In this video, we look at how to create a Storage Policy Based Management (SPBM) with the VM Encryption feature which can be used with vSphere CSI/CNS to create a Kubernetes Storage Class that encrypts Persistent Volumes. This feature is only available with the CSI 2.0 driver for native, upstream Kubernetes deployed on vSphere 7.0 (at the time of writing). You will also need to have a Key Management Server available to the vSphere host to create a policy that allows encryption. Finally, encrypted Persistent Volumes can only be attached to encrypted virtual machines, meaning that at least one of…
A short video explaining the role of the vSphere CSI (Container Storage Interface) driver and CNS (Cloud Native Storage) in both the vSphere with Kubernetes/Tanzu Supervisor Cluster and in the Tanzu Kubernetes Grid (TKG) Guest Cluster. This video discusses the role of the CSI driver in the Supervisor cluster, and the pvCSI driver (para-virtual CSI driver) in the TKG guest cluster. We also look at how the pvCSI communicates CNS control plane in the vCenter Server via the CSI driver in the Supervisor Cluster to request Persistent Volume operations on behalf of the Guest Cluster.
In this post, I have two short videos demonstrating how to (1) deploy the Tanzu Kubernetes Grid (standalone) management cluster using the “tkg” command line tool, and then once the TKG management cluster has been deployed, I show how to (2) very simply deploy a subsequent TKG workload cluster using the same “tkg” command. If you wish to know more detail, check out my full post on how to deploy TKG (standalone) step-by-step using the command line “tkg”. Here is the video (4m 27s) demonstrating how to deploy the TKG (standalone) management cluster. And this video (3m 57s) demonstrates how…
As mentioned in a previous post this week, I am looking at vRealize Suite Life Cycle Manager (vRSLCM). I’m coming at this as a newbie, and I am trying to use it in much the same way as one of our customers would use it. I previously stood up vRSLCM, so now I am at the point of where I would like to deploy another vRealize application, namely vRealize Operations. Rather than pulling the OVA image from My VMware, I wanted to see the behaviour when I manually download the latest vROps OVA, version 8.1.1, and store it directly on…
Yesterday I spun my wheels a bit on an issue I encountered whilst trying to deploy vRealize Suite Life Cycle Manager (vRSLCM) via the vRealize Easy Installer. I downloaded the ISO, opened it up, navigated to the vrlcm-ui-installer folder and clicked on the installer.exe. I selected the Install option, then went through the steps to roll-out the vRSLCM product, as shown below. Almost immediately on completing the deployment I hit this error: “Failed to send http data”: I examined the logs and this is what I found: 2020-07-13T13:49:45.201Z – info: output:PROGRESS 2020-07-13T13:49:50.307Z – info: output: 2020-07-13T13:49:50.310Z – info: output: ERROR…
In many of my recent posts about vSphere with Kubernetes, I use a single user (administrator@vsphere.local) to do all of my work. This allows me to carry out a range of activities without worrying about permissions. This vSphere Single Sign-On (SSO) administrator has “edit” permissions on all of the vK8s namespaces. In this post, I want to look at how to assign some different vSphere SSO users and permissions to different namespaces, and also how these permissions are implemented in the vK8s platform (through the Kubernetes ClusterRole and RoleBinding constructs). Let’s start with a view of what a namespace looks…
VMware recently announced that availability of VMware Cloud Foundation (VCF) 4.0.1. I was particularly interested in this release as it introduced some enhancements around vSphere with Kubernetes deployments on the VCF Management Domain. We refer to the deployment of an application onto the management domain as a VCF consolidated architecture. Whilst we were able to deploy vSphere with Kubernetes on the management domain in VCF version 4.0, it was not seamlessly integrated. In particular, it was not possible to select the management domain to do the necessary vSphere for Kubernetes validation tests. In VCF 4.0.1, it is now possible to…