WilliamLam.com

Quick deep dive into vSphere Namespace roles

by // 1 Comment

Before you can start consuming a vSphere with Tanzu enabled vSphere Cluster, you need to first create and configure a vSphere Namespace. This is a pretty straight forward process (check out this quick video if you are interested). One of the required configuration is to setup up permissions for which user/groups can access and consume the vSphere Namespace using one of the three default roles.


A question was recently raised in the community on the definition of each role since the user was not able to find more details in the official documentation. Here is a quick summary for each role and its functionality:

  • Owner - Can modify and delete vSphere Namespace
  • Can Edit - Can modify vSphere Namespace
  • Can View - Can perform read only operations on vSphere Namespace

Note: I have already shared this feedback with the vSphere with Tanzu Product Manager to help improve our documentation on this topic

There was also a related question on whether these roles mapped into Kubernetes (K8s) layer, which is the Supervisor Cluster in your vSphere with Tanzu enabled vSphere Cluster? This actually got me curious since I am still a novice when it comes to K8s access control (RBAC). I decided to take a closer look and with some trial error, I was able to see how these vSphere Namespace roles, which is a vCenter Server construct maps into the respective K8s constructs within the Supervisor Cluster.

[Read more...]

Quick demo videos of new VMware Cloud with Tanzu services

by // Leave a Comment

VMware Cloud with Tanzu services is VMware's new managed Kubernetes offering that incorporates the vSphere with Tanzu technology delivered as a managed service as part of our VMware Cloud service offering. The initial release of Tanzu services is currently available on VMware Cloud on AWS, which will require SDDC version 1.16 and a request for enablement (contact your VMware account team) prior to deploying a new SDDC and enabling Tanzu services.

Note: In future, Tanzu services will also be enabled for existing SDDC (brownfield) as well as for other VMware Cloud Infrastructure Services, stay tuned!

Using Tanzu services with VMware Cloud is literally night and day when compared to installing and configuring vSphere with Tanzu yourself, which includes a number of other components to setup! As you would expect, as a service, it is simply a click of a button or API call and users only have to provide four basic input (technically three if you leave one of the recommended defaults) 🙂


Rather than talk about how the new Tanzu service works and some of the things you can do with the service right now, I figured I would record a few quick demo videos. You can find the Youtube playlist below if you wish to watch them all and I have also included a link to a Github repo for the demo examples that were used. Hope you enjoy!

[Read more...]

Single node Supervisor Control Plane VM for vSphere with Tanzu now possible in vSphere 7.0 Update 3

by // 8 Comments

Last year, when vSphere with Kubernetes (original name of what is now vSphere with Tanzu) was first released, I had shared a process on how to deploy a minimal setup including a detailed write-up for setting up vSphere with Tanzu on an Intel NUC with just 32GB of memory.

I am always looking for ways to simplify and ease the consumption of various VMware technologies within a homelab and I was pretty happy with the tweaks that I could make to reduce the amount of resources needed to run vSphere with Tanzu. Instead of needing to deploy three Supervisor Control Plane VMs, the modification to the vSphere with Tanzu configuration, allowed me to deploy just two Supervisor Control Plane VMs. It was unfortunate that deploying only a single Supervisor Control Plane VM at the time was not possible due to a known issue.

While deploying a pre-release of vSphere 7.0 Update 3 in one of my lab environments, I was going through the process of tweaking the vSphere with Tanzu configuration before enablement and I figure why not try the one node setting, in case it was fixed 🤷 I honestly was not expecting it to work since there was an internal bug that was filed awhile back and I had not seen the bug closed. To my complete surprise, vSphere with Tanzu enabled successfully and there was just a single Supervisor Control Plane VM!


It turns out that someone from Engineering must have fixed the issue and a single Supervisor Control Plane VM is now possible with the upcoming release of vSphere 7.0 Update 3! 🥳

UPDATE (07/02/24) - As of vSphere 8.0 Update 3, you no longer have the ability to configure a single Supervisor Control Plane VM using the minmaster and maxmasters parameters, which have also been removed from /etc/vmware/wcp/wcpsvc.yaml in favor of allowing users to control this configuration programmatically as part of enabling vSphere IaaS (formally known as vSphere with Tanzu). The updated vSphere IaaS API that allows users to specify number of Supervisor Control Plane VM will not be available until the next major vSphere release. While this regressed capability is unfortunate, it was also not an officially supported configuration and for users who wish to specify the number of Supervisor Control Plane VM using YAML method, you will need to use an earlier version of vSphere.

To change the settings, you will need to SSH to the VCSA and edit the following configuration file /etc/vmware/wcp/wcpsvc.yaml and search for minmasters and maxmasters and change the value from 3 to 1.

minmasters: 1
maxmasters: 1

For the changes to go into effect, you will need to restart the vSphere with Tanzu service which is listed as wcp by running the following command:

service-control --restart wcp

In addition, for homelab purposes, you may also want to change the controlplane_vm_disk_provisioning parameter, which defaults the Supervisor Control Plane VM to Thick provisioned rather than Thin, which many folks use in their labs.

controlplane_vm_disk_provisioning: "thin"