There’s a couple of different methods to fully bootstrap a Kubernetes cluster using Cluster-API (CAPI). One is to use the newly defined ClusterResourceSet, which enables you to define a configmap on the management cluster, this is then applied to the tenant cluster as a resource. It’s a very effective method, the two blogs I’ve seen on this recently are Sam Perrin’s blog for the CAPV provider (vSphere) and Scott Lowe’s blog for the CAPA provider (AWS).
As the title suggests, there are changes ahead for me. Both the company I work for and my primary technology focus will be changing. I’ve thoroughly enjoyed the previous two years at Xtravirt, working with some of the brightest people in the VMware community. My highlights over the last couple of years are: Been accepted into the vExpert community Achieved a VCAP, which was a fairly long standing goal Learned a lot about consultancy, vRealize, Tanzu and Kubernetes Why the Change?
Disclaimer: These are my notes from taking the 2V0-31.20 exam. If something doesn’t make sense, please feel free to reach out. Having seen the lay of the land at work, it seems I’ll be doing a fair bit of vRA this year, so it’s time to wrap up an old goal and get the VCAP-CMA Deploy (freshly updated for vRA 8.x). Unfortunately I need to update my VCP-CMA to fulfill the pre-requisites for that exam.
This is quick post to summarise using Velero to backup your stateful workloads running on Kubernetes without the use of cloud provider plugin to snapshot the persistent volumes. The current setup I’ve got a Tanzu Kubernetes Grid cluster provisioned with the Guestbook application installed into a namespace called (imaginatively) guestbook. I’ve also added some random comments to the guestbook so we have some data to backup from the persistent volume.
While I was enabling enabling Workload Management (Tanzu) on vSphere 7.0 U1 with NSX, I hit an error. Error configuring cluster NIC on master VM. This operation is part of API server configuration and will be retried. This isn’t a particularly complicated fix but I wanted to document the steps taken to find the issue. TL;DR: Enabling Workload Management on vSphere 7.0.1 with NSX-T deploys a medium Load Balancer.
One of the features I really like with the NSX Container Plugin (NCP) is how easy it is to create Distributed Firewall Rules (DFW) at an NSX level using Kubernetes Network Policies. By adding these rules in your’e enabling microsegmentation, but implementing it with the application. This means you can get all the code driven goodness from your microsegmentation! Which in turn enables the velocity of application deployments not be slowed down through either security or network team bottlenecks, everyone is a winner.
Backing up a Tanzu Kubernetes Grid Integrated Edition (TKGI, formerly known as PKS) installation is a bit of a mishmash of different elements. Unfortunately TKGI doesn’t support image based backups, neither does Kubernetes, before we look at the tools at your disposal what components require backing up? This diagram shows each layer of a TKGI deployment, let’s step through each layer and discuss the options for backing it up. Infrastructure (vCenter / NSX-T) Bread and butter backups here - point the appliance at the appropriate endpoint and hit go.
This is a quick post about something I was asked about recently for a customer - Secrets within Kubernetes. The ask from the customer was: Our engineer says that standard Kubernetes secrets aren’t secure, what are our options? This is an overview of those options. I won’t be going into too much depth as there is no right or wrong answer here, it depends on the requirements of each individual organisation.
This is the fifth in a series of blog posts that will explain the different components of Kubernetes. Primarily because if I can explain it here, I’ll have learned it quite well myself. The first part is about Pods and can be found here. The second part is about Controllers and can be found here. The third part is about Services and can be found here. The fourth part is about Volumes and can be found here.
Relocation A few of you may have noticed that my blog layout has changed a little bit. My renewal had come up for Wordpress, and while it wasn’t hugely expensive (I am from Yorkshire). I also wanted to learn some more about AWS. So inspired by definit.co.uk, grantorchard.com, thehumblelab.com and many more, I set about looking at Hugo as a static site generator. It didn’t take long for the simplicity of it to win me over.