As I prep myself for some upcoming VMUGs in EMEA, I realized that I hadn’t made any mention on a new product that we recently introduced in the CNA (Cloud Native Apps) space called Admiral. In a nutshell, Admiral is a Container Management platform for deploying and managing container based applications, intended to provide automated deployment and life cycle management of containers. Now, while Admiral can be used to deploy container directly to virtual machines that are running docker (e.g. Photon OS), it can also be used with vSphere Integrated Containers, and you can deploy containers via the VCH (Virtual Container Host). On top of that, Admiral can also be used with Project Harbor container repositories that you may have deployed in your environment. This gives a very nice end-to-end story when using containers with vSphere. Let’s take a closer look.
1. Deploy Admiral
This is very straight-forward. Deploy a VM (in this case, Photon OS), start/enable docker, and deploy Admiral as a container. Note the port mapping of 8282:
[ ~ ]# systemctl start docker [ ~ ]# systemctl enable docker [ ~ ]# docker run -d -p 8282:8282 --name admiral vmware/admiral Unable to find image 'vmware/admiral:latest' locally latest: Pulling from vmware/admiral cb261545df3a: Pull complete 49c266ee129c: Pull complete ce4c0f9e0889: Pull complete 6ca363de293a: Pull complete df06bdf7edd7: Pull complete 913e27cbda48: Pull complete Digest: sha256:2bfe48271aa0f1ef5339260ca5800f867f25003521da908e961e59005fdd13a4 Status: Downloaded newer image for vmware/admiral:latest 9de9402a88eb3e31aa26cc4a0aa3d30e6f6c8c1c788db91a0d99f5b3556f171f [ ~ ]#
Next, open a browser, point it to this VM and port 8282. You should observe the following Admiral landing page:
Let’s now go ahead and add a host. As mentioned, this could be as something as simple as a VM (running docker) that you wish to deploy containers to, but in this example we are going to point it at a VIC deployment. You will need the public and private certificates from your VCH deployment, as well as the docker API endpoint. To get the docker API endpoint provided by a VCH, the following command can be used from the host where the VCH was deployed:
[ /workspace/vic ]# ./vic-machine-linux inspect \ -t 'firstname.lastname@example.org:VMware123email@example.com' INFO[2016-11-09T11:42:50Z] ### Inspecting VCH #### INFO[2016-11-09T11:42:50Z] INFO[2016-11-09T11:42:50Z] VCH ID: VirtualMachine:vm-1207 INFO[2016-11-09T11:42:51Z] INFO[2016-11-09T11:42:51Z] Installer version: v0.6.0-4890-4f98611 INFO[2016-11-09T11:42:51Z] VCH version: v0.6.0-4890-4f98611 INFO[2016-11-09T11:42:51Z] INFO[2016-11-09T11:42:51Z] VCH upgrade status: INFO[2016-11-09T11:42:51Z] Installer has same version as VCH INFO[2016-11-09T11:42:51Z] No upgrade available with this installer version INFO[2016-11-09T11:42:51Z] INFO[2016-11-09T11:42:51Z] vic-admin portal: INFO[2016-11-09T11:42:51Z] https://10.27.51.18:2378 INFO[2016-11-09T11:42:51Z] INFO[2016-11-09T11:42:51Z] DOCKER_HOST=10.27.51.18:2376 INFO[2016-11-09T11:42:51Z] INFO[2016-11-09T11:42:51Z] Connect to docker: INFO[2016-11-09T11:42:51Z] docker -H 10.27.51.18:2376 --tls info INFO[2016-11-09T11:42:51Z] Completed successfully [ /workspace/vic ]#
The docker API endpoint is highlighted in red above. You will also need the public certificate and private key to authenticate to the VCH from Admiral. This information is found in the directory where you initially deployed the VCH using vic-machine-*, and by default will be called virtual-container-host-cert.pem and virtual-container-host-key.pem. The names will be different if you used a non-default name for the VCH.
With this information, we can now go ahead and add this VCH as a host to Admiral. Back in the Admiral UI, click on Add Host, and enter the IP address of the docker API endpoint, as well as the port (2376). In the placement zone section, simply select the default placement zone. In the login credentials section, select new credentials, change the type from user to certificate, and add the public certificate and private key contents to the appropriate sections, as shown here:
Click on the blue check associated with the credentials, and it should temporarily go green to show success. Finally, click on Add to complete the addition of this Virtual Container Host (VCH) to Admiral. That completes the VIC integration part. You should now be able to deploy “containers as VMs” to that VCH/docker API endpoint. If you go to the Templates view in Admiral, you should see a bunch of container templates that are ready to deploy. These templates are from the default docker hub repository, which is pre-configured with Admiral. You can verify that everything is working by selecting any of those containers and provisioning it:
[ /workspace/vic ]# docker -H 10.27.51.18:2376 --tls ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ef98ebbbe9c3 library/nginx:latest "nginx -g daemon off;" 5 minutes ago \ Running nginx-mcm136_27086590482 6c8d6a4add24 ubuntu "bash" 7 days ago Exited (0) insane_einstein [ /workspace/vic ]#
Excellent. That is the orchestration framework taken care of. And of course, you can add multiple VCH instances as hosts if you so wish. Lets now see if we can use Project Harbor as a repository, instead of the docker hub one, or maybe with the docker hub repository.
3. Orchestrate container deployments from Harbor to VIC via Admiral
In the Templates view in Admiral, click on the “Manage Registries” button. This should show the default registry, which is of course docker hub. That is where all the templates that you observed previously were available from. Now click on the +Add button, and we will add a registry from our Harbor deployment.
Now you can see that I have both docker hub, and my own Harbor repro. I can now search for templates in both repos by simply typing in the name of a desired container. I have a container called cormac-nginx, and if I search on that, Admiral will only display those containers/templates which match.
And just like before, you can use Admiral to provision that template from Harbor down to the VCH, allowing for full integration between Admiral (Orchestration), Harbor (Repository) and VIC (Docker API endpoint with “containers as VMs”). Nice.
You can learn more about Admiral, and even contribute to it, via Github.