To make a provider VDC Kubernetes policy available to tenants, you can publish it to a flex organization VDC. When you publish a provider VDC Kubernetes policy, you create an organization VDC Kubernetes policy that tenants can use to create Kubernetes clusters.

When you add or publish a provider VDC Kubernetes policy to an organization VDC, you make the policy available to tenants. The tenants can use the available organization VDC Kubernetes policies to leverage the Kubernetes capacity while creating Kubernetes clusters. A Kubernetes policy encapsulates placement, infrastructure quality, and persistent volume storage classes. Kubernetes policies can have different compute limits.

You can publish multiple provider VDC Kubernetes policies to a single organization VDC. You can publish a single provider VDC Kubernetes policy multiple times to an organization VDC. You can use the organization VDC Kubernetes policies as an indicator of the service quality. For example, you can publish a Gold Kubernetes policy that allows a selection of the guaranteed machine classes and a fast storage class or a Silver Kubernetes policy that allows a selection of the best effort machine classes and a slow storage class.

Prerequisites

  • Create a provider VDC backed by a Supervisor Cluster or add a Supervisor Cluster to an existing provider VDC. See Using Kubernetes with VMware Cloud Director.
  • Verify that you have at least one flex organization VDC in your environment. See Create an Organization Virtual Data Center.
  • Familiarize yourself with the virtual machine class types for Tanzu Kubernetes clusters. See the vSphere with Kubernetes Configuration and Management guide in the vSphere documentation.

Procedure

  1. From the top navigation bar, select Resources and click Cloud Resources.
  2. In the left panel, select Provider VDCs, and click the name of a provider VDC.
  3. Under Policies, select Kubernetes, select the policy you want to publish, and click Publish.
    The Publish to Organization VDC wizard appears.
  4. Enter a tenant-visible name and description for the organization VDC Kubernetes policy and click Next.
  5. Select the flex organization VDC to which you want to publish the policy and click Next.
  6. Select CPU and Memory limits for the Kubernetes clusters created under this policy.
    The maximum limits depend on the CPU and Memory allocations of the organization VDC. When you publish the policy, the selected limits act as maximums for the tenants.
  7. Choose whether you want to reserve CPU and memory for the Kubernetes cluster nodes created in this policy and click Next.
    There are two editions for each class type: guaranteed and best effort. A guaranteed class edition fully reserves its configured resources, while a best effort edition allows resources to be overcommitted. Depending on your selection, on the next page of the wizard you can select between VM class types of the guaranteed or best effort edition.
    • Select Yes for VM class types of the guaranteed edition for full CPU and Memory reservations.
    • Select No for VM class types of the best effort edition with no CPU and memory reservations.
  8. On the Machine classes page of the wizard, select one or more VM class types available for this policy.
    The selected machine classes are the only class types available to tenants when you publish the policy to an organization VDC.
  9. Select one or more storage policies.
  10. Review your choices and click Publish.

Results

The information about the published policy appears under the Policies section of the flex organization VDC. The published policy creates a Supervisor Namespace on the Supervisor Cluster with the specified resource limits from the policy.

The tenants can start using the Kubernetes policy to create Kubernetes clusters. VMware Cloud Director places each Kubernetes cluster created under this Kubernetes policy in the same Supervisor Namespace. The policy resource limits become resource limits for the Supervisor Namespace. All tenant-created Kubernetes clusters in the Supervisor Namespace compete for the resources within these limits.