vSphere with Tanzu User Roles and Workflows

The vSphere with Tanzu platform involves two roles, the vSphere administrator and the DevOps engineer. The DevOps engineer is comprising the role of DevOps, application developer, and Kubernetes administrator. Both roles interact with the platform through different interfaces and can have users or user groups defined for them in vCenter Server with associated permissions. The workflows for the vSphere administrator and DevOps engineer roles are distinct and determined by the specific area of expertise these roles require.

User Roles and Workflows

As a vSphere administrator, the primary interface through which you interact with the vSphere with Tanzu platform is the vSphere Client. At a high level, your responsibilities involve configuring a Supervisor and namespaces, where DevOps engineers can deploy Kubernetes workloads. You should have excellent knowledge about the vSphere, NSX Advanced Load Balancer or HAProxy load balancer, NSX (is you select this networking stack), and basic understanding about Kubernetes.

The diagram shows the workflow of the vSphere Administrator role for configuring and managing the Supervisor, vSphere namespaces, and services. — Figure 1. vSphere Administrator High Level Workflow

As a DevOps engineer, you might be a Kubernetes developer and an application owner, a Kubernetes administrator, or combine functions of both. As a DevOps engineer, you use kubectl commands to deploy vSphere Pods, VMs on existing namespace, and you use kubectl and Tanzu CLI to deploy and manage Tanzu Kubernetes Grid clusters. Typically, as a DevOps engineer, you do not need to be an expert on vSphere, NSX, VDS, or NSX Advanced Load Balancer, and HAProxy, but have basic understanding about these technologies and the platform to interact with the vSphere administrators more efficiently.

The diagram shows the DevOps engineer high-level workflow for running and managing workloads in the vSphere with Tanzu platform. — Figure 2. DevOps Engineer High Level Workflow

Supervisor with VDS Networking and NSX Advanced Load Balancer Workflow

As a vSphere administrator, you can configure vSphere clusters as a Supervisor with the vSphere networking stack through a VDS and NSX Advanced Load Balancer. You can configure one-zone Supervisor mapped to one vSphere cluster or a three-zone Supervisor mapped to three vSphere clusters. For more information about the system requirements, see Requirements for Enabling a One-Zone Supervisor with NSX Advanced Load Balancer and Requirements for a Three-Zone Supervisor with NSX Advanced Load Balancer. For information about enabling a Supervisor with VDS networking, see Installing and Configuring vSphere with Tanzu.

The diagram shows the workflow for enabling a Supervisor with VDS networking and NSX Advanced Load Balancer. — Figure 3. Workflow for enabling a Supervisor with VDS networking and NSX Advanced Load Balancer

Supervisor with VDS networking and HAProxy Load Balancer Workflow

As a vSphere administrator, you can enable a Supervisor on one or three vSphere zones mapped to vSphere clusters by using the VDS networking stack and HAProxy load balancer. For more information about the system requirements, see Requirements for Enabling a One-Zone Supervisor with VDS Networking and HAProxy Load Balancer and Requirements for Enabling a Three-Zone Supervisor with VDS Networking and HA Proxy Load Balancer. For installation instructions, see Installing and Configuring vSphere with Tanzu.

The diagrams shows the workflow for enabling a Supervisor with VDS networking and HAProxy load balancer. — Figure 4. Workflow for enabling a Supervisor with VDS networking and HAProxy

Supervisor with NSX Networking Workflow

You can also configure a one-zone or a three-zone Supervisor with NSX as the networking stack. For more information about the system requirements, see Requirements for Enabling One-Zone Supervisor with NSX and Requirements for Enabling Three-Zone Supervisor with NSX. For installation instructions, see Installing and Configuring vSphere with Tanzu.

The diagram shows the workflow for enabling a Supervisor with the NSX networking stack. — Figure 5. Workflow for enabling a Supervisor with NSX networking

Namespace Creation and Configuration Workflow

Once you enable a Supervisor, as a vSphere administrator, you create and configure vSphere Namespaces on the Supervisor. You must gather specific resource requirements from DevOps engineers about the applications and workloads they want to run and configure the namespaces accordingly. For more information see Configuring and Managing vSphere Namespaces.

The diagram shows the workflow for configuring a vSphere Namespace. — Figure 6. Workflow for configuring vSphere Namespaces

Self-Service Namespace Creation and Configuration Workflow

As a vSphere administrator, you can create a vSphere Namespace, set CPU, memory, and storage limits to the namespace, assign permissions, and provision or activate the namespace service on a cluster as a template. For more information see Configuring and Managing vSphere Namespaces.

The diagram shows the workflow for enabling a self-service namespace template. — Figure 7. Self-service Namespace Template Provisioning Workflow

As a DevOps engineer, you can create a vSphere Namespace in a self-service manner and deploy workloads within it. You can share it with other DevOps engineers or delete it when it is no longer required.

The diagrams shows the workflow to create a self-service namespace. — Figure 8. Self-service Namespace Creation Workflow

vSphere Pod and VM Provisioning Workflow

As a DevOps engineer, you can deploy vSphere Pods and VMs within the resources boundaries of a namespace that is running on a Supervisor. For more information, see Deploying Workloads to vSphere Pods and Deploying and Managing Virtual Machines in vSphere with Tanzu.

The diagram shows the workflow for provisioning vSphere Pods and VMs. — Figure 9. vSphere Pods and VM Provisioning Workflow

Tanzu Kubernetes Grid Cluster Provisioning Workflow

As a DevOps engineer, you create and configure Tanzu Kubernetes Grid clusters on vSphere Namespaces. For more information, see the Using Tanzu Kubernetes Grid 2 with vSphere with Tanzu guide.