Security is top of mind for most, if not all, of our customers these days. Many years ago, I wrote a blog post on how customers could encrypt Kubernetes Persistent Volumes with an external Key Provider. One of our customers recently reached out to me to ask if we had any plans to provide similar support with the Native Key Provider. As my focus has been in other areas recently, I reached out to our CSI engineering team for an update. I then found out that support was added in our most recent release, vSphere 8.0U3. While no changes we…
In this series of posts, we saw in part 1 how to setup Aria Automation version 8.17. This is required for Cloud Consumption Interface support. In part 2, we saw how to enable the Cloud Consumption interface (CCI) in the Supervisor of vSphere with Tanzu. However, even though CCI is now deployed as a Supervisor Service, it is not yet completely configured to work with Aria Automation. Thus, it is still not yet possible for an Aria Automation user to interact with the Supervisor in vSphere with Tanzu to create TKG clusters or VMs using the VM Service. This is…
In the part 1 blog post, we discussed how to setup Aria Automation version 8.17 so that it could be used with Cloud Consumption Interface (CCI) to provision databases using Data Services Manager. In this post, we will look at the steps to integrate Aria Automation with CCI. There is a dependency here on vSphere 8.0U2 and vSphere with Tanzu, which we will assume has already been deployed. Thus, the main task at this point is to setup and enable the CCI Service on the Supervisor Cluster of vSphere with Tanzu. (Although I haven’t done a blog post of vSphere…
One of the common asks we get from customers on Data Services Manager (DSM) 2.0 is the following: “I already run Kubernetes. Is it possible to create databases from my existing Kubernetes clusters using DSM?”. The answer is Yes. We provide a piece of software called the DSM Consumption Operator. This installs on your local Kubernetes (K8s) cluster and allows admins or developers to request the creation of databases (PostgreSQL, MySQL). On receipt of this request, DSM provisions its own K8s cluster, and then provisions the database on top. Your admins or developers can then connect to the database and…
I’ve seen a number of queries around the behaviour of vSphere with Tanzu when it comes to querying Kubernetes objects on the Supervisor Cluster. More often than not, it is a question which arises when a user get an error similar to the following: Error from server (Forbidden): wcpnamespaces.appplatform.wcp.vmware.com is forbidden: \ User “sso:Administrator@vsphere.local” cannot list resource “wcpnamespaces” in API group \ “appplatform.wcp.vmware.com” in the namespace “cormac-ns” The reason for these errors is because the Supervisor Cluster is not treated as a general purpose Kubernetes cluster. The predominant role of the Supervisor Cluster is to provide services, such as the…
One of the key features of the TKG 2.0 on vSphere 8 announcement at VMware Explore 2022 is the consolidation of our the Tanzu Kubernetes offerings into a single unified Kubernetes runtime. This can be considered the second edition of VMware Tanzu Kubernetes Grid. It will still come in two flavors. One flavor is as a VM-based standalone management cluster whilst the other flavor will be Supervisor-based, integrated into vSphere with Tanzu. However, the important point is that both flavors now have the same APIs for cluster provisioning, same tooling for extension management, and the same model for release distribution.…
Following on from last week’s preview of multi-AZ in vSphere with Tanzu available in vSphere 8.0, I now turn my attention to another great feature. In this post, I will preview the new Pinniped integration to provide an easy and secure login to Tanzu Kubernetes clusters. I’ve discussed Pinniped a number of times on this site, but those previous posts relate to standalone TKG clusters (often referred to as TKGm). However, with vSphere 8.0, vSphere with Tanzu also has Pinniped integration. In a nutshell, vSphere Administrators can now federate an external Identity Provider (IDP) with the Supervisor cluster. This means…