Appliance IP requirements FAQs
The TrendMiner appliance (both when installed as a single node or as a virtual appliance) uses Kubernetes (K3S) as its infrastructure layer, which needs a range of IP addresses for internal communication between different pods and services.
By default the appliance needs the following IP ranges:
These IP addresses should not be used by other applications/servers running on the network on which TrendMiner is deployed. The IPs that are reserved by K3S are only available locally, these are not external interfaces and do not need to be routable. If your company is already using one or more of these IP addresses locally, please contact TrendMiner support to configure different ranges before installing or upgrading TrendMiner.
Local usage can include, but is not limited to: a user, an LDAP server, a TrendMiner connector, a DNS server, ... None of these should use an IP from the above ranges.
Q&A
Q: Why does TrendMiner need such a big range of IP addresses? Can we configure a smaller range?
A: Each pod/service needs a different IP and pods/services can be dynamically created. Because TrendMiner deploys quite some pods/services a wide range is needed. To be future proof the minimal ranges required are /24 ranges.
Q: What is the reason for needing separate /24 subnets as opposed to a single subnet with a wider range of addresses?
A: TrendMiner runs on Kubernetes which uses one subnet for the pods and another for the services. From the third range TrendMiner only needs 1 single IP but the other IP addresses cannot be used by other machines on the network to avoid conflicts.
Q: Does each address need to access the wider network (e.g. the historian and/or the plant integration server) or are the services’ IPs only used for VM internal communication with each other and the appliance via http/APIs?
A: It is mainly for internal communication. But the NAT is done on the virtual machine and if the IPs overlap the VM doesn't know if the packet needs to be routed internal or external to the cluster.
Q: Since the VM does the NAT, the VM’s IP is the only one that needs a NIC assigned to it in the hypervisor?
A: Yes. Only the VM needs a NIC.
Q: Why does TrendMiner need a range of IP addresses instead of a range of ports?
A: The reason a range of IPs is required (and not a range of ports) is inherent to the Kubernetes stack. The different pods/containers require different internal IP addresses. It is not possible to use ports for this.