Tanzu Mission Control Header

VMware Tanzu Mission Control – Workspaces and Policies

VMware, Kubernetes, , , , , , , ,

In this blog post we will cover the following topics

- Tanzu Mission Control 
- - Workspaces 
- - - Creating a workspace
- - - Creating a managed Namespace
- - - Viewing a managed Namespace
- - Policy Driven Cluster Management
- - - Creating a Image Registry Policy
- - - Creating a Network Policy

The follow up blog posts are;

Tanzu Mission Control 
- Getting Started Tanzu Mission Control 
- Cluster Inspections 
- Workspaces and Policies  
- Data Protection 
- Deploying TKG clusters to AWS 
- Upgrading a provisioned cluster 
- Delete a provisioned cluster 
- TKG Management support and provisioning new clusters
- TMC REST API - Postman Collection
- Using custom policies to ensure Kasten protects a deployed application

Workspaces

Workspaces provide an application view, where you logically group Kubernetes Namespaces together, regardless of the cluster to which they are attached.

This is in contrast to Cluster Groups, which are focused on the infrastructure view.

These Workspaces can be created to align to your projects or applications, from a hierarchy point of view, you would then authorize your users to these Workspaces, so that they can monitor and manage the namespaces related to their function.

Creating a Workspace

Click the Workspace navigation view on the left-hand side, and then New Workspace.

Tanzu Mission Control New Workspace

Specify your Workspace name, and provide the optional description and labels, these can be added after creation if needed.

Tanzu Mission Control New Workspace Creation

Now you have a Workspace, it’s no good without any associated Namespaces, so let’s continue.

Creating a managed Namespace

All Namespaces attached to a Workspace will be managed Namespaces under TMC.

To create a managed Namespace, you can do this in one of four places;

  • Within the Workspace Navigation view
  • Inside the Workspace Object itself
  • On the Namespace Navigation view
  • On the Cluster Object > Navigation Tab

Continue reading VMware Tanzu Mission Control – Workspaces and Policies

Tanzu Mission Control Header

VMware Tanzu Mission Control – Cluster Inspections

VMware, Kubernetes, , , , , ,

In this blog post we will cover the following topics

- Tanzu Mission Control 
- - Cluster Inspections Overview
- - What Inspections are available
- - Performing Inspections
- - Viewing Inspections

The follow up blog posts are;

Tanzu Mission Control 
- Getting Started Tanzu Mission Control 
- Cluster Inspections 
- Workspaces and Policies  
- Data Protection 
- Deploying TKG clusters to AWS 
- Upgrading a provisioned cluster 
- Delete a provisioned cluster 
- TKG Management support and provisioning new clusters
- TMC REST API - Postman Collection
- Using custom policies to ensure Kasten protects a deployed application

Cluster Inspections Overview

This for me is one of the best features of Tanzu Mission Control, and an area which I expected will be developed further in the future.

Cluster inspections provide a point-in-time report of the condition of the cluster, you might want to run them periodically (to avoid drifting out of conformance) and any time you make significant alterations, such as after you patch or upgrade a cluster.

This capability is achieved by using Sonobuoy, an open source community standard, which provides diagnostics of your Kubernetes environments through conformance testing and additional plugins.

What Inspections are available?

The following cluster inspections are available from the Overview and Inspection tabs of the cluster detail page in the Tanzu Mission Control console.

  • Conformance inspection;

Validates the binaries running on your cluster and ensures that your cluster is properly installed, configured, and working. You can view the generated report from within Tanzu Mission Control to assess and address any issues that arise. For more information, see the Kubernetes Conformance documentation at https://github.com/cncf/k8s-conformance/tree/master/docs.

  • CIS benchmark inspection;

Evaluates your cluster against the CIS Benchmark for Kubernetes published by the Center for Internet Security.

  • Lite inspection;

Is a node conformance test that validates whether nodes meet requirements for Kubernetes. For more information, see Validate node setup in the Kubernetes documentation.

Tanzu Mission Control Openshift Cluster Inspections

Performing Inspections

To perform an inspection, there are two ways; from the inspections tab when view a cluster object (as in the above screenshot).

Or you can do this from the Inspections navigation page, as below.

Tanzu Mission Control Openshift Cluster Inspections Navigation Page Continue reading VMware Tanzu Mission Control – Cluster Inspections

vRealize Operations Openshift Container Platform Monitoring header

vRealize Operations – Monitoring OpenShift Container Platform environments

VMware, Kubernetes, , , ,

The latest release of  vRealize Operations (the “manager” part of the product name has now been dropped), brings the ability to manage your Kubernetes environments from the vSphere infrastructure up.

The Kubernetes integration in vRealize Operations 8.1;

  • vSphere with Kubernetes integration:
    • Ability to discover vSphere with Kubernetes objects as part of the vCenter Server inventory.
    • New summary pages for Supervisor Cluster, Namespaces, Tanzu Kubernetes cluster, and vSphere Pods.
    • ​Out-of-the-box dashboards, alerts, reports, and views for vSphere with Kubernetes.
  • The VMware Management Packs that are new and those that are updated for vRealize Operations Manager 8.1 are:
    • VMware vRealize Operations Management Pack for Container Monitoring 1.4.3

Where does OpenShift Container Platform fit in?

All though the above highlighted release notes point towards vSphere with Kubernetes (aka project pacific), the Container monitoring management pack has been available for a while and has received a number of updates.

vRealize Operations Management Pack for Containers compatiibility

This management pack can be used with any of your Kubernetes setups. Bringing components into your infrastructure monitoring view;

  • Kubernetes;
    • Clusters
    • Nodes
    • Pods
    • Containers
    • Services

So this means you can add in your OCP environment for monitoring.

Configuring vRealize Operations to monitor your OpenShift Clusters

Grab the latest Container monitoring management pack to be installed in your vRealize Operations environment.

  1. Log in to the vRealize Operations Manager with administrator privileges.
  2. In the menu, select Administration and in the left pane select Solutions > Repository.
  3. On the Repository tab, click Add/Upgrade.
  4. Browse to locate the temporary folder and select the PAK file.
  5. Click Upload. The upload might take several minutes.
  6. Read and accept the EULA,and click Next.
  7. When the vRealize Operations Management Pack for Container Monitoring is installed, click Finish.

vRealize Operations add Management Pack

To link any Kubernetes to your environment for monitoring, you need to install the cAdvisor Daemon.  For OCP I used the cAdvisor YAML Definition on HostPort, secondly you need to create some credentials to authenticate to your cluster from your connection in vROPs. Continue reading vRealize Operations – Monitoring OpenShift Container Platform environments

vmware

vCenter 7.0 – Image based backup is still supported, but won’t be in future versions

VMware, , ,

When vSphere 7.0 (and therefore vCenter 7.0) went GA, a number of customers were hit with a very important change;

  • vCenter support for image based backups was no longer supported

Since the GA, after customer feedback, the vCenter 7.0 release notes have been updated and I’m happy to report that Image based backups are still supported.

However, note that this method is now deprecated and will not be supported in a future release.

My advice is to start planning your move to using the native backup capabilities within the vCenter appliance itself, and for further information please see the following resources;

vCenter 7.0 imaged based backups supported but deprecated in the future

 

 

Regards

Dean Lewis