VCD Container Service Extension Series-Part 4: Tenant Onboarding & K8 Cluster Deployment

In last post of this series, we learn how to install and integrate CSE plugin with VCD for easier management of Kubernetes container. In this post we will learn how tenants can leverage CSE plugin to deploy K8 clusters.

If you have landed directly on this post by mistake, I would recommend reading previous articles from this series.

1: Container Service Extension Introduction & Architecture

2: CSE Server Installation

3: CSE Plugin Integration With VCD

Onboarding Tenants

Before a tenant can start provisioning K8 cluster from CLI or UI (via CSE plugin), we need to enable the tenant to do so. This can be done directly from CSE server or login to any machine where vcd-cli utility is installed. To onboard a tenant, use following commands:

Note: These commands needs to be run as VCD system admin. 

# vcd login vcd.vstellar.local system admin -iw

# vcd right add -o <org-name> “{cse}:CSE NATIVE DEPLOY RIGHT”

Example: # vcd right add -o cse_org “{cse}:CSE NATIVE DEPLOY RIGHT”

Rights added to the Org ‘cse_org’

Note: At this point of time, if we run command vcd cse ovdc list, it will show us no K8 provider has been configured for the tenants.Read More

VCD Container Service Extension Series-Part 3: CSE Plugin Integration With VCD

In last post of this series, I explained how to set up CSE server. In this post we will look at steps of integrating CSE plugin in VMware Cloud Director, so that tenants can spin K8’s cluster from VCD portal.

If you have landed directly on this post by mistake, I would recommend reading previous articles from this series.

1: Container Service Extension Introduction & Architecture

2: CSE Server Installation

Latest and greatest version of CSE plugin can be downloaded from Here

CSE plugin installation is taken care by Cloud Provider. Post installation, provider can choose to publish plugin to all/specific tenants.

Login to VCD as system admin and navigate to Home > More > Plugins page. 

Click on upload button to start the wizard. Clicking on Select Plugin File allow you to browse to location where plugin file is downloaded.

Select the scope of publishing CSE plugin. Service provider can publish this plugin to all or subset of tenants. Read More

VCD Container Service Extension Series-Part 1: Introduction & Architecture

I was working on VMware Container Service Extension (CSE) for the last 2 weeks and it was a great learning opportunity for me. My CSE deployment did not go smoothly and I faced many issues with very little or no idea on how to fix them. But kudos to Joe Mann for lending a helping hand to fix all infra-related issues.

Through this blog series, I want to pen down my experience of working with CSE and the challenges which I encountered, and how those issues were resolved.

What is VMware Container Service Extension?

VMware Container Service is an extension to Cloud Director which enables cloud providers to offer Kubernetes-as-a-Service (on top of VCD) to their tenants. Kubernetes as a service helps tenants to quickly deploy the Kubernetes cluster in just a few clicks directly from the VCD portal. 

Cloud Providers upload customized Kubernetes templates in public catalogs which tenants leverage to deploy K8 clusters in self-contained vApps.Read More

VCD Container Service Extension Series-Part 2: CSE Server Installation

In first Post of this series, I talked about high level architecture of CSE infrastructure. I also discussed about various components that makes up the CSE platform. In this post I will walk through steps of installing & configuring CSE server.

CSE Installation Prerequisites

Before starting with CSE server installation, make sure following requirements are met:

1: VCD installed & configured: For Lab/POC environment, single node VCD installation is sufficient. For production environment 3 or more nodes (configured behind lb) is recommended.

2: Organization & Catalog for CSE: Dedicated Org created in VCD for CSE consumption. This org should have a Routed Org Network which has outbound connectivity to internet. Also this org should have a catalog created in advance. This catalog holds the K8’s ready vApp templates and will be shared to tenants for consumption.

3: AMQP broker configured in VCD: To extend VCD Public API, AMQP broker needs to be configured beforehand. Read More

Reset Cloud Builder DB for a Fresh Bringup (VCF)

Many of us might have encountered this situation where Cloud Builder UI doesn’t provide a back button after a successful SDDC  bringup. I have written a blog Post in the past where I showed the API method of resetting CB for a new bringup.

This post is an extension of my earlier post. Here I will demonstrate the database hack method to initiate a fresh bringup.

Step 1: Login to Cloud Builder via SSH and switch to root user.

Step 2: Connect to the Database

Step 3: Nuke the Bringup related tables

Refresh the CB UI and you will be returned to the checklist page.Read More

Upgrading vROPs Tenant App for VCD via CLI

In this post I will walk through how to upgrade vROPs Tenant App for Cloud Director via CLI.

Although upgrade can be performed directly from TA vami interface by logging in to https://<vrops-ta-fqdn>:5480/, but having knowledge of CLI is important specially when you are looking for automating the upgrade.

Note: Vami credentials of vROPs TA defaults to root/vmware.

Below are high level steps of upgrading the TA appliance via CLI.

Note: I have tested below steps to upgrade Tenant App from v2.3 to 2.4

Step 1: Enable SSH on TA: Login to TA appliance via vCenter console (credentials: root/vmware) and enable ssh by typing below commands:

# systemctl start sshd

# systemctl enable sshd

Step 2: Download TA Upgrade Package: Upgrade package for appliance can be downloaded from VMware Market Place under Resources tab.

Extract the downloaded iso. We need to upload the content of iso on TA in next step

Step 3: Create Upgrade Repo on TA appliance: Connect to TA appliance over ssh and run following command:

# mkdir -p /data/repo

# chmod 755 -R repo/

Now upload the extracted content in /data/repo directory via winscp or similar utility.Read More

Retry Failed Bringup with Modified Input Spec in VCF

Those who are experienced with VCF might have seen this situation in past where a SDDC Bringup task fails because of an incorrect parameter in the json/xls file used for bringup.

Cloud Builder UI don’t provides a mechanism to go back and change the input file with correct values and retry bringup with modified file. Don’t loose heart if you are caught in this situation as it is possible to do this via API and in this post I will walk through steps of doing so.

By default cloud builder places the sddc-bringup json in /opt/vmware/sddc-support/cloud_admin_tools/Resources/vcf-ems/ directory by name vcf-ems.json.

Note: Even if you are using xls to feed cloud builder, it is internally converted in json file.

You can either modify this json directly and fix the incorrect value that was supplied in your xls/json file or you can generate a new json for bringup. 

Step 1: Login to cloud builder vm via ssh and switch to root user.Read More

Troubleshooting vRSLCM Deployment Failure in VCF

Last week while working in my VCF lab, I faced an issue with vRSLCM deployment. Deployment failed in step where SDDC Manager tries to configure vRSLCM NTP settings.

Started my troubleshooting with checking domainmanager.log on sddc manager appliance. I saw following log entries:

Read More

What’s New With vCloud Availability 4.0-SLA Profiles

With the latest release of vCloud Availability, some very cool features are added in it. In this post I will discuss about one such feature called “SLA Profiles”. 

What is SLA Profiles?

This new feature brings pre-configured protection profiles to be consumed as it is.

These profiles can be assigned to all/specific tenants and are available for tenants when creating new protection/migration for virtual machines.

Each SLA profile has following attributes:

  • Target recovery point objective (RPO).
  • Retention policy for the point in time instances (snapshots).
  • Whether the quiescing is enabled.
  • Whether the compression is enabled.
  • Timeslot to delay the initial synchronization.

There are 3 SLA profiles that you will get out of the box i.e Gold, Silver & Bronze.

These profiles can be directly attached to specific organizations by clicking on Assign button.

Profile Management

SLA Profiles will be managed by the service provider. A providers can then set limits for some of the SLA attributes in a given profile and can use it in the form of policy and assign those policies to tenants so that every tenant protection fits in the policy limits.Read More

What’s New With vCloud Availability 4.0-Traffic Monitoring

In my last post of what’s new in vCAV 4.0 series, I discussed about SLA Profiles. In this post I will talk about another cool feature that tenants/providers are gonna get with 4.0.

vCAV 4.0 has ability to counts the traffic data transferred by each virtual machine that is replicating to cloud and aggregates the traffic volume information per organization. Service Provider can monitor the traffic for every replication bi-directionally and per organization individually.

How Traffic Monitoring Collection Works?

Below is high level workflow of how traffic monitoring mechanism work behind the scenes:

1: vCAV Replication Manager Service collects the traffic information for all replications to and from cloud sites and to and from on premises sites. The traffic information is aggregated by organization.

2: The cloud Replicator Service instance always collects the replication data traffic, for any replication direction. If a replication was configured with compress option, the  Replicator Service counts the compressed bytes.Read More