vSphere7 Kubernetes with vSphere Networking: A Primer to throw a POC Party
With the introduction of vSphere-7 update1 (v7u1), VMware bringing the most simple and straightforward path to enable Kubernetes Services natively on the default enterprise Virtualization Platform. For those organizations wishing to adopt the Tanzu Kubernetes Services without the dependency on NSX-T and VSAN, the new release provides flexibility to configure vSPhere native network stack — vSphere Distributed Switch (vDS) — as the Network provider for the Kubernetes Nodes (VMs). Customers can use the Load Balancer and L3 stack of their choice to distribute and segregate the North-South connectivity.
In a nutshell, the Platform offers the flexibility to Enterprises of all sizes to deploy a Cloud-Native Application platform in vSphere Cluster without any third party conundrums.
Today, vSphere7 Update1 offers HA Proxy as Layer4 LoadBalancer to configure Load Balancing functions for Kubernetes APIs and Kubernetes Services of type Load Balancer.
The objective of the document is to provide step-by-step instructions to deploy Tanzu Kubernetes Services on vSphere7 Update1 with HAProxy as the Load Balancer. The content assumes that whoever follows the how-to guide has the essential knowledge to deploy the vSphere Cluster environment and to execute basic Kuberenets Administration tasks.
Once the vSphere Cluster in place, the document guides you through the following steps to build a Proof of Concept (POC)setup.
- Configure the Load Balancer
- Enable the Supervisor Cluster
- Crete Namespace
- Deploy Tanzu Kubernetes Service
- Deploy a Test Application
Supervisor Cluster
When a vSphere cluster configures to run Kubernetes workloads, it is becoming a Supervisor Cluster. The Supervisor Cluster enablement process deploys three Supervisor Cluster Controller VMs with Kubernetes Components and provides Kubernetes APIs to deploy Cloud-Native Workloads. It also adds objects to the vCenter Server inventory, such as Namespaces and Kubernetes clusters created using the VMware Tanzu Kubernetes Grid.
Load Balancer
As mentioned, the current release of the Platform partnered with HAProxy to provide Load Balancing functions. HAProxy Load Balancer is flexible to configure various levels of the Network Segmentations. You can configure the following Network isolations using HAProxy based Load Balancer.
- Layer 2 isolation between Supervisor Cluster and Tanzu Kubernetes clusters
- Layer 2 isolation between your Tanzu Kubernetes clusters
- Prevent DevOps users and external services from directly routing to Kubernetes control plane VMs and Tanzu Kubernetes cluster nodes
Fig:1 vSphere7 Kubernetes with vDS
The document guide you to deploy a Minimum Viable Product (MVP) with a segregated Port group for DevOps users and External Services. In this network Topology, please ensure the following prerequisites.
- Workload Networks plan for Tanzu Kubernetes cluster traffic must be routable between each other and the Supervisor Cluster Primary Workload Network.
- Routability between any Workload Network with the network that HAProxy uses for virtual IP allocation.
- No overlapping of IP address ranges across all Workload Networks within a Supervisor Cluster.
Primary and Workload Networks
The workload network that provides connectivity to the Kubernetes Control Plane VMs is called Primary Workload Network.
Depending on the topology that you implement for the Supervisor Cluster, you can use one or more distributed port groups for Workload Networks.
Since the document intends to provide quick steps to deploy an MVP environment, the Network Topology of the setup configures a Single Workload network (Primary) for both the Supervisor Cluster and the Tanzu Kubernetes Cluster Services. You can refer to the vSphere Product documentation to configure advanced levels of network isolation. (Ref: https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-C3048E95-6E9D-4AC3-BE96-44446D288A7D.html#GUID-C3048E95-6E9D-4AC3-BE96-44446D288A7D)
Step by Step Instruction to Deploy a vSphere with Kubernetes with Virtual Distributed Switch (vDS)
You may download the `How to Doc PDF` from the URL:
or
