Developer Ready Clouds with Tanzu Container Service Extension Developer Ready Cloud VMware Cloud Provider

Container Service Extension 3.1.2 – A Technical Overview

Container Service Extension 3.1.2 is now GA! The Container Service Extension introduced Tanzu Kubernetes Grid Cluster support in 3.0.4 and has been evolving rapidly. Release 3.1.1 introduced support for automated Ingress Load Balancing with NSXT Advanced Load balancer with Cloud Provider Interface(CPI) plugin. The CPI plugin with VMware Cloud Director as an endpoint allows for Secure ingress access to Services on TKG clusters. The Cloud Storage Interface(CSI) plugin to create and manage Persistent Volumes per TKG clusters dynamically allows for Stateful Applications volume persistence. This blog post reviews new features available from Container Service Extension for Tanzu Kubernetes Grid.

Proxy Configuration for TKG Clusters:

The proxy configuration allows Users to use proxy for outbound traffic. Today, after the TKG cluster is booted for the first time, TKG Cluster requires internet access to download CPI, CSI, and CNI plugins. This configuration will enable customers to provision Tanzu Kubernetes Clusters using CSE with restricted internet environments. The proxy configuration is a global setting for VMware Cloud Director and Container Service Extension. The Provider admin can configure proxy settings while setting up the CSE server configuration file as follows:

When the customers or their TKG cluster authors launch a new cluster, each node of the cluster(Worker and Control Plane VM) will receive the configured proxy settings in ‘http-proxy.conf’ file. The following Figure showcases outbound traffic flow for TKG Clusters in VMware Cloud Director.

Outbound traffic flow for CSE 3.1.2 provisioned TKG Clusters from the customer organization with proxy settings


The existing TKG clusters from the previous release continue using legacy settings for outbound internet access. However, when the user scales the TKG cluster deployed from release 3.1.1, the new worker node will have a proxy configuration.

Container Service Extensions supports proxy configuration for TKG Clusters only.

Customer org admin needs to create applicable routed access to the proxy server.

Force Delete TKG Clusters

Starting 3.1.2, the TKG Cluster author role can delete stranded TKG clusters using the following CLI: “cse cluster delete <cluster name> -f”. When this command is executed successfully as shown in the example below, the associated CPI plugin resources such as LB Service, Service Engine group, and NAT rules, will be removed with the referenced cluster.

Further Reading:

  1. Container Service Extension 3.1.2 Release Page
  2. Cloud Solutions for Developer Ready Cloud
  3. Tanzu Kubernetes Grid with VMware Cloud Director


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.