WilliamLam.com

Quick Tip - Using VCF CLI to login to vSphere Supervisor when configured with VCF Automation

by // 1 Comment

When a vSphere Supervisor Cluster is configured to be consumed by VCF Automation, the Identity Provider (IdP) for that vSphere Supervisor is automatically configured to redirect to VCF Automation (VCFA) as an OIDC relay.


When an end user wishes to access or manage their resources, they will be directed to the IdP that has been configured for their Organization Portal. To create a k8s login context, they will need to create a VCFA API token that is then passed to the VCF CLI before they can interact with their resources using kubectl.

Below is an example VCF CLI command where I am logging into an Organization Portal called legal and I have specified my VCFA endpoint along with the VCFA API Token to login as an end user.

vcf context create legal --endpoint auto01.vcf.lab --api-token $VCF_CLI_VCFA_API_TOKEN --insecure-skip-tls-verify --type cci --tenant-name legal

However, if you are an administrator who is managing the underlying VCF Infrastructure and need to troubleshoot or access the vSphere Supervisor Cluster, an alternative workflow will be required.

[Read more...]

Automating the Reporting of VCF Workload Domain Import Pre-Check Validations

by // Leave a Comment

After completing the VMware Cloud Foundation (VCF) Workload Domain Import workflow, I realized it would be helpful to be able to view the pre-check validations outside of the VCF Operations UI, especially if there are multiple pre-checks that have failed.


While the VCF Operations UI provides a good overview of all pre-checks, it does not provide any filtering or sorting, so you have to skim scroll through the entire list (55 in my case) to see which ones failed. For each failed validation, you can get more details including the recommended remediation, but you need to expand each section which can be painstaking if you have more than a few failures.

This is where we can leverage the power of automation and the VCF APIs ...

[Read more...]

Import vCenter Server with Single ESX Host as new VCF Workload Domain?

by // Leave a Comment

A useful feature in VCF Operations 9.0 is the ability to create a new VMware Cloud Foundation (VCF) Workload Domain from an existing vSphere environment, providing seamless onboarding into a VCF Fleet and getting access to the new VCF Fleet Management capabilities.

To access the VCF Import feature, navigate to the inventory view of your VCF Instance within VCF Operations and select Add Workload Domain->Import a vCenter Server to begin the workflow. A variety of deployment configurations are supported with VCF Import, you can refer to the official documentation for the complete list of requirement and minimum versions.

Deploying VCF 9.0 in a lab environment is an easy way to get hands on experience with this workflow. I recently installed ESX 9.0.1 onto a single ASUS NUC 15 Pro with a self managing vCenter Server for trying out the import scenario but I ran into the following pre-check error: Please ensure there is at least one cluster has more than 1 host


I guess I need to have more than one ESX host before I can proceed ... or do I? 🤔

[Read more...]