vSphere network

This page explains the networking requirements for an initial installation of GKE on-prem.

In your initial installation of GKE on-prem, you create these virtual machines (VMs):

  • One VM for an admin workstation
  • Four VMs for an admin cluster
  • Three VMs for a user cluster

In your vSphere environment, you must have a network that can support the creation of those eight VMs. Your network must also be able to support a vCenter Server and an F5 BIG-IP load balancer.

Your network needs to support outbound traffic to the internet so that your admin workstation and your cluster nodes can fetch GKE on-prem components and call certain Google services.

If you want external clients to call services in your GKE on-prem clusters, your network must support inbound traffic from the internet.

The following diagram shows one possible network topology:

Diagram of network topology
Network topology (click to enlarge)

The preceding diagram has the following features:

  • The admin workstation is on a private network.
  • vCenter Server is on a public network.
  • The cluster nodes are on a private network.
  • The F5 BIG-IP load balancer is on three private networks.
  • The F5 BIG-IP load balancer is configured with Virtual IPs (VIPs) that have private addresses. External clients must use public IP addresses configured in the network address translation (NAT) device. The NAT device uses static NAT to convert the public addresses to the internal VIPs configured on the load balancer.

Network Time Protocol

All the VMs that are part of your GKE on-prem infrastructure must use the same Network Time Protocol (NTP) server.