vSphere Kubernetes Service

Disabling vSphere with Tanzu does not delete NSX Advanced Load Balancer (NSX ALB) Service Engine (SE) VMs

03.31.2021 by William Lam // Leave a Comment

While working on some automation to deploy a vSphere 7.0 Update 2 environment that has been configured with vSphere with Tanzu and NSX Advanced Load Balancer (NSX ALB), I noticed that when you disable Workload Management on a vSphere Cluster, the two NSX ALB Service Engine (SE) VMs were still left behind.

It turns out that this behavior is due to a default setting within NSX ALB that will NOT automatically delete the SE's in the case there is a scaled up event which would then cause a re-deploy to happen. Instead, by default it is configured to wait 120 minutes (2hrs) before cleaning up.

If you wish to change this behavior, you can login to NSX ALB UI and navigate to Infrastructure->Service Engine->Advanced and update the "Delete Unused Service Engines After" to your desired value. Please note, that the shortest time interval to wait is 1 minute and if you set it to 0, it means the SE's VMs not be deleted.

After saving this change, the next time you disable Workload Management, the SE VMs will automatically get cleaned based on the time interval you had configured.

How to deploy Knative to a Tanzu Kubernetes Grid (TKG) Cluster on both vSphere with Tanzu and TKG Multi-Cloud?

11.23.2020 by William Lam // Leave a Comment

This weekend I spent some time installing Knative, which is an open source framework that is built on top of Kubernetes. Knative is actually made up of two core components, serving and eventing. This quote from Ram Gopinathan, Principal Technology Architect, T-Mobile really sums up Knative quite nicely:

Knative helps our developers focus on building the business logic rather than worrying about building low-level platform capabilities such as build, deploy, autoscaling, monitoring, and observability.

There are a number of tutorials online for setting up Knative, most of which using Kubernetes in Docker (KinD) for easy local development. Since I have been spending quite a bit of time lately with both our vSphere with Tanzu and Tanzu Kubernetes Grid (TKG) Multi-Cloud solution, which both support deploying conformant and production grade Kubernetes (K8s) Clusters called a TKG Guest Cluster, I figure I might as well learn how to install Knative using these infrastructures.

The instructions below will be focus on deploying the Knative serving components. Once you have that setup, it is easy to deploy the eventing components which you can follow the official Knative documentation.

[Read more...]

Why am I seeing HTTP communication status 404 error when configuring vSphere with Tanzu & how to fix?

11.16.2020 by William Lam // 15 Comments

One thing I love about the VMware Community is the constant sharing of knowledge and information on a regular basis. I always enjoy discovering new tricks and tidbits from the community, especially as it helps me refine my own knowledge and understanding of a given technology or solution.

My good buddy Ariel Sanchez cc'ed me on Twitter yesterday referencing a blog post by Paul Wilk about an issue he was observing in his Nested ESXi environment when configuring vSphere with Tanzu.

This is interesting! Wonder if @lamw ir @eric_shanks have ever seen something like it

— Ariel Sanchez Mora @*protected email* (@arielsanchezmor) November 15, 2020

This was in regards to the dreaded 404 message displayed in the vSphere UI:

HTTP communication could not be completed with status 404

which is actually not unique to a Nested environment. In fact, this cryptic error message was observed even in the first release of vSphere with Tanzu which used to be called vSphere with Kubernetes with the release of vSphere 7.0 release.

Although Paul's conclusion on why his fixed work was not exactly correct, it was the fix itself that I was actually most interested in. Even with the initial vSphere 7.0 release, I had assumed this was just a cosmetic vCenter Server error message. It was not ideal, but like many other customers, I just ignored it as the enablement of Workload Management was still successful.

What helped me connect the dots was the fact that Paul solved the problem by disabling the ESXi firewall, which meant this was actually an ESXi issue. Given this was related to the OVF deployment, I immediately knew what this was actually referring to and is related to an earlier blog post I had shared about a new feature that would allow ESXi to "pull" remote OVF/OVA files from a HTTP(s) endpoint. In this case, it was not OVFTool driving the deployment but rather vCenter Server and the Content Library service, which is also responsible for OVF/OVA deployments.

It turns out that as part of deploying the Supervisor VMs, instead of using the typical "push" method for uploading an OVA, vCenter is instructing the ESXi host to "pull" the OVA files remotely which are actually hosted on the vCenter Server Appliance (VCSA) itself. What ends up happening is that because ESXi does not have the correct port in which the OVA is hosted on the VCSA, the "pull" method fails and it automatically falls back to the old "push" method. This is why you see the error message and then progress is immediately progressing.

[Read more...]