1. Purpose of this Article
In our environment we are currently using VMware Tanzu in combination with vSphere 7. As we do not use the cloud-based product Tanzu Mission Control to roll out new Tanzu Kubernetes cluster, it should be possible to automatically deploy and, in future configure, Tanzu Kubernetes cluster. Therefore I have created a Cloud Template in vRealize Automation (version 8.8), which allows users to be able to request Tanzu Kubernetes cluster out of the Service Broker catalog.
Disclaimer: In our environment we do have vRealize Automation 8.8, so it is still vRealize Automation (vRA). vRA in general was rebranded to VMware Aria Automation starting with version 8.10.
This article will describe the necessary steps, that need to be taken to integrate Tanzu into vRealize Automation, as well as create the Cloud Template in Cloud Assembly and publish the cloud Template to Service Broker to make it requestable for users.
2. Prerequisites and Environment
The environment we are using for this article is a vSphere environment based on version 7.0.3 with VMware Tanzu enabled. The vCenter has two Supervisor Cluster configured.
Before I can start integrating Tanzu and vRealize Automation, I need to create a Supervisor Namespace in vSphere, provide user privileges, storage and VM Service information. After this is set and done, I can reference these settings in vRA later.
- To create a Supervisor Namespace, I need to specify the following:
- Select the Supervisor Cluster
- Define a name for the namespace
- Define a description (optional)
2. Configuration of the namespace:
- Assign permissions to users or groups
- Assign storage based on storage policies provided by vCenter
- Choose VM classes that should be available for this namespace
After the configuration of the namespace is done, you can focus on the integration of VMware Tanzu in vRealize Automation.
3. Integration Tanzu and vRealize Automation
First step of integrating Tanzu in vRealize Automation is check, whether the connected Cloud Account (in this case the vCenter) can be used for Kubernetes deployments. This means that this vCenter has Workload Management enabled and at least one Supervisor Cluster is configured.
After checking the Readiness for Kubernetes Deployments successfully, the next step is to add the Supervisor Cluster and the Namespace you just created to the Kubernetes section in the vRA infrastructure. To do so, log into Cloud Assembly of your vRealize Automation environment. Using the infrastructure tab and the Kubernetes section of it, you are able to add both, the Supervisor Cluster and the Supervisor Namespace.
- Add existing Supervisor Namespace:
2. Add existing Supervisor Namespace and assign it to vRA project:
After successfully adding the Supervisor Cluster and Namespace, you need to make sure, that these resources can be used in vRA for Kubernetes clusters to be deployed. Therefore, it is necessary to create a Kubernetes Zone in Cloud Assembly. A Kubernetes Zone defines a set of compute resources that can be used for provisioning of clusters and namespaces. The creation of a Kubernetes Zone is basically a Two-Step configuration:
- Select Cloud Account and provide additional information like name and capability tag
- Assign Supervisor Cluster and Namespace that should be used in the Kubernetes Zone as provisioning resources
The final step, before you can create the Cloud Template for the deployment is to assign the Kubernetes Zone as Provisioning source to at least one project. This configuration is necessary for members of the vRA projects to be able to request and therefore deploy Tanzu Kubernetes clusters to this Kubernetes Zone. In Cloud Assembly you open the settings for the project you want the Kubernetes Zone to be assigned to. In the Provisioning tab you can add the Kubernetes Zone you just created.
Now, everything is set and done, and you can focus on creating the Cloud Template in Cloud Assembly, which will become the blueprint for the Tanzu Kubernetes Cluster deployments later.
4. Create Cloud Template
Before creating the actual Cloud Template, you should create Cluster Plans in Cloud Assembly, which define the potential cluster size of the Tanzu Kubernetes Clusters that will be deployed. The goal here is to give the requestor a couple of options to choose from. To configure these cluster plans you need to:
- Choose the Cloud Account
- Provide a name
- Choose the Kubernetes version
- Define the count, VM class and storage class for control plane and worker nodes
- Choose additional settings, like network settings
Here is an example of a cluster plan:
Now all the preparations are finished, and you can start creating the Cloud Template for the deployments. I used the Cloud Assembly Designer and the integrated YAML editor to create the following Cloud Template:
The Cloud Template provide the following functionality:
- It will create a Tanzu Kubernetes Cluster
- The name and the cluster size (cluster plan) will be set by the user in the input form during the deployment request
- It will be deployed to the Kubernetes Zone with the capability tag “k8szone:demo” assigned
After you have created the Cloud Template, it is time to think about releasing and sharing this Template with users in Service Broker and then of course test the deployment. So let`s take a look at these steps.
5. Release version to Service Broker
To be able to grant access to this Cloud Template to users, you need to create a version of the Cloud Template and release it to the Service Broker catalog.
Next step, after having released the version to the catalog is to switch over to Service Broker and make sure, that this version will be available for usage, as part of a content source, that could be already configured. A content source in Service Broker defines a set of Cloud Templates (among other options) that can be used as catalog items in Service Broker. If your environment does not have any content source configured yet, you need to create one and integrate the project in which context you have created the Cloud Template.
By hitting “validate” on the content source settings, Service Broker will import your newly created Cloud Template. After that, you are able to work with the Cloud Template in Service Broker.
6. Create Custom Form and Share Content
Next step after the successful synchronization to Service Broker is now to create a custom form, which can then be shared to users who have access to the catalog. The custom form for the Tanzu Kubernetes cluster asks the user to fill out the inputs, you have configured in the Cloud Template:
- Choose Project (if the user is a member of multiple projects)
- Provide a deployment name
- Provide a cluster name (only lowercase letters allowed -> constraint with reg expression “^[a-z0-9]+$”)
- Choose cluster size (-> will choose a cluster plan I have created in Cloud Assembly)
- Request with “Submit”
After you have created the custom form and enabled it, it can be used to share it with projects using the content sharing option in Service Broker. This is the last necessary step, before users are able to log in and request the Tanzu cluster.
7. Request Tanzu Kubernetes Cluster
Having shared the catalog item, you and of course other users are now able to request a Kubernetes cluster for yourself / themselves. To do so, you access the catalog of Service Broker to choose the Tanzu-K8s-Cluster catalog item and open the form by clicking “Request”. Once opened the request form, you (or the user) provide all necessary information for the deployment to be successful. Here is an example of my request form:
Once you have submitted your request, the provisioning service of vRA will make sure, that your Tanzu Kubernetes cluster is created using the Supervisor Cluster you have configured in your Kubernetes Zone.
Once the deployment is finished you can access the Tanzu Kubernetes Cluster as vRA managed object in Service Broker. You can choose from a couple of default Day 2 Actions, like scaling the cluster or applying deployments using a YAML manifest, using the Actions menu at resource level in Service Broker. You can also create additional actions on your own using Cloud Assembly in combination with vRealize Orchestrator.
8. Access the new created Cluster
The last and final step is of course to work with the new created Tanzu Kubernetes cluster by accessing the Kubernetes API. Normally, when working with VMware Tanzu you would have to use the kubectl vsphere-login plugin, provided by the Supervisor Cluster to access your Tanzu Kubernetes clusters. As in this scenario we are working with the vRA integration you can download the Kubeconfig file right from the Service Broker resource overview. Adding this config file to your local machine or workstation you want to use for working with your Tanzu Kubernetes cluster you are then able to do so.
This concludes this article, explaining how to create and access a Tanzu Kubernetes Cluster using vRealize Automation. Typical next steps would be to set up and configure permission within the Kubernetes Tanzu clusters and of course deploy applications to it using YAML manifests. These steps can be done manually or you can create these steps as part of the deployment process in your automation process as well. For this you can use vRealize Orchestrator workflows, create Code Stream Pipelines or choose any other automation tool you prefer.