vSphere with Tanzu – TKG SSH and Harbor Registry access [Videos]

I created a couple of new videos to compliment some of my recent posts. The first shows how to get SSH access to a TKG cluster that resides on an NSX-T network segment. The second demonstrates how to enable a TKG cluster to authenticate against the embedded Harbor Image Registry project that is created for the vSphere Namespace within which the TKG cluster has been provisioned. Hope you find them useful. Please note that the embedded Harbor Image Registry is only available on vSphere with Tanzu and NSX-T. vSphere with Tanzu with NSX-T networking is available for both on-premises deployments…

How to access embedded shared image registry from TKG cluster

vSphere with Tanzu ships with an embedded Harbor Image Registry to store container images. However, by default, TKG clusters deployed in a vSphere Namespace cannot access the registry. In this post, I will demonstrate how to allow a TKG guest / workload cluster to access the Harbor Image Registry. To do that, the image registry secret is retrieved at the vSphere Namespace level, and a new secret matching the Harbor Image Registry secret is created in the TKG cluster. Once created, this TKG level secret can be used to authenticate and pull container images for pods in the TKG cluster.…

A closer look at vSphere with Tanzu networking with NSX-T

This post continues to build on some of the other work already done on vSphere with Tanzu and NSX-T. In previous posts, we’ve seen how to setup NSX-T so it can be used by vSphere with Tanzu. The steps to install NSX-T Manager and prepare ESXi hosts was looked at in part 1. We saw how to set up an NSX-T Edge in part 2. Then in part 3, the steps to create a tier-0 gateway with BGP for dynamic routing shown. Most recently, the various NSX-T objects and services that are configured when the Supervisor cluster is deployed were…

How to get SSH access to TKG nodes on vSphere with Tanzu and NSX-T

I have been spending a lot of time recently on vSphere with Tanzu and NSX-T. One of the tasks that I want to do is perform a network trace from a pod running on a TKG worker node. This will be for a future post. However, before running the trace, I need to secure shell (ssh) onto a TKG worker node in order to run the traceroute. This is more challenging with NSX-T compared to using vSphere networking. The reason why is because NSX-T provides “internal” network segments for the nodes which sit behind a tier-1 and tier-0 gateway. To…

NSX-T and vSphere with Tanzu – automatically created network objects and services

In my most recent posts, the steps to get NSX-T to a point where it is ready for vSphere with Tanzu are examined. A three-part blog series describes the NSX-T setup process for vSphere with Tanzu – see part 1, part 2, and part 3. In this post, we will take a look ‘under the covers’. I will look at the network objects and services that vSphere with Tanzu automatically builds in NSX-T. As per these previous configuration steps, a number of NSX-T system objects are setup, such as Compute Manager and Edge Cluster. Some network objects must also be…

vSphere with Tanzu and Tanzu Mission Control integration [Videos]

I created a few short videos to show the integration between Tanzu Mission Control (TMC) and vSphere with Tanzu. In the first demonstration, I show the steps involved in registering the vSphere with Tanzu Supervisor Cluster with Tanzu Mission Control. Basically, it involves retrieving a manifest from TMC, and deploying it to the Supervisor. In the second demo, I show how Tanzu Mission Control can be used to easily deploy Tanzu Kubernetes (TKG) workload clusters to vSphere with Tanzu once the Supervisor Cluster has been registered. Of course, once TMC is managing your cluster, all sorts of additional features are…

NSX-T and vSphere with Tanzu revisited (part 3 of 3)

The steps to deploy NSX-T Manager, create a Compute Manager and configuring NSX on the ESXi hosts were described in part 1 of this series of posts. The steps¬† to create an NSX-T Edge cluster were outlined in part 2. In this part 3 post, we will look at the final step in preparing an NSX-T environment for vSphere with Tanzu, and that is the creation and configuring of a tier-0 gateway. Networks that are created for Kubernetes workloads in vSphere with Tanzu will connect to this tier-0 gateway and subsequently allow external connectivity to the TKG clusters, e.g. developers…