Blog Date: December 1, 2021
VMware Cloud Foundation 4.3.1 Used During Deployment:
In my previous post vSphere with Tanzu on VMware Cloud Foundation/vSphere with NSX-T Requirements, I went over the requirements I pass along to customers, along with the supporting VMware documentation, and this post assumes those requirements and those in the VMware documentation have been met.
- Validate/Create a Storage Policy for vSphere with Tanzu, if default vSAN policy wont be used.
- Validate Deployed NSX Edge Cluster.
- Validate/Add NSX-T Network Segments
- Validate/Configure NSX-T IP Prefixes on the Tier-0 Gateway
- Validate/Configure NSX-T Route Maps on the Tier-0 Gateway
- Validate MTU greater than or equal to 1600 on all networks that will carry Tanzu traffic i.e. management network, NSX Tunnel (Host TEP, Edge TEP) networks, and the external network.
- Create a Subscribed Content Library for vSphere with Kubernetes.
- Deploy vSphere with Tanzu:
After you have configured VM (storage) policies in vSphere and added segments in NSX-T Data Center, you can deploy vSphere with Tanzu. SDDC Manager first validates your environment then redirects you to the vSphere Client where you complete the deployment. From the SDDC manager UI, navigate to Solutions and select Deploy.
Select All to have SDDC manager run a deployment prerequisites check. Click Begin.
Select the desired cluster for the Tanzu workload. Click Next.
The SDDC manager will begin running the Validation. All Statuses should succeed . Else troubleshoot/Retry. Click Next.
After successful validation, SDDC will switch you over to the vSphere client to complete the deployment.
In the vSphere client, select the desired cluster to enable Tanzu. Click Next.
Next, select the size of the control plane. Click Next.
Fill in the Management Network details.
Scroll down, and fill in the Workload Network details. As mentioned in a previous post, I will argue that the API Server endpoint FQDN entry is mandatory when applying a certificate. NOTE: The Pod and Service CIDRs are non-routable. The UI provides default values that can be used, otherwise you specify your own. The Ingress and Egress CIDRs will be routable networks defined by the network team. Click Next.
Select the storage policy for Control Plane Nodes, Ephemeral Disks, Image cache. vSAN Default Storage Policy can be used if only storage/cluster provided. Click Next.
That’s it. Click Finish. The Tanzu deployment will now proceed (The entire process can take up to 45 minutes to complete).
The Control Plane Node IP address is the same API Server Endpoint we referred to earlier in this post. This will be the end point where you can download and install the vSphere plugin and the vSphere docker credential helper. To validate connectivity, simply open a web browser and go to the IP address http://<ip-address>
From here, you can download the CLI plugin for windows.
If you are not able to reach the Control Plane Node IP address/API Server Endpoint, it is possible that you might have invalid MTU settings in your environment that will require further troubleshooting. I did come across this at a customer site, and documented the MTU troubleshooting process here. Good luck.