UI now, not the original installer UI.

Configuring the cloud is very straightforward and not much different from the older version of NSX ALB. If you’ve ever had to make changes to your initial cloud configuration, these pages should be very familiar.

One new thing that I had to remember to do was to configure Basic Authentication. There is an odd new behavior in vSphere with Tanzu 7.0 U3 where it will never finish configuring if this is not enabled. VMware is working on a resolution to this that does not require Basic Authentication to be enabled in NSX ALB but for now, if you’ll be using vSphere with Tanzu 7.0 U3, this is a requirement. You’ll find this setting on the Administration > Settings > Access Settings page.

As mentioned earlier, I needed to add my own NTP server and this is done on the Administration > Settings > DNS/NTP page.

After clicking the Edit button, I just removed all of preconfigured NTP servers and added my own.

The rest of the setup was identical to what I went through in my earlier post, Deploying NSX Advanced Load Balancer for use with Tanzu Kubernetes Grid and vSphere with Tanzu. I’ll have a couple of more posts related to using NSX ALB with vSphere with Tanzu 7.0 U3 and TKG 1.4 in the near future.

Leave a Comment

Your email address will not be published. Required fields are marked *