1. 1
VMware Tanzu!
A Primer to throw a POC Party
Tanzu Basic:
vSphere7 Kubernetes with vDS
Vino Alex
Staff Cloud Native Architect
valex@vmware.com
linkedin.com/vinoalex
2. 2
Isolated Workloads Network
A WCP Cluster
● Can have multiple Workload Networks
● Needs to have at least One Workload Network
● The workload network to which Supervisor Cluster connected is called as “Supervisor Primary Workload
Network”
● Needs One Load Balancer
A WCP Namespace
● Needs to be assigned a Workload Network
● All Guest Clusters deployed to this Namespace will be connect to the DVPG referenced by this Workload
Network
● Draw IPs from this Workload Network’s Address Ranges
● Will be assigned the Supervisor Primary Workload Network if none specified.
4. 4
Components & Roles
TKG Controller
● Performs TKC Cluster Config management
● Translate TanzuKubernetesCluster(TKC) specifications into Clusters and Machine resources that Core
Cluster API (CAPI) and Cluster API Provider WCP (CAPW) understands
CAPI & CAPW
● Perform Guest Cluster lifecycle management
● Break down Cluster and machine specifications into IaaS-layer resources that VM-Operator and
net-Operator understand.
● Dynamically selects network for Virtual Machines,Influenced by network assigned to WCP Namespace
spec.
VM-Operator
● Perform IaaS Resource Lifecycle Management(LCM)
● Actuates on CAPW Virtual Machine specifications to manage lifecycle of Virtual Machines on hosts.
● Requests a Network Interface for the Virtual Machine on the Network selected by CAPW.
5. 5
Key Network Components
net-operator
● New component in Supervisor that introduces declarative kubernetes APIs to create
provider-/vendor-agnostic networks and network interfaces,
● Manage provider-/vendor-agnostic loadbalancer virtual servers.
lbapi-operator
● New component in Supervisor. vendor-specific loadbalancer adapter. Manages HAProxy virtual server
configurations for the Supervisor & Guest Clusters.
● Actuates on the lb-vendor-agnostic resources that net-operator creates (derivative of
sigs.k8s.io/service-apis) into HAProxy virtual server configurations.
● Communicates with HAProxy DataPlane using credentials provided in the WCP LoadBalancer spec.
48. 48
Linux AnyIP
In the deployment haproxy VM appliance is using Linux feature AnyIP to configure the Load
Balancer VIPs. The haproxy Appliance will consume all the IPs in VIP CIDR after the haproxy
VM Deployment.
After Power on the haproxy VM, you should be able to do ICMP Ping to all IPs in LB VIP CIDR.
( As per the ref. lab LB VIP CIDR is specified as 192.168.77.28/25. If you follow the guide, you
should be able to `ping` to any of the IPs in the range `192.168.77.129-192.168.77.254`.
Linux Kernel AnyIP
● The AnyIP feature of the Linux kernel allows you to bind a complete IPv4 or IPv6 subnet to your
system.
● Instead of adding all addresses manually to the kernel you can tell it to bind a complete subnet.
eg:IPv4:ip -4 route add local 192.168.77.28/25 dev lo
56. 56
Input the LB Type, Data Plane Config. Creds, LB VIP Range
and LB Certificate Authority
To get the Server Certificate
Authority, SSH into the `haproxy`
appliance using the `root`
credentials and run the command
`cat /etc/haproxy/ca.crt`.
LB VIP range
57. 57
Provide the Management NW Config, and Starting IP for the
Supervisor Control Plane VMs Management Network
Please note , Supervisor Control
Plane VMs, consume Five
Consecutive IPs start from the
Starting IP Address allocate to its
Management Network Interfaces.
You may plan the `Starting IP`
accordingly.
58. 58
Input IP CIDR for the Supervisor Cluster Component
Services,DNS Servers and Click to add Workload NW
59. 59
Name the Network, Configure IPs for the Virtual Servers
(Supervisor Cluster Workload NIC and TKC Nodes)
62. 62
Choose the Content Library For the TKC Cluster Nodes
You may note that, in the lab
scenario the Content Library
for the TKC Nodes is not yet
configured. You may choose
the Content Library for
`haproxy` (as a
placeholder)and modify it
later while configuring the
Namespaces. You could also
Create a Content Library and
Subscribe the TKC Node
OVA templates prior to this
step. (Ref. TKC Deploy
Session)
80. 80
Add User,Identity Source and Permissions to the
Namespace
You could also define the
Resources for the
Namespace. It is the most
important `value proposition`
of the Namespace Object of
the WCP Cluster. The
Namespace helps vSphere
admins to enforce the
desired Resource Quote as
well as Security Model and
allocate it to the Dev. users.