V7wk8s on The IT Hollow

Enable the Harbor Registry on vSphere 7 with Tanzu

Mon, 04 Jan 2021 21:50:57 +0000

Your Kubernetes clusters are up and running on vSphere 7 with Tanzu and you can’t wait to get started on your first project. But before you get to that, you might want to enable the Harbor registry so that you can privately store your own container images and use them with your clusters. Luckily, in vSphere 7 with Tanzu, the Harbor project has been integrated into the solution. You just have to turn it on and set it up.

Ingress Routing - TKG Clusters

Tue, 15 Sep 2020 14:05:00 +0000

If you have been following the series so far, you should have a TKG guest cluster in your lab now. The next step is to show how to deploy a simple application and access it through a web browser. This is a pretty trivial task for most Kubernetes operators, but its a good idea to know whats happening in NSX to make these applications available. We’ll walk through that in this post.

Deploying Tanzu Kubernetes Clusters on vSphere 7

Wed, 09 Sep 2020 14:15:00 +0000

This post will focus on deploying Tanzu Kubernetes Grid (TKG) clusters in your vSphere 7 with Tanzu environment. These TKG clusters are the individual Kubernetes clusters that can be shared with teams for their development purposes.

I know what you’re thinking. Didn’t we already create a Kubernetes cluster when we setup our Supervisor cluster? The short answer is yes. However the Supervisor cluster is a unique Kubernetes cluster that probably shouldn’t be used for normal workloads. We’ll discuss this in more detail in a follow-up post. For now, let’s focus on how to create them, and later we’ll discuss when to use them vs the Supervisor cluster.

Create a Content Library for vSphere 7 with Tanzu

Tue, 08 Sep 2020 14:15:00 +0000

In this post we’ll setup a vSphere Content Library so that we can use it with our Tanzu Kubernetes Grid guest clusters. If you’re not familiar with Content libraries, you can think of them as a container registry, only for virtual machines.

Why do we need a content library? Well, the content library be used to store the virtual machine templates that will become Kubernetes nodes when you deploy a TKG guest cluster.

Replace vSphere 7 with Tanzu Certificates

Mon, 31 Aug 2020 14:45:00 +0000

When setting up your vSphere 7 with Tanzu environment, its a good idea to update the default certificate shipped from VMware with your own certificate. This is a good security practice to ensure that your credentials are protected during logins, and nobody likes to see those pesky certificate warnings in their browsers anyway, am I right?

Create and Trust Certificate Authority

This section of the blog post is to create a root certificate. In many situations, you won’t need to do this since your organization probably already has a certificate authority that can be used to sign certificates as needed. Since I’m doing this in a lab, I’m going to create a root certificate and make sure my workstation trusts this cert first. After this, we can use the root certificate to sign our vSphere 7 certificates.

Connecting to a Supervisor Namespace

Mon, 24 Aug 2020 14:15:00 +0000

In this post we’ll finally connect to our Supervisor Cluster Namespace through the Kubernetes cli and run some commands for the first time.

In the last post we created a namespace within the Supervisor Cluster and assigned some resource allocations and permissions for our example development user. Now it’s time to access that namespace so that real work can be done using the platform.

First, login to vCenter again with the administrator@vsphere.local account and navigate to the namespace that was previously created. You should see a similar screen where we configured our permissions. In the Status tile, click one of the links to either open in a browser or copy the URL to then open in a browser.

Creating Supervisor Namespaces

Mon, 17 Aug 2020 14:15:00 +0000

Congratulations, you’ve deployed the Workload Management components for your vSphere 7 cluster. If you’ve been following along with the series so far, you’ll have left off with a workload management cluster created and ready to being configuring your cluster for use with Kubernetes.

The next step in the process is to create a namespace. Before we do that, it’s probably useful to recap what a namespace is used for.

Namespaces the Theory

Depending on your past experiences, a namespace will likely seem familiar to you in some fashion. If you have a kubernetes background, you’ll be familiar with namespaces as a way to set permissions for a group of users (or a project, etc) and for assigning resources. Alternatively, if you have a vSphere background, you’re used to using things like Resource Pools to set resource allocation.

vSphere 7 with Tanzu - Getting Started Guide

Tue, 14 Jul 2020 14:16:18 +0000

VMware released the new version of vSphere with functionality to build and manage Kubernetes clusters. This series details how to deploy, configure, and use a lab running vSphere 7 with Kubernetes enabled.

The instructions within this post are broken out into sections. vSphere 7 requires pre-requisites at the vSphere level as well as a full NSX-T deployment. Follow these steps in order to build your own vSphere 7 with Kubernetes lab and start using Kubernetes built right into vSphere.

Enable Workload Management

Tue, 14 Jul 2020 13:44:36 +0000

This post focuses on enabling the workload management components for vSphere 7 with Kubernetes. It is assumed that the vSphere environment is already in place and the NSX-T configuration has been deployed.

To enable workload management, login to your vCenter as the administrator@vsphere.local account. Then in the Menu, select Work

Within the Workload Management screen, click the ENABLE button.

The first screen in the wizard, will list your compatible vSphere clusters. These clusters must have HA and DRS enabled in fully automated mode. If you are missing clusters, make sure you have ESXi hosts on version 7 with HA and DRS enabled. You’ll also need a Distributed switch on version 7 for these clusters.

vSphere 7 with Kubernetes Environment and Prerequisites

Tue, 14 Jul 2020 13:42:33 +0000

This post describes the lab environment we’ll be working with to build our vSphere 7 with Kubernetes lab and additional prerequisites that you’ll need to be aware of before starting. This is not the only topology that would work for vSphere 7 with Kubernetes, but it is a robust homelab that would mimic many production deployments except for the HA features. For example, we’ll only install one (singular) NSX Manager for the lab where in a production environment would have three.

Tier-0 Gateway

Tue, 14 Jul 2020 13:39:41 +0000

This post will review the deployment and configuration of a Tier-0 gateway to provide north/south routing into the NSX-T overlay networks.

The Tier-0 (T0) gateway is where we’ll finally connect our new NSX-T backed overlay segments to the physical network through an NSX-T Edge which was previously deployed.

The Tier-0 gateway will connect directly to a physical VLAN and on the other side to our T1 router deployed in the previous post. From there, we should have all the plumbing we need to route to our hosts and begin using NSX-T to do some cooler stuff. In the end, the network topology will look something like this:

Tier-1 Gateway and NSX Segments

Tue, 14 Jul 2020 13:36:56 +0000

This post will focus on deploying our first NSX Gateway/Router and setting up our overlay segments. Before you can start these steps, the Edge nodes should be up and running so that they can support the Tier-1 gateways.

NSX uses two types of routers/gateways. We’ll start by using a Tier-1 (T1) router. These routers are usually used to pass traffic between NSX overlay segments. We could create NSX segments without any routers, but it would require a router to pass traffic between these segments so we will create a T1 router first.

Deploy NSX-T Edge Nodes

Tue, 14 Jul 2020 13:26:22 +0000

NSX-T Edge nodes are used for security and gateway services that can’t be run on the distributed routers in use by NSX-T. These edge nodes do things like North/South routing, load balancing, DHCP, VPN, NAT, etc. If you want to use Tier0 or Tier1 routers, you will need to have at least 1 edge node deployed. These edge nodes provide a place to run services like the Tier0 routes. When you first deploy an edge, its like an empty shell of a VM until these services are needed.

NSX Pools, Zones, and Nodes Setup

Tue, 14 Jul 2020 13:23:46 +0000

In the previous post we deployed an NSX Manager. Now it’s time to start configuring NSX so that we can build cool routes, firewall zones, segments, and all the other NSX goodies. And even if we don’t want to build some of these things, we’ll need this setup for vSphere 7 with Kubernetes.

Add an IP Pool

The first thing we’ll setup is an IP Pool. As you might guess, an IP Pool is just a group of IP Addresses that we can use for things. Specifically, we’ll use these IP Addresses to assign Tunnel Endpoints (Called TEPs previously called VTEPs in NSX-V parlance) to each of our ESXi hosts that are participating in the NSX Overlay networks. The TEP becomes the point in which encapsulation and decapsulation takes place on each of the ESXi hosts. Think of it this way, when encapsulated traffic needs to be routed to a VM on a host, what IP Address do we need to send the traffic to, so that it can reach that VM. This is the TEP. We need to setup a TEP on each host, and the IP Addresses for these TEPs come from an IP Pool. Since I have three hosts, and expect to deploy 1 edge nodes, I’ll need a TEP Pool with at least 4 IP Addresses. Size your environment appropriately.

NSX Installation

Tue, 14 Jul 2020 13:18:52 +0000

This post will focus on getting the NSX-T Manager deployed and minimally configured in the lab. NSX-T is a pre-requisite for configuring vSphere 7 with Kubernetes as of the time of this writing.

Deploy the NSX Manager

The first step in our build is to deploy the NSX Manager from an OVA template into our lab. The NSX Manager is the brains of the solution and what you’ll be interacting with as a user. Each time you configure a route, segment, firewall rule, etc., you’ll be communicating with the NSX Manager. Download and deploy the OVA into your vSphere lab.