virtuallyGhetto

Full OVA/OVF property support coming to Terraform provider for vSphere

06/11/2020 by William Lam 7 Comments

Terraform is one of the most popular Infrastructure as Code (IaC) tool out there today and it should come as no surprise there is Terraform provider for vSphere which many of our customers have been using. In fact, VMware just recently released a couple more new providers (here and here) supporting VMware Cloud on AWS and NSX-T solutions respectively.

Although I have used Terraform and the vSphere provider in the past, it has not been my tool of choice for automation as it still lacks a number of basic vSphere capabilities which I require on a regular basis. The most common one being the ability to deploy a Virtual Appliance (OVA/OVF) which has been my biggest barrier and I know this has been a highly requested feature from the community as well.

In early May of this year, I noticed that v1.18 of the vSphere provider finally added support for OVA/OVF deployment and I was pretty excited to give this a try and may even have been the first to kick the tires on this feature? Although OVA/OVF support was added, it looks like support for customizing OVF properties which is commonly included as part of an OVA/OVF would only possible if you are cloning from an existing imported OVA/OVF image. One of the most common use case is to import an OVF/OVA from either your local computer or from a URL and it looks like this use case was not possible.

I filed two Github issues, one for supporting OVF properties for initial OVA/OVF deployment and another regarding a bug I ran into when importing OVA/OVF from a remote URL. Just yesterday, I got the good news that my feature request has been completed and I was given an early drop of the vSphere provider to try out this feature. I may have also hinted to the Engineering team to use my popular Nested ESXi Appliance OVA as a reference test implementation as I knew this was something many customers will want to deploy 🙂

UPDATE (06/23/20) - Support for OVA/OVF properties is now available as part of 1.20 of the Terraform Provider for vSphere

Extending VMware Cloud on AWS Notifications using the Notification Gateway API

06/10/2020 by William Lam 2 Comments

The VMware Cloud Notification Gateway (NGW) Service was launched back in May 2019 and is used to communicate important customer-facing notifications which can be delivered across a number of different communication channels as shown in the diagram below.

Of all the different communication channels, I think one of the most interesting one is the ability to send an outgoing webhook based on a specific VMware Cloud Event. In fact, this was the very first thing that caught my attention when I had first learned about the NGW Service from Nancy Cheng, the Product Manager for this service.

You can probably guess why I was so excited for this feature as it mimics a similiar capability to our VMware Event Broker Appliance (VEBA) solution. This not only enables our customers to consume other public cloud services that support webhooks but it also opens up the door for more advanced integrations, more on this at the end of this blog post 😀

As of publishing this blog post, there are over 75+ VMware Cloud Events which customers can subscribe to such including when a new SDDC is created or deleted, a new ESXi host has been added either manually or automatically via our Elastic DRS (eDRS) Service, SDDC maintenance notices to subscription reminders to just name a few. Although the default email and UI channels are great, many customers would also like to receive these notifications using other popular communications channels such as Slack or Microsoft Teams.

To help demonstrate the webhook functionality of the NGW Service API, I have created a PowerShell Module for VMware Cloud Notifications called VMware.VMC.Notification which is also published i then Microsoft Powershell Gallery. The module contains the following functions:

Connect-VmcNotification
Get-VmcNotificationEvent
Get-VmcNotificationWebhook
Test-VmcNotificationWebhook
Remove-VmcNotificationWebhook

Admin account for embedded Harbor registry in vSphere with Kubernetes

06/09/2020 by William Lam 2 Comments

After setting up a vSphere with Kubernetes Cluster, customers have the option of enabling a built-in private container registry that can be used with the Supervisor Cluster. This private container registry uses the popular Opensource Harbor solution which is also a Cloud Native Computing Foundation (CNCF) project.

Although this is a convenient capability, one thing to be aware of is that the embedded Harbor registry is limited in functionality compared to a standalone Harbor deployment and this is by design. When logging into Harbor with your vCenter SSO user, you will be able to do perform basic operations such as pushing and pulling images from this registry. For customers that require additional functionality from Harbor, it is recommended that you setup an external Harbor instance which can also be used as a common registry for both the Supervisor Cluster as well any Tanzu Kubernetes Grid (TKG) Clusters that you may provision.

With that said, I have heard from a few folks who were interested in accessing the Harbor UI using the "admin" account, mostly from an exploration standpoint. The admin credentials for Harbor are dynamically generated each time the service is enabled and it is stored as a K8s secret within the Supervisor Cluster. This means the admin password is unique for each environment and the instructions below will show you how to obtain the credentials.

Disclaimer: This is not officially supported by VMware and the behaviors described below could change in the future without notice.

Interesting Kubernetes application demos

06/08/2020 by William Lam 1 Comment

I am always on the lookout for cool and interesting demos to deploy, especially with some of the work I have been doing lately with vSphere with Kubernetes (K8s) and Tanzu Kubernetes Grid (TKG). I am sure many of you have probably seen the basic wordpress demos which seems to be the typical "Hello World" app for K8s and having something more compelling not only makes the demo more interesting but it can also help folks better understand how a modern applications can be built, deployed and run.

Below is a list of of the K8s demo applications that I have come across as part of my exploration and by no means is this an exhaustive list. I have been able to successfully deploy these applications running on the latest version of K8s (1.17 and 1.18) as I did come across other demos which did not work or I had issues setting up. If there are other K8s demos that folks have used, feel free to leave a comment and I will update the blog post after doing some basic testing.

For those of you who may not have a K8s environment and is running either vSphere 6.7 Update 3 or have access to a VMware Cloud on AWS SDDC, you can easily setup a TKG Cluster in under 30 minutes leveraging my TKG Demo Appliance Fling.

Setup custom login banner when logging into a vSphere with Kubernetes Cluster

05/20/2020 by William Lam Leave a Comment

While working on my PowerCLI module for enabling workload management for a vSphere with Kubernetes (K8s) Cluster, I came to discover a pretty cool feature that is only available when using the vSphere with K8s API to enable Workload Management on a vSphere Cluster.

As part of the enablement spec, there is a new property called login_banner. Taking a closer look, this property allows you to specify a custom message that would be displayed as part of the initial login to your vSphere with K8s Cluster using the vSphere kubectl plugin. This is similar to an SSH login banner which can be used to provide internal disclaimers and/or additional instructions for your end users.

Here is an example of what the login banner can look like. Yup, vSphere with K8s supports emojis or rather the terminal you are using to login can potentially render emojis 😀

The good news is that I have already added this feature into the new New-WorkloadManagement function and you can specify a message by adding the -LoginBanner parameter.

For those interested in rendering emojis within their banner, you can take a look at the following example and you can find the complete list of emoji unicodes here.

$LoginBanner = "

" + [char]::ConvertFromUtf32(0x1F973) + "vSphere with Kubernetes Cluster enabled by virtuallyGhetto " + [char]::ConvertFromUtf32(0x1F973) + "

"

$LoginBanner = "

" + [char]::ConvertFromUtf32(0x1F973) + "vSphere with Kubernetes Cluster enabled by virtuallyGhetto " + [char]::ConvertFromUtf32(0x1F973) + "

Workload Management PowerCLI Module for automating vSphere with Kubernetes

05/19/2020 by William Lam 1 Comment

One of the last things on my to-do list after creating my Automated vSphere 7 and vSphere with Kubernetes Lab Deployment Script which is still the quickest and most reliable way to have a fully deployed and configured environment to try out vSphere with Kubernetes using Nested ESXi, was to also automate the enablement of Workload Management for a given vSphere Cluster.

There are two new vCenter Server REST APIs to be aware of as it pertains to vSphere with Kubernetes:

namespaces = Manages the lifecycle and access control to a vSphere Namespace
namespace-management = Despite the name, this refers to lifecycle and management of a Workload Management Cluster

I also have to mention that Vikas Shitole, who works on vCenter Server, has fantastic blog series covering various parts of the new vSphere with Kubernetes API along with Python examples if you want to dive further. Since Vikas has done a great job covering Python, I figure I will demonstrate how to consume these new vSphere with Kubernetes API using PowerCLI, which many of our customers use to automate.

I have created a new WorkloadManagement.psm1 PowerCLI module which includes following functions:

Get-WorkloadManagement
New-WorkloadManagement
Remove-WorkloadManagement

Below are the two steps required to get started with the Workload Management PowerCLI Module.

Step 1 - Install the WorkloadManagement PowerCLI Module by running the following command:

Install-Module VMware.WorkloadManagement.psm1

Step 2 - A connection to the vCenter REST API endpoint using the Connect-CisServer cmdlet is required for enabling and disabling Workload Management Cluster

Connect-CisServer -Server pacific-vcsa-2.cpbu.corp -User *protected email* -Password VMware1!

A connection to vCenter Server using Connect-VIServer cmdlet is only required if you wish to retrieve information about an existing Workload Management Cluster

Connect-VIServer -Server pacific-vcsa-2.cpbu.corp -User *protected email* -Password VMware1!