Posts

There is a worldwide pandemic going on right now and it has disrupted practically everything. Many people are worried not only about their health and families health, but also their job situations. I feel incredibly fortunate that my employer seems intent on continuing to work through this situation and that I am already a remote worker most of the time. My team was asked to of course take care of our families, but also to take this opportunity to learn something new. I took this respite from normal activities to try to learn how to do some basic Golang (Go) programming. I have a hard time focusing on a project sometimes when there are no specific goals in mind, so my “Hello World” attempt at programming in Golang was to grab the latest COVID-19 statistics and post them to slack once per day. ...

VMware Tanzu is a family of products and services for modernizing your applications and infrastructure with a common goal: deliver better software to production, continuously. The portfolio simplifies multi-cloud operations, while freeing developers to move faster and access the right resources for building the best applications. VMware Tanzu enables development and operations’ teams to work together in new ways that deliver transformative business results. One of these new solutions within the Tanzu brand is Mission Control. If you’re looking to get started with Tanzu Mission Control for management and visibility for your Kubernetes Clusters, start with the articles below. You’ll learn the basics of Tanzu Mission Control, how to deploy and manage Kubernetes clusters, assigning policies, and managing lifecycles of those clusters. ...

Controlling access to a Kubernetes cluster is an ongoing activity that must be done in conjunction with developer needs and is often maintained by operations or security teams. Tanzu Mission Control (TMC) can help use setup and manage these access policies across fleets of Kubernetes clusters, making everyone’s life a little bit easier. Setup Users Before we can assign permissions to a user or group, we need to have a user or group to assign these permissions. By logging into the VMware Cloud Services portal (cloud.VMware.com) and going to the Identity and Access Management Tab we can create and invite new users. You can see I’ve created a user. ...

What do you do if you’ve already provisioned some Kubernetes clusters before you got Tanzu Mission Control? Or maybe you’re inheriting some new clusters through an acquisition? Or a new team came on board and were using their own installation? Whatever the case, Tanzu Mission Control will let you manage a conformant Kubernetes cluster but you must first attach it. Attach An Existing Cluster For this example, I’ll be attaching a pre-existing Kubernetes cluster on vSphere infrastructure. This cluster was deployed via kubeadm as documented in this previous article about deploying Kubernetes on vSphere. ...

Kubernetes releases a new minor version every quarter and updating your existing clusters can be a chore. With updates coming at you pretty quickly and new functionality being added all the time, having a way to upgrade your clusters is a must, especially if you are managing multiples of clusters. Tanzu Mission Control can take the pain out of upgrading these clusters. It should be mentioned that the cluster upgrade procedure only works for clusters that were previously deployed through Tanzu Mission Control. If an existing cluster is attached to TMC after deployment, these cluster lifecycle steps won’t work. ...

No matter what flavor of Kubernetes you’re using, the cluster should have some high level of common functionality with the upstream version. To ensure this is the case Kubernetes conformance tests can validate your clusters. These tests are run by Sonobuoy which is an open source community standard. Tanzu Mission Control can run these tests on your clusters to ensure this conformance. They are a great way to make sure your cluster was installed, configured and operating properly. ...

I’ve written about deploying clusters in the past, but if you are a TMC customer, those steps can be skipped altogether. TMC will let us deploy a Kubernetes cluster and add it to management, all from the GUI or CLI. For this example, I’ll create a new Kubernetes cluster within my AWS account. Before we setup the cluster, we need to configure access to our AWS Account so that TMC can manage resources for us. ...

When we need to segment resources within a Kubernetes cluster, we often use a namespace. Namespaces can be excellent resources to create a boundary for either networking, role based access, or simply for organizational purposes. It may be common to have some standard namespaces across all of your clusters. Maybe you have corporate monitoring standards and the tools live in a specific namespace, or you always have an ingress namespace thats off limits to developers or something. Managing namespaces across cluster could be tedious, but Tanzu Mission Control lets us manage these namespaces centrally from the TMC console. ...

A pretty common task that a Kubernetes administrator must do is to resize the cluster. We need more nodes to handle more workloads, or we’ve overprovisioned a cluster and are trying to save costs. This usually took some custom automation scripts such as node autoscaler, or it was done manually based on request. Tanzu Mission Control can resize our cluster very simply from the TMC portal. Scale Out a Cluster Within the TMC Portal, find the cluster that needs to be resized. Within the cluster screen, find the “Node pools” menu. Node pools define the worker nodes that are part of the Kubernetes cluster thats been deployed. ...

Most of the blog posts I write about Kubernetes have examples using publicly available images from public image registries like DockerHub or Google Container Registry. But in the real world, companies use private registries for storing their container images. There are a list of reasons why you might want to do this including: Custom code is inside the container such as business logic or other intellectual property. On-premises private repos provide solutions to bandwidth or firewall restrictions. Custom scanning software is being integrated for vulnerability management. In this post, we’ll setup our Kubernetes cluster to be able to use a private container registry. ...