PKS supports two types of topologies when it's integrated with NSX-T. NAT and NO-NAT topology selection is done in the PKS tile | Networking section. NAT topology is the default, but you can uncheck NAT mode to go with the NO-NAT topology. The NAT and NO-NAT terminology essentially applies to the PKS Management Network and the K8s cluster nodes network (that is, whether to use routable subnets). Irrespective of the NAT or NO-NAT topology, the same procedure is used to access the K8s API.
A virtual server on the NSX-T LB instance that's allocated to the K8s cluster is created for the following purpose:
- One IP from the PKS Floating IP Pool is extracted (1x.x0.1x.1xx here), and the port is 8443
- The same IP address is shown from the output of the pks cluster <cluster name> command
Following are the objectives with different NAT topologies:
- NAT topology: For customers with a limited amount of available routable IP addresses in their DC and who want to automate PKS deployment using a concourse pipeline (for instance)
- NO-NAT topology: For customers who avoid NAT as NATs break full path visibility and having plenty of routable IP address resources