Today I wanted to take a closer look at the new Tanzu Kubernetes Cluster YAML format (v1alpha2) which extends the configurability of TKG clusters that are deployed via the TKG Service (TKGS) in vSphere with Tanzu. We will look at this from two viewpoints. The first is to show you the differences when it comes to creating a new TKG cluster, as there are a number of different manifest settings now required with the v1alpha2 format. The second viewpoint is to look at how to upgrade the Tanzu Kubernetes Release (tkr) on an existing cluster which has been upgraded from…
Now that vSphere 7.0U3c is available, I thought it might be a good time to revisit some of the vSphere with Tanzu features that have appeared in recent editions. The first of these is the Namespace Service, which enables dev-ops personas to create their own Supervisor Namespaces through the command line via kubectl. We have extended this feature in vSphere 7.0U3c to allow dev-ops to add their own Kubernetes labels and annotations. Let’s take a look at how this works, and how the vSphere Administrator can put guardrails around the amount of vSphere resources this persona can consume when creating…
This week, I have been looking at the new features in TKG v1.4.1 for vSphere which dropped very recently. You can find the TKG v1.4.1 Release Notes here. Probably the most notable feature is that TKG v1.4.1 is now supported in Tanzu Mission Control, so you can now add this to your suite of Kubernetes clusters that are centrally managed from TMC. Note that a few things have changed around how to register a TKG management cluster with TMC which I will cover shortly. The other item that caught my attention was the fact that the Identity Management components that…
LDAP integration with Pinniped and Dex is a topic that I have written about before, particularly with TKG v1.3. However, recently I had reason to deploy TKG v1.4 and noticed some nice new enhancements around LDAP integration that I thought it worthwhile highlighting. One is the fact that you no longer need to have a web browser available in the environment where you are configuring LDAP credentials which was a requirement is the previous version. In this post, I will deploy a TKG v1.4 management cluster on vSphere. This environment uses the NSX ALB to provide IP addresses for both…
Earlier this month, I had my first look at network policies in Tanzu Mission Control (TMC). This earlier post looked at a very simple network policy where I used a web server app, and showed how we could control access to it from other pods by using labels. In this post, I wanted to do something that is a bit more detailed. For the purposes of this test, I will use a pod based NFS server, and then control access to it from other pods who wish to mount the NFS file share from the server pod. I have already…
Some time back, I wrote a blog post about how to use the network policies available with the Antrea CNI (Container Network Interface). In that post we looked at how to create a simple network policy to prevent communication between pods in a Tanzu Kubernetes cluster, based on pod selectors / labels. We stood up a simply web server and a standalone pod, and showed how the pod could access the web server when no network policies were in place. We then proceeded to create a network policy that only allowed pods to communicate to each other if the pod…
Today, we will look at another feature of Tanzu Mission Control: Data Protection. In an earlier post, we saw how Tanzu Mission Control, or TMC for short, can be used to manage and create clusters on vSphere that have Identity Management integrated with LDAP/Active Directory. We also saw how TMC managed Tanzu Kubernetes clusters on vSphere utilized the NSX ALB for Load Balancing services in that same post. Now we will deploy an S3 Object Store from MinIO to an on-premises Tanzu Kubernetes cluster. This will then become the “backup target” for TMC Data Protection. TMC Data Protection uses the…