vSphere Zones is just one of the the many exciting new Tanzu capabilities that is now part of vSphere 8. My buddy Cormac Hogan did a nice write-up on vSphere Zones, which I highly recommend folks check it out get more details.
This blog post will focus on using the new vCenter Server REST API to enable vSphere with Tanzu using the new vSphere Zones feature in vSphere 8.
For those interested in running a lean and minimal setup in their homelab, you can deploy a fully functional vSphere with Tanzu environment with just 32GB of memory and this is still applicable for vSphere 8!
To support vSphere Zones, there is a new Supervisors Service endpoint that is now part of the Namespace Management API for managing vSphere with Tanzu Clusters. For a single vSphere Zone setup, use the Enable on Compute Cluster Supervisors API and for multi-vSphere Zone setup, use the Enable On Zones Supervisors API.
For our basic setup, we will use the single vSphere Zone API and to demonstrate this new API, I have updated my VMware.WorkloadManagement PowerCLI Module with a new function creatively named New-WorkloadManagement4 😀
If you have used previous versions of the PowerCLI module to enable vSphere with Tanzu using HAProxy, NSX-T or NSX Advanced Load Balancer (NSX-ALB), then this should feel familiar but with some updated parameters.
Here is an example using the new function to enable vSphere with Tanzu using HAProxy in a vSphere 8 environment with a single vSphere Zone:
$vSphereWithTanzuParams = @{
VsphereZoneName = "vz-01"
SupervisorClusterName = "svc-01"
ClusterName = "Tanzu-Cluster";
TanzuvCenterServer = "vcsa.tanzu.local";
TanzuvCenterServerUsername = "*protected email*";
TanzuvCenterServerPassword = "VMware1!";
TanzuContentLibrary = "TKG-Content-Library";
ControlPlaneSize = "TINY";
MgmtNetwork = "management";
MgmtNetworkStartIP = "192.168.30.20";
MgmtNetworkPrefix = "24";
MgmtNetworkGateway = "192.168.30.1";
MgmtNetworkDNS = @("192.168.30.69");
MgmtNetworkDNSDomain = "tanzu.local";
MgmtNetworkNTP = @("162.159.200.123");
WorkloadNetwork = "workload";
WorkloadNetworkStartIP = "10.20.0.10";
WorkloadNetworkIPCount = 20;
WorkloadNetworkPrefix = "24";
WorkloadNetworkGateway = "10.20.0.1";
WorkloadNetworkDNS = @("10.20.0.1");
WorkloadNetworkDNSDomain = "tanzu.local";
WorkloadNetworkNTP = @("162.159.200.123");
WorkloadNetworkServiceStartIP = "10.96.0.0";
WorkloadNetworkServiceStartCount = "256";
StoragePolicyName = "Tanzu-Storage-Policy";
HAProxyVMvCenterServer = "vcsa.tanzu.local";
HAProxyVMvCenterUsername = "*protected email*";
HAProxyVMvCenterPassword = "VMware1!";
HAProxyVMName = "haproxy.tanzu.local";
HAProxyIPAddress = "192.168.30.68";
HAProxyRootPassword = "VMware1!";
HAProxyPassword = "VMware1!";
LoadBalancerStartIP = "10.10.0.64";
LoadBalancerIPCount = 64;
}
New-WorkloadManagement4 @vSphereWithTanzuParams
Below are the new/update parameters for using this new API:
- VsphereZoneName - Name to use for the vSphere Zone (this assumes you have not manually created and associated your vSphere Cluster with vSphere Zone and the API will handle this for you automatically)
- SupervisorClusterName - Name to use for the Supervisor Cluster
- WorkloadNetworkPrefix - While the vSphere UI supports Netmask input, the API expects Network Prefix (this was something I had to find out the hard way while figuring out how to use the API)
- WorkloadNetworkDNSDomain - DNS Domain for Workload Network
- WorkloadNetworkNTP - NTP Server for Workload Network
- WorkloadNetworkServiceStartIP - K8s Service Network input is no longer single entry using CIDR/PREFIX but starting IP + Count
- WorkloadNetworkServiceStartCount - K8s Service Network input is no longer single entry using CIDR/PREFIX but starting IP + Count
Once the enablement has started, you can use the vSphere UI and the new vSphere with Tanzu enablement progress monitoring.
Depending on your physical resources and the number of Supervisor Control Plane VMs you intend to deploy, it can take up to ~30-40 minutes to complete.
At this point, you are ready to start deploying Tanzu Kubernetes Grid Cluster (TKC) or VMs using the VM Service!
While developing the new function to use the new API to enable vSphere with Tanzu using vSphere Zones, I really wish we had a complete working example payload to model after. There was a lot of trial and error parsing the API documentation and because this single API can support multiple networking options from HAProxy, NSX-T and NSX-ALB, it was not clear what the required input was needed for a given configuration.
For those that might be interested in using the raw REST API or to get a sense of what is needed, I have captured the full JSON payload for enabling vSphere with Tanzu using HAProxy with vSphere Zones below:
{
"zone": "vz-01",
"name": "svc-01",
"control_plane": {
"network": {
"network": "dvportgroup-1018",
"backing": {
"backing": "NETWORK",
"network": "dvportgroup-1018"
},
"services": {
"dns": {
"servers": [
"192.168.30.69"
],
"search_domains": [
"tanzu.local"
]
},
"ntp": {
"servers": [
"162.159.200.123"
]
}
},
"ip_management": {
"dhcp_enabled": false,
"gateway_address": "192.168.30.1/24",
"ip_assignments": [{
"assignee": "NODE",
"ranges": [{
"address": "192.168.30.20",
"count": 5
}]
}]
}
},
"size": "TINY",
"storage_policy": "a11253f9-2241-488c-b9d3-a17709158384"
},
"workloads": {
"network": {
"network": "workload-1",
"network_type": "VSPHERE",
"vsphere": {
"dvpg": "dvportgroup-1020"
},
"services": {
"dns": {
"servers": [
"10.20.0.1"
],
"search_domains": [
"tanzu.local"
]
},
"ntp": {
"servers": [
"162.159.200.123"
]
}
},
"ip_management": {
"dhcp_enabled": false,
"gateway_address": "10.20.0.1/24",
"ip_assignments": [{
"assignee": "NODE",
"ranges": [{
"address": "10.20.0.10",
"count": "20"
}]
}]
}
},
"edge": {
"id": "tanzu-haproxy-1",
"load_balancer_address_ranges": [{
"address": "10.10.0.64",
"count": "64"
}],
"haproxy": {
"servers": [{
"host": "192.168.30.68",
"port": "5556"
}],
"username": "wcp",
"password": "VMware1!",
"certificate_authority_chain": "-----BEGIN CERTIFICATE-----\nMII....\n-----END CERTIFICATE-----\n"
},
"provider": "HAPROXY"
},
"images": {
"kubernetes_content_library": "1bfd8950-c846-46cf-bd50-55150a16bab3"
},
"storage": {
"ephemeral_storage_policy": "a11253f9-2241-488c-b9d3-a17709158384",
"image_storage_policy": "a11253f9-2241-488c-b9d3-a17709158384"
}
}
}
Thanks for the comment!