]

Solution

  • App Modernization

Type

  • Document

Level

  • Intermediate

Category

  • Technical Guide

Technology

  • Kubernetes

Demo Appliance for Tanzu Kubernetes Grid - Prerequisites

Introduction

This guide explains how to set up prerequisites for the Tanzu Kubernetes Grid on VMC Workshop, which takes advantage of the Demo Appliance for Tanzu Kubernetes Grid (TKG) Fling, an easy-to-use utility that bundles all the required dependencies to deploy TKG Clusters running on VMware Cloud on AWS.

VMware Cloud on AWS Requirements

Existing SDDC or deploy new 1-Node SDDC

vSphere Management Network (on-prem) or NSX-T Segment (VMC) to run TKG Demo Appliance which has access to VMC vCenter Server

DHCP Enabled Network to run TKG Workloads which has access to VMC vCenter Server

Desktop to access the SDDC and TKG Demo Appliance with the following ports open

  Outbound Port 22 (SSH)

  Outbound Port 443 (vCenter & K8s API)

  Outbound Port 31001 (K8s Demo App)

0. PowerCLI Automation for VMC Prerequisites

For ease of setup, customers can use the following PowerCLI Automation found at https://github.com/lamw/tkg-on-vmc-setup which will automate all of the prerequisites in this document. It is still highly recommended that folks take a look at the full document below, but the script can accelerate proof-of-concept demos, taking only about 7 minutes to complete. Upon successfully completition of the script, you can refer to the TKG on VMC Workshop Guide.

1. NSX-T Network

Network Segment

For demo purposes, we will be running both the TKG Demo Appliance and the TKG Management and Workload Cluster on an NSX-T Segment running in VMC.

Create a new Network Segment which will run the TKG workloads with the following configuration:

Setting

Value

Segment Name

tkg-network

Type

Routed

Gateway IP/Prefix Length

192.168.2.1/24

DHCP

Enabled

DHCP IP Range

192.168.2.2-192.168.2.254

Note: If 192.168.2.1/24 is already in use, you can specify another network

2. NSX-T Inventory Group

Configure Compute Inventory Group

Create the following three Inventory Groups for Compute by clicking Add Group and providing the name specified below and then “Set Members” to set the value

Group Name

Value

Desktop

IP Address from https://www.whatismyip.com/ or network you will use to connect to TKG Network

SDDC Management

The SDDC CIDR used when deploying your SDDC. You can find this under Network & Security->Overview page and search for “Infrastructure Network”. It should look like 10.2.0.0/16 as example but subsitute your value

TKG Network

192.168.2.0/24 (or network you used)

Here is what the Compute Inventory Group should look like after you have completed the above.

Configure Management Inventory Group

Create the following two Inventory Groups for Management by clicking Add Group and providing the name specified below and then “Set Members” to the value below

Group Name

Value

Desktop

IP Address from https://www.whatismyip.com/ or network you will use to connect to TKG Network

TKG Network

192.168.2.0/24 (or network you used)

Here is what the Management Inventory Group should look like after you have completed the above.

3. NSX-T Edge Gateway Firewall

Configure Compute Gateway Firewall

Create the following three Compute Gateway Firewall Rules (ensure to click Publish to actualy create the Firewall Rules)

Rule Name

Sources

Destinations

Services

Desktop to TKG Network

Desktop

TKG Network

ANY

TKG Network to SDDC Management

TKG Network

SDDC Management

Any

Here is what the Compute Edge Firewall should look like after you have completed the above.

Configure Management Gateway Firewall

Create the following Management Gateway Firewall Rules (ensure to click Publish to actualy create the Firewall Rules)

Rule Name

Sources

Destinations

Services

Desktop to vCenter Server

Desktop

vCenter Server

HTTPS

TKG Network to vCenter Server

TKG Network

vCenter Server

HTTPS

Here is what the Management Edge Firewall should look like after you have completed the above.

4. Public IP and NAT (optional for going over internet)

This step is only required if you do not have Desktop system that already has access to the SDDC via Direct Connect and/or VPN.

Configure Public IP for TKG Demo Appliance

Request a new Public IP Address and name the entry TKG Demo Appliance. Make a note of this IP as you will be SSH’ingn to this address during the workshop

Configure NAT for TKG Demo Appliance

Create a new NAT mapping to the Public IP Address from the previous step using the following settings:

Name

Public IP

Service

Port

Internal IP

TKG Demo Appliance

Public IP from prevoius step

Any

Any

192.168.2.2

5. Configure VMC vCenter Server Inventory

Configure Resource Pool for TKG in vCenter Server

Configure VMC VM Folder for TKG in vCenter Server

6. Configure VMC vCenter Server Content Library

Sync K8s, HA Proxy and TKG Demo Appliance OVAs

Navigate to Menu->Content Library in the vSphere UI and create a new vSphere Content Library with the following configurations:

Setting

Value

Name

TKG Demo

Subscribed URL

https://download3.vmware.com/software/vmw-tools/tkg-demo-appliance/cl2/lib.json

Download Content

Immediately

Storage

WorkloadDatastore

Note: Ensure that your vCenter Server has outbound connectivity to sync from the S3 Content Library

To download TKG Demo Appliance offline:

TKG Demo Appliance OVA - https://download3.vmware.com/software/vmw-tools/tkg-demo-appliance/TKG-Demo-Appliance-1.1.3.ova

To download K8s and HA Proxy OVA offline, you can also find it on MyVMware:

K8s v1.18.6 OVA - https://my.vmware.com/group/vmware/downloads/details?downloadGroup=TKG-113&productId=988&rPId=49705

K8s v1.17.9 OVA - https://my.vmware.com/group/vmware/downloads/details?downloadGroup=TKG-113&productId=988&rPId=49705

HA Proxy v1.2.4 OVA - https://my.vmware.com/group/vmware/downloads/details?downloadGroup=TKG-113&productId=988&rPId=49705

Once the vSphere Content Library has been created, it should start downloading the content immediately.

Note: To verify everything was downloaded correctly, you should see the “Stored Locally” value show Yes under the “OVF & OVA Templates” tab of the vSphere Content Library. If you do not see this value, either the content is still being downloaded or you have a connectivity issue preventing you from connecting to the S3 Content Library from the vCenter Server. If you are having issues sync’ing from S3 Content Library in a VMC environment, please make sure you have reviewed the following accessing S3 endpoint in VMC

7. Configure K8s & HA Proxy vSphere Template

Deploy K8s and HA Proxy from vSphere Content Library

Right click on vSphere Content Library item photon-3-kube-v1.18.6_vmware.1 and select “New VM from this Template” with the following configuration:

Setting

Value

Name

photon-3-kube-v1.18.6_vmware.1

VM Folder

VM Templates

Resource Pool

TKG

Storage

WorkloadDatastore

Network

tkg-network

Right click on vSphere Content Library item photon-3-kube-v1.17.9_vmware.1 and select “New VM from this Template” with the following configuration:

Setting

Value

Name

photon-3-kube-v1.17.9_vmware.1

VM Folder

VM Templates

Resource Pool

TKG

Storage

WorkloadDatastore

Network

tkg-network

Right click on vSphere Content Library item photon-3-haproxy-v1.2.4-vmware.1 and select “New VM from this Template” with the following configuration:

Setting

Value

Name

photon-3-haproxy-v1.2.4-vmware.1

VM Folder

VM Templates

Resource Pool

TKG

Storage

WorkloadDatastore

Network

tkg-network

Note: Do not power on these VMs, these will be used by TKG to provision TKG Clusters

Once both VMs have been deployed, right click on the VM and select “Template->Convert to Template” to convert the VM to vSphere VM Template

8. Configure TKG Demo OVA

Deploy TKG Demo Appliance from vSphere Content Library

Right click on the TKG Resource Pool and select “New Virtual Machine” and chose the “Deploy from Template” option and specify the TKG Demo Appliance and provide a name for the VM.

Select the TKG VM Folder:

Select the TKG Resource Pool:

Select theWorkloadDatastore Datastore:

Select tkg-network Network:

In the Networking section, please fill in the respective setings based on your network configuration. A static IP Address will be required for proper functionality.

Scroll down to OS Credentials and select a secure password, especially if you plan to connect from the Internet. SSH key authentication can also be used to connect to appliance. To do so, simply add your SSH key.

Click finish to start the deployment of the OVA.

Note: It is recommended that if you are un-sure of some of the settings to take an offline snapshot prior to powering on, this way you can adjust settings or easily revert the enviorment if you wish to walk through this again without having to re-deploy the OVA

Lastly, power on the TKG Demo Apppliance and then SSH using root to the Public IP that you had requested earlier. If you can access the VM without going over the public internet, then the address would be the IP Address you had configured for the TKG Demo Appliance.

 

Filter Tags

  • App Modernization
  • Intermediate
  • Technical Guide
  • Document
  • Kubernetes