vSphere IaaS Control Plane User Roles and Workflows

vSphere IaaS control plane involves two roles, the vSphere administrator and the DevOps engineer. The DevOps engineer is comprising the role of DevOps, application developer, and Kubernetes administrator. Both roles interact with the platform through different interfaces and can have users or user groups defined for them in vCenter Server with associated permissions. The workflows for the vSphere administrator and DevOps engineer roles are distinct and determined by the specific area of expertise these roles require.

User Roles and Workflows

As a vSphere administrator, the primary interface through which you interact with vSphere IaaS control plane is the vSphere Client. At a high level, your responsibilities involve configuring a Supervisor and namespaces, where DevOps engineers can deploy Kubernetes workloads. You should have excellent knowledge about the vSphere, NSX Advanced Load Balancer or HAProxy load balancer, NSX (is you select this networking stack), and basic understanding about Kubernetes.

The diagram shows the workflow of the vSphere Administrator role for configuring and managing the Supervisor, vSphere namespaces, and services. — Figure 1. vSphere Administrator High Level Workflow

As a DevOps engineer, you might be a Kubernetes developer and an application owner, a Kubernetes administrator, or combine functions of both. As a DevOps engineer, you use kubectl commands to deploy vSphere Pods, VMs on existing namespace, and you use kubectl and Tanzu CLI to deploy and manage TKG clusters. Typically, as a DevOps engineer, you do not need to be an expert on vSphere, NSX, vDS, or NSX Advanced Load Balancer, and HAProxy, but have basic understanding about these technologies and the platform to interact with the vSphere administrators more efficiently.

The diagram shows the DevOps engineer high-level workflow for running and managing workloads in IaaS Platform. — Figure 2. DevOps Engineer High Level Workflow

Supervisor with VDS Networking and NSX Advanced Load Balancer Workflow

As a vSphere administrator, you can configure vSphere clusters as a Supervisor with the vSphere networking stack through a VDS and NSX Advanced Load Balancer. You can configure one-zone Supervisor mapped to one vSphere cluster or a three-zone Supervisor mapped to three vSphere clusters. For more information about the system requirements, see Requirements for Enabling a One-Zone Supervisor with NSX Advanced Load Balancer and Requirements for a Three-Zone Supervisor with NSX Advanced Load Balancer. For information about enabling a Supervisor with VDS networking, see Installing and Configuring in Installing and Configuring vSphere IaaS Control Plane.

The diagram shows the workflow for enabling a Supervisor with VDS networking and NSX Advanced Load Balancer. — Figure 3. Workflow for enabling a Supervisor with VDS networking and NSX Advanced Load Balancer

Supervisor with NSX Networking and NSX Advanced Load Balancer Controller Workflow

You can configure a one-zone or a three-zone Supervisor with theNSX networking stack and the NSX Advanced Load Balancer Controller. For more information about requirements, see Requirements for Cluster Supervisor Deployment with NSX and NSX Advanced Load Balancerand Requirements for Zonal Supervisor with NSX and NSX Advanced Load Balancer. For the installation procedure, see Install and Configure NSX and NSX Advanced Load Balancer.

Workflow for configuring compute, storage, and creating and configuring a vSphere Distributed Switch. — Figure 4. Workflow for enabling a Supervisor with NSX networking and NSX Advanced Load Balancer Controller

Workflow for configuring NSX with NSX Advanced Load Blanacer

Supervisor with NSX Networking Workflow

You can also configure a one-zone or a three-zone Supervisor with NSX as the networking stack. For more information about the system requirements, see Requirements for Enabling One-Zone Supervisor with NSX and Requirements for Enabling Three-Zone Supervisor with NSX. For installation instructions, see Installing and Configuring in Installing and Configuring vSphere IaaS Control Plane.

The diagram shows the workflow for enabling a Supervisor with the NSX networking stack. — Figure 5. Workflow for enabling a Supervisor with NSX networking

Supervisor with VDS networking and HAProxy Load Balancer Workflow

As a vSphere administrator, you can enable a Supervisor on one or three vSphere zones mapped to vSphere clusters by using the VDS networking stack and HAProxy load balancer. For more information about the system requirements, see Requirements for Enabling a One-Zone Supervisor with VDS Networking and HAProxy Load Balancer and Requirements for Enabling a Three-Zone Supervisor with VDS Networking and HA Proxy Load Balancer. For installation instructions, see Installing and Configuring in Installing and Configuring vSphere IaaS Control Plane.

The diagrams shows the workflow for enabling a Supervisor with VDS networking and HAProxy load balancer. — Figure 6. Workflow for enabling a Supervisor with VDS networking and HAProxy

Namespace Creation and Configuration Workflow

Once you enable a Supervisor, as a vSphere administrator, you create and configure vSphere Namespaces on the Supervisor. You must gather specific resource requirements from DevOps engineers about the applications and workloads they want to run and configure the namespaces accordingly. For more information see Configuring and Managing vSphere Namespaces.

The diagram shows the workflow for configuring a vSphere Namespace. — Figure 7. Workflow for configuring vSphere Namespaces

Self-Service Namespace Creation and Configuration Workflow

As a vSphere administrator, you can create a vSphere Namespace, set CPU, memory, and storage limits to the namespace, assign permissions, and provision or activate the namespace service on a cluster as a template. For more information see Configuring and Managing vSphere Namespaces.

The diagram shows the workflow for enabling a self-service namespace template. — Figure 8. Self-service Namespace Template Provisioning Workflow

As a DevOps engineer, you can create a vSphere Namespace in a self-service manner and deploy workloads within it. You can share it with other DevOps engineers or delete it when it is no longer required.

The diagrams shows the workflow to create a self-service namespace. — Figure 9. Self-service Namespace Creation Workflow

vSphere Pod and VM Provisioning Workflow

As a DevOps engineer, you can deploy vSphere Pods and VMs within the resources boundaries of a namespace that is running on a Supervisor. For more information, see Deploying Workloads to vSphere Pods and Deploying and Managing Virtual Machines in vSphere IaaS Control Plane Services and Workloads.

The diagram shows the workflow for provisioning vSphere Pods and VMs. — Figure 10. vSphere Pods and VM Provisioning Workflow

TKG Cluster Provisioning Workflow

As a DevOps engineer, you create and configure TKG clusters on vSphere Namespaces. For more information, see the Using TKG Service with vSphere IaaS Control Plane guide.