vSphere with Tanzu Configuration and Management provides information about configuring and managing vSphere with Tanzu by using the vSphere Client. It also provides information about using kubectl to connect to namespaces running on vSphere with Tanzu and run Kubernetes workloads on designated namespaces.
vSphere with Tanzu Configuration and Management provides an overview of the platform architecture as well as considerations and best practices for setting up storage, compute, and networking that meet the specific requirements of vSphere with Tanzu. It provides instructions for enabling vSphere with Tanzu on existing vSphere clusters, creating and managing namespaces, and monitoring Tanzu Kubernetes clusters that are created by using the VMware TanzuTM Kubernetes GridTM Service.
This information also provides guidelines about establishing a session with the vSphere with Tanzu Kubernetes control plane through kubectl, running a sample application, and creating Tanzu Kubernetes clusters by using the VMware TanzuTM Kubernetes GridTM Service.
At VMware, we value inclusion. To foster this principle within our customer, partner, and internal community, we create content using inclusive language.
Intended Audience
vSphere with Tanzu Configuration and Management is intended for vSphere administrators who want to enable vSphere with Tanzu in vSphere, configure and provide namespaces to DevOps teams, as well as manage and monitor Kubernetes workloads in vSphere. vSphere administrators who want to use vSphere with Tanzu should have basic knowledge of containers and Kubernetes.
This information is also intended for DevOps engineers who want to establish a session with the vSphere with Tanzu control plane, run Kubernetes workloads, and deploy Kubernetes clusters by using the VMware TanzuTM Kubernetes GridTM Service. In addition, developers who are deploying applications on the platform can refer to the examples for guidance.
vSphere with Tanzu Configuration and Management 11
1 Updated Information 12
2 vSphere with Tanzu Concepts 16
What Is vSphere with Tanzu? 16
What Is a vSphere Pod? 19
What Is a Tanzu Kubernetes Cluster? 21
When to Use vSphere Pods and Tanzu Kubernetes Clusters 23 Using Virtual Machines in vSphere with Tanzu 23vSphere with Tanzu User Roles and Workflows 25
How Does vSphere with Tanzu Change the vSphere Environment? 36 Licensing for vSphere with Tanzu 37
3 vSphere with Tanzu Architecture and Components 40 vSphere with Tanzu Architecture 40
Tanzu Kubernetes Grid Service Architecture 44
Tanzu Kubernetes Cluster Tenancy Model vSphere with Tanzu Authentication 47 vSphere with Tanzu Networking 49 vSphere with Tanzu Security 49 vSphere with Tanzu Storage 50
46
4 Networking for vSphere with Tanzu
Supervisor Cluster Networking 53
Tanzu Kubernetes Cluster Networking 58
Configuring NSX-T Data Center for vSphere with Tanzu 59
System Requirements for Setting Up vSphere with Tanzu with NSX-T Data Center 61
Topologies for a Supervisor Cluster with NSX-T Data Center 67
Best Practice Considerations for Configuring the Supervisor Cluster with NSX-T Data Center 69
Install and Configure NSX-T Data Center for vSphere with Tanzu 69
Configuring vSphere Networking and NSX Advanced Load Balancer for vSphere with Tanzu 87
NSX Advanced Load Balancer Components 89
System Requirements for Setting Up vSphere with Tanzu with vSphere Networking and NSX Advanced Load Balancer 90
Topology for Supervisor Cluster with vSphere Networking and NSX Advanced Load Balancer 96
VMware, Inc.
3
53
vSphere with Tanzu Configuration and Management
Install and Configure the NSX Advanced Load Balancer 97
Configuring vSphere Networking and HA Proxy Load Balancer for vSphere with Tanzu 112
System Requirements for Setting Up vSphere with Tanzu with vSphere Networking and HA Proxy Load Balancer 113
Topologies for Deploying the HAProxy Load Balancer 116
Create a vSphere Distributed Switch for a Supervisor Cluster for Use with HAProxy Load Balancer 124
Install and Configure the HAProxy Load Balancer 125
5 Configuring and Managing a Supervisor Cluster 130Prerequisites for Configuring vSphere with Tanzu on a vSphere Cluster 131Enable Workload Management with vSphere Networking 133Enable Workload Management with NSX-T Data Center Networking 140
Assign the Tanzu Edition License to a Supervisor Cluster 144
Replace the VIP Certificate to Securely Connect to the Supervisor Cluster API Endpoint 145
Integrate the Tanzu Kubernetes Grid Service on the Supervisor Cluster with Tanzu Mission Control 145
Set the Default CNI for Tanzu Kubernetes Clusters 147
Add Workload Networks to a Supervisor Cluster Configured with VDS Networking 149
Change the Control Plane Size of a Supervisor Cluster 150
Change the Management Network Settings on a Supervisor Cluster 150
Change the Workload Network Settings on a Supervisor Cluster Configured with VDS Networking 151
Change Workload Network Settings on a Supervisor Cluster Configured with NSX-T Data Center 152
Resolving Errors Health Statuses on Supervisor Cluster During Initial Configuration Or Upgrade 153
Configuring HTTP Proxy Settings in vSphere with Tanzu 157
Streaming Logs of the Supervisor Cluster Control Plane to a Remote rsyslog 160
6 Creating and Managing Content Libraries in vSphere with Tanzu 162 Creating and Managing Content Libraries for Tanzu Kubernetes releases 162About Tanzu Kubernetes release Distributions 162Create, Secure, and Synchronize a Subscribed Content Library for Tanzu Kubernetes releases 163
VMware, Inc.
4
Create, Secure, and Synchronize a Local Content Library for Tanzu Kubernetes releases Migrate Tanzu Kubernetes Clusters to a New Content Library 170
Import the HAProxy OVA to a Local Content Library 171
Creating and Managing Content Libraries for Stand-Alone VMs in vSphere with Tanzu 172 Create a Content Library for Stand-Alone VMs in vSphere with Tanzu 172
Populate a Content Library with VM Images for Stand-Alone VMs in vSphere with Tanzu Associate a VM Content Library with a Namespace in vSphere with Tanzu 176
Manage VM Content Libraries on a Namespace in vSphere with Tanzu 177
166
175
vSphere with Tanzu Configuration and Management
7 Configuring and Managing vSphere Namespaces 179
Create and Configure a vSphere Namespace 179
Set Default Memory and CPU Reservations and Limits for vSphere Pod Containers 183 Configure Limitations on Kubernetes Objects in a vSphere Namespace 183
Monitor and Manage Resources in a vSphere Namespace 184
Configure a vSphere Namespace for Tanzu Kubernetes releases 185
Provision a Self-Service Namespace Template 187
Create and Configure a Self-Service Namespace Template 189
Deactivate a Self-Service Namespace 190
Create a Self-Service Namespace 191
Create a Self-Service Namespace with Annotations and Labels 191
Update a Self-Service Namespace Using kubectl annotate and kubectl label 193 Update a Self-Service Namespace Using kubectl edit 194
Delete a Self-Service Namespace 196
8 Managing Supervisor Services with vSphere with Tanzu 197
Add a Supervisor Service to vCenter Server 199
Install a Supervisor Service on Supervisor Clusters 201
Access the Management Interface of a Supervisor Service on the Supervisor Cluster Add a New Version to a Supervisor Service 203
View Supervisor Services Installed on a Supervisor Cluster 204 Deactivate a Supervisor Service or a Version 205
Activate a Supervisor Service Version on vCenter Server Uninstall a Supervisor Service from a Supervisor Cluster 207 Delete a Supervisor Service Version 207
Delete a Supervisor Service 208
203
9 Connecting to vSphere with Tanzu Clusters 210
Download and Install the Kubernetes CLI Tools for vSphere 210
Configure Secure Login for vSphere with Tanzu Clusters 213
Connect to the Supervisor Cluster as a vCenter Single Sign-On User 214 Authenticating with Tanzu Kubernetes Clusters 215
Connect to a Tanzu Kubernetes Cluster as a vCenter Single Sign-On User 216 Connect to the Tanzu Kubernetes Cluster Control Plane as the Administrator 218 SSH to Tanzu Kubernetes Cluster Nodes as the System User Using a Private Key SSH to Tanzu Kubernetes Cluster Nodes as the System User Using a Password
Create a Linux Jump Host VM 223
Grant Developer Access to Tanzu Kubernetes Clusters 225
10 Using Persistent Storage in vSphere with Tanzu 227 How vSphere with Tanzu Integrates with vSphere Storage 231
VMware, Inc.
5
206
219 222
vSphere with Tanzu Configuration and Management
Functionality Supported by vSphere CNS-CSI and Paravirtual CSI in vSphere with Tanzu Storage Permissions in vSphere with Tanzu 235
Create Storage Policies for vSphere with Tanzu 236
Change Storage Settings on the Supervisor Cluster 238
Change Storage Settings on a Namespace 239
Display Storage Classes in a vSphere Namespace or Tanzu Kubernetes Cluster 239 Provision a Dynamic Persistent Volume for a Stateful Application 241
Provision a Static Persistent Volume in a Tanzu Kubernetes Cluster Creating ReadWriteMany Persistent Volumes in vSphere with Tanzu 245 Volume Expansion in vSphere with Tanzu 247
Expand a Persistent Volume in Offline Mode 248
Expand a Persistent Volume in Online Mode 250
Monitor Persistent Volumes in the vSphere Client 251
Monitor Volume Health in a vSphere Namespace or Tanzu Kubernetes Cluster 253 Using vSAN Data Persistence Platform with Modern Stateful Services 255
Tag Storage Devices for vSAN Direct 260
Set Up vSAN Direct for vSphere with Tanzu 266
Enable Stateful Services in vSphere with Tanzu 268 Monitor Stateful Services in vSphere with Tanzu 271 Check Storage Policies Available for Stateful Services 272 Create vSAN SNA Storage Policy 273
Create vSAN Direct Storage Policy 274
11 Deploying Workloads to vSphere Pods 276
Get and Use the Supervisor Cluster Context 276
Deploy an Application to a vSphere Pod on a vSphere Namespace 277
Deploy an Application to a vSphere Pod Using the Embedded Harbor Registry 278 Scale a vSphere Pod Application 279
Deploy a Confidential vSphere Pod 280
234
12 Deploying and Managing Virtual Machines in vSphere with Tanzu Create a VM Class in vSphere with Tanzu 288
284
VMware, Inc.
6
Attributes of VM Classes in vSphere with Tanzu 290
Add PCI Devices to a VM Class in vSphere with Tanzu 291
Edit or Delete a VM Class in vSphere with Tanzu 293
Associate a VM Class with a Namespace in vSphere with Tanzu 294 Manage VM Classes on a Namespace in vSphere with Tanzu 296 View VM Resources Available on a Namespace in vSphere with Tanzu Deploy a Virtual Machine in vSphere with Tanzu 299
296
Install the NVIDIA Guest Driver in a VM in vSphere with Tanzu Monitor Virtual Machines Available in vSphere with Tanzu 304
302
243
vSphere with Tanzu Configuration and Management
13 Provisioning and Operating TKGS Clusters 306
Workflow for Provisioning Tanzu Kubernetes Clusters Using the TKGS v1alpha2 API 306
Virtual Machine Classes for Tanzu Kubernetes Clusters 313
Provisioning Tanzu Kubernetes Clusters Using the Tanzu Kubernetes Grid Service v1alpha2 API 315
Requirements for Using the Tanzu Kubernetes Grid Service v1alpha2 API 315
Tanzu Kubernetes Grid Service v1alpha2 API for Provisioning Tanzu Kubernetes Clusters 317
Example YAML for Provisioning Tanzu Kubernetes Clusters Using the Tanzu Kubernetes Grid Service v1alpha2 API 322
Updating a Tanzu Kubernetes Release After the Cluster Spec Is Converted to the Tanzu Kubernetes Grid Service v1alpha2 API 325
Configuring a Tanzu Kubernetes Cluster with a Routable Pod Network Using the v1alpha2 API 330
Configuration Parameters for the Tanzu Kubernetes Grid Service v1alpha2 API 332
Examples for Configuring the Tanzu Kubernetes Grid Service Using the v1alpha2 API 338
Scale a Tanzu Kubernetes Cluster Using the Tanzu Kubernetes Grid Service v1alpha2 API 343
Provisioning Tanzu Kubernetes Clusters Using the Tanzu Kubernetes Grid Service v1alpha1 API 351
Workflow for Provisioning Tanzu Kubernetes Clusters Using the Tanzu Kubernetes Grid Service v1alpha1 API 351
Configuration Parameters for Tanzu Kubernetes Clusters Using the Tanzu Kubernetes Grid Service v1alpha1 API 355
Examples for Provisioning Tanzu Kubernetes Clusters Using the Tanzu Kubernetes Grid Service v1alpha1 API 364
Configuration Parameters for the Tanzu Kubernetes Grid Service v1alpha1 API 373
Examples for Configuring the Tanzu Kubernetes Grid Service v1alpha1 API 377
Scale a Tanzu Kubernetes Cluster Using the Tanzu Kubernetes Grid Service v1alpha1 API 382
Delete a Tanzu Kubernetes Cluster 388
Specify a Default Text Editor for Kubectl 390
Monitor Tanzu Kubernetes Cluster Status Using kubectl 391
Monitor Tanzu Kubernetes Cluster Status Using the vSphere Client 392 Check Tanzu Kubernetes Cluster Readiness 392
Check Tanzu Kubernetes Cluster Health 398
Check Tanzu Kubernetes Machine Health
Get Tanzu Kubernetes Cluster Secrets 401
Use Tanzu Kubernetes Cluster Networking Commands 402 Use Tanzu Kubernetes Cluster Operational Commands 405 View Tanzu Kubernetes Cluster Lifecycle Status 407
View the Full Resource Hierarchy for a Tanzu Kubernetes Cluster
14 Deploying Workloads and Packages on TKGS Clusters Deploy Workloads on Tanzu Kubernetes Clusters 410
VMware, Inc.
7
Deploy a Test Workload to a Tanzu Kubernetes Cluster 410
400
409
410
vSphere with Tanzu Configuration and Management
Install and Run Octant 411
Tanzu Kubernetes Service Load Balancer Example 412
Tanzu Kubernetes Service Load Balancer with Static IP Address Example 414
Tanzu Kubernetes Service Load Balancer Examples for Local Traffic Policy and Source IP Ranges 416
Tanzu Kubernetes Ingress Example Using Nginx 418 Tanzu Kubernetes Storage Class Example 421
Tanzu Kubernetes Persistent Volume Claim Examples 422 Tanzu Kubernetes Guestbook Tutorial 424
Guestbook Example YAML Files 426
Using Pod Security Policies with Tanzu Kubernetes Clusters 431 Example Role Bindings for Pod Security Policy 433
Example Role for Pod Security Policy 435
Deploy TKG Packages on Tanzu Kubernetes Clusters 436
Download the TKG Extensions v1.3.1 Bundle 436
Install the TKG Extensions Prerequisites 437
Deploy and Manage the TKG Extension for Fluent Bit Logging 442 Deploy and Manage the TKG Extension for Contour Ingress 449 Deploy and Manage the TKG Extension for Prometheus Monitoring 458 Deploy and Manage the TKG Extension for Grafana Monitoring 471 Deploy and Manage the TKG Extension for Harbor Registry 481
Deploy and Manage the TKG Extension for External DNS Service Discovery 491 Deploy AI/ML Workloads on Tanzu Kubernetes Clusters 496
About Deploying AI/ML Workloads on TKGS Clusters 496
vSphere Administrator Workflow for Deploying AI/ML Workloads on TKGS Clusters (vGPU) 497
Cluster Operator Workflow for Deploying AI/ML Workloads on TKGS Clusters 510
vSphere Administrator Addendum for Deploying AI/ML Workloads on TKGS Clusters (vGPU and Dynamic DirectPath IO) 518
Cluster Operator Addendum for Deploying AI/ML Workloads on TKGS Clusters (DLS)
519
15 Using a Container Registry for vSphere with Tanzu Workloads Enable the Embedded Harbor Registry on the Supervisor Cluster 523 Log In to the Embedded Harbor Registry Console 524
Download and Install the Embedded Harbor Registry Certificate 524 Configure a Docker Client with the Embedded Harbor Registry Certificate Install the vSphere Docker Credential Helper and Connect to the Registry Push Images to the Embedded Harbor Registry 529
522
525 527
VMware, Inc.
8
Purge Images from the Embedded Harbor Registry 531
Use the Embedded Harbor Registry with Tanzu Kubernetes Clusters Use an External Container Registry with Tanzu Kubernetes Clusters
532 535
vSphere with Tanzu Configuration and Management
16 Working with vSphere Lifecycle Manager 541 Requirements 541Enable vSphere with Tanzu on a Cluster Managed by vSphere Lifecycle Manager 542 Upgrade a Supervisor Cluster 542
Add Hosts to a Supervisor Cluster 543
Remove Hosts from a Supervisor Cluster 544Disable a Supervisor Cluster 544
17 Updating the vSphere with Tanzu Environment 546 About vSphere with Tanzu Updates 546
Network Topology Upgrade 550Upgrade the NSX-T Network Toplogy 553Upgrade vSphere Distributed Switch 554
Update the Supervisor Cluster by Performing a vSphere Namespaces Update 555 Supervisor Cluster Auto Upgrade 556
Update the vSphere Plugin for kubectl 557
Verify Tanzu Kubernetes Cluster Compatibility for Update 557
Update Tanzu Kubernetes Clusters 558
Update a Tanzu Kubernetes Cluster by Upgrading the Tanzu Kubernetes Release Version 560
Update a Tanzu Kubernetes Cluster by Changing the VirtualMachineClass 562 Update a Tanzu Kubernetes Cluster by Changing the Storage Class 564 Update Tanzu Kubernetes Clusters Using the Patch Method 566
18 Backing Up and Restoring vSphere with Tanzu 569Considerations for Backing Up and Restoring vSphere with Tanzu 569Install and Configure the Velero Plugin for vSphere on the Supervisor Cluster 571Backup and Restore vSphere Pods Using the Velero Plugin for vSphere 581
Install and Configure the Velero Plugin for vSphere on a Tanzu Kubernetes Cluster 584
Backup and Restore Tanzu Kubernetes Cluster Workloads Using the Velero Plugin for vSphere 588
Install and Configure Standalone Velero and Restic on a Tanzu Kubernetes Cluster 589
Backup and Restore Tanzu Kubernetes Cluster Workloads Using Standalone Velero and Restic 594
Backup and Restore vCenter Server 602 Backup and Restore NSX-T Data Center 602
19 Troubleshooting vSphere with Tanzu 604 Storage Best Practices and Troubleshooting 604Use Anti-Affinity Rules for Control Plane VMs on Non-vSAN Datastores 604Storage Policy Removed from vSphere Continues to Appear as Kubernetes Storage Class 605
VMware, Inc.
9
vSphere with Tanzu Configuration and Management
VMware, Inc.
10
Use External Storage with vSAN Direct 606 Troubleshooting Networking 608
Register vCenter Server with NSX Manager 608
Unable to Change NSX Appliance Password 608
Troubleshooting Failed Workflows and Unstable NSX Edges 609
Collect Support Bundles for Troubleshooting NSX-T 609
Collect Log Files for NSX-T 610
Restart the WCP Service If the NSX-T Management Certificate, Thumbprint, or IP Address Changes 610
VDS Required for Host Transport Node Traffic 611 Troubleshooting the NSX Advanced Load Balancer 612
Collect Support Bundles for Troubleshooting 612 Troubleshooting Network Topology Upgrade 613
Upgrade Precheck Fails Due to Insufficient Edge Load Balancer Capacity 613 Supervisor Cluster Workload Namespaces Skipped During Upgrade 613 Load Balancer Service Skipped During Upgrade 614
Troubleshooting Tanzu Kubernetes Clusters 614
Collect a Support Bundle for Tanzu Kubernetes Clusters 614 Troubleshoot vCenter Single Sign-On Connection Errors 614 Troubleshoot Subscribed Content Library Errors 615 Troubleshoot Local Content Library Errors 615
Troubleshoot Cluster Provisioning Errors 616
Troubleshoot Workload Deployment Errors 616 Troubleshoot Virtual Machine Class Errors 617
Restart a Failed Tanzu Kubernetes Cluster Update Job 617
Troubleshooting Workload Management 618
Collect the Support Bundle for Workload Management 618
Tail the Workload Management Log File 619
Troubleshoot Workload Management Enablement Cluster Compatibility Errors Shut Down and Start Up the vSphere with Tanzu Workload Domain 621
Ver calendario
The course VMware SD WAN by Velocloud Deploy & Manage, you gain an understanding of the architecture and features of VMware SD-WAN by VeloCloud™. This course provides extensive hands-on labs in which you enable core SD-WAN features, such as ensuring application performance using business policies, traffic redirections, and network service insertion.
This course is also available in an On Demand format. For more information, select this link:
VMware SD-WAN by VeloCloud: Deploy and Manage – On Demand.
Product Alignment
• SD-WAN
Duration
8 hs
Objectives
By the end of the course, you should be able to meet the following objectives:
Discuss the SD-WAN architecture and platform deployment model options
Identify and describe the SD-WAN solution components
Explain the interaction between the SD-WAN Edge, Orchestrator, and Gateway components
Describe the SD-WAN Software-Defined Networking (SDN) approach, traffic, and network flows
Explore SD-WAN core features and evaluate how these dramatically improve operational automation
Use SD-WAN features to perform simple, agile, and secure SD-WAN operations
Simplify branch infrastructure by inserting network services on the branch edge, in the cloud, or in the
regional and enterprise data centers
Intended Audience
Experienced system administrators, network administrators, and system integrators responsible for designing and implementing networking solutions.
Prerequisites
Strong knowledge of routing and switching is required.
Outline
1 Course Introduction
Introductions and Course Logistics
Course Objectives
2 SD-WAN Architecture
Architecture Overview
Solutions Components
Components Interaction
Traffic Flows
3 SD-WAN Core Features
Application Performance and Business Policies
Cloud VPN
Service Insertion
High Availability and Cluster
Overlay Flow Control (Routing)
Segmentation, PCI Compliance, and Firewall
Deployment Flexibility and Using SD-WAN