If you have system administrator rights, you can add an organization VDC Kubernetes policy by using a provider VDC Kubernetes policy. You can use the organization VDC Kubernetes policy to create Tanzu Kubernetes clusters.
When you add or publish a provider VDC Kubernetes policy to an organization VDC, you make the policy available to tenants by creating an organization VDC policy. Tenants can use the available organization VDC Kubernetes policies to leverage the Kubernetes capacity while creating Tanzu Kubernetes clusters. A Kubernetes policy encapsulates placement, infrastructure quality, and persistent volume storage classes. Kubernetes policies can have different compute limits.
You can add multiple organization VDC Kubernetes policies to a single organization VDC. You can use a single provider VDC Kubernetes policy to create multiple organization VDC Kubernetes policies. You can use the organization VDC Kubernetes policies as an indicator of the service quality. For example, you can publish a Gold Kubernetes policy that allows a selection of the guaranteed machine classes and a fast storage class or a Silver Kubernetes policy that allows a selection of the best effort machine classes and a slow storage class.
- Verify that you have a system administrator role or a role that includes an equivalent set of rights. All other roles can only view the organization VDC Kubernetes policies.
- Verify that your environment has at least one provider VDC backed by a Supervisor Cluster. The provider VDCs backed by a Supervisor Cluster are marked with a Kubernetes icon on the Provider VDCs tab of the Service Provider Admin Portal. For more information on vSphere with VMware Tanzu in VMware Cloud Director, see Using vSphere with Kubernetes in VMware Cloud Director in the VMware Cloud Director Service Provider Admin Portal Guide.
- Verify that you are logged in to a flex organization VDC.
- Familiarize yourself with the virtual machine class types for Tanzu Kubernetes clusters. See the vSphere with Kubernetes Configuration and Management guide in the vSphere documentation.
- In the top navigation bar, click Data Centers and then click Virtual Data Center.
- Select an organization virtual data center.
- In the left panel, under Settings, select Kubernetes Policies and click Add.
The Publish to Organization VDC wizard appears.
- Enter a tenant-visible name and description for the organization VDC Kubernetes policy and click Next.
- Select the provider VDC Kubernetes policy that you want to use and click Next.
- Select CPU and Memory limits for the Tanzu Kubernetes clusters created under this policy.
The maximum limits depend on the CPU and Memory allocations of the organization VDC. When you add the policy, the selected limits act as maximums for the tenants.
- Choose whether you want to reserve CPU and memory for the Tanzu Kubernetes cluster nodes created in this policy and click Next.
There are two editions for each class type: guaranteed and best effort. A guaranteed class edition fully reserves its configured resources, while a best effort edition allows resources to be overcommitted. Depending on your selection, on the next page of the wizard, you can select between VM class types of the guaranteed or best effort edition.
- Select Yes for VM class types of the guaranteed edition for full CPU and Memory reservations.
- Select No for VM class types of the best effort edition with no CPU and memory reservations.
- On the Machine classes page of the wizard, select one or more VM class types available for this policy.
The selected machine classes are the only class types available to tenants when you add the policy to the organization VDC.
- Select one or more storage policies.
- Review your choices and click Publish.
The information about the published policy appears in the list of Kubernetes policies. The published policy creates a Supervisor Namespace on the Supervisor Cluster with the specified resource limits from the policy.
The tenants can start using the Kubernetes policy to create Tanzu Kubernetes clusters. VMware Cloud Director places each Tanzu Kubernetes cluster created under this Kubernetes policy in the same Supervisor Namespace. The policy resource limits become resource limits for the Supervisor Namespace. All tenant-created Tanzu Kubernetes clusters in the Supervisor Namespace compete for the resources within these limits.
What to do next
- Delete an organization VDC Kubernetes policy.
- By using the Service Provider Admin Portal, you can manage organization resource quotas. See Manage Quotas on the Resource Consumption of an Organization in the VMware Cloud Director Service Provider Admin Portal Guide.
- Manage the Resource Quotas of a Group or Manage the Resource Quotas of a User