Demo Appliance for Tanzu Kubernetes Grid - Prerequisites
Introduction
This workshop takes advantage of the the Demo Appliance for Tanzu Kubernetes Grid (TKG) Fling which bundles all the required dependency to deployg deploy TKG Clusters running on either VMware Cloud on AWS.
Please refer to the infrastructure provider specific pre-reqs below before attempting the workshop.
VMware Cloud on AWS Prerequisite
☐ Existing SDDC or deploy new 1-Node SDDC
☐ vSphere Management Network (on-prem) or NSX-T Segment (VMC) to run TKG Demo Appliance which has access to VMC vCenter Server
☐ DHCP Enabled Network to run TKG Workloads which has access to VMC vCenter Server
☐ Desktop to access the SDDC and TKG Demo Appliance with the following ports open
☐ Outbound Port 22 (SSH)
☐ Outbound Port 443 (vCenter & K8s API)
☐ Outbound Port 31001 (K8s Demo App)
1. NSX-T Network
Network Segment
For demo purposes, we will be running both the TKG Demo Appliance and the TKG Management and Workload Cluster on an NSX-T Segment running in VMC.
With TKG 1.2, the HAProxy VM has been replaced with kube-vip and this means that as part of any TKG Cluster deployment (Management or Workload), an additional IP Address must be specified for the virtual IP.
In our example below, we will carve up our 192.168.2.0/24 in to the following:
IP |
Usage |
192.168.2.1 |
Network Gateway |
192.168.2.2 |
TKG Demo Appliance |
192.168.2.3 to 192.168.2.49 |
TKG VIP Address Range |
192.168.2.50 to 192.168.254 |
TKG Workload Address Range |
where 192.168.2.3 to 192.168.2.49 will NOT be included in the DHCP scope so that we can manually reserve those for both the TKG Demo Appliance and VIP addressess.
• Create a new Network Segment which will run the TKG workloads with the following configuration:
Setting |
Value |
Segment Name |
tkg-network |
Type |
Routed |
Subents |
192.168.2.1/24 |
Click on the Save button to save our initial settings.
Note: If 192.168.2.1/24 is already in use, you can specify another network
When prompted to edit the new Network Segment, select Yes and then click on SET DHCP CONFIG in the upper right hand corner. Toggle the DHCP Config to Enabled and then add the DHCP range as specified in the table below and then click on Apply to save the changes.
Setting |
Value |
DHCP Config |
Enabled |
DHCP Ranges |
192.168.2.50-192.168.2.254 |
2. NSX-T Inventory Group
Configure Compute Inventory Group
Create the following three Inventory Groups for Compute by clicking Add Group and providing the name specified below and then “Set Members” to set the value
Group Name |
Value |
Desktop |
IP Address from https://www.whatismyip.com/ or network you will use to connect to TKG Network |
SDDC Management |
The SDDC CIDR used when deploying your SDDC. You can find this under Network & Security->Overview page and search for “Infrastructure Network”. It should look like 10.2.0.0/16 as example but subsitute your value |
TKG Network |
192.168.2.0/24 (or network you used) |
Here is what the Compute Inventory Group should look like after you have completed the above.
Configure Management Inventory Group
Create the following two Inventory Groups for Management by clicking Add Group and providing the name specified below and then “Set Members” to the value below
Group Name |
Value |
Desktop |
IP Address from https://www.whatismyip.com/ or network you will use to connect to TKG Network |
TKG Network |
192.168.2.0/24 (or network you used) |
Here is what the Management Inventory Group should look like after you have completed the above.
3. NSX-T Edge Gateway Firewall
Configure Compute Gateway Firewall
Create the following three Compute Gateway Firewall Rules (ensure to click Publish to actualy create the Firewall Rules)
Rule Name |
Sources |
Destinations |
Services |
Desktop to TKG Network |
Desktop |
TKG Network |
ANY |
TKG Network to SDDC Management |
TKG Network |
SDDC Management |
Any |
Here is what the Compute Edge Firewall should look like after you have completed the above.
Configure Management Gateway Firewall
Create the following Management Gateway Firewall Rules (ensure to click Publish to actualy create the Firewall Rules)
Rule Name |
Sources |
Destinations |
Services |
Desktop to vCenter Server |
Desktop |
vCenter Server |
HTTPS |
TKG Network to vCenter Server |
TKG Network |
vCenter Server |
HTTPS |
Here is what the Management Edge Firewall should look like after you have completed the above.
4. Public IP and NAT (optional for going over internet)
This step is only required if you do not have Desktop system that already has access to the SDDC via Direct Connect and/or VPN.
Configure Public IP for TKG Demo Appliance
Request a new Public IP Address and name the entry TKG Demo Appliance. Make a note of this IP as you will be SSH’ingn to this address during the workshop
Configure NAT for TKG Demo Appliance
Create a new NAT mapping to the Public IP Address from the previous step using the following settings:
Name |
Public IP |
Service |
Port |
Internal IP |
TKG Demo Appliance |
Public IP from prevoius step |
Any |
Any |
192.168.2.2 |
5. Configure VMC vCenter Server Inventory
Configure Resource Pool for TKG in vCenter Server
Configure VMC VM Folder for TKG in vCenter Server
6. Configure VMC vCenter Server Content Library
Sync K8s and TKG Demo Appliance OVAs
Navigate to Menu->Content Library in the vSphere UI and create a new vSphere Content Library with the following configurations:
Setting |
Value |
Name |
TKG Demo |
Subscribed URL |
https://download3.vmware.com/software/vmw-tools/tkg-demo-appliance/cl4/lib.json |
Download Content |
Immediately |
Storage |
WorkloadDatastore |
Note: Ensure that your vCenter Server has outbound connectivity to sync from the S3 Content Library
To download TKG Demo Appliance offline, you can find it at: * TKG Demo Appliance OVA- https://download3.vmware.com/software/vmw-tools/tkg-demo-appliance/TKG-Demo-Appliance-1.3.1.ova
To download K8s OVA offline, you can also find it on MyVMware:
K8s v1.19.3 OVA - https://my.vmware.com/web/vmware/downloads/details?downloadGroup=TKG-120&productId=988&rPId=53095
K8s v1.18.10 OVA - https://my.vmware.com/web/vmware/downloads/details?downloadGroup=TKG-120&productId=988&rPId=53095
Once the vSphere Content Library has been created, it should start downloading the content immediately.
Note: To verify everything was downloaded correctly, you should see the “Stored Locally” value show Yes under the “OVF & OVA Templates” tab of the vSphere Content Library. If you do not see this value, either the content is still being downloaded or you have a connectivity issue preventing you from connecting to the S3 Content Library from the vCenter Server. If you are having issues sync’ing from S3 Content Library in a VMC environment, please make sure you have reviewed the following accessing S3 endpoint in VMC
7. Configure K8s vSphere Template
Deploy K8s OVA from vSphere Content Library
Right click on vSphere Content Library item photon-3-kube-v1.19.3_vmware.1 and select “New VM from this Template” with the following configuration:
Setting |
Value |
Name |
photon-3-kube-v1.19.3_vmware.1 |
VM Folder |
VM Templates |
Resource Pool |
TKG |
Storage |
WorkloadDatastore |
Network |
tkg-network |
Right click on vSphere Content Library item photon-3-kube-v1.18.10_vmware.1 and select “New VM from this Template” with the following configuration:
Setting |
Value |
Name |
photon-3-kube-v1.18.10_vmware.1 |
VM Folder |
VM Templates |
Resource Pool |
TKG |
Storage |
WorkloadDatastore |
Network |
tkg-network |
Note: Do not power on these VMs, these will be used by TKG to provision TKG Clusters
Once both VMs have been deployed, right click on the VM and select Template->Convert to Template to convert the VM to vSphere VM Template
8. Configure TKG Demo OVA
Deploy TKG Demo Appliance from vSphere Content Library
Right click on the TKG Resource Pool and select “New Virtual Machine” and chose the “Deploy from Template” option and specify the TKG Demo Appliance and provide a name for the VM.
Select the TKG VM Folder:
Select the TKG Resource Pool:
Select theWorkloadDatastore Datastore:
Select tkg-network Network:
In the Networking section, please fill in the respective setings based on your network configuration. A static IP Address will be required for proper functionality.
Scroll down to OS Credentials and select a secure password, especially if you plan to connect from the Internet. SSH key authentication can also be used to connect to appliance. To do so, simply add your SSH key.
Click finish to start the deployment of the OVA.
Note: It is recommended that if you are un-sure of some of the settings to take an offline snapshot prior to powering on, this way you can adjust settings or easily revert the enviorment if you wish to walk through this again without having to re-deploy the OVA
Lastly, power on the TKG Demo Apppliance and then SSH using root to the Public IP that you had requested earlier. If you can access the VM without going over the public internet, then the address would be the IP Address you had configured for the TKG Demo Appliance.