This is Part 3 of my "VMware vSphere with Kubernetes" Guide. In the previous parts, I've explained how to enable Kubernetes in vSphere, deploy the Harbor Registry, and create a namespace in the Supervisor Cluster. Now it's time to get familiar with the Kubernetes CLI Tool kubectl and to deploy your first pod.
This is Part 2 of my "VMware vSphere with Kubernetes" Guide. In the last article, I've explained how to get "Workload Management" enabled in a vSphere cluster. At this point, the cluster is successfully enabled to support Kubernetes, but what's next? Before I start to deploy the first container I'm going to enable additional services, create a Kubernetes Namespace in the Supervisor Cluster, and explore the deployed components in vCenter and NSX-T.
With the release of vSphere 7.0, the integration of Kubernetes, formerly known as Project Pacific, has been introduced. vSphere with Kubernetes enables you to directly run containers on your ESXi cluster. This article explains how to get your cluster enabled for the so-called "Workload Management".
- Required Components
- License Considerations
- NSX-T Installation and Configuration
- Prepare the vCenter for Kubernetes
- Cluster Compatibility Troubleshooting
- Enable Workload Management / Kubernetes
The article covers evaluation options, licensing options, troubleshooting, and the initial configuration.
When configuring an NSX-T Overlay network you have to increase the default MTU size of 1500. It is critical that the MTU is configured across… Read More »NSX-T and VMKUSB NIC Fling - MTU Size Considerations
When using the new direct LDAP integration in NSX-T 3.0, authentication using nested groups is not working. Example: User "John" is a member of the… Read More »Heads Up: Nested LDAP Groups Not Working in NSX-T 3.0
NSX-T 3.0 has added support for authentication using AD or LDAP sources. In previous versions, you had to deploy the vIDM (VMware Identity Manager) appliance to allow external authentication. You can still use vIDM but if you only need NSX-T authentication you can now do it without a sole purpose appliance.
This article explains how to enable LDAP authentication in NSX-T 3.0.Read More »How to enable LDAP Authentication in NSX-T 3.0
After deploying the first NSX-T Manager, additional managers can be deployed using the NSX-T GUI. This is a crucial step to create a redundant and reliable setup. To deploy an additional NSX-T Manager appliance you first have to add the target vCenter as "Compute Manager". In some cases, eg. when NSX-T Managers are to run in a dedicated management vCenter, you don't want to add the vCenter as Compute Manager.
A compute manager is required to deploy an appliance. To add a compute manager, visit the COMPUTE MANAGERS page.
This article explains how to manually add additional Managers to an NSX-T Cluster using the CLI, without configuring a compute manager.
If you are working with Linux you are very likely familiar with SSH Keys. Public Key authentication is an authentication method that relies on a generated public/private keypair and enables a secure method to login without entering a password.
Usually, you would use ssh_copy_id to transfer keys to a remote system or add it to the authorized_keys file manually but NSX-T does not support those methods. This article explains how to enable ssh key authentication for NSX-T Managers and Edge Appliances.
If you are like me and keep browser tabs and SSH sessions open forever, I guess you are annoyed when that happens:
Default timeouts in NSX-T are:
- 1800 seconds (30 minutes) for the Web Interface
- 600 seconds (10 minutes) for SSH
This article explains how to remove session timeouts for SSH and the Web interface in NSX-T to stay logged in forever.
VMware NSX-T has a preconfigured password expiration policy of 90 days. When the password expiration day is near, a notification is displayed in the Web interface. There are 3 preconfigured local users: admin, audit, and root. All passwords have to be changed after 90 days. This article explains how to remove the password expiration.
The password for local user 'admin' will expire in [x] days.
The password for local user 'root' will expire in [x] days.
The password for local user 'audit' will expire in [x] days.
Please keep in mind that not only the password for NSX-T Manager expires, but also for Edge Transport Nodes (Edge VMs). When the password has expired, some functions (API / Web-Interface Login) is no longer possible, so make sure you either change the password regularly or remove the expiration policy.