Enable vSphere with Tanzu on a Cluster with the vSphere Networking Stack

Starting with vSphere 7.0 Update 1, you can select between creating a Supervisor Cluster with the vSphere networking stack or with NSX-T Data Center as the networking solution. A Supervisor Cluster that is configured with the vSphere networking stack only supports Tanzu Kubernetes clusters. vSphere Pods are not supported.

To enable a cluster configured with the vSphere networking stack for Kubernetes workloads management, you must use the services under the namespace_management package.

Prerequisites

Verify that your environment meets the system requirements for enabling vSphere with Tanzu on the cluster. For more information about the requirements, see the vSphere with Tanzu Configuration and Management documentation.
Verify that DRS is enabled in fully automated mode and HA is also enabled on the cluster.
Configure shared storage for the cluster. Shared storage is required for vSphere DRS, HA, and storing persistent volumes of containers.
Create storage policies for the placement of Kubernetes control planes.
Create a subscribed content library on the vCenter Server system to accommodate the VM image that is used for creating nodes of Tanzu Kubernetes clusters. See Creating a Subscribed Content Library for Tanzu Kubernetes Clusters.
Add all hosts from the cluster to a vSphere Distributed Switch and create port groups for workload networks. See Configuring the vSphere Networking Stack for vSphere with Tanzu.
Configure an HAProxy load balancer instance that is routable to the vSphere Distributed Switch that is connected to the hosts from the vSphere cluster.
Verify that the user who you use to access the vSphere Automation services has the Namespaces.Manage privilege on the cluster.

Procedure

Retrieve the ID of the cluster which hosts were added to the vSphere Distributed Switch.
Use the ClusterCompatibility service to filter the clusters by using their network providers. To retrieve a list of all clusters in the vCenter Server system which are configured with the vSphere networking stack, set the network provider in the filter specification to VSPHERE_NETWORK.
Retrieve the IDs of the tag-based storage policies that you configured for vSphere with Tanzu.
Use the Policies service to retrieve a list of all storage policies and then filter the policies to get the IDs of the policies that you configured for the Supervisor Cluster.
Retrieve the ID of the port group for the management network that you configured for the management traffic.
Use the Networks service to list the visible networks available on the vCenter Server instance that match some criteria and then retrieve the ID of the management network you previously configured.

Create a Supervisor Cluster enable specification and define the parameters of the Supervisor Cluster that you want to enable.

You must specify the following required parameters of the enable specification:

Supervisor Cluster size. You must set a size to the Supervisor Cluster which affects the resources allocated to the Kubernetes infrastructure. The cluster size also determines default maximum values for the IP addresses ranges for the vSphere Pod and Kubernetes services running in the cluster. You can use the ClusterSizeInfo.get() / GET https://<server>/api/vcenter/namespace-management/cluster-size-info calls to retrieve information about the default values associated with each cluster size.
Storage policy settings. To specify the ID of the storage policy that you created to control the placement of the Supervisor Cluster control plane cache, use the master_storage_policy / setMasterStoragePolicy(java.lang.String masterStoragePolicy) parameter.

Load balancer. To specify the user-provisioned load balancer configuration for the cluster, use the load_balancer_config_spec / setLoadBalancerConfigSpec(LoadBalancersTypes.ConfigSpec loadBalancerConfigSpec) parameter of the enable specification. You must specify the following parameters of the LoadBalancersTypes.ConfigSpec specification:

Parameter	Description
id / setId(java.lang.String id)	A user-friendly name of the load balancer. The name must be an alphanumeric string with a maximum length of 63 characters which is unique across the namespaces in the vCenter Server instance.
provider / setProvider(LoadBalancersTypes.Provider provider)	The type of the load balancer. In vSphere 7.0 Update 1, you can use the HA_PROXY constant to define the supported load balancer.
address_ranges / setAddressRanges(java.util.List<IPRange> addressRanges)	The IP ranges from which HAProxy allocates the IP addresses for the virtual machines. You must provide at least one IP range which is reserved by HAProxy. The IP range that you configure must be on a separate subnet.
ha_proxy_config_create_spec / setHaProxyConfigCreateSpec(LoadBalancersTypes.HAProxyConfigCreateSpec haProxyConfigCreateSpec)	The HAProxy runtime configuration. You must set the following configuration parameters: servers / setServers(java.util.List<LoadBalancersTypes.Server> servers). The IPv4 address and port of the HAProxy Data Plane API. This component controls the HAProxy server and runs inside the HAProxy VM. username / setUsername(java.lang.String username). The administrator user name that is configured with the HAProxy OVA file and is used to authenticate to the HAProxy Data Plane API server. password / setPassword(char[] password). The password for the administrator user name. certificate_authority_chain / setCertificateAuthorityChain(java.lang.String certificateAuthorityChain). The PEM-encoded certificate authority chain that is used to verify the server certificate sent from the Data Plane API server.

Management network settings. Configure the network parameters for the Kubernetes control planes.

Parameter	Description
network_provider / setNetworkProvider(ClustersTypes.NetworkProvider networkProvider)	Specify the networking stack that must be used when the Supervisor Cluster is created. To use the vSphere network as the solution for the cluster, select VSPHERE_NETWORK.
master_management_network / setMasterManagementNetwork(ClustersTypes.NetworkSpec masterManagementNetwork)	Enter the cluster network specification for the Supervisor Cluster control plane. You must enter values for the following required properties: network / setNetwork(java.lang.String network) - Use the management network ID retrieved in Step 1. mode / setMode(ClustersTypes.NetworkSpec.Ipv4Mode mode) - Set STATICRANGE or DHCP for the IPv4 address assignment mode. The DHCP mode allows an IPv4 address to be automatically assigned to the Supervisor Cluster control plane by a DHCP server. You must also set the floating IP address used by the HA primary cluster by using floating_IP / setFloatingIP(java.lang.String floatingIP). Use the DHCP mode only for test purposes. The STATICRANGE mode, allows the Supervisor Cluster control plane to have a stable IPv4 address and can be used in a production environment.
master_DNS / setMasterDNS(java.util.List<java.lang.String> masterDNS)	Enter a list of the DNS server addresses that must be used from the Supervisor Cluster control plane. If your vCenter Server instance is registered with an FQDN, you must enter the IP addresses of the DNS servers that you use with the vSphere environment so that the FQDN is resolvable in the Supervisor Cluster. The list of DNS addresses must be specified in the order of preference.
master_DNS_search_domains / setMasterDNSSearchDomains(java.util.List<java.lang.String> masterDNSSearchDomains)	Set a list of domain names that DNS searches inside the Kubernetes control plane nodes, so that the DNS server can resolve them. Order the domains in the list by preference.
master_NTP_servers / setMasterNTPServers(java.util.List<java.lang.String> masterNTPServers)	Specify a list of IP addresses or DNS names of the NTP server that you use in your environment, if any. Make sure that you configure the same NTP servers for the vCenter Server instance, all hosts in the cluster, and vSphere with Tanzu. If you do not set an NTP server, VMware Tools time synchronization is enabled.

Workload network settings. Configure the settings for the network that will handle the networking traffic for Kubernetes workloads running on the Supervisor Cluster.

Parameter	Description
service_cidr / setServiceCidr(Ipv4Cidr serviceCidr)	Specify the CIDR block from which the IP addresses for Kubernetes services are allocated. The IP range must not overlap with the ranges of the vSphere Pods, ingress, egress, or other services running in the data center. For the Kubernetes services and the vSphere Pods, you can use the default values which are based on the cluster size that you specify.
workload_networks_spec / setWorkloadNetworksSpec(ClustersTypes.WorkloadNetworksEnableSpec workloadNetworksSpec)	Enter the workload networks specifications for the cluster. To configure the primary workload network that is used to expose the Supervisor Cluster control plane to DevOps and other workloads, create a create_spec / NetworksTypes.CreateSpec instance. Enter the following parameters of the vSphere Distributed Switch: network / setNetwork(java.lang.String network). The name of the vSphere Distributed Switch that is associated with the hosts in the cluster. The name must be a unique alphanumeric string that does not exceed 63 characters. network_provider / setNetworkProvider(ClustersTypes.NetworkProvider networkProvider). Pass VSPHERE_NETWORK as value to this parameter. vsphere_network / setVsphereNetwork(NetworksTypes.VsphereDVPGNetworkCreateSpec vsphereNetwork). Optionally, you can create a vsphere_DVPG_network_create_spec / NetworksTypes.VsphereDVPGNetworkCreateSpec instance to describe the configuration of the namespace network backed by the vSphere Distributed port group. You must define the following parameters for the vSphere Distributed port group specification: portgroup / setPortgroup(java.lang.String portgroup). Specify the port group that serves as the primary network to the Supervisor Cluster. address_ranges / setAddressRanges(java.util.List<IPRange> addressRanges). Set the IP range for allocating IP addresses for the Kubernetes control planes and workloads. You must use unique IP ranges for each workload network. gateway / setGateway(java.lang.String gateway). Set the gateway for the primary network. subnet_mask / setSubnetMask(java.lang.String subnetMask). Specify the subnet mask of the network.

Parameter

Description

service_cidr / setServiceCidr(Ipv4Cidr serviceCidr)

Specify the CIDR block from which the IP addresses for Kubernetes services are allocated. The IP range must not overlap with the ranges of the vSphere Pods, ingress, egress, or other services running in the data center.

For the Kubernetes services and the vSphere Pods, you can use the default values which are based on the cluster size that you specify.

workload_networks_spec / setWorkloadNetworksSpec(ClustersTypes.WorkloadNetworksEnableSpec workloadNetworksSpec)

Enter the workload networks specifications for the cluster. To configure the primary workload network that is used to expose the Supervisor Cluster control plane to DevOps and other workloads, create a create_spec / NetworksTypes.CreateSpec instance. Enter the following parameters of the vSphere Distributed Switch:

network / setNetwork(java.lang.String network). The name of the vSphere Distributed Switch that is associated with the hosts in the cluster. The name must be a unique alphanumeric string that does not exceed 63 characters.
network_provider / setNetworkProvider(ClustersTypes.NetworkProvider networkProvider). Pass VSPHERE_NETWORK as value to this parameter.
vsphere_network / setVsphereNetwork(NetworksTypes.VsphereDVPGNetworkCreateSpec vsphereNetwork). Optionally, you can create a vsphere_DVPG_network_create_spec / NetworksTypes.VsphereDVPGNetworkCreateSpec instance to describe the configuration of the namespace network backed by the vSphere Distributed port group. You must define the following parameters for the vSphere Distributed port group specification:
- portgroup / setPortgroup(java.lang.String portgroup). Specify the port group that serves as the primary network to the Supervisor Cluster.
- address_ranges / setAddressRanges(java.util.List<IPRange> addressRanges). Set the IP range for allocating IP addresses for the Kubernetes control planes and workloads. You must use unique IP ranges for each workload network.
- gateway / setGateway(java.lang.String gateway). Set the gateway for the primary network.
- subnet_mask / setSubnetMask(java.lang.String subnetMask). Specify the subnet mask of the network.

Content library settings. Add the subscribed content library that contains the VM images for deploying the nodes of Tanzu Kubernetes clusters. See Creating a Subscribed Content Library for Tanzu Kubernetes Clusters.
To set the library, use default_kubernetes_service_content_library / setDefaultKubernetesServiceContentLibrary(java.lang.String defaultKubernetesServiceContentLibrary) and pass the subscribed content library ID.

Enable the Supervisor Cluster by passing the enable specification to the Clusters service.

Results

A task runs on vCenter Server for enabling vSphere with Tanzu on the cluster. Once the task completes, three Kubernetes control planes are created on the hosts that are part of the cluster.

What to do next

Create and configure namespaces on the Supervisor Cluster.