NSX-T

VMware vSphere with Kubernetes Guide Part 3 - kubectl Basics

by Florian Grehl
July 31, 2020January 8, 2021
2 Comments

This is Part 3 of my "VMware vSphere with Kubernetes" Guide. In the previous parts, I've explained how to enable Kubernetes in vSphere, deploy the Harbor Registry, and create a namespace in the Supervisor Cluster. Now it's time to get familiar with the Kubernetes CLI Tool kubectl and to deploy your first pod.

If you do not have a Kubernetes activated vSphere Cluster, refer to Part 1 and Part 2 for instructions.

Install and configure kubectl
Deploy the first Pod

VMware vSphere with Kubernetes Guide Part 2 - Harbor, Namespaces and K8S Components

by Florian Grehl
July 28, 2020August 31, 2020

This is Part 2 of my "VMware vSphere with Kubernetes" Guide. In the last article, I've explained how to get "Workload Management" enabled in a vSphere cluster. At this point, the cluster is successfully enabled to support Kubernetes, but what's next? Before I start to deploy the first container I'm going to enable additional services, create a Kubernetes Namespace in the Supervisor Cluster, and explore the deployed components in vCenter and NSX-T.

Getting Started Guide - VMware vSphere with Kubernetes

by Florian Grehl
July 24, 2020August 31, 2020
5 Comments

With the release of vSphere 7.0, the integration of Kubernetes, formerly known as Project Pacific, has been introduced. vSphere with Kubernetes enables you to directly run containers on your ESXi cluster. This article explains how to get your cluster enabled for the so-called "Workload Management".

The article covers evaluation options, licensing options, troubleshooting, and the initial configuration.

NSX-T and VMKUSB NIC Fling - MTU Size Considerations

by Florian Grehl
July 19, 2020

When configuring an NSX-T Overlay network you have to increase the default MTU size of 1500. It is critical that the MTU is configured across… Read More »NSX-T and VMKUSB NIC Fling - MTU Size Considerations

Heads Up: Nested LDAP Groups Not Working in NSX-T 3.0

by Florian Grehl
July 9, 2020
1 Comment

When using the new direct LDAP integration in NSX-T 3.0, authentication using nested groups is not working. Example: User "John" is a member of the… Read More »Heads Up: Nested LDAP Groups Not Working in NSX-T 3.0

How to enable LDAP Authentication in NSX-T 3.0

by Florian Grehl
July 9, 2020
3 Comments

NSX-T 3.0 has added support for authentication using AD or LDAP sources. In previous versions, you had to deploy the vIDM (VMware Identity Manager) appliance to allow external authentication. You can still use vIDM but if you only need NSX-T authentication you can now do it without a sole purpose appliance.

This article explains how to enable LDAP authentication in NSX-T 3.0.Read More »How to enable LDAP Authentication in NSX-T 3.0

How to manually add NSX-T Managers to a Cluster

by Florian Grehl
July 3, 2020February 26, 2021

After deploying the first NSX-T Manager, additional managers can be deployed using the NSX-T GUI. This is a crucial step to create a redundant and reliable setup. To deploy an additional NSX-T Manager appliance you first have to add the target vCenter as "Compute Manager". In some cases, eg. when NSX-T Managers are to run in a dedicated management vCenter, you don't want to add the vCenter as Compute Manager.

A compute manager is required to deploy an appliance. To add a compute manager, visit the COMPUTE MANAGERS page.

This article explains how to manually add additional Managers to an NSX-T Cluster using the CLI, without configuring a compute manager.

How to use SSH Key Authentication in NSX-T

by Florian Grehl
June 18, 2020June 18, 2020

If you are working with Linux you are very likely familiar with SSH Keys. Public Key authentication is an authentication method that relies on a generated public/private keypair and enables a secure method to login without entering a password.

Usually, you would use ssh_copy_id to transfer keys to a remote system or add it to the authorized_keys file manually but NSX-T does not support those methods. This article explains how to enable ssh key authentication for NSX-T Managers and Edge Appliances.

Quick Tip: Remove NSX-T SSH and HTTP Session Timeout

by Florian Grehl
June 16, 2020
3 Comments

If you are like me and keep browser tabs and SSH sessions open forever, I guess you are annoyed when that happens:

Default timeouts in NSX-T are:

1800 seconds (30 minutes) for the Web Interface
600 seconds (10 minutes) for SSH

This article explains how to remove session timeouts for SSH and the Web interface in NSX-T to stay logged in forever.

Quick Tip: Remove NSX-T Password Expiration

by Florian Grehl
June 16, 2020

VMware NSX-T has a preconfigured password expiration policy of 90 days. When the password expiration day is near, a notification is displayed in the Web interface. There are 3 preconfigured local users: admin, audit, and root. All passwords have to be changed after 90 days. This article explains how to remove the password expiration.

The password for local user 'admin' will expire in [x] days.
The password for local user 'root' will expire in [x] days.
The password for local user 'audit' will expire in [x] days.

Please keep in mind that not only the password for NSX-T Manager expires, but also for Edge Transport Nodes (Edge VMs). When the password has expired, some functions (API / Web-Interface Login) is no longer possible, so make sure you either change the password regularly or remove the expiration policy.