Updated Capability – Limits on Supervisor Namespace – 9/22/20
With the release of vSphere 7 VMware introduced a new capability called vSphere with Kubernetes. This new capability built directly into the hypervisor opens vSphere up to the amazing world of container management through Kubernetes. It should be no surprise that vRealize Automation is jumping in to provide a management capability which will allow you to manage your traditional vSphere environments along with your new Tanzu Kubernetes clusters. In this post I am going to walk through a new capability in vRealize Automation that allows you to create Supervisor Namespaces in vSphere 7 through infrastructure as code blueprints ultimately allowing an easy to consume self-service catalog item.
So what’s the use case?
Let’s say you have just deployed vSphere 7 with Tanzu in your datacenter and you want your development teams to have access to the latest features available but don’t necessarily want them to have access to vCenter directly(I mean you probably didn’t give them access to vCenter before, right?). To use the new capabilities the devs need to be able to create namespaces and be given access on demand without having to make a request to IT. Plus you, as the infrastructure administrator, want to have the governance control to be able to add access policies, lease times, and, of course, approvals. Now you can do this with vRealize Automation!!
A little comparison to simplify things:
To make things easy to understand in this new world I am going to make a comparison that will translate to the traditional virtualization admin. To simplify what a namespace is, relate it to resource pools in vSphere. In vRealize Automation you can create buckets of compute targets called cloud zones. These cloud zones can be the entire virtual datacenter, a single cluster, or a resource pool. You then assign these cloud zones to projects (a project is a group of users and a set of infrastructure they can access). In this new world a namespace is much like a resource pool, the namespace carves out a portion of your Kubernetes cluster allowing you to put boundaries and control consumption of your Kubernetes environment. A Supervisor Namespace in vSphere serves the same function in vSphere with Kubernetes as resource pools do in your traditional vSphere environment.
Hopefully this simplifies the role of namespaces (obviously there is more to it, but I wanted to break it down to a simple comparison).
Let’s checkout the new feature:
First we will start by adding our new VMware Cloud Foundation workload domain vCenter as a Cloud Account in vRealize Automation. This is no different than setting up any traditional vCenter in Cloud Assembly. Just enter your information to setup the new cloud account:
Now instead of creating a Cloud Zone as you would for targeting a resource pool, you will instead create a Kubernetes Zone to onboard the Supervisor Cluster from vSphere with Kubernetes.
After clicking the NEW KUBERNETES ZONE button, Select you new Cloud Account you created above, name the new Kubernetes Zone and select the Provisioning tab:
On the Provisioning tab select ADD COMPUTE button to list all the available Supervisor Clusters. Select the Supervisor Cluster you want to target for this Kubernetes Zone. (in my environment I only have one Supervisor Cluster) Select the cluster and the click ADD.
You can have multiple Supervisor Clusters in a single Kubernetes Zone and tag the cluster so that you can determine placement of the Supervisor Namespace. This is important when we get to the blueprinting portion of this blog. Select the cluster you just added and click on the TAG button and configure the tag for the cluster. (In this example I used the tag vwt = vSphere with Kubernetes : supc1 = Supervisor Cluster 1 – vwt:supc1 BUT you can use any tag you would like).
Finally, check that the cluster(s) you wanted are in place and tags are associated and click SAVE to save the Kuberetes Zone.
Now we need to add the newly created Kubernetes Zone to the Project(s) that we would like to be able to use the Supervisor Cluster. Select the Project you want to add the zone to from the list of projects. (In this example we are adding it to our Business Critical Application project.)
Select the Kubernetes Provisioning tab and then click on the ADD ZONE button:
Select the newly created Kubernetes Zone from the dropdown list and select SAVE.
Now it’s time to create a blueprint which we will use as the infrastructure as code instruction set we will use to backend our self-service catalog item. From the Design tab select Blueprints and then click to add a New blueprint. Configure the name and project you want this blueprint to be associated with then click CREATE. You are now on the blueprint creation canvas. On the left side you will see all the objects available to be added to the blueprint. Under the Kubernetes list drag over the Supervisor namespace object to the canvas. This will automatically start to build the YAML code which defines the infrastructure as code portion of the blueprint. You will notice also that we have added an input so the consumer can name the Supervisor Namespace during request plus we are constraining the blueprint to use the tag we put on the Supervisor Cluster when we add it to vRealize Automation. NOTE: if you had multiple Supervisor Clusters with different tags you could make this an input that could be selected at request time…think Test / Dev / Prod.
You can also add limits to the supervisor namespace in the blueprint:
Now click on the VERSION button to create a version of the blueprint and ensure to check the box to “Release this version to the catalog”.
Now you are ready to add this item to the catalog for self-service consumption in the Service Broker service. I am not going to walk through that process but you can get information on how to do this following this link. Once you have the blueprint assigned in the catalog you can make the request from the catalog. Enter the Deployment name, as you specified in the blueprint, enter the name for the namespace, and select SUBMIT.
After requesting the catalog item you can switch to the Deployments tab to see the progress of the deployment. Once it is complete you can select the deployment to see details:
The deployment detail screen provides all the information on the deployment. If you select on the namespace object on the canvas you will get information about the namespace including a link to download the necessary CLIs to interact with the Kubernetes environment.
Clicking on the information circle will provide you with the command to use the kubectl-vsphere CLI to log in and use the new namespace:
Now you can manage the new capabilities introduced with vSphere with Kubernetes like we have managed resources with traditional vSphere environments. There is a LOT more of this coming in the near future, so look for additional capabilities integrated into vRealize Automation around Kubernetes management!
Other Blogs to Check Out:
vSphere with Kubernetes, vRealize Automation, and Tanzu…A Perfect Match!
Deploying Tanzu Kubernetes Grid (TKG) with vRealize Automation
Managing Kubernetes Namespaces in vRealize Automation
Infrastructure as Code and vRealize Automation