WilliamLam.com

Using Terraform to activate Tanzu Kubernetes Grid Service on VMware Cloud on AWS

by // 1 Comment

It has been awhile since I have played with Terraform and I was recently investigating on whether I could use Terraform to automate the activation of the Tanzu Kubernetes Grid (TKG) Service on a VMware Cloud on AWS SDDC, which is a part of VMware's new managed Kubernetes offering called VMware Cloud with Tanzu services. Although there is an existing VMware Cloud on AWS (VMC-A) Terraform provider, it currently does not support configuring or managing the TKG Service.

Today, customers can automate VMware Cloud with Tanzu services with a simple REST API and with that in mind, I was curious if calling into a REST API using Terraform was even a thing? While searching online, I not only came to find out that directly calling a REST API using Terraform was a thing but that there were actually a few Terraform providers that enabled this capability. The most popular being Mastercard's Restapi Terraform provider, which was also updated just a couple of weeks ago.

I ended up learning a ton more about Terraform through this exercise and the final solution has been contributed to Ryan Johnson's amazing VMware Terraform Examples repo. I also have to give a huge shoutout to Ryan, who I consider one of the experts in the community for all things VMware and Terraform! I was also able to bounce some ideas and also learn a few new tricks in one of our recent conversations. 

[Read more...]

DFI GHF51 - Worlds smallest AMD Ryzen SBC

by // Leave a Comment

Awhile back I came to learn about an interesting AMD single board computer (SBC) from a company called DFI, which specializes in building embedded solutions and industrial motherboards. There are a number of vendors in this space, including OnLogic, Rugged Computers, ASRock Industrial to name a few and Bivrost which I had recently came to learn about. The Industrial vertical is actually a really interesting segment of the market that includes manufacturing, oil, gas and utilities and is often associated with the Internet of Things (IoT), also referred to as the Industrial IoT (IIoT) market.

The demands and requirements of the Industrial IoT market is wildly different from your typical Enterprise datacenter, especially when you think about some of the harsh environments that hardware must run whether that is a manufacturing facility to a remote oil rig. It is not uncommon that the hardware used must be able to withstand extreme temperature changes with greater levels of reliability but also longer duration of support and product availability for up to 10 years!


With all that said, I was pretty intrigued with their latest offering called the GHF51, which comes in at an ultra tiny 1.8" inches and is dubbed the worlds smallest board with an AMD Ryzen CPU. You can see how tiny the SBC is compared to a lego mini-figure pictured above.

[Read more...]

How to configure Knative and containerd in VMware Event Broker Appliance (VEBA) to use a private registry?

by // 2 Comments

I was recently helping out fellow colleague Patrick Kremer who was looking into an issue that one of our users had filed on how to configure the VMware Event Broker Appliance (VEBA) so that it can take advantage of a custom container registry for deploying VEBA functions. If you attempt to specify a container image from a private container registry, especially one that has a self-signed certificate, you will see the following error:

Unable to fetch image "harbor.primp-industries.local/library/veba/kn-py-echo:1.0": failed to resolve image to digest: Get "https://harbor.primp-industries.local/v2/": x509: certificate signed by unknown authority; Get "https://harbor.primp-industries.local:443/v2/": x509: certificate signed by unknown authority

I had assumed that this should have been a pretty trivial configuration change to make the underlying Kubernetes container runtime trust the desired container registry and that there would be an easy to follow tutorial that Patrick could search for. The latest release of VEBA has moved away from using the Docker runtime to containerd and this should have helped narrow down the search results, at least that was our assumption.

Not only are there plenty of resources online, but there seem to be multiple methods depending on the version of Kubernetes and containerd which was pretty overwhelming. After several attempts using various blog articles, Patrick found that the trust error has still not gone away. I finally decided to take a closer look and discovered that there are actually two components that must be updated to properly support a private container registry: containerd & Knative Serving Controller. I eventually found this page in the Knative Serving documentation that provided a hint but ultimately, I was not able to fully grok the details until I came across this Github thread that brought clarity on how to create the required secret for the root CA certificate which would allow the Knative Serving controller to trust the root CA certificate.

Below are the instructions for the required changes and I have also attempted to simplify the steps by providing automation snippets that makes it easy for anyone to consume. In my setup, I am using Harbor registry which was built from my Harbor Virtual Appliance but the steps should apply for any other private container registry.

[Read more...]