Using Tanzu Mission Control Data Protection with on-premises S3 (MinIO)

Today, we will look at another feature of Tanzu Mission Control: Data Protection. In an earlier post, we saw how Tanzu Mission Control, or TMC for short, can be used to manage and create clusters on vSphere that have Identity Management integrated with LDAP/Active Directory. We also saw how TMC managed Tanzu Kubernetes clusters on vSphere utilized the NSX ALB for Load Balancing services in that same post. Now we will deploy an S3 Object Store from MinIO to an on-premises Tanzu Kubernetes cluster. This will then become the “backup target” for TMC Data Protection. TMC Data Protection uses the…

Using Tanzu Mission Control for managing LDAP/AD access policies for workload clusters

I’ve recently been looking at some of the features around Tanzu Mission Control. Tanzu Mission Control (or TMC for short) is a VMware SaaS offering for managing and monitoring your Kubernetes Clusters across multiple clouds. My particular interest on this occasion was around the access policy features, especially when the Tanzu Kubernetes Grid (TKG) workload clusters were deployed with LDAP/Active Directory integration via the Pinniped and Dex packages that are available with TKG. In this post, I will rollout my TKG management cluster, followed by a pair of TKG workload clusters. The TKG management cluster will be automatically integrated with…

Getting started with Carvel and tanzu packages in TCE

Hopefully many readers will have seen yesterdays announcement around Tanzu Community Edition, or TCE for short. I mentioned the fact that there are numerous community packages available in this new, free, open sourced version of Tanzu Kubernetes. Package management in TCE is achieved through a suite of tools bundled under the Carvel brand. In this post, I am going to describe some of the nuances around the deployment of these packages in a TCE cluster. There are 3 package components that need to considered when dealing with packages in  TCE. There are (1) the repository, (2) the package install resources…

TKG v1.4 Prometheus + Grafana Package Deployment: package reconciliation failed

I was recently running through the exercise of deploying Cert Manager, Contour (+ Envoy Ingress), Prometheus and Grafana packages available with TKG v1.4, just to see what steps were involved in setting up a full monitoring stack for my TKG cluster. This was a TKG deployment to vSphere, using the NSX Advanced Load Balancer for Load Balancer functionality. You can read about the new enhancements around the NSX ALB and TKG v1.4 here.  Honestly, it is pretty straight-forward, with some detailed documentation on the topic available here. Everything was plain sailing until I tried to deploy the Grafana package with,…

TKG v1.4 – Some nice new features

Over the last week or so, VMware recently announced the release of TKG version 1.4. On reading through the release notes, there were a few features that caught my eye, so I thought I would deploy a cluster and take a closer look. In particular, two features were of interest. The first of these is support for the NSX Advanced Load Balancer (ALB) service in workload clusters, which is available through the Avi Kubernetes Operator (AKO). This is applicable when TKG is deployed on vSphere. There is also new support for the NSX ALB as a control plane endpoint provider.…

vSphere with Tanzu – VM Service [Video]

A short video demonstration on how to use the new VM Service in vSphere with Tanzu to create a virtual machine on vSphere infrastructure using some simple YAML manifests. The demo also shows how to create the user data contexts that is needed by the cloud_init customization process when the virtual machine is deployed, and needs to be configured. Further details can be found in this blog post.

TKG v1.3 Active Directory Integration with Pinniped and Dex

Tanzu Kubernetes v1.3 introduces OIDC and LDAP identity management with Pinniped and Dex. Pinniped allows you to plug external OpenID Connect (OIDC) or LDAP identity providers (IDP) into Tanzu Kubernetes clusters which in turn allows you to control access to those clusters. Pinniped uses Dex as the endpoint to connect to your upstream LDAP identity provider, e.g. Microsoft Active Directory. If you are using OpenID Connect (OIDC), Dex is not required. It is also my understanding that eventually Pinniped with eventually integrate directly with LDAP as well, removing the need for Dex. But for the moment, both components are required.…