WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Cloud Native / vSphere Event-Driven Automation using Tanzu Application Platform (TAP) on Tanzu Kubernetes Grid Service

vSphere Event-Driven Automation using Tanzu Application Platform (TAP) on Tanzu Kubernetes Grid Service

01.26.2022 by William Lam // Leave a Comment

Right before the holiday, I had spent some time exploring Tanzu Application Platform (TAP), which also recently GA'ed. TAP provides developers with an application-aware platform that focuses on making the developer experience easy for developing, building and running applications on Kubernetes.


If you are interested in a quick technical deep dive into TAP, check out this video by Scott Sisil, introducing TAP:

One of the core components of TAP is the Cloud Native Runtime (CNR), which is VMware's commercial offering of the popular open source project Knative. The VMware Event Broker Appliance (VEBA) project also makes use of Knative as our backend to provide customers with an event-driven automation solution.

Early on in the VEBA project, we knew that we wanted to develop and innovate with the community in the open but we also understood there would be users who would want an officially supported offering that they can call or file support requests when needed. Early last year, Michael Gasch, the lead architect for VEBA started to port the code from the VMware Event Router, which is the heart of VEBA into CNR's Tanzu Sources for vSphere and start unifying the two code bases. The goal is to ensure that users of the open source project VEBA will also have a consistent user experience in terms of function deployment when using the commercial offering.

As shared back in Dec, I was able to successfully deploy TAP, CNR and Sources for vSphere all running on our Tanzu Kubernetes Grid Service which includes both our on-premises offering called vSphere with Tanzu and our managed service offering called VMware Cloud with Tanzu services. For those interested, you can find the instructions below on how to deploy and configure TAP to enable vSphere event-driven automation capabilities for your infrastructure.

🔥🙌🥳

✅ Tanzu services on #VMWonAWS
✅ Tanzu Application Platform
✅ Cloud Native Runtime
✅ Sources for vSphere
✅ VMC vCenter Events via Sockeye
✅ Powershell function to notify via Slack when VM Powered Off (existing #VEBA function) pic.twitter.com/7v8npFY73S

— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) December 9, 2021

TAP and CNR Installation

Step 1 - Download the latest Tanzu CLI (tanzu-framework-linux-amd64.tar) and Tanzu Cluster Essentials (tanzu-cluster-essentials-linux-amd64-1.0.0.tgz) from the Tanzu Network and transfer the files to the computer which will have access to your TKG Workload Cluster.

Step 2 - Clone the following Github repository which contains all the sample YAML files that will be referenced.

git clone https://github.com/lamw/vsphere-event-driven-automation-tap.git

Step 3 - Extract the contents of the two files into a tanzu and tanzu-cluster-essentials directory.

mkdir tanzu && mkdir tanzu-cluster-essentials

tar -xvf tanzu-framework-linux-amd64.tar -C tanzu

tar -zxvf tanzu-cluster-essentials-linux-amd64-1.0.0.tgz -C tanzu-cluster-essentials

Step 4 - Install the Tanzu CLI and their associated plugins.

cd tanzu

export TANZU_CLI_NO_INIT=true

install cli/core/v0.10.0/tanzu-core-linux_amd64 /usr/local/bin/tanzu

tanzu plugin install --local cli all

Step 5 - Setup the required environment variables that will be used to install TAP, which will also be referenced later during the deployment. You will need to replace the values in both INSTALL_REGISTRY_USERNAME and INSTALL_REGISTRY_PASSWORD with the username and password you use to log into Tanzu Network.

cd tanzu-cluster-essentials

export INSTALL_BUNDLE=registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:82dfaf70656b54dcba0d4def85ccae1578ff27054e7533d08320244af7fb0343

export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com

export INSTALL_REGISTRY_USERNAME='TANZU-NET-USER'

export INSTALL_REGISTRY_PASSWORD='TANZU-NET-PASSWORD'

./install.sh

Step 6 - Deploy a TKG Workload Cluster if you have not already. A minimum of 1 x Control Plane and 1 x Worker Node is required with at least 4 vCPU and 8GB of memory. You can refer to the following tkg-cluster-sample.yaml example and modify based on your environment.

Note: In the example below, I am deploying TKG Workload Cluster to a VMware Cloud on AWS environment that has Tanzu services enabled but this can also be used with a vSphere with Tanzu on-premises environment.

kubectl apply -f tkg-cluster-sample.yaml

Step 7 - Disable the default Pod Security Policy (PSP).

kubectl apply -f disable_psp.yaml

Step 8 - Create a TAP registry secret that will be used when installing packages from TAP and then add the current TAP 1.0 repository.

kubectl create ns tap-install
 
tanzu secret registry add tap-registry \
  --username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} \
  --server ${INSTALL_REGISTRY_HOSTNAME} \
  --export-to-all-namespaces --yes --namespace tap-install
 
tanzu package repository add tanzu-tap-repository \
  --url registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:1.0.0 \
  --namespace tap-install

To confirm that everything was configured correctly, you can run the following command and to ensure the status shows reconcile succeeded.

tanzu package repository get tanzu-tap-repository --namespace tap-install


Step 9 - Install the CNR 1.1.0 package using the basic values file (cnr-values.yaml).

tanzu package install cloud-native-runtimes -p cnrs.tanzu.vmware.com -v 1.1.0 -n tap-install -f cnr-values.yaml --poll-timeout 30m

Step 10 - Install the remainder dependencies (RabbitMQ Operator, Cert Manager & Messaging Topology Operator) for CNR.

kubectl apply -f https://github.com/rabbitmq/cluster-operator/releases/download/v1.6.0/cluster-operator.yml
kubectl wait pod --timeout=3m --for=condition=Ready -l '!job-name' -n rabbitmq-system

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml
kubectl wait pod --timeout=3m --for=condition=Ready -l '!job-name' -n cert-manager

kubectl apply -f https://github.com/rabbitmq/messaging-topology-operator/releases/download/v0.8.0/messaging-topology-operator-with-certmanager.yaml
kubectl wait pod --timeout=3m --for=condition=Ready -l '!job-name' -n rabbitmq-system

Step 11 - Create the vmware-functions namespace which will be used to deploy vSphere Sources and your functions.

kubectl create ns vmware-functions

Step 12 - Create a TAP registry secret for the vmware-functions namespace and update the default service account to reference the credential which will be used when the CNR components are instantiated.

kubectl -n vmware-functions create secret docker-registry registry-credentials \
--docker-server "${INSTALL_REGISTRY_HOSTNAME}" \
--docker-username "${INSTALL_REGISTRY_USERNAME}" \
--docker-password "${INSTALL_REGISTRY_PASSWORD}"

kubectl patch serviceaccount -n vmware-functions default -p '{"imagePullSecrets": [{"name": "registry-credentials"}]}'

Step 13 - Deploy RabbitMQ and Broker.

kubectl apply -f rabbit.yaml
kubectl wait pod --timeout=3m --for=condition=Ready -l '!job-name' -n vmware-functions

Step 14 (Optional) - Deploy Sockeye which provides a graphical interface for easily viewing vSphere Events in a browser.

kubectl apply -f sockeye.yaml

Step 15 - Update the vsphere-secret.yaml example with the credentials of the vCenter Server you intend to use and then run the following command to create the vSphere Secret.

kubectl -n vmware-functions apply -f vsphere-secret.yaml

Note: A big benefit of having the vSphere Secret created separately is that you can re-use common credentials such as a shared read-only service account which is the minimum vSphere Role that is required for this solution.

Step 16 - Update the vsphere-source.yaml example with the vCenter Server FQDN or IP Address that you intend to use and then run the following command to create the vSphere Source instance.

kubectl -n vmware-functions apply -f vsphere-source.yaml

Step 17 - Patch the vSphere Source service account (e.g. vsphere-01-serviceaccount) to reference the TAP registry credentials and re-deploy the vSphere Source. Unfortunately, this can not be done prior as the service account does not exists until Step 15 has been completed and as expected, it will fail as it does not have the correct TAP credentials until this step is performed.

kubectl patch serviceaccount -n vmware-functions vsphere-01-serviceaccount -p '{"imagePullSecrets": [{"name": "registry-credentials"}]}'
kubectl -n vmware-functions delete deployment/vsphere-01-deployment

At this point, you have successfully deployed and configured TAP, CNR and vSphere Sources. You can now run the following command to verify that all deployments are running as shown in the screenshot below.

kubectl get deployments -A

Function Deployment

With your vSphere Sources configured, you can now start writing and deploying functions that can react to specific vSphere Events. If you are familiar with VEBA functions, you can create simliar functions using any of the supported languages including PowerShell/PowerCLI, Python and Go. The main difference with a function that would run with vSphere Sources versus using VEBA is that instead of using the subject field to annotate the specific vSphere Event you wish to react to, we must now use the type field and follow a new format for specifying the vSphere Event. For example, instead of VmPoweredOffEvent it would be com.vmware.vsphere.VmPoweredOffEvent.v0

To demonstrate a simple function deployment, we will send a Slack notification whenever a VM is powered off. You will need access to Slack and the webhook URL for the desired Slack channel to send the notification. For obtaining the slack Webhook URL, please refer to the official Slack documentation.

Step 1 - Update the slack-secret.json file with Slack webhook URL and then run the following command to create the Slack secret and deploy our Slack function which will react to VMs being powered off in your vCenter Server

kubectl -n vmware-functions create secret generic slack-secret --from-file=SLACK_SECRET=slack-secret.json 
 
kubectl -n vmware-functions apply -f function.yaml

Step 2 - Run the following command to verify the function was deployed correctly by looking at the status column for tap-ps-slack-trigger and ensure it has a value of True.

kubectl get trigger -A


Step 3 - Finally, login to the vSphere UI of your vCenter Server and power off a VM and you should see a Slack notification similar to the example below.

More from my site

  • vSphere Event-Driven Automation using Tanzu Application Platform (TAP) on Tanzu Community Edition
  • Quick demo videos of new VMware Cloud with Tanzu services
  • Quick Tip - Correctly naming TKR's in Local Content Library for vSphere with Tanzu in vSphere 8
  • vSphere Event-Driven Automation using VMware Event Router on VMware Cloud on AWS with Knative or AWS EventBridge
  • Using Terraform to activate Tanzu Kubernetes Grid Service on VMware Cloud on AWS

Categories // Cloud Native, VMware Cloud on AWS, VMware Tanzu, vSphere Tags // Cloud Native Runtime, Tanzu Application Platform, Tanzu Kubernetes Grid, Tanzu services, VMware Cloud on AWS, VMware Event Broker Appliance, vSphere Kubernetes Service

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...