Dynamic RWX volumes now supported in TKC in vSphere with Tanzu

Last week, a new release of Tanzu Kubernetes (v1.22.9) became available which allows Tanzu Kubernetes clusters deployed through the TKG Service (TKGS) on vSphere with Tanzu to support dynamic read-write-many (RWX) volumes. This now means that if vSAN File Service is available on the vSphere cluster where vSphere with Tanzu is enabled, volumes can be dynamically created which can be shared between multiple Pods. This is something that many customers have been waiting for, so I am delighted to see that it is finally available. There is one setup step needed in vSphere with Tanzu to enable this functionality. In…

VMware to open R&D office in Dublin, Ireland

Some really good news for those of us working for VMware and based here in Ireland. VMware Research and Development are opening a new facility in Dublin. Dublin will also become a location for developing operational expertise focusing on VMware managed data services to forge the multi-cloud platform of the future. Yesterday, our CTO Kit Colbert was in Ireland for the announcement. Really enjoyed meeting with Minister @mmcgrathtd and Victoria Mackechnie (Irish Development Authority) as we officially announced our intention to set up an engineering office and hub here in Dublin, focused on building out our core Cross-Cloud SaaS Platform!…

Multi-Factor/External Authentication on VMware Cloud Foundation

I recently had a question about multi-factor authentication within VCF, VMware Cloud Foundation. I was able to find out the answer after sending the query to a few folks on the VCF team. It transpires that VMware have recently delivered MFA (Duo support) and external Authn/AuthZ (Oasis, SAML, OKtA, AzureAD, PING) via a joint partner solution with Entrust. Support for VMware Cloud Foundation (VCF) and SDDC Manager appears in HyTrust CloudControl, Version 6.4. Per the CloudControl Administration Guide, when SDDC manager is added to CloudControl, the inventory of the vSphere and NSX-T resources can be viewed. Access control policies can…

MinIO Service deployment in vSphere with Tanzu [Video]

In this video, I demonstrate how to register a MinIO (S3 Object Store) vSphere Service in vSphere with Tanzu. This service is using the vSAN Data Persistence platform (DPp) to provide persistent storage for the service. Once the MinIO service is registered, it may be installed on vSphere with Tanzu. This include a plugin which provides new menu options in the vSphere client. The demonstration goes on to show how to use these new menu options to deploy a MinIO S3 Object Store to a vSphere Namespace in vSphere with Tanzu.

vSAN Data Persistence platform (DPp) Revisited

Around 18 months ago, I published an article which highlighted a new feature called vSAN Data Persistence platform, or DPp for short. Basically, it describes a set of vSphere services built into vSphere with Tanzu. There are a few changes since I last wrote about it. For that reason, I thought I would revisit it. I am going to use my recently updated vCenter Server version 7.0.3e (build 19717403), and vSphere with Tanzu Supervisor Cluster v1.22. In this post, I will go through the new steps that demonstrate how to install MinIO as a vSphere Service. I will then show…

vSphere with Tanzu – TKG SSH and Harbor Registry access [Videos]

I created a couple of new videos to compliment some of my recent posts. The first shows how to get SSH access to a TKG cluster that resides on an NSX-T network segment. The second demonstrates how to enable a TKG cluster to authenticate against the embedded Harbor Image Registry project that is created for the vSphere Namespace within which the TKG cluster has been provisioned. Hope you find them useful. Please note that the embedded Harbor Image Registry is only available on vSphere with Tanzu and NSX-T. vSphere with Tanzu with NSX-T networking is available for both on-premises deployments…

How to access embedded shared image registry from TKG cluster

vSphere with Tanzu ships with an embedded Harbor Image Registry to store container images. However, by default, TKG clusters deployed in a vSphere Namespace cannot access the registry. In this post, I will demonstrate how to allow a TKG guest / workload cluster to access the Harbor Image Registry. To do that, the image registry secret is retrieved at the vSphere Namespace level, and a new secret matching the Harbor Image Registry secret is created in the TKG cluster. Once created, this TKG level secret can be used to authenticate and pull container images for pods in the TKG cluster.…