Category Archives: Kubernetes

vRealize Operations integration with Tanzu Mission Control for auto cluster discovery

A while ago I wrote about the vRealize Operations Kubernetes Management pack which works for all CNCF conformant Kubernetes platforms.

One of the best features of this management pack is the Tanzu Mission Control (TMC) integration it offers with vRealize Operations (vROPs).

This means when you use TMC to provision Tanzu Kubernetes Grid (TKG) clusters, currently on AWS or on vSphere, they will be automatically registered within vROPs as well.

Install the Management Pack
  1. Download the management pack pak file.
  2. Within vROPs go to Administration
  3. Click on Repository
  4. Scroll to the bottom of the page, and select “Add/Upgrade”
  5. Select the pak file for installation and follow the wizard.
Create a CSP API Token

For the vROPs management pack adapter to be able to communicate with TMC, we need an API token.

  1. Log into
  2. Change to correct organisation that contains your TMC instance
  3. Click your name in the top right hand corner and select “My Account”vROps TMC Integration - creating a CSP Token - Select my account
  4. Select the “API Tokens” tab, and then “Generate a new API Token” button.vROps TMC Integration - creating a CSP Token - API Tokens
  5. Set your API Token name, expiry, and access control as required. Then click the generate button. vROps TMC Integration - creating a CSP Token - Generate a new api token
  6. You will be shown a dialog box with your generated token. Save this in a safe space we will use it later on. vROps TMC Integration - creating a CSP Token - Token Generated
Connect vRealize Operations management pack adapter to Tanzu Mission Control
  1. In vROPs UI go to Administration > Under Solutions, choose “Other Accounts” and click the “Add account” button. vROps TMC Integration - Add Account in vROPs
  2. From the account type list, choose Tanzu Mission Control. vROps TMC Integration - Add Account in vROPs - Account Type Tanzu Mission Control
  3. Fill out the necessary details on the New Account screen.
    1. For the credential click the + symbol, add in a name for the credential, and the CSP token you created earlier.
    2. Select your newly created credential.
  4. Select the validate button.vROps TMC Integration - Add Account in vROPs - New Account
  5. Hopefully you get a successful message. vROps TMC Integration - Add Account in vROPs - New Account - Test Connection Successful
  6. You will see the account object in the Other Accounts view. vROps TMC Integration - Add Account in vROPs - New Account - Newly created account
Auto-Discovering Tanzu Kubernetes Grid Clusters

Now you have your account added, whenever you provision a new cluster using Tanzu Mission Control, cAdvisor will be configured in the Kubernetes cluster and a Kubernetes account type will be created in vROps automatically for you.

Below I’ve created a cluster in AWS, and we can see the object has been created in vROPs.

vROps TMC Integration - Provisioned cluster auto discovered

And finally, here is my cluster showing in the one of the Kubernetes Dashboards. vROps TMC Integration - Kubernetes Dashboard

This is a simple to implement feature but can make a massive difference in your ability to monitor your TKG clusters from the infrastructure view that vROPs provides. As your users create clusters via TMC, they don’t need to interact with the monitoring platform to ensure visibility.



VMware Tanzu Header

Deploying Tanzu Kubernetes Grid Management Cluster to Microsoft Azure

In this blog post, we will detail a full technical run through on how to deploy Tanzu Kubernetes Grid (TKG) into Microsoft Azure,

This will be using the new Tanzu CLI (version 1.3) (Previously TKG CLI) released in March 2021, to deploy  both a new Management Cluster and Guest Cluster.

Tanzu Kubernetes Grid Cluster Types

TKG has two types of clusters, for the full information of TKG Concepts, please read this post.

  • Management Cluster

This is the first architectural components to be deployed for creating a TKG instance. The management cluster is a dedicated cluster for management and operation of your whole TKG instance infrastructure. A management cluster will have Antrea networking enabled by default. This runs cluster API to create the additional clusters for your workloads to run, as well as the shared and in-cluster services for all clusters within the instance to use.

It is not recommended that the management cluster be used as a general-purpose compute environment for your application workloads.

  • Tanzu Kubernetes (Guest) Clusters

Once you have deployed your management cluster, you can deploy additional CNCF conformant Kubernetes clusters and manage their full lifecycle. These clusters are designed to run your application workloads, managed via your management cluster. These clusters can run different Kubernetes versions as required. These clusters use Antrea networking by default.

These clusters are referred to as Workload Clusters when working with the Tanzu CLI.

I sometimes use the term “Guest” for these clusters, as a cross-over with the vSphere with Tanzu architecture, which has similar concepts as above however uses the terms “Supervisor Cluster” and “Guest Cluster”.


For this blog post, I’ll be deploying everything from my local Mac OS X machine. You will need the following:

  • Docker installed with Kubernetes enabled
    • For Windows and macOS Docker clients, you must allocate at least 6 GB of memory in Docker Desktop to accommodate the kind container. See Settings for Docker Desktop in the kind documentation.
  • Install the Tanzu CLI and the Kubectl tool > Instructions here.
    • If you have used the TKG CLI before, then this is now deprecated.
    • You can find a full command line reference for Tanzu CLI and a comparison of the TKG CLI commands in this documentation link.
  • Install the Azure CLI.
  •  Register a Tanzu Kubernetes Grid App on Azure
    • The full details in the VMware docs for deploying TKG to Azure can be found here.
Login to the Azure CLI and accept the VM EULA

Before we get started, we need to log into the Azure CLI and accept the EULA for the images used for TKG in Azure. These images are updated with each release of the Tanzu CLI (TKG CLI).

az login

az vm image terms accept --publisher vmware-inc --offer tkg-capi --plan k8s-1dot20dot4-ubuntu-2004 --subscription {subscription_id}
az loginaz vm image terms accept --publisher vmware-inc --offer tkg-capi --plan k8s-1dot20dot4-ubuntu-2004 --subscription
Deploying a Management Cluster using the UI

From your terminal, run the following command:

tanzu management-cluster create --ui

tanzu management-cluster create --ui Continue reading Deploying Tanzu Kubernetes Grid Management Cluster to Microsoft Azure

VMUG Recording – Protecting your Tanzu Kubernetes Workload with Kasten by Veeam

Below is the recording from my London VMUG session with Michael Cade.

  • Title: Protecting your Tanzu Kubernetes Workload with Kasten by Veeam
  • Recorded: 4th February 2021
  • Abstract:
    • This technical demo led session will take you through how to deploy Kasten in your Tanzu Kubernetes environment to protect your container workloads.

Supporting blog posts;



kasten by veeam header

How to backup and restore your container workloads using Kasten by Veeam

This blog posts covers using Kasten by Veeam to create backup policies for data protection, and how to restore your data. This blog post follows on from the two installation guides;

Deploying a PacMan browser game as test application

To provide a demo mission critical application for this blog post, I’ve deployed PacMan into my OpenShift cluster, which is accessible via a web browser to play. You can find the files from this GitHub repo to deploy into your own environment.


This application uses MongoDB to store the scores from the games to give me persistent data stored on a PVC.

pacman high scores

You can see all of the PacMan resources below by running:

kubectl get all -n pacman

kubectl get all -n pacman

Creating a Policy to protect your deployment and data

Log into your Kasten Dashboard.

If you have not yet deployed and configured Kasten, please see these earlier blog posts.

- Installing Kasten for Red Hat OpenShift
- Installing Kasten for VMware Tanzu Kubernetes

On the Kasten dashboard, click the Policy tile (or new policy link within the tile).

Kasten Dashboard create policy Continue reading How to backup and restore your container workloads using Kasten by Veeam

Installing and configuring Kasten to protect container workloads on VMware Tanzu Kubernetes Grid

This blog post will take you through the full steps on installing and configuring Kasten, the container based enterprise backup software now owned by Veeam Software

This deployment will be for VMware Tanzu Kubernetes Grid which is running on top of VMware vSphere.

You can read how to create backup policies and restore your data in this blog post.

For the data protection demo, I’ll be using my trusty Pac-Man application that has data persistence using MongoDB.

Installing Kasten on Tanzu Kubernetes Grid

In this guide, I am going to use Helm, you can learn how to install it here.

Add the Kasten Helm charts repo.

helm repo add kasten

Create a Kubernetes namespace called “kasten-io”

kubectl create namespace kasten-io

kubectl create namespace kasten-io

Next we are going to use Helm to install the Kasten software into our Tanzu Kubernetes Grid cluster.

helm install k10 kasten/k10 --namespace=kasten-io \
--set externalGateway.create=true \
--set auth.tokenAuth.enabled=true \
--set global.persistence.storageClass=<storage-class-name>

Breaking down the command arguments;

  • –set externalGateway.crete=true
    • This creates an external service to use ServiceType=LoadBalancer to allow external access to the Kasten K10 Dashboard outside of your cluster.
  • –set auth.tokenAuth.enabled=true
  • –set global.persistence.storageClass=<storage-class-name>
    • This sets the storage class to be used for the PV/PVCs to be created for the Kasten install. (In a TKG guest cluster there may not be a default storage class.)

You will be presented an output similar to the below.

NAME: k10
LAST DEPLOYED: Fri Feb 26 01:17:55 2021
NAMESPACE: kasten-io
STATUS: deployed
Thank you for installing Kasten’s K10 Data Management Platform!

Documentation can be found at

How to access the K10 Dashboard:

The K10 dashboard is not exposed externally. To establish a connection to it use the following

`kubectl --namespace kasten-io port-forward service/gateway 8080:8000`

The Kasten dashboard will be available at: ``

The K10 Dashboard is accessible via a LoadBalancer. Find the service's EXTERNAL IP using:
`kubectl get svc gateway-ext --namespace kasten-io -o wide`
And use it in following URL

It will take a few minutes for your pods to be running, you can review with the following command;

kubectl get pods -n kasten-io

 kubectl get pods -n kasten-io

Next we need to get our LoadBalancer IP address for the External Web Front End, so that we can connect to the Kasten K10 Dashboard.

kubectl get svc -n kasten-io

Continue reading Installing and configuring Kasten to protect container workloads on VMware Tanzu Kubernetes Grid