| ncp.nsx_v3.l4_lb_auto_scaling | Boolean
Updatable |
L4 load balancer auto scaling mode.
Values: TRUE, FALSE.
@@ -828,7 +821,7 @@ In your network profile under `parameters.cni_configurations.parameters.extensio
}
```
-**Filter out TAP labels**: If you are using Tanzu Application Platform (TAP), <%= vars.k8s_runtime_abbr %> and TAP together may create more Kubernetes tags than are allowed by NSX. To address this known issue, set `label_filtering_regex_list` to filter out labels generated by TAP:
+**Filter out TAP labels**: If you are using Tanzu Application Platform (TAP), TKGI and TAP together may create more Kubernetes tags than are allowed by NSX. To address this known issue, set `label_filtering_regex_list` to filter out labels generated by TAP:
```
"ncp": {
@@ -890,7 +883,7 @@ The primary use case for configuring the network profile CNI configuration `exte
is to configure the less commonly configured NCP and NSX Node Agent settings.
Use the network profiles `extensions` field to configure an NCP ConfigMap or NSX Node Agent ConfigMap property
-that is applicable to <%= vars.k8s_runtime_abbr %> but is not explicitly supported as a `cni_configurations` parameter.
+that is applicable to TKGI but is not explicitly supported as a `cni_configurations` parameter.
NCP and NSX Node Agent settings supported as explicit Network Profiles parameters cannot be configured through extensions.
@@ -925,8 +918,8 @@ To add NSX floating IP pool UUIDs to a cluster:
For example, do not create a copy of a network profile, remove `fip_pool_ids` array values,
and assign the new profile to the cluster that has the original profile assigned.
-Note: <%= vars.k8s_runtime_abbr %> allocates IP Addresses from the start of the floating IP pool range.
- To avoid conflicts with internal <%= vars.k8s_runtime_abbr %> functions, always use IP addresses from the end of the floating IP pool. For more information, see
+ Note: TKGI allocates IP Addresses from the start of the floating IP pool range.
+ To avoid conflicts with internal TKGI functions, always use IP addresses from the end of the floating IP pool. For more information, see
Failed to Allocate FIP from Pool in General Troubleshooting.
@@ -991,7 +984,7 @@ For more information on the `pod_ip_block_ids` field, see [Network Profile Param
### Network Profile Use Cases
Network profiles let you customize configuration parameters for
-Kubernetes clusters provisioned by <%= vars.k8s_runtime_abbr %> on vSphere with NSX.
+Kubernetes clusters provisioned by TKGI on vSphere with NSX.
You can apply a network profile to a Kubernetes cluster for the following scenarios:
diff --git a/network-profiles-dns.html.md.erb b/network-profiles-dns.html.md.erb
index 0c7663854..326b88b79 100644
--- a/network-profiles-dns.html.md.erb
+++ b/network-profiles-dns.html.md.erb
@@ -3,34 +3,34 @@ title: Configure DNS for Pre-Provisioned IPs
owner: TKGI
---
-This topic describes how to define network profile for performing DNS lookup of the pre-provisioned IP addresses for the Kubernetes API load balancer and ingress controller for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters.
+This topic describes how to define network profile for performing DNS lookup of the pre-provisioned IP addresses for the Kubernetes API load balancer and ingress controller for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters.
## About DNS Lookup of Pre-Provisioned IP Addresses
-In an <%= vars.product_short %> environment on NSX, when you provision a Kubernetes cluster using the command `tkgi create-cluster`, NSX creates a layer 4 load balancer that fronts the Kubernetes API server running on the control plane node(s). In addition, NCP creates two layer 7 virtual servers (HTTP and HTTPS) as front-end load balancers for the ingress resources in Kubernetes servers.
+In an Tanzu Kubernetes Grid Integrated Edition environment on NSX, when you provision a Kubernetes cluster using the command `tkgi create-cluster`, NSX creates a layer 4 load balancer that fronts the Kubernetes API server running on the control plane node(s). In addition, NCP creates two layer 7 virtual servers (HTTP and HTTPS) as front-end load balancers for the ingress resources in Kubernetes servers.
The IP addresses that are assigned to the API load balancer and ingress controller are derived from the floating IP pool in NSX. These IP addresses are not known in advance, and you have to wait for the IP addresses to be allocated to know what they are so you can update your DNS records.
-If you want to pre-provision these IP addresses, you define a network profile to lookup the IP addresses for these components from your DNS server. In this way you can tell <%= vars.k8s_runtime_abbr %> what IP addresses to use for these resources when the cluster is created, and be able to have DNS records for them so FQDNs can be used.
+If you want to pre-provision these IP addresses, you define a network profile to lookup the IP addresses for these components from your DNS server. In this way you can tell TKGI what IP addresses to use for these resources when the cluster is created, and be able to have DNS records for them so FQDNs can be used.
## DNS Lookup Parameters
-Using the `dns_lookup_mode` parameter, you can define a network profile to specify the lookup mode: `API` or `API_INGRESS`. If the mode is `API`, <%= vars.k8s_runtime_abbr %> will perform a lookup of the pre-provisioned IP address for the Kubernetes API load balancer. If the mode is `API_INGRESS`, <%= vars.k8s_runtime_abbr %> will perform a lookup of the pre-provisioned IP addresses for the Kubernetes API load balancer and the ingress controller.
+Using the `dns_lookup_mode` parameter, you can define a network profile to specify the lookup mode: `API` or `API_INGRESS`. If the mode is `API`, TKGI will perform a lookup of the pre-provisioned IP address for the Kubernetes API load balancer. If the mode is `API_INGRESS`, TKGI will perform a lookup of the pre-provisioned IP addresses for the Kubernetes API load balancer and the ingress controller.
-The IP addresses used must come from the floating IP pool. The floating IP pool comes from the <%= vars.k8s_runtime_abbr %> tile configuration unless specified in the network profile.
+The IP addresses used must come from the floating IP pool. The floating IP pool comes from the TKGI tile configuration unless specified in the network profile.
-Note: <%= vars.k8s_runtime_abbr %> allocates IP Addresses from the start of the floating IP pool range.
- To avoid conflicts with internal <%= vars.k8s_runtime_abbr %> functions, always use IP addresses from the end of the floating IP pool.
+ Note: TKGI allocates IP Addresses from the start of the floating IP pool range.
+ To avoid conflicts with internal TKGI functions, always use IP addresses from the end of the floating IP pool.
-The DNS lookup, whether for the Kubernetes control plane node(s) load balancer or the ingress controller, is performed in the Kubernetes control plane VM using the DNS server(s) configured in the <%= vars.k8s_runtime_abbr %> tile or the `nodes_dns` field in the network profile.
+The DNS lookup, whether for the Kubernetes control plane node(s) load balancer or the ingress controller, is performed in the Kubernetes control plane VM using the DNS server(s) configured in the TKGI tile or the `nodes_dns` field in the network profile.
You cannot modify the DNS lookup mode configuration on an existing cluster.
## Example API Load Balancer Lookup
-The following network profile, api.json, triggers a DNS lookup for the Kubernetes control plane node(s) IP address. In this example, a custom floating IP pool is specified, and DNS servers. If these parameters are not specified, the values in the <%= vars.k8s_runtime_abbr %> tile are used.
+The following network profile, api.json, triggers a DNS lookup for the Kubernetes control plane node(s) IP address. In this example, a custom floating IP pool is specified, and DNS servers. If these parameters are not specified, the values in the TKGI tile are used.
```
{
@@ -75,9 +75,9 @@ Where:
* `FIP-POOL-ID1` and `FIP-POOL-ID2` are Floating IP Pool IDs.
* `INGRESS-SUBDOMAIN` is the ingress subdomain prefix.
-Because DNS mode is set to `API_INGRESS`, <%= vars.k8s_runtime_abbr %> creates the cluster with ingress_prefix.hostname
+Because DNS mode is set to `API_INGRESS`, TKGI creates the cluster with ingress_prefix.hostname
as the Kubernetes control plane FQDN.
-<%= vars.k8s_runtime_abbr %> confirms that the ingress subdomain can be resolved as a subdomain prefix on the host before creating new clusters.
+TKGI confirms that the ingress subdomain can be resolved as a subdomain prefix on the host before creating new clusters.
## Setting the Control Plane Node IP Address on the Command Line
@@ -98,6 +98,6 @@ $ tkgi create-cluster my-cluster -e 192.168.160.20 -p small
The IP address that you use must belong to a valid floating IP pool created in NSX.
-Note: <%= vars.k8s_runtime_abbr %> allocates IP Addresses from the start of the floating IP pool range.
- To avoid conflicts with internal <%= vars.k8s_runtime_abbr %> functions, always use IP addresses from the end of the floating IP pool.
+ Note: TKGI allocates IP Addresses from the start of the floating IP pool range.
+ To avoid conflicts with internal TKGI functions, always use IP addresses from the end of the floating IP pool.
diff --git a/network-profiles-edge.html.md.erb b/network-profiles-edge.html.md.erb
index 0fb5b7272..6db72e10a 100644
--- a/network-profiles-edge.html.md.erb
+++ b/network-profiles-edge.html.md.erb
@@ -3,13 +3,13 @@ title: Configure Edge Router Selection
owner: TKGI
---
-This topic describes how to define network profiles for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters on vSphere with NSX.
+This topic describes how to define network profiles for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters on vSphere with NSX.
## Edge Router Selection
-Using <%= vars.product_short %> on vSphere with NSX, you can deploy Kubernetes clusters on dedicated Tier-0 routers,
+Using Tanzu Kubernetes Grid Integrated Edition on vSphere with NSX, you can deploy Kubernetes clusters on dedicated Tier-0 routers,
creating a multi-tenant environment for each Kubernetes cluster.
-As shown in the diagram below, with this configuration a shared Tier-0 router hosts the <%= vars.k8s_runtime_abbr %> control plane
+As shown in the diagram below, with this configuration a shared Tier-0 router hosts the TKGI control plane
and connects to each customer Tier-0 router using BGP. To support multi-tenancy, configure firewall rules and security settings in NSX Manager.
diff --git a/network-profiles-fip.html.md.erb b/network-profiles-fip.html.md.erb
index ddc18a7d6..a58cc0098 100644
--- a/network-profiles-fip.html.md.erb
+++ b/network-profiles-fip.html.md.erb
@@ -3,22 +3,22 @@ title: Customize Floating IP Pools
owner: TKGI
---
-This topic describes how to define network profiles for custom floating IP pools for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters.
+This topic describes how to define network profiles for custom floating IP pools for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters.
## Create a Custom Floating IP Pool
-To deploy <%= vars.product_short %> to vSphere with NSX, you must define a Floating IP Pool in NSX Manager. IP addresses from the Floating IP Pool are used for SNAT IP addresses whenever a Namespace is created (NAT mode). In addition, IP addresses from the Floating IP Pool are assigned to load balancers automatically provisioned by NSX, including the load balancer fronting the <%= vars.control_plane %> server and load balancers for pod ingress. For more information, see the [Plan Network CIDRs](nsxt-prepare-env.html#plan-cidrs) section of _Planning, Preparing, and Configuring NSX for <%= vars.product_short %>_.
+To deploy Tanzu Kubernetes Grid Integrated Edition to vSphere with NSX, you must define a Floating IP Pool in NSX Manager. IP addresses from the Floating IP Pool are used for SNAT IP addresses whenever a Namespace is created (NAT mode). In addition, IP addresses from the Floating IP Pool are assigned to load balancers automatically provisioned by NSX, including the load balancer fronting the TKGI API server and load balancers for pod ingress. For more information, see the [Plan Network CIDRs](nsxt-prepare-env.html#plan-cidrs) section of _Planning, Preparing, and Configuring NSX for Tanzu Kubernetes Grid Integrated Edition_.
-You can define a network profile that specifies a custom floating IP pool to use instead of the default pool specified in the <%= vars.product_tile %> tile.
+You can define a network profile that specifies a custom floating IP pool to use instead of the default pool specified in the Tanzu Kubernetes Grid Integrated Edition tile.
-Note: <%= vars.k8s_runtime_abbr %> allocates IP Addresses from the start of the floating IP pool range.
- To avoid conflicts with internal <%= vars.k8s_runtime_abbr %> functions, always use IP addresses from the end of the floating IP pool. For more information, see
+ Note: TKGI allocates IP Addresses from the start of the floating IP pool range.
+ To avoid conflicts with internal TKGI functions, always use IP addresses from the end of the floating IP pool. For more information, see
Failed to Allocate FIP from Pool in General Troubleshooting.
To define a custom floating IP pool, follow the steps below:
-1. Create a floating IP pool using NSX Manager prior to provisioning a Kubernetes cluster using <%= vars.product_short %>. For more information, see [Create IP Pool](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.3/com.vmware.nsxt.admin.doc/GUID-8639F737-1D75-4177-9D31-5F20551DEE8E.html) in the NSX documentation.
+1. Create a floating IP pool using NSX Manager prior to provisioning a Kubernetes cluster using Tanzu Kubernetes Grid Integrated Edition. For more information, see [Create IP Pool](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.3/com.vmware.nsxt.admin.doc/GUID-8639F737-1D75-4177-9D31-5F20551DEE8E.html) in the NSX documentation.
1. Ensure routing to your external Tier-0 Router allows traffic to the new custom Floating IP subnet.
1. Define a network profile with a `fip_pool_ids` array containing the UUIDs for the floating IP pools that you defined.
If you want to include the default floating IP pool,
diff --git a/network-profiles-index.html.md.erb b/network-profiles-index.html.md.erb
index e89e3b898..aaa236885 100644
--- a/network-profiles-index.html.md.erb
+++ b/network-profiles-index.html.md.erb
@@ -3,7 +3,7 @@ title: Network Profiles (VMware NSX Only)
owner: TKGI
---
-The following topics describe how to define and use network profiles for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters deployed on NSX with vSphere:
+The following topics describe how to define and use network profiles for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters deployed on NSX with vSphere:
-
diff --git a/network-profiles-lb-size.html.md.erb b/network-profiles-lb-size.html.md.erb
index 3b0b6b3c1..fd2d49de9 100644
--- a/network-profiles-lb-size.html.md.erb
+++ b/network-profiles-lb-size.html.md.erb
@@ -3,21 +3,21 @@ title: Size a Load Balancer
owner: TKGI
---
-This topic describes how to size a load balancer using a network profile for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters.
+This topic describes how to size a load balancer using a network profile for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters.
## Load Balancer Sizing
-When you deploy a Kubernetes cluster using <%= vars.product_short %> on NSX, an NSX Load Balancer is automatically provisioned. By default the size of this load balancer is `small`. Using a network profile, you can customize the size of this load balancer and use a `medium` or `large` load balancer for Kubernetes clusters.
+When you deploy a Kubernetes cluster using Tanzu Kubernetes Grid Integrated Edition on NSX, an NSX Load Balancer is automatically provisioned. By default the size of this load balancer is `small`. Using a network profile, you can customize the size of this load balancer and use a `medium` or `large` load balancer for Kubernetes clusters.
The NSX Load Balancer is a logical load balancer that handles a number of functions using virtual servers and pools. For more information, see [Supported Load Balancer Features](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/administration/GUID-91F2D574-F469-481A-AA39-CD6DBC9682CA.html) in the NSX documentation.
-The following virtual servers are required for <%= vars.product_short %>:
+The following virtual servers are required for Tanzu Kubernetes Grid Integrated Edition:
- 1 global virtual server for the Kubernetes API which runs on the control plane nodes
- 1 TCP layer 4 virtual server for **each** Kubernetes service of `type:LoadBalancer`
- 2 HTTP and HTTPS layer 7 global virtual servers for Kubernetes ingress controller resources
-The number of virtual servers that you can run depends on the size of the load balancer, which in turn depends on the size of the NSX Edge Node hosting the load balancer service. See [Scaling Load Balancer Resources](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/administration/GUID-19B12230-8BF4-4AF7-9EB7-3701B0A0A439.html) in the NSX documentation. Because of the number of virtual servers required by <%= vars.product_short %>, you can only use the large NSX Edge Node VM or the bare metal NSX Edge Node with Tanzu Kubernetes Grid Integrated Edition.
+The number of virtual servers that you can run depends on the size of the load balancer, which in turn depends on the size of the NSX Edge Node hosting the load balancer service. See [Scaling Load Balancer Resources](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/administration/GUID-19B12230-8BF4-4AF7-9EB7-3701B0A0A439.html) in the NSX documentation. Because of the number of virtual servers required by Tanzu Kubernetes Grid Integrated Edition, you can only use the large NSX Edge Node VM or the bare metal NSX Edge Node with Tanzu Kubernetes Grid Integrated Edition.
You cannot modify the Load Balancer Size configuration on an existing cluster.
diff --git a/network-profiles-ncp-dfw.html.md.erb b/network-profiles-ncp-dfw.html.md.erb
index daed0e03b..54907333e 100644
--- a/network-profiles-ncp-dfw.html.md.erb
+++ b/network-profiles-ncp-dfw.html.md.erb
@@ -3,7 +3,7 @@ title: Defining DFW Section Markers
owner: TKGI
---
-This topic describes how <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) administrators
+This topic describes how VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) administrators
can define network profiles to create markers for NSX distributed firewall (DFW).
Note: The NSX Policy API features a tiered policy model using categories
@@ -13,12 +13,12 @@ can define network profiles to create markers for NSX distributed firewall (DFW)
## Overview
-When a <%= vars.k8s_runtime_abbr %> administrator creates a Network Profile or a Kubernetes developer creates a
+When a TKGI administrator creates a Network Profile or a Kubernetes developer creates a
Kubernetes [Network Policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/),
NCP translates their configuration into a distributed firewall rule.
The first DFW rules have precedence over later DFW rules. When using the default DFW configuration,
-a <%= vars.k8s_runtime_abbr %> administrator cannot define a Network Profile
+a TKGI administrator cannot define a Network Profile
with precedence over existing DFW rules, including rules created from a developer's Kubernetes Network Policy configuration.
To define a Network Profile with precedence over existing DFW rules, configure a DFW Firewall Section Marker.
@@ -53,7 +53,7 @@ existing DFW rules, including rules created from a Kubernetes developer's Networ
have precedence over the rules defined afterward by a TKGI administrator using Network Profiles.
The VMware VMware NSX supports organizing DFW rules into sections and
-<%= vars.k8s_runtime_abbr %> supports creating a **Top Firewall Firewall Section Marker** and a **Bottom Firewall Section Marker**
+TKGI supports creating a **Top Firewall Firewall Section Marker** and a **Bottom Firewall Section Marker**
within DFW rules.
DFW rules placed within the Top Firewall Section or Bottom Firewall Section
have precedence over the other NCP-created DFW rules.
diff --git a/network-profiles-ncp-ingress.html.md.erb b/network-profiles-ncp-ingress.html.md.erb
index 83fd40374..43c0a205e 100644
--- a/network-profiles-ncp-ingress.html.md.erb
+++ b/network-profiles-ncp-ingress.html.md.erb
@@ -4,7 +4,7 @@ owner: TKGI
lbtype: layer7controller
---
-This topic describes how to define network profiles for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters on vSphere with NSX.
+This topic describes how to define network profiles for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters on vSphere with NSX.
## Overview
diff --git a/network-profiles-ncp-lb.html.md.erb b/network-profiles-ncp-lb.html.md.erb
index a056f3b71..c119e7f8c 100644
--- a/network-profiles-ncp-lb.html.md.erb
+++ b/network-profiles-ncp-lb.html.md.erb
@@ -4,7 +4,7 @@ owner: TKGI
lbtype: layer4controller
---
-This topic describes how to define network profile to configure the NSX Load Balancer for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters.
+This topic describes how to define network profile to configure the NSX Load Balancer for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters.
## Overview
diff --git a/network-profiles-ncp-logerr.html.md.erb b/network-profiles-ncp-logerr.html.md.erb
index 3eb2a68b7..457a920cb 100644
--- a/network-profiles-ncp-logerr.html.md.erb
+++ b/network-profiles-ncp-logerr.html.md.erb
@@ -4,11 +4,11 @@ owner: TKGI
lbtype: ncplogging
---
-This topic describes how to define network profiles for logging NCP configurations for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters.
+This topic describes how to define network profiles for logging NCP configurations for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters.
## About Logging for NCP Configurations
-<%= vars.product_full %> provides network profile parameters for logging `ncp.ini` configurations.
+VMware Tanzu Kubernetes Grid Integrated Edition provides network profile parameters for logging `ncp.ini` configurations.
## Parameters for NCP Logging
diff --git a/network-profiles-nodes-dns.html.md.erb b/network-profiles-nodes-dns.html.md.erb
index b23418e78..473b2ec6b 100644
--- a/network-profiles-nodes-dns.html.md.erb
+++ b/network-profiles-nodes-dns.html.md.erb
@@ -3,18 +3,18 @@ title: Specify Nodes DNS Servers
owner: TKGI
---
-This topic describes how to define network profiles for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters on vSphere with NSX.
+This topic describes how to define network profiles for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters on vSphere with NSX.
## DNS Configuration for Kubernetes Clusters
-You can specify multiple DNS entries in a Network Profile to override the **Nodes DNS** parameter configured in the <%= vars.k8s_runtime_abbr %> tile. In a multi-tenant environment, for example, each tenant can have a different set of DNS servers to do a DNS lookup.
+You can specify multiple DNS entries in a Network Profile to override the **Nodes DNS** parameter configured in the TKGI tile. In a multi-tenant environment, for example, each tenant can have a different set of DNS servers to do a DNS lookup.
-Using a network profile, you can define one or more DNS servers for use with Kubernetes clusters. Elements in the `nodes_dns` field of a network profile override the DNS server that is configured in the Networking section of the <%= vars.product_tile %> tile. For more information, see [Networking](installing-nsx-t.html#networking).
+Using a network profile, you can define one or more DNS servers for use with Kubernetes clusters. Elements in the `nodes_dns` field of a network profile override the DNS server that is configured in the Networking section of the Tanzu Kubernetes Grid Integrated Edition tile. For more information, see [Networking](installing-nsx-t.html#networking).
-The `nodes_dns` field accepts an array with up to three elements. Each element must be a valid IP address of a DNS server. If you are deploying <%= vars.product_short %> in a multi-tenant environment with multiple Tier-0 routers and a single <%= vars.k8s_runtime_abbr %> foundation (installation) shared across all the tenants, or if you have shared services that can be accessed by all Kubernetes clusters deployed across multiple Tier-0 routers, specify a shared DNS server as the first DNS server. Subsequent DNS entries in the Network Profile can be specific to the tenant.
+The `nodes_dns` field accepts an array with up to three elements. Each element must be a valid IP address of a DNS server. If you are deploying Tanzu Kubernetes Grid Integrated Edition in a multi-tenant environment with multiple Tier-0 routers and a single TKGI foundation (installation) shared across all the tenants, or if you have shared services that can be accessed by all Kubernetes clusters deployed across multiple Tier-0 routers, specify a shared DNS server as the first DNS server. Subsequent DNS entries in the Network Profile can be specific to the tenant.
- Note: <%= vars.k8s_runtime_abbr %> allocates IP Addresses from the start of the floating IP pool range.
- To avoid conflicts with internal <%= vars.k8s_runtime_abbr %> functions, always use IP addresses from the end of the floating IP pool.
+ Note: TKGI allocates IP Addresses from the start of the floating IP pool range.
+ To avoid conflicts with internal TKGI functions, always use IP addresses from the end of the floating IP pool.
The following example network profile, `nodes-dns.json`, demonstrates the configuration of the `nodes_dns` parameter with 3 DNS servers. Each entry is the IP address of a DNS server, with the first entry being a public DNS server.
diff --git a/network-profiles-nodes.html.md.erb b/network-profiles-nodes.html.md.erb
index 8080721e6..5b4b1c6eb 100644
--- a/network-profiles-nodes.html.md.erb
+++ b/network-profiles-nodes.html.md.erb
@@ -4,7 +4,7 @@ owner: TKGI
---
This topic describes how to define Network Profiles for customizing Kubernetes node networks provisioned
-with <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) on vSphere with NSX.
+with VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) on vSphere with NSX.
For information on how to define Network Profiles for other cluster customizations,
see [Creating and Managing Network Profiles (NSX Only)](network-profiles-define.html).
@@ -13,7 +13,7 @@ see [Creating and Managing Network Profiles (NSX Only)](network-profiles-define.
You can use Network Profiles to configure a Kubernetes cluster with a custom Node Network IP Block.
-A Network Profile **Node IP Block** is used by <%= vars.k8s_runtime_abbr %> to assign address space to Kubernetes nodes
+A Network Profile **Node IP Block** is used by TKGI to assign address space to Kubernetes nodes
when new clusters are deployed or a cluster increases its scale.
Your Network Profile Node IP Block configuration can define one or more custom Node IP Block networks,
@@ -67,7 +67,7 @@ nodes-network.json
The network profile `node_ip_block_ids` parameter allows you to specify one or more Kubernetes node network Node IP Blocks for your clusters.
-When a network profile is applied to a Kubernetes cluster, <%= vars.k8s_runtime_abbr %> automatically creates a node subnet from one of the available IP blocks in the `node_ip_block_ids` configuration.
+When a network profile is applied to a Kubernetes cluster, TKGI automatically creates a node subnet from one of the available IP blocks in the `node_ip_block_ids` configuration.
If the IP block is exhausted, the cluster uses one of the alternate IP blocks specified in the `node_ip_block_ids` configuration to create the node subnet.
@@ -80,10 +80,10 @@ If you apply a new network profile to an existing cluster, the node_ip_blo
must include all of the Node IP Blocks specified in the cluster’s original network profile.
-If your network profile does not include a `node_ip_block_ids` configuration, <%= vars.k8s_runtime_abbr %> creates a node subnet from one of the available IP blocks in the Node IP Blocks specified on the <%= vars.k8s_runtime_abbr %> tile.
+If your network profile does not include a `node_ip_block_ids` configuration, TKGI creates a node subnet from one of the available IP blocks in the Node IP Blocks specified on the TKGI tile.
Note:
-When replacing a network profile that does not explicitly specify a node_ip_block_ids configuration, the replacement network profile must include the Node IP Blocks specified on the <%= vars.k8s_runtime_abbr %> tile.
+When replacing a network profile that does not explicitly specify a node_ip_block_ids configuration, the replacement network profile must include the Node IP Blocks specified on the TKGI tile.
@@ -92,18 +92,18 @@ When replacing a network profile that does not explicitly specify a node_i
### Node Routable
The `node_routable` Boolean lets you specify if the node network is routable or non-routable.
- This is the equivalent of enabling or deactivating NAT mode in the <%= vars.k8s_runtime_abbr %> tile.
+ This is the equivalent of enabling or deactivating NAT mode in the TKGI tile.
If the node network is configured as non-routable, `"node_routable":false`, the node network uses NAT mode. In this case, you must make sure that Kubernetes nodes
- have access to BOSH and other <%= vars.k8s_runtime_abbr %> Management Plane components.
- See [Create Management Plane](./nsxt-3-0-install.html#nsxt30-mgmt-plane) in _Installing and Configuring NSX-T Data Center v3.0 for <%= vars.k8s_runtime_abbr %>_
+ have access to BOSH and other TKGI Management Plane components.
+ See [Create Management Plane](./nsxt-3-0-install.html#nsxt30-mgmt-plane) in _Installing and Configuring NSX-T Data Center v3.0 for TKGI_
for more information.
If the node network is configured as routable, `"node_routable":true`, the IP address space must be an externally routable address block.
The `node_routable` configuration on an existing cluster cannot be updated.
-Note: The default routable setting for the node network is determined based on the selection made in the <%= vars.k8s_runtime_abbr %> tile. If NAT mode is selected, the node network is non-routable. To override the default selection, provide the node_routable parameter in the network profile.
+Note: The default routable setting for the node network is determined based on the selection made in the TKGI tile. If NAT mode is selected, the node network is non-routable. To override the default selection, provide the node_routable parameter in the network profile.
### Node Subnet Prefix
@@ -111,11 +111,11 @@ The `node_routable` configuration on an existing cluster cannot be updated.
Configure the Node IP Block `node_subnet_prefix` parameter to specify a subnet size
that optimizes the use of network address space for the number of nodes in your Kubernetes cluster.
-For example, if the <%= vars.k8s_runtime_abbr %> administrator has configured the default in the <%= vars.k8s_runtime_abbr %> tile
+For example, if the TKGI administrator has configured the default in the TKGI tile
to be a routable network for the Node IP Block, the Kubernetes cluster administrator can deploy the cluster in the NAT'ed mode (non-routable)
by specifying a network profile with an IP block that supports the NAT'ed address range.
-By default, each Kubernetes cluster deployed by <%= vars.k8s_runtime_abbr %> is allocated a /24 subnet,
+By default, each Kubernetes cluster deployed by TKGI is allocated a /24 subnet,
which allows up to 256 IP addresses to be assigned.
The `node_subnet_prefix` configuration on an existing cluster cannot be updated.
diff --git a/network-profiles-ns-groups.html.md.erb b/network-profiles-ns-groups.html.md.erb
index ad1b0ea8c..f704458c8 100644
--- a/network-profiles-ns-groups.html.md.erb
+++ b/network-profiles-ns-groups.html.md.erb
@@ -3,17 +3,17 @@ title: Configure Bootstrap NSGroups
owner: TKGI
---
-This topic describes how to define network profiles for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters on vSphere with NSX.
+This topic describes how to define network profiles for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters on vSphere with NSX.
## Bootstrap Security Group
-Most of the NSX virtual interface tags used by <%= vars.product_short %> are added to the Kubernetes control plane node or nodes during the node initialization phase of cluster provisioning. To add tags to virtual interfaces, the Kubernetes control plane node needs to connect to the NSX Manager API. Network security rules provisioned prior to cluster creation time do not allow nodes to connect to NSX if the rules are based on a Namespace Group (NSGroup) managed by <%= vars.product_short %>.
+Most of the NSX virtual interface tags used by Tanzu Kubernetes Grid Integrated Edition are added to the Kubernetes control plane node or nodes during the node initialization phase of cluster provisioning. To add tags to virtual interfaces, the Kubernetes control plane node needs to connect to the NSX Manager API. Network security rules provisioned prior to cluster creation time do not allow nodes to connect to NSX if the rules are based on a Namespace Group (NSGroup) managed by Tanzu Kubernetes Grid Integrated Edition.
-To address this bootstrap issue, <%= vars.product_short %> exposes an optional configuration parameter in Network Profiles to systematically add Kubernetes control plane nodes to a pre-provisioned NSGroup. The BOSH vSphere cloud provider interface (CPI) has the ability to use the NSGroup to automatically manage members following the BOSH VM lifecycle for Kubernetes control plane nodes.
+To address this bootstrap issue, Tanzu Kubernetes Grid Integrated Edition exposes an optional configuration parameter in Network Profiles to systematically add Kubernetes control plane nodes to a pre-provisioned NSGroup. The BOSH vSphere cloud provider interface (CPI) has the ability to use the NSGroup to automatically manage members following the BOSH VM lifecycle for Kubernetes control plane nodes.
To configure a Bootstrap Security Group, complete the following steps:
-1. Create the NSGroup in NSX Manager prior to provisioning a Kubernetes cluster using <%= vars.product_short %>.
+1. Create the NSGroup in NSX Manager prior to provisioning a Kubernetes cluster using Tanzu Kubernetes Grid Integrated Edition.
For more information, see [Create an NSGroup](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.3/com.vmware.nsxt.admin.doc/GUID-718E769B-8D89-485B-8DBD-04F1F82CFE14.html)
in the NSX documentation.
2. Define a network profile that references the NSGroup UUID that the BOSH CPI can use to bootstrap the control plane node or nodes.
diff --git a/network-profiles-opsmgr.html.md.erb b/network-profiles-opsmgr.html.md.erb
index d21a64a90..2b086a045 100644
--- a/network-profiles-opsmgr.html.md.erb
+++ b/network-profiles-opsmgr.html.md.erb
@@ -3,7 +3,7 @@ title: Working with Network Profiles in Ops Manager
owner: TKGI
---
-The following topics describe how to define and use network profiles in <%= vars.ops_manager_full %> (<%= vars.ops_manager %>), for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters deployed on NSX with vSphere:
+The following topics describe how to define and use network profiles in VMware Tanzu Operations Manager (Ops Manager), for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters deployed on NSX with vSphere:
-
diff --git a/network-profiles-pods.html.md.erb b/network-profiles-pods.html.md.erb
index d7dcabf8a..da023e8ac 100644
--- a/network-profiles-pods.html.md.erb
+++ b/network-profiles-pods.html.md.erb
@@ -3,27 +3,27 @@ title: Customizing Pod Networks (NSX Only)
owner: TKGI
---
-This topic describes how <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) administrators
-can define <%= vars.k8s_runtime_abbr %> network profiles for pod networks on vSphere with NSX integration.
+This topic describes how VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) administrators
+can define TKGI network profiles for pod networks on vSphere with NSX integration.
-<%= vars.k8s_runtime_abbr %> supports network profiles on <%= vars.k8s_runtime_abbr %> on vSphere with NSX only.
+TKGI supports network profiles on TKGI on vSphere with NSX only.
To create or delete a network profile, you must be a cluster administrator, `pks.clusters.admin`.
## Custom Pod Networks
-When you configure your NSX infrastructure for <%= vars.k8s_runtime_abbr %>, you must create a **Pods IP Block**.
-For more information, see the [Plan IP Blocks](nsxt-prepare-env.html#plan-ip-blocks) section of _Planning, Preparing, and Configuring NSX for <%= vars.product_short %>_.
+When you configure your NSX infrastructure for TKGI, you must create a **Pods IP Block**.
+For more information, see the [Plan IP Blocks](nsxt-prepare-env.html#plan-ip-blocks) section of _Planning, Preparing, and Configuring NSX for Tanzu Kubernetes Grid Integrated Edition_.
By default, this subnet is non-routable. When a Kubernetes cluster is deployed, each pod receives an IP address from the **Pods IP Block** you created. Because the pod IP addresses are non-routable, NSX creates a SNAT rule on the Tier-0 router to allow network egress from the pods. This configuration is shown in the diagram below:
-You can use a network profile to override the global **Pods IP Block** that you specify in the <%= vars.product_tile %> tile with a custom IP block. To use a custom pods network, do the following after you deploy <%= vars.k8s_runtime_abbr %>:
+You can use a network profile to override the global **Pods IP Block** that you specify in the Tanzu Kubernetes Grid Integrated Edition tile with a custom IP block. To use a custom pods network, do the following after you deploy TKGI:
1. Define a custom IP block in NSX.
-For more information, see [Creating NSX Objects for <%= vars.product_short %>](nsxt-create-objects.html).
+For more information, see [Creating NSX Objects for Tanzu Kubernetes Grid Integrated Edition](nsxt-create-objects.html).
2. Define a network profile that references the custom pods IP block.
@@ -42,7 +42,7 @@ For more information, see [Creating NSX Objects for <%= vars.product_short %>](n
}
```
-Note: You cannot use the same Pod IP Block ID (UUID) that is specified in the <%= vars.k8s_runtime_abbr %> Tile. Create a new Pod IP Block ID (UUID) that is not referenced in the <%= vars.k8s_runtime_abbr %> Tile and use it to define a network profile.
+Note: You cannot use the same Pod IP Block ID (UUID) that is specified in the TKGI Tile. Create a new Pod IP Block ID (UUID) that is not referenced in the TKGI Tile and use it to define a network profile.
You can add pod addresses to an existing cluster. You cannot remove any pod addresses.
For more information, see [Add Pod IPs](#pods-ips-add) below.
@@ -50,7 +50,7 @@ For more information, see [Add Pod IPs](#pods-ips-add) below.
## Pod Subnet Prefix
-Each time a Kubernetes namespace is created, a subnet from the pods IP block is allocated. The default size of the subnet carved from this block for such purposes is /24. For more information, see the [Pods IP Block](nsxt-prepare-env.html#pods-ip-block) section of _Planning, Preparing, and Configuring NSX for <%= vars.product_short %>_.
+Each time a Kubernetes namespace is created, a subnet from the pods IP block is allocated. The default size of the subnet carved from this block for such purposes is /24. For more information, see the [Pods IP Block](nsxt-prepare-env.html#pods-ip-block) section of _Planning, Preparing, and Configuring NSX for Tanzu Kubernetes Grid Integrated Edition_.
You can define a Network Profile using the `pod_subnet_prefix` parameter to customize the size of the pod subnet reserved for namespaces.
@@ -70,23 +70,23 @@ For example, the following network profile specifies /27 for the size of the two
}
```
-Note: You cannot customize the size of the Pod IP Block ID (UUID) that is specified in the <%= vars.k8s_runtime_abbr %> Tile. To customize the size of the Pod subnet block you must create a new Pod IP Block ID (UUID) that is not referenced in <%= vars.k8s_runtime_abbr %> Tile and use it to define a network profile.
+Note: You cannot customize the size of the Pod IP Block ID (UUID) that is specified in the TKGI Tile. To customize the size of the Pod subnet block you must create a new Pod IP Block ID (UUID) that is not referenced in TKGI Tile and use it to define a network profile.
Note: The subnet size for a Pods IP Block must be consistent across all Network Profiles.
-<%= vars.k8s_runtime_abbr %> does not support variable subnet sizes for a given IP Block.
+TKGI does not support variable subnet sizes for a given IP Block.
You cannot modify the size of the pod subnet configuration on an existing cluster.
## Routable Pod Networks
-Using a network profile, you can assign routable IP addresses from a dedicated routable IP block to pods in your Kubernetes cluster. When a cluster is deployed using that network profile, the routable IP block overrides the default non-routable IP block described created for deploying <%= vars.k8s_runtime_abbr %>. When you deploy a Kubernetes cluster using that network profile, each pod receives a routable IP address. This configuration is shown in the diagram below. If you use routable pods, the SNAT rule is not created.
+Using a network profile, you can assign routable IP addresses from a dedicated routable IP block to pods in your Kubernetes cluster. When a cluster is deployed using that network profile, the routable IP block overrides the default non-routable IP block described created for deploying TKGI. When you deploy a Kubernetes cluster using that network profile, each pod receives a routable IP address. This configuration is shown in the diagram below. If you use routable pods, the SNAT rule is not created.
-To use routable pods, do the following after you deploy <%= vars.k8s_runtime_abbr %>:
+To use routable pods, do the following after you deploy TKGI:
-1. Define a routable IP block in NSX. For more information, see [Creating NSX Objects for <%= vars.product_short %>](nsxt-create-objects.html).
+1. Define a routable IP block in NSX. For more information, see [Creating NSX Objects for Tanzu Kubernetes Grid Integrated Edition](nsxt-create-objects.html).
2. Define a network profile that references the routable IP block.
@@ -107,7 +107,7 @@ To use routable pods, do the following after you deploy <%= vars.k8s_runtime_abb
}
```
-Note: You cannot use the same Pod IP Block ID (UUID) that is specified in the <%= vars.k8s_runtime_abbr %> Tile. Create a new Pod IP Block ID (UUID) that is not referenced in <%= vars.k8s_runtime_abbr %> Tile and use it to define a network profile.
+Note: You cannot use the same Pod IP Block ID (UUID) that is specified in the TKGI Tile. Create a new Pod IP Block ID (UUID) that is not referenced in TKGI Tile and use it to define a network profile.
You can add pod addresses to an existing cluster.
You cannot remove any pod addresses or modify the size of the pod subnet configuration on an existing cluster.
diff --git a/network-profiles-shared-t1.html.md.erb b/network-profiles-shared-t1.html.md.erb
index c280f1b61..c6ad813e7 100644
--- a/network-profiles-shared-t1.html.md.erb
+++ b/network-profiles-shared-t1.html.md.erb
@@ -3,13 +3,13 @@ title: Shared and Dedicated Tier-1 Router Topologies
owner: TKGI
---
-This topic describes how to define a network profile to configure shared and dedicated Tier-1 router topologies for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) provisioned Kubernetes clusters on vSphere with NSX.
+This topic describes how to define a network profile to configure shared and dedicated Tier-1 router topologies for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) provisioned Kubernetes clusters on vSphere with NSX.
-This topic also explains how to define a network profile that overrides the Shared Tier-1 topology default, to specify Dedicated Tier-1 topology for <%= vars.k8s_runtime_abbr %> clusters.
+This topic also explains how to define a network profile that overrides the Shared Tier-1 topology default, to specify Dedicated Tier-1 topology for TKGI clusters.
## Shared Tier-1 Topology
-By default, Kubernetes clusters in <%= vars.product_short %> with NSX have the Shared Tier-1 network topology, in which each cluster shares a single Tier-1 router for its external-facing components: the Kubernetes node, namespace, and NSX load balancer.
+By default, Kubernetes clusters in Tanzu Kubernetes Grid Integrated Edition with NSX have the Shared Tier-1 network topology, in which each cluster shares a single Tier-1 router for its external-facing components: the Kubernetes node, namespace, and NSX load balancer.
Note: The Shared Tier-1 topology requires VMware NSX v2.5.
@@ -30,14 +30,14 @@ the shared Tier-1 model configures any necessary NAT rules (if using NAT mode) o
The Tier-0 router is not used for any NAT configuration. As a result,
the Tier-0 router can operate in Active-Active mode if all Kubernetes clusters are deployed using the Shared Tier-1 model.
-The Shared Tier-1 model enables higher scale numbers for <%= vars.k8s_runtime_abbr %> as the number of NSX objects allocated per Kubernetes cluster
+The Shared Tier-1 model enables higher scale numbers for TKGI as the number of NSX objects allocated per Kubernetes cluster
is drastically reduced, in comparison to dedicated Tier-1.
The advantage of the shared Tier-1 topology is that you can increase the number of NSX objects that can be
supported in a given cluster.
## Dedicated Tier-1 Topology
-When you provision a Kubernetes cluster with a network profile that overrides the Shared Tier-1 topology, <%= vars.product_short %> creates following NSX objects:
+When you provision a Kubernetes cluster with a network profile that overrides the Shared Tier-1 topology, Tanzu Kubernetes Grid Integrated Edition creates following NSX objects:
* 1 Logical Switch and Tier-1 Router for each Kubernetes Nodes subnet
* 1 Logical Switch and Tier-1 Router for each Kubernetes namespace
@@ -72,7 +72,7 @@ To create a cluster using a Shared Tier-1 network profile, see [Create a Cluster
In a Shared Tier-1 Router topology, all Kubernetes cluster traffic is automatically NATed in the single Tier-1 router that services that cluster. However, in a Multi-Tier-0 environment, traffic from Kubernetes Node Networks to the Shared Tier-0 Router cannot be NATed.
-To implement a Shared Tier-1 topology in a Multi-Tier-0 environment, use the `infrastructure_networks` field in the network profile and include the subnets where your infrastructure is running. During Kubernetes cluster creation, <%= vars.product_short %> will add a NO_SNAT rule from the Node Network to subnets specified in the `infrastructure_networks` field.
+To implement a Shared Tier-1 topology in a Multi-Tier-0 environment, use the `infrastructure_networks` field in the network profile and include the subnets where your infrastructure is running. During Kubernetes cluster creation, Tanzu Kubernetes Grid Integrated Edition will add a NO_SNAT rule from the Node Network to subnets specified in the `infrastructure_networks` field.
In the following example network profile, the `infrastructure-networks` field includes three subnets for which NO_SNAT rules will be created. These subnets map to the PKS Control Plane (`30.0.0.0/24`), vCenter and NSX VMs (`192.168.111.0/24`), and the Nodes DNS server (`192.168.115.1`).
diff --git a/network-profiles.html.md.erb b/network-profiles.html.md.erb
index d7015195a..a057c21e5 100644
--- a/network-profiles.html.md.erb
+++ b/network-profiles.html.md.erb
@@ -3,15 +3,15 @@ title: Using Network Profiles (NSX Only)
owner: TKGI
---
-This topic describes how <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) cluster managers
-can manage and use network profiles to customize NSX configuration parameters for Kubernetes clusters provisioned by <%= vars.k8s_runtime_abbr %> on vSphere with NSX integration.
+This topic describes how VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) cluster managers
+can manage and use network profiles to customize NSX configuration parameters for Kubernetes clusters provisioned by TKGI on vSphere with NSX integration.
## Prerequisite
-<%= vars.k8s_runtime_abbr %> supports network profiles on <%= vars.k8s_runtime_abbr %> on vSphere with NSX only.
+TKGI supports network profiles on TKGI on vSphere with NSX only.
-To work with <%= vars.k8s_runtime_abbr %> network profiles you must be either a cluster manager or cluster administrator:
+To work with TKGI network profiles you must be either a cluster manager or cluster administrator:
* To create or delete a network profile, you must be a cluster administrator: `pks.clusters.admin`.
@@ -20,10 +20,10 @@ To work with <%= vars.k8s_runtime_abbr %> network profiles you must be either a
## Overview
-You can use network profiles to customize your <%= vars.k8s_runtime_abbr %> Kubernetes clusters on vSphere with NSX.
+You can use network profiles to customize your TKGI Kubernetes clusters on vSphere with NSX.
For information on when to use network profiles, see [Network Profile Use Cases](#use-cases) below.
-<%= vars.k8s_runtime_abbr %> cluster managers can apply network profiles to clusters:
+TKGI cluster managers can apply network profiles to clusters:
To list the available network profiles:
@@ -37,7 +37,7 @@ To apply a network profile to a cluster:
* [Assign a Network Profile to an Existing Cluster](#assign-profile)
* [Update an Existing Network Profile](#update-profile)
-<%= vars.k8s_runtime_abbr %> cluster administrators can create and manage network profiles.
+TKGI cluster administrators can create and manage network profiles.
To create or manage network profiles see the following in [Creating and Managing Network Profiles](./network-profiles-define.html):
* [Create a Network Profile](network-profiles-define.html#create)
@@ -67,12 +67,12 @@ To list available network profiles:
## Create a Cluster with a Network Profile
-You can assign a network profile to a <%= vars.k8s_runtime_abbr %>-provisioned Kubernetes cluster at the time of cluster creation.
+You can assign a network profile to a TKGI-provisioned Kubernetes cluster at the time of cluster creation.
To create a Kubernetes cluster with a network profile:
1. If you do not have a network profile with the desired configuration,
-have a <%= vars.k8s_runtime_abbr %> cluster administrator define and create a new network profile.
+have a TKGI cluster administrator define and create a new network profile.
For more information, see [Create a Network Profile](./network-profiles.html#create-profile) in _Creating and Managing Network Profiles_.
1. Choose a network profile for the cluster.
See [List Network Profiles](#list-profiles).
@@ -89,20 +89,20 @@ For more information, see [Create a Network Profile](./network-profiles.html#cre
if you manage your clusters with Tanzu Mission Control (TMC). Clusters with names that include an uppercase character cannot be attached to TMC.
* `HOSTNAME` is your external hostname used for accessing the Kubernetes API.
- * `PLAN-NAME` is the name of the <%= vars.k8s_runtime_abbr %> plan you want to use for your cluster.
+ * `PLAN-NAME` is the name of the TKGI plan you want to use for your cluster.
* `NETWORK-PROFILE-NAME` is the name of the network profile you want to use for your cluster.
## Assign a Network Profile to an Existing Cluster
-<%= vars.k8s_runtime_abbr %> supports assigning a network profile to an existing cluster.
+TKGI supports assigning a network profile to an existing cluster.
-WARNING: Update the network profile only on a <%= vars.k8s_runtime_abbr %> cluster that has been upgraded to the current <%= vars.k8s_runtime_abbr %> version. For more information, see Tasks Supported Following a <%= vars.k8s_runtime_abbr %> Control Plane Upgrade in About <%= vars.product_short %> Upgrades.
+ WARNING: Update the network profile only on a TKGI cluster that has been upgraded to the current TKGI version. For more information, see Tasks Supported Following a TKGI Control Plane Upgrade in About Tanzu Kubernetes Grid Integrated Edition Upgrades.
To assign a network profile to a cluster that does not have a network profile already applied:
1. If you do not have a network profile with the desired configuration,
-have a <%= vars.k8s_runtime_abbr %> cluster administrator define and create a new network profile.
+have a TKGI cluster administrator define and create a new network profile.
For more information, see [Create a Network Profile](./network-profiles.html#create-profile) in _Creating and Managing Network Profiles_.
1. Choose a network profile for the cluster.
See [List Network Profiles](#list-profiles).
@@ -127,7 +127,7 @@ in _Release Notes_ for additional requirements.
The use cases for updating an existing network profile are limited to adding to or changing the order of Pod IP Blocks on your existing cluster.
For more information, see [Customizing Pod Networks](./network-profiles-pods.html).
-Only <%= vars.k8s_runtime_abbr %> cluster administrators can modify an existing network profile.
+Only TKGI cluster administrators can modify an existing network profile.
For information on updating an existing network profile, see
[Update an Existing Network Profile](./network-profiles-define.html#change-pod-ips)
in _Creating and Deleting Network Profiles_.
@@ -135,7 +135,7 @@ in _Creating and Deleting Network Profiles_.
## Network Profile Use Cases
Network profiles let you customize configuration parameters for
-Kubernetes clusters provisioned by <%= vars.k8s_runtime_abbr %> on vSphere with NSX.
+Kubernetes clusters provisioned by TKGI on vSphere with NSX.
You can apply a network profile to a Kubernetes cluster for the following scenarios:
diff --git a/nsxt-3-0-install.html.md.erb b/nsxt-3-0-install.html.md.erb
index 607c300c9..c52b2bb00 100644
--- a/nsxt-3-0-install.html.md.erb
+++ b/nsxt-3-0-install.html.md.erb
@@ -3,15 +3,15 @@ title: Installing and Configuring NSX-T Data Center v3.0 for Tanzu Kubernetes Gr
owner: TKGI-NSXT
---
-This topic describes how to install and configure NSX-T Data Center v3.0 for use with <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) on vSphere.
+This topic describes how to install and configure NSX-T Data Center v3.0 for use with VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) on vSphere.
-## Prerequisites for Installing NSX-T Data Center v3.0 for <%= vars.product_short %>
+## Prerequisites for Installing NSX-T Data Center v3.0 for Tanzu Kubernetes Grid Integrated Edition
-To perform a new installation of NSX-T Data Center for <%= vars.product_short %>, complete the following steps in the order presented.
+To perform a new installation of NSX-T Data Center for Tanzu Kubernetes Grid Integrated Edition, complete the following steps in the order presented.
-1. Verify NSX-T v3.0 support for your <%= vars.k8s_runtime_abbr %> version. For more information, see the [Release Notes](./release-notes.html) for the <%= vars.k8s_runtime_abbr %> version you are installing.
+1. Verify NSX-T v3.0 support for your TKGI version. For more information, see the [Release Notes](./release-notes.html) for the TKGI version you are installing.
-1. Read the topics in the [Preparing to Install <%= vars.product_short %> on vSphere with NSX-T Data Center](./vsphere-nsxt-index-prepare.html) section of the documentation.
+1. Read the topics in the [Preparing to Install Tanzu Kubernetes Grid Integrated Edition on vSphere with NSX-T Data Center](./vsphere-nsxt-index-prepare.html) section of the documentation.
1. Read the [Configuring NSX-T Data Center v3.1 Transport Zones and Edge Node Switches for TKGI](nsxt-3-1-install-delta.html) topic.
@@ -187,160 +187,6 @@ You must also generate a certificate for the NSX-T Manager VIP.
To generate a certificate for the NSX-T Manager VIP,
see [Generate and Register the NSX-T Management TLS Certificate and Private Key](nsxt-install-tls-certs.html).
-
-<% if vars.product_version == "COMMENTED" %>
-An SSL certificate is automatically created for each NSX-T Manager. You can verify this by SSHing to one of the NSX-T Manager nodes and running the following command.
-
-```
-nsx-manager-1> get certificate cluster
-```
-
-You will see that Subject Alternative Name (SAN) listed in the certificate is the hostname of the appliance, for example `SAN=nsx-manager-1`. This means the cluster certificate is linked to a particular NSX-T Manager, in this case NSX-T Manager 1.
-
-If you examine **System** > **Certificates**, you will see that there is no certificate for the NSX-T Manager VIP. You must generate a new SSL certificate that uses the NSX-T Management VIP address so that the cluster certificate contains `SAN=VIP-ADDRESS`.
-
- 
-
-Complete the following steps to generate and register a SSL certificate and private key that uses the VIP address. The following steps assume that you are working on a Linux host where [OpenSSL](https://www.openssl.org/) is installed.
-
-### Generate the SSL Certificate and Private Key
-
-1. Create a certificate signing request file named `nsx-cert.cnf` and populate it with the contents below.
-
- ```
- [ req ]
- default_bits = 2048
- default_md = sha256
- prompt = no
- distinguished_name = req_distinguished_name
- x509_extensions = SAN
- req_extensions = v3_ca
-
- [ req_distinguished_name ]
- countryName = US
- stateOrProvinceName = California
- localityName = CA
- organizationName = NSX
- commonName = VIP-ADDRESS #CAN ONLY USE IF SAN IS ALSO USED
-
- [ SAN ]
- basicConstraints = CA:false
- subjectKeyIdentifier = hash
- authorityKeyIdentifier=keyid:always,issuer:always
-
- [ v3_ca ]
- subjectAltName = DNS:NSX-VIP-FQDN,IP:VIP-ADDRESS #MUST USE
- ```
-
- Where:
-
- * `NSX-VIP-FQDN` is your NSX VIP FQDN.
- * `VIP-ADDRESS` is the VIP address for the NSX-T Management cluster.
-
- Note: At a minimum you must use the SAN field for identifying the NSX Management VIP. You can also use the CN field, as long as the SAN field is populated. If you use only the CN field, the certificate will not be valid for TKGI.
-
-1. Copy the `nsx-cert.cnf` file to a machine with `openssl` if yours does not have it.
-
-1. Use [OpenSSL](https://www.openssl.org/) to generate the SSL certificate and private key.
-
- ```
- openssl req -newkey rsa -nodes -days 1100 -x509 -config nsx-cert.cnf -keyout nsx.key -out nsx.crt
- ```
-
-1. Verify that you see the following:
-
- ```
- Generating a 2048 bit RSA private key
- ...............+++
- ................+++
- writing new private key to 'nsx.key'
- ```
-
-1. Verify certificate and key generation by running the `ls` command.
-
- Confirm you see three files: the initial signing request, and the certificate and private key generated by running the signing request.
-
- ```
- nsx-cert.cnf nsx.crt nsx.key
- ```
-
-1. Run the following command to verify the certificate and private key.
-
- ```
- openssl x509 -in nsx.crt -text -noout
- ```
-
- Confrim you see that the Subject Alternative Name (SAN) and common name (CN) (if used) are both the VIP address. For example:
-
- ```
- Subject: C=US, ST=California, L=CA, O=NSX, CN=myvip.mydomain.com
- ...
- X509v3 extensions:
- X509v3 Subject Alternative Name:
- DNS:myvip.mydomain.com, IP Address:10.11.12.13
- ```
-
-### Import the SSL Certificate and Private Key to the NSX-T Management Console
-
-Import certificate and private key to NSX-T by completing the following steps. These steps require populating the NSX-T Management Console fields with the certificate and private key. You can copy/paste the contents, or if you save the `nsx.crt` and `nsx.key` files to your local machine, you can import them.
-
-1. In the NSX-T Management Console, navigate to the **System** > **Certificates** page.
-
-1. Click **Import** > **Import Certificate**. The **Import Certificate** screen is displayed.
- Note: Be sure to select Import Certificate and not Import CA Certificate.
-1. Enter a **Name**. For example, `CERT-NSX-T-VIP`.
-1. Copy and paste the **Certificate Contents** from the `nsx.crt` file. Or, import the `nsx.crt` file clicking **Browse** and selecting it.
-1. Copy and paste the **Private Key** from the `nsx.key` file. Or, import the `nsx.key` file by clicking **Browse** and selecting it.
-1. For the **Service Certificate** option, make sure to select **No**.
-1. Click **Import**.
- 
-1. Verify that you see the certificate in the list of Certificates.
- 
-
-### Register the SSL Certificate and Private Key with the NSX-T API Server
-
-To register the imported VIP certificate with the NSX-T Management Cluster Certificate API, complete the following steps:
-
-1. In the NSX-T Management Console, navigate to the **System** > **Certificates** page.
-1. View the UUID of the certificate from the NSX-T Management Console > **Certificates** screen.
- 
-1. Copy the UUID to the clipboard. For example, `170a6d52-5c61-4fef-a9e0-09c6229fe833`.
-1. Create the following environment variables. Replace the IP address with your VIP address and the UUID with the UUID of the imported certificate.
-
- ```
- export NSX_MANAGER_IP_ADDRESS=10.173.62.47
- export CERTIFICATE_ID=170a6d52-5c61-4fef-a9e0-09c6229fe833
- ```
-
-1. Post the certificate to the NSX-T Manager API.
-
- ```
- curl --insecure -u admin:'VMware1!VMware1!' -X POST "https://$NSX_MANAGER_IP_ADDRESS/api/v1/cluster/api-certificate?action=set_cluster_certificate&certificate_id=$CERTIFICATE_ID"
- {
- "certificate_id": "170a6d52-5c61-4fef-a9e0-09c6229fe833"
- }
- ```
-
-1. (Optional) If you are running <%= vars.k8s_runtime_abbr %> in a test environment and you are not using a multi-node NSX Management cluster,
-then you must also post the certificate to the Nodes API.
-
- ```
- curl --insecure -u admin:'VMware1!VMware1!' -X POST https://$NSX_MANAGER_IP_ADDRESS/api/v1/node/services/http?action=apply_certificate&certificate_id=$CERTIFICATE_ID
- {
- "certificate_id": "170a6d52-5c61-4fef-a9e0-09c6229fe833"
- }
- ```
- Note: Using a single-node NSX Management cluster is an unsupported configuration.
-
-1. Verify by SSHing to one of the NSX-T Management nodes and running the following command.
-
- Confirm the returned certificate matches the generated one.
-
- ```
- nsx-manager-1> get certificate cluster
- ```
-<% end %>
-
## Create an IP Pool for TEP
Tunnel endpoints (TEPs) are the source and destination IP addresses used in the external IP header to identify the ESXi hosts that originate and end the NSX-T encapsulation of overlay frames. The TEP addresses do not need to be routable so you can use any random IP addressing scheme you want. For more information, see the [NSX-T Data Center documentation](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/installation/GUID-E7F7322D-D09B-481A-BD56-F1270D7C9692.html).
@@ -418,15 +264,15 @@ For each ESXi host in the MANAGEMENT-cluster, or each ESXi host in the vCenter c
In this section you deploy two NSX-T Edge Nodes.
-NSX-T Edge Nodes provide the bridge between the virtual network environment implemented using NSX-T and the physical network. Edge Nodes for <%= vars.product_short %> run load balancers for <%= vars.control_plane %> traffic, Kubernetes load balancer services, and ingress controllers. See [Load Balancers in <%= vars.product_short %>](./about-lb.html) for more information.
+NSX-T Edge Nodes provide the bridge between the virtual network environment implemented using NSX-T and the physical network. Edge Nodes for Tanzu Kubernetes Grid Integrated Edition run load balancers for TKGI API traffic, Kubernetes load balancer services, and ingress controllers. See [Load Balancers in Tanzu Kubernetes Grid Integrated Edition](./about-lb.html) for more information.
-In NSX-T, a load balancer is deployed on the Edge Nodes as a virtual server. The following virtual servers are required for <%= vars.product_short %>:
+In NSX-T, a load balancer is deployed on the Edge Nodes as a virtual server. The following virtual servers are required for Tanzu Kubernetes Grid Integrated Edition:
- 1 TCP Layer 4 virtual server for each Kubernetes service of type:`LoadBalancer`
- 2 Layer 7 global virtual servers for Kubernetes pod ingress resources (HTTP and HTTPS)
-- 1 global virtual server for the <%= vars.control_plane %>
+- 1 global virtual server for the TKGI API
-The number of virtual servers that can be run depends on the size of the load balancer which depends on the size of the Edge Node. <%= vars.product_short %> supports the `medium` and `large` VM Edge Node form factor, as well as the bare metal Edge Node. The default size of the load balancer deployed by NSX-T for a Kubernetes cluster is `small`. The size of the load balancer can be customized using Network Profiles.
+The number of virtual servers that can be run depends on the size of the load balancer which depends on the size of the Edge Node. Tanzu Kubernetes Grid Integrated Edition supports the `medium` and `large` VM Edge Node form factor, as well as the bare metal Edge Node. The default size of the load balancer deployed by NSX-T for a Kubernetes cluster is `small`. The size of the load balancer can be customized using Network Profiles.
For this installation, we use the Large VM form factor for the Edge Node. See [VMware Configuration Maximums](https://configmax.vmware.com/guest?vmwareproduct=VMware%20NSX-T&release=NSX-T%20Data%20Center%203.0.0&categories=17-0) for more information.
@@ -829,7 +675,7 @@ TKGI requires a Floating IP Pool for NSX-T load balancer assignment and the foll
## Create Management Plane
-Networking for the <%= vars.k8s_runtime_abbr %> Management Plane consists of a [Tier-1 Router and Switch](#nsxt30-t1-router) with [NAT Rules](#nsxt30-t0-nat) for the Management Plane VMs.
+Networking for the TKGI Management Plane consists of a [Tier-1 Router and Switch](#nsxt30-t1-router) with [NAT Rules](#nsxt30-t0-nat) for the Management Plane VMs.
### Create Tier-1 Router and Switch
@@ -938,7 +784,7 @@ You need to create the following NAT rules on the Tier-0 router for the TKGI Man
The default NSX-T password expiration interval is 90 days. After this period, the NSX-T passwords will expire on all NSX-T Manager Nodes and all NSX-T Edge Nodes. To avoid this, you can extend or remove the password expiration interval, or change the password if needed.
-Note: For existing <%= vars.product_short %> deployments, anytime the NSX-T password is changed you must update the BOSH and TKGI tiles with the new passwords. See Adding Infrastructure Password Changes to the <%= vars.product_short %> Tile for more information.
+Note: For existing Tanzu Kubernetes Grid Integrated Edition deployments, anytime the NSX-T password is changed you must update the BOSH and TKGI tiles with the new passwords. See Adding Infrastructure Password Changes to the Tanzu Kubernetes Grid Integrated Edition Tile for more information.
### Update the NSX-T Manager Password and Password Interval
diff --git a/nsxt-3-1-install-delta.html.md.erb b/nsxt-3-1-install-delta.html.md.erb
index f4fca852e..993ca43b9 100644
--- a/nsxt-3-1-install-delta.html.md.erb
+++ b/nsxt-3-1-install-delta.html.md.erb
@@ -13,20 +13,20 @@ owner: TKGI-NSXT
**This topic has been superseded. Do not use.**
For instructions on how to configure NSX Data Center Transport Zones,
-see [Configuring NSX-T Data Center v3 Transport Zones and Edge Node Switches for <%= vars.k8s_runtime_abbr %>](nsxt-install-tzs.html).
+see [Configuring NSX-T Data Center v3 Transport Zones and Edge Node Switches for TKGI](nsxt-install-tzs.html).
## Overview
-This topic provides instructions for configuring NSX-T Data Center v3.1 Transport Zones and N-VDS switches on NSX-T Edge Nodes for use with <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) on vSphere.
+This topic provides instructions for configuring NSX-T Data Center v3.1 Transport Zones and N-VDS switches on NSX-T Edge Nodes for use with VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) on vSphere.
-<%= vars.k8s_runtime_abbr %> requires two Transport Zones for <%= vars.k8s_runtime_abbr %>: an Overlay Transport Zone for the ESXi Transport Nodes
+TKGI requires two Transport Zones for TKGI: an Overlay Transport Zone for the ESXi Transport Nodes
and a VLAN Transport Zone for Edge Nodes.
-<%= vars.k8s_runtime_abbr %> requires that the host switch name associated with the Transport Zones
-match exactly the **Edge Switch Name** value that you specify when you configure an NSX-T Edge Node for use with <%= vars.k8s_runtime_abbr %>.
+TKGI requires that the host switch name associated with the Transport Zones
+match exactly the **Edge Switch Name** value that you specify when you configure an NSX-T Edge Node for use with TKGI.
You can configure your Transport Zones in three ways.
The three configuration options require different levels of customization to complete:
@@ -59,11 +59,11 @@ The three configuration options require different levels of customization to com
Note: In NSX-T 3.1 and later, the Transport Zone Host Switch Name has been deprecated and removed from the NSX-T configuration UI.
- For more information, see <%= vars.k8s_runtime_abbr %> NSX-T Edge Switch and Transport Zone Host Switch Name Requirements.
+ For more information, see TKGI NSX-T Edge Switch and Transport Zone Host Switch Name Requirements.
-## Configure Your NSX-T Transport Zones for <%= vars.k8s_runtime_abbr %>
+## Configure Your NSX-T Transport Zones for TKGI
-<%= vars.k8s_runtime_abbr %> requires the NSX-T **Edge Switch Name** and the Transport Zone host switch name to be identical.
+TKGI requires the NSX-T **Edge Switch Name** and the Transport Zone host switch name to be identical.
You can configure identical Edge Switch and Transport Zone host switch names using the following methods:
* [Option 1: Use the Default Transport Zones with a Single N-VDS Switch](#option1) (recommended)
@@ -114,7 +114,7 @@ To use this option:
|
1. Ensure the values in the following procedure match those in the **vCenter Config** section of the Ops Manager tile:
1. Enter your **vCenter Master Credentials**. Enter the vCenter Server user name using the format `user@domainname`, for example: "_user@example.com_".
- For more information about the master node service account, see [Preparing vSphere Before Deploying <%= vars.product_short %>](vsphere-prepare-env.html).
+ For more information about the master node service account, see [Preparing vSphere Before Deploying Tanzu Kubernetes Grid Integrated Edition](vsphere-prepare-env.html).
<% else %>
- The errand uses the <%= vars.k8s_runtime_abbr %> CLI to create the test cluster configured using
- the configuration settings on the <%= vars.k8s_runtime_abbr %> tile.
+ The errand uses the TKGI CLI to create the test cluster configured using
+ the configuration settings on the TKGI tile.
<% end %>
1. (Optional) To ensure that all of your cluster VMs are patched,
configure the **Upgrade all clusters errand** errand to **On**.
<% if vars.product_version == "v1.17" %>
- 
@@ -37,15 +37,15 @@ select **Yes** under **Tanzu Mission Control Integration**.
For more information about role and access policy,
see [Access Control](https://docs.vmware.com/en/VMware-Tanzu-Mission-Control/services/tanzumc-concepts/GUID-EB9C6D83-1132-444F-8218-F264E43F25BD.html) in the VMware Tanzu Mission Control Product documentation.
-1. Under **<%= vars.control_plane %> Refresh Token Lifetime**, enter a time in seconds for the
-<%= vars.control_plane %> refresh token lifetime. This field defaults to `21600`.
-1. Under **<%= vars.k8s_runtime_abbr %> Cluster Access Token Lifetime**, enter a time in seconds for the
+1. Under **TKGI API Refresh Token Lifetime**, enter a time in seconds for the
+TKGI API refresh token lifetime. This field defaults to `21600`.
+1. Under **TKGI Cluster Access Token Lifetime**, enter a time in seconds for the
cluster access token lifetime. This field defaults to `600`.
-1. Under **<%= vars.k8s_runtime_abbr %> Cluster Refresh Token Lifetime**, enter a time in seconds for the
+1. Under **TKGI Cluster Refresh Token Lifetime**, enter a time in seconds for the
cluster refresh token lifetime. This field defaults to `21600`.
+ 
diff --git a/admission-plugins.html.md.erb b/admission-plugins.html.md.erb
index efda81066..07f5c5409 100644
--- a/admission-plugins.html.md.erb
+++ b/admission-plugins.html.md.erb
@@ -3,18 +3,18 @@ title: Using Admission Control Plugins for Tanzu Kubernetes Grid Integrated Edit
owner: TKGI
---
-The topics below describe how to manage and use admission control plugins for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) clusters.
+The topics below describe how to manage and use admission control plugins for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) clusters.
For more information about Admission Controllers, see [Using Admission Controllers](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/) in the Kubernetes documentation.
-For details on the admission control plugins supported by <%= vars.k8s_runtime_abbr %>, see:
+For details on the admission control plugins supported by TKGI, see:
-* [Enabling the PodSecurityAdmission Plugin for <%= vars.product_short %> Clusters and Using Pod Security Admission](./pod-security-admission.html)
-* [Enabling the SecurityContextDeny Admission Plugin for <%= vars.product_short %> Clusters](./security-context-deny.html)
- 
@@ -67,7 +67,7 @@ For example, the standard LDAP search filter `cn=Smith` returns all objects
with a common name equal to `Smith`.
-1. Record the UUID of the Nodes IP Block object. You use this UUID when you install <%= vars.product_short %> with NSX.
+1. Record the UUID of the Nodes IP Block object. You use this UUID when you install Tanzu Kubernetes Grid Integrated Edition with NSX.
##
-1. Record the UUID of the Pods IP Block object. You use this UUID when you install <%= vars.product_short %> with NSX.
+1. Record the UUID of the Pods IP Block object. You use this UUID when you install Tanzu Kubernetes Grid Integrated Edition with NSX.
##
-1. Get the UUID of the Floating IP Pool object. You use this UUID when you install <%= vars.product_short %> with NSX.
+1. Get the UUID of the Floating IP Pool object. You use this UUID when you install Tanzu Kubernetes Grid Integrated Edition with NSX.
##
1. Click **+ADD** to add an new NSGroup.
@@ -31,7 +31,7 @@ If you are using a Dynamic Server Pool, create an NSGroup as described in this s
The TKGI API Sever virtual machine hosts two server processes and exposes two ports: the TKGI API Server on port 9021, and the UAA server on port 8443. Each NSX Virtual Server listens on one port. Thus, you need two Virtual Servers, one for the TKGI API server and the other for UAA.
-If you deploy your <%= vars.product_short %> using [No-NAT with Virtual Switch (VSS/VDS) Topology](nsxt-topologies.html#alias), You only need to deploy ONE virtual Server
+If you deploy your Tanzu Kubernetes Grid Integrated Edition using [No-NAT with Virtual Switch (VSS/VDS) Topology](nsxt-topologies.html#alias), You only need to deploy ONE virtual Server
###
When this occurs, you must create a Logical Router that is associated with the Edge Cluster.
diff --git a/nsxt-mgmt-lb.html.md.erb b/nsxt-mgmt-lb.html.md.erb
index 6d6c9b075..e0c9b5612 100644
--- a/nsxt-mgmt-lb.html.md.erb
+++ b/nsxt-mgmt-lb.html.md.erb
@@ -3,13 +3,13 @@ title: Provisioning a Load Balancer for the VMware NSX Management Cluster
owner: PKS-NSXT
---
-This topic describes how to deploy a load balancer for the NSX Management Cluster for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>).
+This topic describes how to deploy a load balancer for the NSX Management Cluster for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI).
##
@@ -126,7 +123,7 @@ To isolate ten tenants, use the following calculation:
2 + (10 x 2) = 22 NSX Edge Nodes
```
-Using the NSX Manager interface, deploy at least the minimum number of Edge Nodes you need for each Tenant Tier-0 and join these Edge Nodes to an Edge Cluster. For more information, see [Installing and Configuring NSX-T Data Center v3.0 for <%= vars.k8s_runtime_abbr %>](./nsxt-3-0-install.html).
+Using the NSX Manager interface, deploy at least the minimum number of Edge Nodes you need for each Tenant Tier-0 and join these Edge Nodes to an Edge Cluster. For more information, see [Installing and Configuring NSX-T Data Center v3.0 for TKGI](./nsxt-3-0-install.html).
## 
@@ -102,10 +102,10 @@ For more information, see the [Networking](installing-nsx-t.html#networking) sec
Each time a Kubernetes namespace is created, a subnet from the **Pods IP Block** is allocated. The subnet size carved out from this block is /24, which means a maximum of 256 pods can be created per namespace.
-When a Kubernetes cluster is deployed by <%= vars.product_short %>, by default 3 namespaces are created. Often additional namespaces will be created by operators to facilitate cluster use. As a result, when creating the **Pods IP Block**, you must use a CIDR range larger than /24 to ensure that NSX has enough IP addresses to allocate for all pods. The recommended size is /16. For more information, see [Creating VMware NSX Objects for <%= vars.product_short %>](nsxt-create-objects.html).
+When a Kubernetes cluster is deployed by Tanzu Kubernetes Grid Integrated Edition, by default 3 namespaces are created. Often additional namespaces will be created by operators to facilitate cluster use. As a result, when creating the **Pods IP Block**, you must use a CIDR range larger than /24 to ensure that NSX has enough IP addresses to allocate for all pods. The recommended size is /16. For more information, see [Creating VMware NSX Objects for Tanzu Kubernetes Grid Integrated Edition](nsxt-create-objects.html).
@@ -113,9 +113,9 @@ The routable IP block overrides the default non-routable Pods IP Block
###
-1. Use the Okta metadata you retrieved in the above step to configure SAML in the <%= vars.product_tile %> tile.
+1. Use the Okta metadata you retrieved in the above step to configure SAML in the Tanzu Kubernetes Grid Integrated Edition tile.
See
-[Connecting <%= vars.product_short %> to a SAML Identity Provider](configuring-saml.html).
+[Connecting Tanzu Kubernetes Grid Integrated Edition to a SAML Identity Provider](configuring-saml.html).
diff --git a/password-management.html.md.erb b/password-management.html.md.erb
index 7aa2b09d2..303fb7777 100644
--- a/password-management.html.md.erb
+++ b/password-management.html.md.erb
@@ -3,14 +3,14 @@ title: Adding Infrastructure Password Changes to the Tanzu Kubernetes Grid Integ
owner: TKGI
---
-This topic describes how to manage <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>) after changing a BOSH Director
-or <%= vars.k8s_runtime_abbr %> service account password.
+This topic describes how to manage VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) after changing a BOSH Director
+or TKGI service account password.
## 
+ 
+ 
+ 
+
-1. For the <%= vars.k8s_runtime_abbr %> tile, expand the **ERRANDS** list.
+ 
1. Click **Save**.
1. On the Installation Dashboard, click **Review Pending Changes**.
-1. For <%= vars.product_short %>, verify that **Upgrade all clusters errand** is enabled.
+1. For Tanzu Kubernetes Grid Integrated Edition, verify that **Upgrade all clusters errand** is enabled.
1. Click **Apply Changes** to deploy the cluster with the admission plugin enabled.
Alternatively, instead of enabling **Upgrade all clusters errand**,
-you can upgrade individual Kubernetes clusters through the <%= vars.k8s_runtime_abbr %> Command Line Interface (<%= vars.k8s_runtime_abbr %> CLI).
+you can upgrade individual Kubernetes clusters through the TKGI Command Line Interface (TKGI CLI).
For instructions on upgrading individual Kubernetes clusters, see [Upgrading Clusters](upgrade-clusters.html).
diff --git a/security-process.html.md.erb b/security-process.html.md.erb
index dd253aab2..bf9f03198 100644
--- a/security-process.html.md.erb
+++ b/security-process.html.md.erb
@@ -3,11 +3,11 @@ title: Tanzu Kubernetes Grid Integrated Edition Security Disclosure and Release
owner: TKGI
---
-This topic describes the processes for disclosing security issues and releasing related fixes for <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>), Kubernetes, VMware NSX, and VMware Harbor.
+This topic describes the processes for disclosing security issues and releasing related fixes for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI), Kubernetes, VMware NSX, and VMware Harbor.
-##
+ 
+ - Ops Manager exports an encrypted archive of your current installation configuration.
+ - Later, you import this configuration into to your upgraded Ops Manager.
+ 
+ 
+ 
+ 
+1. Import the target version of the TKGI tile to the Ops Manager Installation Dashboard.
+ 
-1. In the **Stemcell Library**, locate the **<%= vars.k8s_runtime_abbr
- %>** tile and note the required stemcell version.
+1. In the **Stemcell Library**, locate the **TKGI** tile and note the required stemcell version.
1. Navigate to the [Stemcells (Ubuntu Jammy)](https://network.pivotal.io/products/stemcells-ubuntu-jammy/) page on <%= vars.product_network %>
and download the required Stemcell for VMware Tanzu version for your IaaS.
-1. Return to the **Installation Dashboard** in <%= vars.ops_manager %> and click **Stemcell Library**.
+1. Return to the **Installation Dashboard** in Ops Manager and click **Stemcell Library**.
1. On the **Stemcell Library** page, click **Import Stemcell** and select the stemcell file you downloaded from <%= vars.product_network %>.
-1. Select the <%= vars.k8s_runtime_abbr
- %> tile and click **Apply Stemcell to Products**.
+1. Select the TKGI tile and click **Apply Stemcell to Products**.
-1. Verify that <%= vars.ops_manager %> successfully applied the stemcell. The stemcell version you imported and applied appears in the **Staged** column for <%= vars.k8s_runtime_abbr
- %>.
+1. Verify that Ops Manager successfully applied the stemcell. The stemcell version you imported and applied appears in the **Staged** column for TKGI.
1. Return to the **Installation Dashboard**.
-### 
+ 
+ 
-## 
+ 
+
+
+
@@ -88,8 +88,8 @@ In this topology, a single vSphere compute cluster hosts all Kubernetes clusters
You can configure a single computer cluster in the following ways:
-- If you use a single <%= vars.product_short %> foundation, create an AZ that is mapped directly to the single cluster.
-- If you use multiple <%= vars.product_short %> foundations, create an AZ that is mapped to this single cluster and a Resource Pool.
+- If you use a single Tanzu Kubernetes Grid Integrated Edition foundation, create an AZ that is mapped directly to the single cluster.
+- If you use multiple Tanzu Kubernetes Grid Integrated Edition foundations, create an AZ that is mapped to this single cluster and a Resource Pool.
With this topology, you can create multiple vSAN datastores on the same compute cluster using different disk groups on each ESXi host. PVs, backed by respective VMDK files, can be dispatched across the datastores to mitigate the impact of datastore failure. For StatefulSets, all PVs used by different instances of the replica land in the same datastore.
@@ -101,7 +101,7 @@ This topology has the following failover scenarios:
## 
@@ -148,7 +148,7 @@ Refer to the following diagram:
## 
diff --git a/vsphere-prepare-env.html.md.erb b/vsphere-prepare-env.html.md.erb
index db6cd116d..558ea1b91 100644
--- a/vsphere-prepare-env.html.md.erb
+++ b/vsphere-prepare-env.html.md.erb
@@ -3,21 +3,21 @@ title: Creating Dedicated Users and Roles for vSphere (Optional)
owner: Ops Manager
---
-This topic describes how to create dedicated users and roles for your vSphere environment before deploying <%= vars.product_full %> (<%= vars.k8s_runtime_abbr %>).
+This topic describes how to create dedicated users and roles for your vSphere environment before deploying VMware Tanzu Kubernetes Grid Integrated Edition (TKGI).
- and viewing your account information.
-1. For **Cluster Name Prefix**, enter a name prefix for identifying the <%= vars.k8s_runtime_abbr %> clusters in Tanzu Mission Control.
+1. For **Cluster Name Prefix**, enter a name prefix for identifying the TKGI clusters in Tanzu Mission Control.
This name prefix cannot contain uppercase letters. For more information, see the see [Cluster Group Name Limitation for Tanzu Mission Control Integration](./release-notes.html#1-6-0-tmc-names) in the Release Notes.
@@ -587,16 +587,16 @@ For more information about Tanzu Mission Control, see the <a href=){kind=link}