WilliamLam.com

Exploration of Tanzu Kubernetes Grid (TKG) multi-vCenter Server templating using YTT

by // Leave a Comment

The motivation behind this blog post originates from a really cool blog post by Mike Brown who shared an interesting Telco use case for wanting to running Tanzu Kubernetes Grid (TKG) on VMware Cloud on AWS (VMConAWS) and centrally managing TKG Workload Clusters, which would run at each individual Edge/Cell Site location.

While reading through Mike's blog post, I noticed one of the steps was to edit the generated YAML from the TKG Management Cluster which would then be used to deploy the individual TKG Workload Clusters. This would need to happen for each new deployment 😮 and of course, this could be very error prone and frustrating for end users. Here is an example of what the YAML file looks like which is over 1K+ lines!

This screams for automation and I had been looking for a reason to try out YTT again, which is a YAML templating tool that is part of the open source project Carvel. Although I had played with YTT before, it did not feel intuitive, especially for a new user who was trying to solve a quick problem. I figured this was my opportunity to take another look at YTT.

After a couple of hours and a lot of trial/error, I ended up with a partial solution and realized that I would not be able to figure this out given there were even more complicated sections within the YAML. I felt the bar to getting started with YTT was still too high and it may not be the right tool for this particular situation. I opted for a quicker solution using sed, which I had experience with before, but I also know that depending on the problem, sed can be just as complex and I also dislike regular expressions  🙂

[Read more...]

Packer reference for VMware Harbor Virtual Appliance

by // 2 Comments

I recently had a need to setup a container registry for a project that I was working on and Harbor was of course my default choice. Although Harbor is pretty easy to setup, I did not want to manually go through the installation each time I needed Harbor and I figured it was time to build my own Harbor Virtual Appliance (OVA), just like I have shown in the past with these reference implementations here and here.

UPDATE (02/03/23) - VMware has productized and is now shipping an official VMware Harbor Virtual Appliance (OVA) as part of the latest Tanzu Kubernetes Grid (2.1) release.

For those interested, you can find the reference implementation for building a Harbor Virtual Appliance at https://github.com/lamw/harbor-appliance

When deploying the Harbor Appliance, you will find the basic OVF properties that I have encoded including networking, credentials, debugging and advanced settings. Hopefully should be pretty straight forward for anyone who has deployed an OVA before to vSphere.

[Read more...]

Quick Tip - vSphere Permission to view vSphere with Tanzu Namespaces

by // 6 Comments

If you wish to create a custom vSphere Role that has the ability to view vSphere Namespaces which is part of vSphere with Tanzu, you will need to add the user to the following vSphere Single Sign-On Group: ServiceProviderUsers, which is located under Single Sign On->Users and Groups->Groups (2nd page) within the vSphere UI.


Once added, you can logout and log back in and the user should now see the vSphere Namespaces as shown in the screenshot below. In my example, I have a user named william which is created in the default vsphere.local domain and has been assigned the user the vSphere Read Only role along with this additional SSO group. They will be able to view all resources but will not have permission to make any changes to the infrastructure. If you are using Active Directory, the exact same process works and just make sure you log out and log back in for the changes to take effect.