WilliamLam.com

Quick Tip - Debugging "stuck" vSphere Supervisor being removed

by // Leave a Comment

Disabling or deactivating vSphere Supervisor can take some time depending on the number of resources you may have deployed, which all need to be properly cleaned up.


In case the removal is taking longer than expected, there is not much information provided to the user in the vSphere UI.

However, I recently learned about a useful way to understand what is actually happening on the backend by looking at the vSphere Supervisor service logs, especially if you believe the operation is "stuck", which ended up being my situation.

[Read more...]

Dynamically Rebalance or Evacuate VKS Control Plane / Worker Nodes across vSphere Zones in VCF 9.0

by // 2 Comments

vSphere Zones in VMware Cloud Foundation (VCF) 9.0 have been enhanced to offer greater flexibility in resource consumption and isolation for both vSphere Supervisor Control Plane VMs (Management), vSphere Kubernetes Service (VKS) Cluster (Workloads) or a combination of the two.


Depending on your required level of management availability and workload isolation, administrations have several vSphere Supervisor Zone deployment options to select from:

Note: The management zone selection (single vs multi) is only configurable during the initial enablement of vSphere Supervisor. It is currently NOT possible to reconfigure the vSphere Supervisor to switch from a single to multi-zone management without re-deploying vSphere Supervisor.

[Read more...]

Quick Tip - Configuring vSphere Kubernetes Service (VKS) Cluster with self-signed container registry

by // Leave a Comment

Over the weekend, I had finished building a small container application that I had developed on my local desktop, which worked great. However, the real test was to deploy the application on a vSphere Kubernetes Service (VKS) Cluster, which would require the container image to be hosted in a container registry.

Rather than using a public container registry, like many organizations, you typically would setup an internal registry that your infrastructure could have access to. Harbor is my go to container registry and is extremely simple to setup as it uses docker-compose under the hood.

After uploading my container image to Harbor, if you try to deploy it to your VKS Cluster, you will immediately see the following image pull error:

tls: failed to verify certificate: x509: certificate signed by unknown authority


Just like any system that attempts to connect to an endpoint with a self-signed TLS certificate that it can not verify, it will not trust which is the default behavior.

For our VKS Cluster to be able to successfully pull an image from Harbor with a self-signed TLS certificate, we need to add the trusted CA to our vSphere Namespace and then reference that as part of our VKS Cluster deployment.

[Read more...]