I created a couple of new videos to compliment some of my recent posts. The first shows how to get SSH access to a TKG cluster that resides on an NSX-T network segment. The second demonstrates how to enable a TKG cluster to authenticate against the embedded Harbor Image Registry project that is created for the vSphere Namespace within which the TKG cluster has been provisioned. Hope you find them useful. Please note that the embedded Harbor Image Registry is only available on vSphere with Tanzu and NSX-T. vSphere with Tanzu with NSX-T networking is available for both on-premises deployments…
vSphere with Tanzu ships with an embedded Harbor Image Registry to store container images. However, by default, TKG clusters deployed in a vSphere Namespace cannot access the registry. In this post, I will demonstrate how to allow a TKG guest / workload cluster to access the Harbor Image Registry. To do that, the image registry secret is retrieved at the vSphere Namespace level, and a new secret matching the Harbor Image Registry secret is created in the TKG cluster. Once created, this TKG level secret can be used to authenticate and pull container images for pods in the TKG cluster.…
Just recently I had reason to have my TKG (Tanzu Kubernetes) guest cluster pull images from the embedded Harbor container image registry which is available as part of vSphere with Tanzu. Now, I did this in the past but there were quite a few hoops that you needed to jump through in order to make this work. I wrote about how I did it here. So I was pleased to see that the following update was included in the vSphere with Tanzu Release Notes that coincided with vSphere 7.0U1c last December: Integration with Registry Service – Newly created Tanzu Kubernetes clusters…
In this post, I am going to outline the steps involved to successfully deploy a Tanzu Kubernetes Grid (TKG) management cluster and workload clusters in an internet restricted environment. [Note: since first writing this article, we appear to have standardized on TGKm – TKG multi-cloud – for this product. This is often referred to as an air-gapped environment. Note that for part of this exercise, a virtual machine will need to be connected to the internet in order to pull down the images requires for TKG. Once these have been downloaded and pushed up to our local Harbor container image…
Over the thanksgiving break, I took the opportunity to look at the steps required to deploying Tanzu Kubernetes Grid (TKGm) in an air-gapped or internet-restricted environment. The first step to achieving this was to deploy the Harbor Container Image Registry locally in my own environment. While I’ve written about Harbor quite a bit in the early days, I haven’t looked at it in earnest recently, so it was good to revisit it and see what changed. In this post, I’ll walk through the steps involved, and point you to few scripts that I developed to speed up the process. At…
A number of readers have hit me up with queries around how they can use the integrated Harbor image repository (that comes integrated with vSphere with Kubernetes) for applications that are deployed on their Tanzu Kubernetes Grid clusters, sometimes referred to as guest clusters. Unfortunately, there is no defined workflow on how to achieve this. The reason for this is that there are a number of additional life-cycle management considerations that we need to take into account before we can fully integrate these components. This includes adding new TKG nodes to the image registry as a TKG cluster is scaled.…
This short video will demonstrate how to deploy the embedded Harbor Image Registry in vSphere with Kubernetes. It will highlight the different PodVMs used for Harbor, as well as the Persistent Volumes required by some of the PodVMs. The demo will look at the integration between namespaces created in vSphere with Kubernetes and the Harbor projects. I will also show how to download the CA certificate to a client to enable remote access to Harbor. Finally, I will show how to tag and push some images up to the image registry.