After recently presenting on the topic of the vSphere CSI driver, I received feedback from a number of different people that the current install mechanism is a little long-winder and prone to error. The request was for a Helm Chart to make things a little easier. I spoke to a few people about this internally, and while we have some long term plans to make this process easier, we didn’t have any plans in the short term. At that point, I reached out to my colleague and good pal, Myles Gray, and we decided we would try to create our…
I added a few enhancements to vTopology recently, notably the ability to display the details about the version and status of the vSphere CSI driver that is being used in a Kubernetes (K8s) deployment. I tested this on native K8s, vSphere with Tanzu TKG (Tanzu Kubernetes Grid) guest clusters, standalone TKG clusters as well as TKGI (formerly Enterprise PKS). Using the -csi option, you can now get details regarding the image versions, and also checks on the ready state of the CSI controller and CSI nodes. This is the example take from a standalone TKG deployment. simply ensure that your…
In this video, we look at how to create a Storage Policy Based Management (SPBM) with the VM Encryption feature which can be used with vSphere CSI/CNS to create a Kubernetes Storage Class that encrypts Persistent Volumes. This feature is only available with the CSI 2.0 driver for native, upstream Kubernetes deployed on vSphere 7.0 (at the time of writing). You will also need to have a Key Management Server available to the vSphere host to create a policy that allows encryption. Finally, encrypted Persistent Volumes can only be attached to encrypted virtual machines, meaning that at least one of…
A short video explaining the role of the vSphere CSI (Container Storage Interface) driver and CNS (Cloud Native Storage) in both the vSphere with Kubernetes/Tanzu Supervisor Cluster and in the Tanzu Kubernetes Grid (TKG) Guest Cluster. This video discusses the role of the CSI driver in the Supervisor cluster, and the pvCSI driver (para-virtual CSI driver) in the TKG guest cluster. We also look at how the pvCSI communicates CNS control plane in the vCenter Server via the CSI driver in the Supervisor Cluster to request Persistent Volume operations on behalf of the Guest Cluster.
In this post, I have two short videos demonstrating how to (1) deploy the Tanzu Kubernetes Grid multi-cloud (TKGm) management cluster using the “tkg” command line tool, and then once the TKG management cluster has been deployed, I show how to (2) very simply deploy a subsequent TKG workload cluster using the same “tkg” command. Note that at I have updated this post to use the TKGm acronym, as this is now how we are marketing this particular product. Previously, the term standalone was used. If you wish to know more detail, check out my full post on how to…
In many of my recent posts about vSphere with Kubernetes, I use a single user (administrator@vsphere.local) to do all of my work. This allows me to carry out a range of activities without worrying about permissions. This vSphere Single Sign-On (SSO) administrator has “edit” permissions on all of the vK8s namespaces. In this post, I want to look at how to assign some different vSphere SSO users and permissions to different namespaces, and also how these permissions are implemented in the vK8s platform (through the Kubernetes ClusterRole and RoleBinding constructs). Let’s start with a view of what a namespace looks…
VMware recently announced that availability of VMware Cloud Foundation (VCF) 4.0.1. I was particularly interested in this release as it introduced some enhancements around vSphere with Kubernetes deployments on the VCF Management Domain. We refer to the deployment of an application onto the management domain as a VCF consolidated architecture. Whilst we were able to deploy vSphere with Kubernetes on the management domain in VCF version 4.0, it was not seamlessly integrated. In particular, it was not possible to select the management domain to do the necessary vSphere for Kubernetes validation tests. In VCF 4.0.1, it is now possible to…