Tanzu Kubernetes Releases are Kubernetes distributions that are signed and supported by VMware for Tanzu Kubernetes Clusters.
More info here
There are two ways in which you can populate the Tanzu Kubernetes Releases(images) in your vSphere with Tanzu environment. These images are OVF templates that are backed by a Photon OS VM and about 16GB in size. More info here
Use a subscribed content library. The subscribed content library will synchronize with a public VMware content library: https://wp-content....
To enable zero trust for the Supervisor Cluster and the guest cluster, you need to first define a default deny-all rule in the NSX-T distributed firewall. You can then allow the required ports as per https://ports.esp.vmware.com/home/vSphere-7 (Filter with the keyword “Tanzu “)
The problem? vSphere with Tanzu expects to have a default allow-all rule. Specifically for egress (Source is Master VM Subnet and Destination is the whole cluster CIDR block) After enabling zero trust, the default deny-all rule blocks both ingress and egress traffic....
Lately I’ve been using multiple notes to keep a track of all the kubectl commands that I’ve come across when troubelshooting vSphere with Tanzu. The idea behind this post is to create a reference kubectl cheat sheet for all kubectl commands in vSphere with Tanzu.
Login LOGIN TO A SUPERVISOR CLUSTER
Command:
kubectl vsphere login –server IP/FQDN -u USERNAME –insecure-skip-tls-verify
Example:
kubectl vsphere login --server kube.gs.labs -u administrator@vsphere.local --insecure-skip-tls-verify LOGIN TO A GUEST CLUSTER...
To troubleshoot calico network issues within guest clusters, debug logging is indispensable. In this post, lets look at the steps that are required to enable debug logging for Calico.
We need to first scale down the tkg-controller-manager on the supervisor cluster as we do not want changes we make to the calico pods to be reset.
STEP 1: Scale down the tkg-controller-manager
From the vCenter Server, login to the control plane VM....
There are two CNIs that are avaiable for container networking in Tanzu kubernetes guest clusters: Antrea and Calico
In this post, lets take a closer look at Calico and how to deploy and use Calicoctl Pods can fail if they do not get an ip address from the CNI. A common error is:
k get events 4m31s Warning FailedCreatePodSandBox pod/validationservice-59cbc867c-pt7k5 (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "2c0a340dfe947ad27564e0b73d5efac7f13951a77aa9c0a6e5e5d90b7d299e4c": rate: Wait(n=1) would exceed context deadline 4m31s Warning FailedCreatePodSandBox pod/validationservice-59cbc867c-qhdjr (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "c0f9ecf1f5a73954bbc3733ff1342fec6896d339bc6039473765e5f143b7850d": rate: Wait(n=1) would exceed context deadline To view the ip blocks provided by IPAM(Calico) in the Tanzu Kubernetes cluster...