Thursday, September 9, 2021

Customizing VMs with Cloud-Init

 Last post was all about creating Virtual Machines through VM Services operator provided by vSphere with Tanzu, which would give immediately freedom of choice to Developers when it comes to choose how their application might be made of; Containers, Pods, VMs, a mix of all of them .... in fact it does not matter anymore, they can build and run any of them just the same way.

Honestly, my previous post just shows how to create VMs, All the fun comes now when we can customize it during provisioning.

Guest customization is performed by the use of Cloud-Init, mainly because it became one of the most popular customization tools out there, meaning that you can leverage all that beauty you already have created.

Cloud-Init also provides dozens of modules since basic things like creating Users and Groups, Repo configuration, Packages installation, but also more advanced functions like integration with Puppet and Chef. As a start I suggest going through the examples available on their portal.

Back to my initial ConfigMap, it just had basic customization

Let's see how we can pimp this code:

First create your cloud-init file with the customization you want to make. I made a basic one, just user's creation, set it's password, install some package and run a command.

Although it's available on my git, it's far from being considered best practices, use it at your own risk !!

Once it's done, you will add it to ConfigMap under user-data section, which by the way need to be base64

just run: cat "cloud-init-file" | base64

Now just copy the code and past under the user-data... make sure it's a single line of code.

It's all set now, you can create your VMs just as I showed on the previous post.


Good customization !!!

Wednesday, September 1, 2021

Creating Virtual Machines with Tanzu 2/2

A few weeks ago, I started blogging about VM service, a new feature of vSphere with Tanzu update 2 which allows developers to created virtual machines with descriptor files, just the same way they do with Pods and Containers.


By that time, I wrote through the eyes of an Operator, which will setup the environment to Developers consume in a secure and control manner.


Today, let’s see how a Developer benefits from a self-service Virtual Machines consumption, enhancing their agility, delivering solutions faster to the marketing.


To start with login to supervisor cluster and make sure your context is configured to the Namespace where VM service has been configured


Documentation page provides a basic template to start with, but if you wanna test my use case, I also published it on my git.



I highlighted some points on the yaml file, those are the critical information you need to provide as follow:


imageName: it’s the template’s name which was made available to your Namespace as part of the Content Library selection:

to list all templates available run: kubectl get vmimage

Along with the templates available for VM Service it also lists templates for Tanzu Kubernetes Cluster (if it has been configured to your Namespace);



className: is that kind of t-shirt size profile which dictates the resources your VM will get.

To list the classes available run: kubectl get virtualmachineclassbindings


The name might not be the most intuitive thing in the world, describe the class to get detailed information about the resources allocated, running kubectl describe virtualmachineclassbindings “class_name”



storageClass: That’s the name of the storage policy where the disks of your VM will be created at:

To list the storage policies available to you run: kubectl get resourcequotas

The first part is your storage policy name

networkName: that’s the network name attached to your VM, but it’s ONLY REQUIRED if you are using vSphere Distributed Switch, otherwise you can remove this specification.

To get the networks available to you run: kubectl get network



In case you get a message like: Error from server (Forbidden): is forbidden: User "sso:user@domain" cannot list resource "networks" in API group "" in the namespace "name" it means your Namespace is configured with NSX-T (see topic bellow)


networkType: it’s the solution providing network services to  your Supervisor Cluster; it can be vsphere-distributed or nsx-t

For a developer it’s not something they would know or care about to be honest, to make sure the result you got querying the network is valid you can just describe the network, running kubectl describe network "net_name"



That’s all you need to create your VM.


Well, there’s nothing fancy about creating VMs if we cannot customize it right ? 


Customization of VMs like installing packages, creating files, adjusting settings is done through the use of ConfigMaps, but this topic deserves its own blog post. (check it out)


For now, as part of my deployment I also create a ConfigMap which just configures hostname and set up the default password (which will be required to change upon first login). 

Just create the VM as you would normally do with any Kubernetes object



In a few minutes the VM will be available, run kubectl get vm


Also, the VM will be on vCenter inventory under the Developer's Namespace, just as any other VM.



That's what I call Developers freedom !!




Monday, August 23, 2021

Tanzu Self-Service Namespace

Giving developers freedom and autonomy to do what they do best, delivering meaninful business vaule through faster and faster cycles has been a VMware's obssession with Tanzu portfolio.

Self-services for Kubernetes cluster creation, scale-out, update and even the creation of virtual machines is already a reality . But for vigilant eyes, there's one step back before all this beauty can happen, access to a Namespace !!!

How do you give Developers access to an environment ? Ticket systems ?!?! Shame on you !!!

vSphere with Tanzu Update 2 brought another great feature, Self-Service Namespace, now your developers can create it's own Namepace, let's dig into it.

First of all, you need to enable Namespace service on your supervisor cluster; that will create a kind of template that will be reproduced over an over every time a developer request a new Namespace.


It then starts asking about the quota you wanna set up for the Namespace template, click Next when you are done;

On the Permissions page, you assign the developer's accounts with the capability to create Namespaces, just add the users from the identity sources of your choice and click Next;

If everything is fine with your Template, just click Finish;

Now it's time to create some Namespaces.

Depending on the developers, you might have several others contexts,  make sure you are on the context of your supervisor cluster.

To create a Namespace just run: kubectl create namespace "namespace_name"

A new Namespace will be created, the developer will be the owner of it and all the configuration will be inhered from the Namespace template we just setup before.

Tanzu Update 2 had so many great features that Self-Service Namespace runs under the radar, have you notice this feature before ?

Friday, July 16, 2021

Creating Virtual Machines with Tanzu 1/2

We have seen the increase of containers adoption at companies of all sizes, driving innovation and conquering new markets by the release of new apps or features faster and faster. It would not be possible without the use of modern applications, mostly running on top of Kubernetes, but it’s also unliked to think that those applications will be 100% based on microservices, in fact those new Apps are hybrid, part microservices, part running on virtual machines, like databases or applications that demand a more traditional runtime and even functions, so what's better than having a single platform that can run them all, integrated, self-service and transparent to the developer ?!?


That’s what VM Service is all about, to allow developers to create VMs using K8s manifests on top of vSphere with Tanzu just the same way they are used to deploy all others K8s constructs, eliminating manual or ticketing requests, improving their autonomy and delivering value faster to business.


I’ll cover this subject under two different angles:

- The Operator, which is responsible for the infrastructure, concerning about it’s availability, security and compliance.

- The Developer, which is concern about delivering value through the deployment of applications and features as fast as possible without need to worry so much about the infrastructure.


Let’s start with the Operator.

First of all VM Service has been released to vSphere 7 update 2, so make sure you update your vCenter and Supervisor Cluster to at least this version.


Once available you will notice a new tab on Workload Management called Services.


VM Service has two main components, VM Class and Content Library 


You can think of VM Class as a profile for VMs, like T-shirt sizes on public clouds, where you define the VM resources in terms of amount of CPU and memory which will be allocated, also you can specify how much of those resources are guarantee (reservation). 


 By default vSphere with Tanzu offers a few classes, but you can also create your own, it’s very intuitive, just give it a name and set the values you desire, please avoid to change the default ones, if you need different parameters create your own instead.



Content Library is where the VM images or templates are stored, so developers can pick one desired OS flavor during provisioning.


 The creation of Content Library is straight forward, and you probably have been doing this for years, so I don’t want to bother you here with the steps.


Once the library is created you just need to add the images you want.

VMware is gradualy releasing supported and curated images on Marketplace, just search for VM Service and download the template and add it to the Library.



I created a Library called Tanzu-VMs and added two templates, CentOs and Ubuntu, I used a prefix to help find it easier and distinguish them from the images to Tanzu Kubernetes Cluster.


Now that the requirements are ready it’s time to allow developers to consume those resources. 


That’s when the governance comes in place, allowing the operator to adjust the guardrails on a Namespace basis, like specifying which VM Class to each Namespace to avoid the creation of bigger VMs not suitable for the environment or the use of only approved OS images.


Select the desired Namespace, you will see a new widget, VM Service;


Click on Manage VM Classes to select what classes you want developers to have access to.


Now click on Add Content Library, and select the Library with the Tanzu images you want developers to have access to.



At this point developers are ready to create Virtual Machines as part of their deployments, stay tuned next post I’ll show you how developers can consume this new service.


See you soon.

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive