vSphere Kubernetes Service

Quick Tip - Configuring vSphere Kubernetes Service (VKS) Cluster with self-signed container registry

08.12.2025 by William Lam // Leave a Comment

Over the weekend, I had finished building a small container application that I had developed on my local desktop, which worked great. However, the real test was to deploy the application on a vSphere Kubernetes Service (VKS) Cluster, which would require the container image to be hosted in a container registry.

Rather than using a public container registry, like many organizations, you typically would setup an internal registry that your infrastructure could have access to. Harbor is my go to container registry and is extremely simple to setup as it uses docker-compose under the hood.

After uploading my container image to Harbor, if you try to deploy it to your VKS Cluster, you will immediately see the following image pull error:

tls: failed to verify certificate: x509: certificate signed by unknown authority

Just like any system that attempts to connect to an endpoint with a self-signed TLS certificate that it can not verify, it will not trust which is the default behavior.

For our VKS Cluster to be able to successfully pull an image from Harbor with a self-signed TLS certificate, we need to add the trusted CA to our vSphere Namespace and then reference that as part of our VKS Cluster deployment.

[Read more...]

MS-A2 VCF 9.0 Lab: Configuring vSphere Kubernetes Service (VKS)

08.04.2025 by William Lam // Leave a Comment

This post is part of a short series that builds on our minimal VMware Cloud Foundation (VCF) 9.0 deployment (2x Minisforum MS-A2) and showcases how to fully leverage the exciting new capabilities in the VCF 9 platform, all while maintaining a minimal resource footprint, which is ideal for lab and learning purposes.

In this blog post, we will explore one of the foundational vSphere Supervisor services called vSphere Kubernetes Service (VKS), enabling administrators to easily deploy, manage and lifecycle conformant Kubernetes Clusters at scale for their development and platform teams. VKS can be consumed through vCenter Server for single IT organizations, as well as through VCF Automation for organizations that require strong multi-tenancy, including cloud service providers.

Here are some additional VKS Resources that might be of interests if you would like to learn more:

Requirements:

VCF 9.0 environment deployed
NSX VPC configured with Centralized Transit Gateway
vSphere Supervisor configured with NSX VPC Networking

[Read more...]

MS-A2 VCF 9.0 Lab: Configuring vSphere Supervisor with NSX VPC Networking

08.01.2025 by William Lam // 6 Comments

In this blog post, we will walk through the configurations steps to enable vSphere Supervisor with NSX VPC networking for our VCF 9 environment and enable the new asynchronous update feature for vSphere Supervisor, which no long requires updating vCenter Server to recieved new updates.

Here are some additional NSX VPC Resources that might be of interests if you would like to learn more:

Requirements:

VCF 9.0 environment deployed
NSX VPC configured with Centralized Transit Gateway
5 x consecutive IP Addresses for the vSphere Supervisor Control Plane VM (required even for single node deployment)
If you are using vSAN, make sure to silence any alerts you might have or it will prevent vSphere Supervisor from completing the configuration

[Read more...]