Encrypting Kubernetes Persistent Volumes on vSphere (Video)

In this video, we look at how to create a Storage Policy Based Management (SPBM) with the VM Encryption feature which can be used with vSphere CSI/CNS to create a Kubernetes Storage Class that encrypts Persistent Volumes. This feature is only available with the CSI 2.0 driver for native, upstream Kubernetes deployed on vSphere 7.0 (at the time of writing). You will also need to have a Key Management Server available to the vSphere host to create a policy that allows encryption. Finally, encrypted Persistent Volumes can only be attached to encrypted virtual machines, meaning that at least one of…

Cloud Native Storage (CNS) in vSphere with Kubernetes/Tanzu (Video)

A short video explaining the role of the vSphere CSI (Container Storage Interface) driver and CNS (Cloud Native Storage) in both the vSphere with Kubernetes/Tanzu Supervisor Cluster and in the Tanzu Kubernetes Grid (TKG) Guest Cluster. This video discusses the role of the CSI driver in the Supervisor cluster, and the pvCSI driver (para-virtual CSI driver) in the TKG guest cluster. We also look at how the pvCSI communicates CNS control plane in the vCenter Server via the CSI driver in the Supervisor Cluster to request Persistent Volume operations on behalf of the Guest Cluster.

Getting started with the TKG (standalone) Command Line (Videos)

In this post, I have two short videos demonstrating how to (1) deploy the Tanzu Kubernetes Grid (standalone) management cluster using the “tkg” command line tool, and then once the TKG management cluster has been deployed, I show how to (2) very simply deploy a subsequent TKG workload cluster using the same “tkg” command. If you wish to know more detail, check out my full post on how to deploy TKG (standalone) step-by-step using the command line “tkg”. Here is the video (4m 27s) demonstrating how to deploy the TKG (standalone) management cluster. And this video (3m 57s) demonstrates how…

A closer look at vSphere with Kubernetes Permissions

In many of my recent posts about vSphere with Kubernetes, I use a single user (administrator@vsphere.local) to do all of my work. This allows me to carry out a range of activities without worrying about permissions. This vSphere Single Sign-On (SSO) administrator has “edit” permissions on all of the vK8s namespaces. In this post, I want to look at how to assign some different vSphere SSO users and permissions to different namespaces, and also how these permissions are implemented in the vK8s platform (through the Kubernetes ClusterRole and RoleBinding constructs). Let’s start with a view of what a namespace looks…

vSphere with Kubernetes on VCF 4.0.1 Consolidated Architecture

VMware recently announced that availability of VMware Cloud Foundation (VCF) 4.0.1. I was particularly interested in this release as it introduced some enhancements around vSphere with Kubernetes deployments on the VCF Management Domain. We refer to the deployment of an application onto the management domain as a VCF consolidated architecture. Whilst we were able to deploy vSphere with Kubernetes on the management domain in VCF version 4.0, it was not seamlessly integrated. In particular, it was not possible to select the management domain to do the necessary vSphere for Kubernetes validation tests. In VCF 4.0.1, it is now possible to…

Tanzu Kubernetes Grid from the tkg Command Line Interface

After spending quite a bit of time looking at vSphere with Kubernetes, and how one could deploy a Tanzu Kubernetes Grid (TKG) “guest” cluster in a namespace with a simple manifest file, I thought it was time to look at other ways in which customers could deploy TKG clusters on top of vSphere infrastructure. In other words, deploy TKG without vSphere with Kubernetes, or VMware Cloud Foundation (VCF) for that matter.  This post will look at the tkg command line tool to first deploy a TKG management cluster, and once that is stood up, we will see how simple it…

Gestalt IT Podcast – Orchestration is the reason enterprises haven’t adopted containers.

I was recently asked to participate in the Gestalt IT podcast. The format was a little different to what I am used to. In the podcast, Stephen Foskett suggests a premise and the participants are asked to share their opinions on it. Essentially, pick a side. Do you agree or disagree with the premise? In this podcast, the premise was Orchestration is the reason enterprises haven’t adopted containers. During the conversation, I had the opportunity to talk about a number of initiatives that are on-going at VMware related to Kubernetes. Have a listen and let me know what you think.