vSphere with Tanzu – Secure TKC login with Pinniped Preview

Following on from last week’s preview of multi-AZ in vSphere with Tanzu available in vSphere 8.0, I now turn my attention to another great feature. In this post, I will preview the new Pinniped integration to provide an easy and secure login to Tanzu Kubernetes clusters. I’ve discussed Pinniped a number of times on this site, but those previous posts relate to standalone TKG clusters (often referred to as TKGm). However, with vSphere 8.0, vSphere with Tanzu also has Pinniped integration. In a nutshell, vSphere Administrators can now federate an external Identity Provider (IDP) with the Supervisor cluster. This means…

vSphere with Tanzu – Multi-Zone Preview

One of the most interesting announcements for me at VMware Explore 2022 was around the introduction of vSphere Zones. This feature, when it becomes available with vSphere 8.0, enables vSphere with Tanzu deployments to be rolled out across geographically dispersed vSphere infrastructures. This provides an extra level of availability that wasn’t previously possible. This extra availability is not just for the Supervisor Cluster, but also for the Tanzu Kubernetes clusters deployed by the TKG service. And indeed, it provides additional availability to the applications running on those clusters. My colleagues, Jose Manzaneque and Alexander Ullah do a great job explaining…

Dynamic RWX volumes now supported in TKC in vSphere with Tanzu

Last week, a new release of Tanzu Kubernetes (v1.22.9) became available which allows Tanzu Kubernetes clusters deployed through the TKG Service (TKGS) on vSphere with Tanzu to support dynamic read-write-many (RWX) volumes. This now means that if vSAN File Service is available on the vSphere cluster where vSphere with Tanzu is enabled, volumes can be dynamically created which can be shared between multiple Pods. This is something that many customers have been waiting for, so I am delighted to see that it is finally available. There is one setup step needed in vSphere with Tanzu to enable this functionality. In…

vSAN Data Persistence platform (DPp) Revisited

Around 18 months ago, I published an article which highlighted a new feature called vSAN Data Persistence platform, or DPp for short. Basically, it describes a set of vSphere services built into vSphere with Tanzu. There are a few changes since I last wrote about it. For that reason, I thought I would revisit it. I am going to use my recently updated vCenter Server version 7.0.3e (build 19717403), and vSphere with Tanzu Supervisor Cluster v1.22. In this post, I will go through the new steps that demonstrate how to install MinIO as a vSphere Service. I will then show…

vSphere with Tanzu – TKG SSH and Harbor Registry access [Videos]

I created a couple of new videos to compliment some of my recent posts. The first shows how to get SSH access to a TKG cluster that resides on an NSX-T network segment. The second demonstrates how to enable a TKG cluster to authenticate against the embedded Harbor Image Registry project that is created for the vSphere Namespace within which the TKG cluster has been provisioned. Hope you find them useful. Please note that the embedded Harbor Image Registry is only available on vSphere with Tanzu and NSX-T. vSphere with Tanzu with NSX-T networking is available for both on-premises deployments…

How to access embedded shared image registry from TKG cluster

vSphere with Tanzu ships with an embedded Harbor Image Registry to store container images. However, by default, TKG clusters deployed in a vSphere Namespace cannot access the registry. In this post, I will demonstrate how to allow a TKG guest / workload cluster to access the Harbor Image Registry. To do that, the image registry secret is retrieved at the vSphere Namespace level, and a new secret matching the Harbor Image Registry secret is created in the TKG cluster. Once created, this TKG level secret can be used to authenticate and pull container images for pods in the TKG cluster.…

A closer look at vSphere with Tanzu networking with NSX-T

This post continues to build on some of the other work already done on vSphere with Tanzu and NSX-T. In previous posts, we’ve seen how to setup NSX-T so it can be used by vSphere with Tanzu. The steps to install NSX-T Manager and prepare ESXi hosts was looked at in part 1. We saw how to set up an NSX-T Edge in part 2. Then in part 3, the steps to create a tier-0 gateway with BGP for dynamic routing shown. Most recently, the various NSX-T objects and services that are configured when the Supervisor cluster is deployed were…