Create vSphere namespaces from Aria Automation
In this post we'll take a look at how to integrate vRealize Automation (Aria Automation) and vSphere with Tanzu (TKGs)
One use-case for this is the ability to allow for self-service of Supervisor namespaces. A developer could request a namespace in a designated vRA Project and from that start to deploy their Kubernetes workloads without the need for contacting the vSphere Administrator. And since vRA both offers a UI and an extensive API the developers can request the resources the way that suits them best.
Environment Setup
The environment consists of a vSphere cluster running 7.0.3 with Workload Management enabled. The cluster is a vSAN cluster and workload management is using NSX-T as the network provider. The NSX-T cluster is running on version 4.0
The vRA instance we're working with is running version 8.10.2 and has Cloud Accounts connected to both vCenter and NSX-T
Kubernetes zone setup in Aria Automation
To start off we will add the Supervisor cluster to our Kubernetes resources in vRA
We'll select the Cloud Account for the vCenter running the Supervisor cluster, and then we can select the Supervisor cluster itself
With that the Supervisor cluster should be added
Next we'll create a Kubernetes Zone which is like a Cloud Zone for compute
And add in the Supervisor cluster as the compute for this zone.
Now we should have our Kubernetes Zone created
Now, like we have to do for Cloud Zones, we'll have to add the zone to a project for it to be able to provision to it
Note that we can set limits for the number of namespaces that the project can create, and also priorities if more zones exists
With that in place, let's see if we can create our self-service template
Create Cloud Template
First, let's create a new Cloud Template
Add in a Supervisor namespace to the canvas, create a Input for the name and hook that up to the name property of the namespace
Before trying to deploy the template it's a good practice to run a Test. For a Supervisor namespace there's not much to be tested, but we'll do it anyways
Now, with the test passed let's deploy a real namespace!
Seems we have a success!
And to confirm we can check the namespaces from the vSphere client
Now let's finish up with versioning the template so that we can enable it for self-service through the Service Broker
Service Broker catalog
Depending on the Sharing definition policy the template could now be available for requesting
Let's try it out!
Note that the namespace name must be DNS compliant, meaning that things like spaces is not supported. This could be handled with something like a Regex constraint or an external validation tied to the input field
Hopefully this went successfully, let's see if we can verify it in vCenter.
From the vCenter tasks pane we can also see that the integrated Harbor registry has created a project for our new namespace.
Our deployed Supervisor namespaces will also appear in the Cloud Assembly Resources
Now, to tidy up, let's remove our first test deployment
Which will delete the namespace in vSphere and also clean up in Harbor
But, wait. What about configuration of the namespaces?
This integration between vRA and TKGs is obviously very simple. If you create a namespace in vSphere you'll have the ability to set limits, permissions, assign storage and more.
In an upcoming post we'll take a look at how to amend that with vRealize Aria Orchestrator (vRO), and later with a few of the newer abilities in vRA.