WilliamLam.com

vSphere Event-Driven Automation using Tanzu Application Platform (TAP) on Tanzu Community Edition

01.28.2022 by William Lam // Leave a Comment

Right before the holiday, I had spent some time exploring Tanzu Application Platform (TAP), which also recently GA'ed. TAP provides developers with an application-aware platform that focuses on making the developer experience easy for developing, building and running applications on Kubernetes.

If you are interested in a quick technical deep dive into TAP, check out this video by Scott Sisil, introducing TAP:

One of the core components of TAP is the Cloud Native Runtime (CNR), which is VMware's commercial offering of the popular open source project Knative. The VMware Event Broker Appliance (VEBA) project also makes use of Knative as our backend to provide customers with an event-driven automation solution.

Early on in the VEBA project, we knew that we wanted to develop and innovate with the community in the open but we also understood there would be users who would want an officially supported offering that they can call or file support requests when needed. Early last year, Michael Gasch, the lead architect for VEBA started to port the code from the VMware Event Router, which is the heart of VEBA into CNR's Tanzu Sources for vSphere and start unifying the two code bases. The goal is to ensure that users of the open source project VEBA will also have a consistent user experience in terms of function deployment when using the commercial offering.

As shared back in Dec, I was able to successfully deploy TAP, CNR and Sources for vSphere all running in Tanzu Community Edition (TCE), which is a completely free Enterprise-grade Kubernetes available to anyone in the community to use. For those interested, you can find the instructions below on how to deploy and configure TAP to enable vSphere event-driven automation capabilities for your infrastructure. If you are interested in deploying this using the Tanzu Kubernetes Grid (TKG) Service, check out this other recent blog post that outlines the specific steps.

✅Tanzu Community Edition (TCE) on #VMWonAWS
✅ Tanzu Application Platform
✅ Cloud Native Runtime
✅ Sources for vSphere
✅ VMC vCenter Events via Sockeye
✅ Powershell function to notify via Slack when VM Powered Off (existing #VEBA function)

Will blog details post-holiday! pic.twitter.com/Rhoca951Yj

— William Lam (@lamw) December 14, 2021

[Read more...]

Retrieving VM DRS Score using vSphere API and PowerCLI

01.27.2022 by William Lam // 1 Comment

VM DRS Score is a new feature that was introduced with the release of vSphere 7.0, check out this blog post by Niels for a closer look at how this feature can benefit your environment.

In the vSphere UI, this information is expressed as both a Cluster DRS Score and a VM DRS Score as shown in the screenshot above.

This information can also be retrieved programmatically using the vSphere API, as alluded in the title of this blog post. Using the vSphere API, there is a new property called SummaryEx under the ClusterComputeResource object which represents a vSphere Cluster from an API point of view. Here, you will find two new properties: drsScore and numVmsPerDrsScoreBucket which maps to the respective information found within the vSphere UI.

To demonstrate how to access these two new properties, below is a small PowerCLI function called Get-DRSScore which uses the vSphere API to retrieve this information and accepts a single parameter which is a vSphere Cluster object by using the Get-Cluster cmdlet.

Function Get-DRSScore {
    param(
        [Parameter(Mandatory=$true)][VMware.VimAutomation.ViCore.Impl.V1.Inventory.ComputeResourceImpl]$Cluster
    )

    $drsScoreBuckets = @("0%-20%","21%-40%","41%-60%","61%-80%","81%-100%")

    $drsScoreResults = $Cluster.ExtensionData.SummaryEx | select DrsScore, NumVmsPerDrsScoreBucket

    Write-Host "Cluster DRS Score: $(${drsScoreResults}.DrsScore)`n"

    Write-Host "VM DRS Score"
    $count = 0
    foreach($i in ${drsScoreBuckets}) {
        Write-Host "${i} - $(${drsScoreResults}.NumVmsPerDrsScoreBucket[$count]) VMs"
        $count++
    }
    Write-Host
}

Here is an example of using the function and the output matches what is shown in the vSphere UI.

Get-DRSScore -Cluster (Get-Cluster Cluster-1)

Quick Tip - How to disable viewing of vSphere Tags?

01.26.2022 by William Lam // 3 Comments

I just answered an interesting inquiry that came from our field on how to prevent users in vCenter Server from viewing vSphere Tags? The use case here is that the data contained in the vSphere Tags may not be something administrators want general users to be able to see, especially if they contain sensitive information, which hopefully folks are not using to store things like credentials or secrets.

If you navigate to the vSphere Roles, you will see a number of vSphere Tagging privileges, but there is nothing that covers the ability to remove read only access.

One very important thing to understand about the authorization of vSphere Tags is that it is NOT controlled by standard vSphere Permissions that you would assign in the vSphere Inventory but that it is controlled via vSphere Global Permissions, which are outside of the vSphere Inventory, which also includes vSphere Content Library and other vCenter Servers.

If you wish to disable the ability to view vSphere Tags for a VM while still maintaining basic read only view for VM, you need to ensure there is not a read only role assignment for your user under Global Permissions. You can check by navigating to vSphere UI under Administrator->Global Permissions. If the user that you are logging in with does not have a Read Only Global Permission, they will not see any of the vSphere Tagging information nor vSphere Content Library, which is another side affect.