Deploying Harbor Registry for Tanzu Kubernetes Grid

Manish Jha

Introduction

Harbor is an open-source registry that is used to store the containerized images that will be consumed by the Docker/Kubernetes platform. The images stored in the Harbor registry are secured using policies and role-based access control. Harbor, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud-native compute platforms like Kubernetes and Docker.

Why harbor

Harbor not only provides a container registry but also can do vulnerability scanning and trust signing of your docker images. It also has a really smooth web interface that allows you to do things like RBAC, project creation, user management, and more.

Harbor supports the replication of images between registries and also offers advanced security features such as user management, access control, and activity auditing. 

Harbor Deployment Model

Harbor can be deployed both as a regular workload or as a K8 instance. Deploying as a K8 instance is very handy if you already have a Kubernetes management cluster.Read More

Tanzu Mission Control-Part 2-Manage Kubernetes Clusters From TMC

Manish Jha

In the first post of this blog series, I talked about the Tanzu Mission Control solution and the benefits of using it. I also talked about the architecture and components of TMC. Now it’s time to see TMC in action. 

One of the core features of TMC is K8 cluster lifecycle management and in this post, I will walk through the steps of creating and managing the Kubernetes cluster from the TMC portal. Let’s get started.

TMC Login

To use the TMC solution, you must have a subscription to the Tanzu Mission Control cloud service. You can access the TMC portal by logging into your VMware Cloud Service portal and clicking on the VMware Tanzu Mission Control service tile. 

By default, you will land to the Clusters view from where you can create/attach the existing Kubernetes cluster with the TMC portal.

Note: For the purpose of this demonstration, I will be talking only about TKGm and TKGS cluster in this blog post. Read More

Tanzu Mission Control-Part 1-Introduction & Architecture

Manish Jha

VMware Tanzu is a portfolio of products and services that enables customers to build modern applications on the Kubernetes platform and manage them from a single control point. The Tanzu portfolio is pretty vast and includes products and services like:

1: Tanzu Kubernetes Grid

2: vSphere with Tanzu

3: Tanzu Mission Control

In this blog post, I will be talking about what is Tanzu Mission Control and why it is important for you.

What is Tanzu Mission Control (TMC) ?

Tanzu Mission Control is a SaaS offering available through VMware Cloud Services and provides:

  • A centralized platform to deploy and manage Kubernetes clusters across multiple clouds.
  • Attach existing Kubernetes Clusters in the TMC portal for centralized operations and management.
  • A Policy Engine that automates Access control and security policies across a fleet of clusters.
  • Manage security across multiple clusters.
  • Centralize authentication and authorization, with federated identity from multiple sources.

Why you need Tanzu Mission Control?

Read More

Tanzu Kubernetes Grid 1.3 Deployment with NSX ALB in VMC

Manish Jha

Tanzu Kubernetes Grid 1.3 brought many enhancements with it and one of them was the support for NSX Advanced Load Balancer for load balancing the Kubernetes based workloads. TKG with NSX ALB is fully supported in VMC on AWS. In this post, I will talk about the deployment of TKG v1.3 in VMC. 

In this post, I will not cover the steps of NSX ALB deployment as I have already documented it here

Prerequisites

Before starting the TKG deployment in VMC, make sure you have met the following prerequisites:

  • SDDC is deployed in VMC and outbound access to vCenter is configured. 
  • Segments for NSX ALB (Mgmt & VIP) are created.
  • NSX ALB Controllers and Service Engines are deployed and controllers’ initial configuration is completed. 

Deployment Steps

Create Logical Segments & Configure DHCP

Create 2 DHCP enabled logical segments, (one for the TKG Management and one for the TKG Workload) in your SDDC by navigating to Networking & Security > Network > Segments.Read More

vSphere with Tanzu Integration in VCD

Manish Jha

Overview

Prior to v10.2, VMware Cloud Director supported K8 cluster deployment natively and integrated with ENT-PKS. With the release of v10.2, K8 integration is extended to vSphere with Tanzu. This integration enables Service Providers to create a self-service platform for Kubernetes Clusters that are backed by the vSphere 7.0 and NSX-T 3.0. By using Kubernetes with VMware Cloud Director, you can provide a multi-tenant Kubernetes service to your tenants.

In this article, I will walk through the steps of integrating vSphere with Tanzu with VCD. 

Pre-requisites for Tanzu Integration with VCD

Before using vSphere With Tanzu with VCD, you have to meet the following pre-requisites:

  • VMware Cloud Director appliance deployed & initial configuration completed. Please see VMware’s official documentation on how to install & configure VCD.
  • vCenter 7.0 (or later version) with an enabled vSphere with VMware Tanzu functionality added to VMware Cloud Director. This is done under Resources > Infrastructure Resources > vCenter Server Instances.
Read More

Global Load Balancing using NSX ALB in VMC

Manish Jha

Overview

Global Server Load Balancing (GSLB) is the method of load balancing applications/workloads that are distributed globally (typically, multiple data centers and public clouds). GSLB enables efficient distribution of traffic across application servers that are dispersed geographically. 

In a production environment, the corporate name server delegates one or more subdomains to NSX ALB GSLB, which then owns these domains, and provides responses to DNS queries from clients. DNS based load balancing is implemented by creating DNS Virtual Service. 

How GSLB Works?

Let’s understand the working of GSLB using the below example. 

There are 2 SDDC’s running in VMC and both the SDDC has local load balancing configured to load balance set of web servers in their respective SDDC. The 2 Virtual Services (SDDC01-Web-VS & SDDC02-Web-VS) have a couple of web servers as pool members and the VIP of the Virtual Service is translating to Public IP via NAT.  

Let’s assume the 4 web servers running across 2 SDDC are servicing the same web application and you are looking for doing a global load balancing along with local load balancing. Read More

Simplify Your Avi Load Balancer Deployment in VMC on AWS using EasyAvi

Manish Jha

VMC on AWS is an easy way to consume VMware SDDC on the go. Spinning up infrastructure was never been so easy.

NSX-T is one of the critical pieces of the SDDC and equips customers to use core networking features such as

  • Routing/Switching (North-South & East-West).
  • Firewall (Gateway & Distributed).
  • VPN (Policy & Route Based)
  • Load Balancer (Edge Based)

Applications are becoming complex day by day. High availability and load balancing are a must for these complex applications.

Although NSX-T Edge based load balancer is pretty good, but it doesn’t offer the next generation load balancer features. There were competitors like F5 and Netscaler in the market who were providing advanced load balancing features with their products. VMware stepped into the next-gen load balancer arena via the acquisition of Avi Networks who were doing great work in this field. Avi Networks has been rebranded to NSX Advanced Load Balancer now. 

Avi Load Balancer (NSX ALB) integration with VMC on AWS is fully supported now. InRead More

Load Balancing With Avi Load Balancer in VMC on AWS-Part 2

Manish Jha

In the first post of this series, I discussed how Avi Controller & Service Engines are deployed in an SDDC running in VMC on AWS. 

In this post, I will walk through the steps of configuring load balancer settings for load balancing web servers.

Lab Setup

The below diagram is a pictorial representation of my lab setup.

Let’s jump into the lab and start configuring the load balancer. 

I have deployed a couple of web servers running on CentOS 7.

These are plain HTTP servers and a sample page deployed. 

Load Balancer Configuration

Create Session Persistence Profile

A persistence profile controls the settings that dictate how long a client will stay connected to one of the servers from a pool of load-balanced servers. Enabling a persistence profile ensures the client will reconnect to the same server every time, or at least for a desired duration of time. 

Cookie based persistence is the most commonly used mechanism when dealing with web applications.Read More

Load Balancing With Avi Load Balancer in VMC on AWS-Part 1

Manish Jha

Load Balancers are an integral part of any datacenters and most of the enterprise applications are usually clustered for high availability and load distribution. Choice of the load balancer becomes very critical when applications are distributed across Datacenters/Cloud. 

This blog series is focused on demonstrating how can we leverage Avi Load Balancer (NSX ALB) for local/global load balancing for Enterprise applications in VMC on AWS. 

If you are new to Avi Load Balancer, then I will encourage you to learn about this product first. Here is the link to the official documentation for  Avi Load Balancer

Also, I have written few articles around this topic and you can read them from the below links:

1: Avi Load Balancer Architecture

2: Avi Controller Deployment & Configuration

3: Load Balancing Sample Application

The first 2 part of this blog series is focused on deployment & configuration of Avi LB in single SDDC for the local load balancing.Read More

vSphere with Tanzu Leveraging NSX ALB-Part-2: Deploy Supervisor Cluster

Manish Jha

In the last post of this series, I discussed Avi Controller deployment and configuration. In this post, I will demonstrate supervisor cluster deployment which lays the foundation for the TKG clusters. 

Since I have explained the process of workload management in this post, I am not going to go through each step again. However, I want to discuss load balancer option.

  • When configuring Load Balancer, select type as Avi and punch in the IP address of the Avi controller VM followed by port 443. 
  • Specify the credentials that you configured at the time of the Avi controller deployment.
  • Grab the certificate from Avi controller and paste it here. 

Note: To grab the certificate thumbprint of the Avi Controller, navigate to Templates > Security > SSL/TLS Certificates and click on the arrow button in front of the self-signed certificate that you created for the controller VM.

Copy the contents of the certificate by clicking on the copy to clipboard button. Read More