Kubernetes for vSphere Admins – part of the June 2023 VMware User Group Global Virtual Event series

This session was selected by the VMware User Group (VMUG) for their Global Virtual Event which was held on June 27, 2023. As part of the session, some of the fundamentals of Kubernetes (K8s) are discussed. The talk then moves onto areas where vSphere Administrators can begin to onboard with Kubernetes, particularly when K8s control plane and worker nodes are deployed as a set of virtual machines on top of vSphere infrastructure. The two areas which are discussed in significant detail are the external Load Balancers and the vSphere CSI driver. The talk examines the options for different Load Balancers…

Why do I get “Error from server (Forbidden)” in vSphere with Tanzu

I’ve seen a number of queries around the behaviour of vSphere with Tanzu when it comes to querying Kubernetes objects on the Supervisor Cluster. More often than not, it is a question which arises when a user get an error similar to the following: Error from server (Forbidden): wcpnamespaces.appplatform.wcp.vmware.com is forbidden: \ User “sso:Administrator@vsphere.local” cannot list resource “wcpnamespaces” in API group \ “appplatform.wcp.vmware.com” in the namespace “cormac-ns” The reason for these errors is because the Supervisor Cluster is not treated as a general purpose Kubernetes cluster. The predominant role of the Supervisor Cluster is to provide services, such as the…

vSphere with Tanzu – Secure TKC login with Pinniped Preview

Following on from last week’s preview of multi-AZ in vSphere with Tanzu available in vSphere 8.0, I now turn my attention to another great feature. In this post, I will preview the new Pinniped integration to provide an easy and secure login to Tanzu Kubernetes clusters. I’ve discussed Pinniped a number of times on this site, but those previous posts relate to standalone TKG clusters (often referred to as TKGm). However, with vSphere 8.0, vSphere with Tanzu also has Pinniped integration. In a nutshell, vSphere Administrators can now federate an external Identity Provider (IDP) with the Supervisor cluster. This means…

vSphere with Tanzu – Multi-Zone Preview

One of the most interesting announcements for me at VMware Explore 2022 was around the introduction of vSphere Zones. This feature, when it becomes available with vSphere 8.0, enables vSphere with Tanzu deployments to be rolled out across geographically dispersed vSphere clusters placed in separate racks in a single physical datacenter, as per the release notes. This provides an extra level of availability that wasn’t previously possible. This extra availability is not just for the Supervisor Cluster, but also for the Tanzu Kubernetes clusters deployed by the TKG service. And indeed, it provides additional availability to the applications running on…

New book: Kubernetes for vSphere Administrators now available

I’m delighted to report that my new book, Kubernetes for vSphere Administrators, is now available. It is available in both paper form and as a Kindle eBook. Links to both are provided below. The links above direct you to Amazon.com. However the book is available in other Amazon marketplaces as well. (If you can’t see the text+images above, this is a link to the paper book and this is a link to the eBook.) I hope readers of this book find it useful. I would be delighted to receive feedback and reviews on the content.

New book: Kubernetes for vSphere Administrators (coming soon)

Last year, I wrote a post about my 16 years at VMware. As part of that milestone, VMware has kindly granted me 4 weeks of respite. I’m not one for sitting on a beach for hours on end. Apart from some jobs around the house (that I have been putting off for far too long), and some short breaks, I wanted to use this time to finish a long-term project that I have been working on. The project is a new book called Kubernetes for vSphere Administrators. I thought I’d give you all a quick look at the cover and…

Kubernetes, vSAN Stretched Cluster with CSI driver v2.5.1

In this post, we will look at a relatively new announcement around support for vanilla or upstream Kubernetes clusters, vSAN stretched cluster and the vSphere CSI driver. There are a number of updates around this recently, so I want to highlight a few observations before we get into the deployment. First of all, it is important to highlight that a vSAN Stretched Cluster can have at most 2 fault domains. These are the data sites. While there is a requirement for a third site for the witness, the witness site does not store any application data. Thus all of the…