To deploy virtual machines in the vSphere with Tanzu environment, DevOps users must have access to VM images, or templates, that contain software configurations, including operating systems, applications, and data. To provide access to images, a vSphere administrator configures a VM content library, and then associates it with the namespace where the VMs are deployed.

1 Create a Content Library for Stand-Alone VMs

As a vSphere administrator, create a content library to store and manage VM templates.

You can create a local content library and populate it with templates and other types of files.

You can also create a subscribed library to use the contents of an already existing published local library.

Starting with vSphere 7.0 Update 3, you can protect the items of a content library by applying an OVF security policy. The OVF security policy enforces strict validation when you deploy or update a content library, import items to a content library, or synchronize templates. To make sure that the templates are signed by a trusted certificate, you can add the OVF signing certificate from a trusted CA to a content library.

For more information about content libraries and VM templates in vSphere, see Using Content Libraries in vSphere Virtual Machine Administration.

Prerequisites

Required privileges:
  • Content library.Create local library or Content library.Create subscribed library on the vCenter Server instance where you want to create the library.
  • Datastore.Allocate space on the destination datastore.

Procedure

  1. Navigate to the VM Service page.
    1. From the vSphere Client home menu, select Workload Management.
    2. Click the Services tab and click Manage on the VM Service card.
  2. On the VM Service page, click Content Libraries > Create a content library.
    This action takes you to the content library section in the vSphere Client.
  3. Click Create.
    The New Content Library wizard opens.
  4. On the Name and location page, enter a name, select a vCenter Server instance for the content library and click Next.
    Make sure to use an informative name for the content library, so that your DevOps team can easily find and access the library items.
  5. On the Configure content library page, select the type of content library that you want to create and click Next.
    Option Description
    Local content library

    A local content library is accessible only in the vCenter Server instance where you create it by default.

    1. (Optional) To make the content of the library available to other vCenter Server instances, select Enable publishing .
    2. (Optional) If you want to require a password for accessing the content library, select Enable authentication and set a password.
    Subscribed content library A subscribed content library originates from a published content library. Use this option to take advantage of existing content libraries.

    You can synchronize the subscribed library with the published library to see up-to-date content, but you cannot add or remove content from the subscribed library. Only an administrator of the published library can add, modify, and remove contents from the published library.

    Provide the following information to subscribe to a library:

    1. In the Subscription URL text box, enter the URL address of the published library.
    2. If authentication is enabled on the published library, select Enable authentication and enter the publisher password.
    3. Select a download method for the contents of the subscribed library.
      • If you want to download a local copy of all the items in the published library immediately after subscribing to it, select immediately.
      • If you want to save storage space, select when needed. You download only the metadata for the items in the published library.

        If you need to use an item, synchronize the item or the entire library to download its content.

    4. If prompted, accept the SSL certificate thumbprint.

      The SSL certificate thumbprint is stored on your system until you delete the subscribed content library from the inventory.

  6. (Optional) On the Apply security policy page, select Apply Security Policy and select OVF default policy.
    For the subscribed library, this option appears only if the library supports security policies.
    If you select this option, the system performs a strict OVF certificate verification when importing an OVF item to the library from the local host or synchronizing an item. The OVF items that do not pass the certificate validation cannot be imported.
    If the item does not pass the validation during synchronization, it is marked with the Verification Failed tag. Only the item and metadata will be kept, but not the files in the item.
  7. On the Add storage page, select datastore as a storage location for the content library contents and click Next.
  8. On the Ready to complete page, review the details and click Finish.

2 Populate a Content Library with VM Images for Stand-Alone VMs

After you create the content library, populate it with VM templates in OVA or OVF format. Your DevOps engineers can use the templates to provision new stand-alone virtual machines in the vSphere with Tanzu environment.

You can use several methods to populate the library. This topic describes how to add items to a local content library by importing files from your local machine or from a Web server. For other ways to populate the content library, see Populating Libraries with Content in vSphere Virtual Machine Administration.

Prerequisites

  • Create VM images that are compatible with vSphere with Tanzu.

    The image specification requires that all VM images include VMware Tools or an equivalent open source package. The images must use one of the following to bootstrap the guest OS and its networking stack:

    • Linux + Cloud-Init version 17.9-21.2 with DataSourceVMwareGuestInfo.
    • Linux + Cloud-Init version 21.3+
    • Windows + Cloudbase-Init version 1.1.0+

    For information about Cloud-Init, see the https://cloud-init.io/ web site.

  • If your library is protected by a security policy, make sure that all library items are complaint. If a protected library includes a mix of compliant and non-compliant items, the kubectl get virtualmachineimages fails to present VM images to the DevOps engineers.
  • Required privilege: Content library.Add library item and Content library.Update files on the library.

Procedure

  1. From the vSphere Client home menu, select Content Libraries.
  2. Right-click a local content library and select Import Item.
    The Import Library Item dialog box opens.
  3. In the Source section, select the source of the item.
    Option Description
    URL Enter the path to the Web server where the item is.
    Note: You can import either an .ovf or .ova file. The resulting content library item is of the OVF Template type.
    Local File Click Upload File to navigate to the file that you want to import from your local system. You can use the drop-down menu to filter files in your local system.
    Note: You can import either an .ovf or .ova file. When you import an OVF template, first select the OVF descriptor file ( .ovf). Next, you are prompted to select the other files in the OVF template, for example the .vmdk file. The resulting content library item is of the OVF Template type.
    vCenter Server reads and validates the manifest and certificate files in the OVF package during importing. A warning is displayed in the Import Library Item wizard, if certificate issues exist, for example if vCenter Server detects an expired certificate.
    Note: vCenter Server does not read signed content, if the OVF package is imported from an .ovf file from your local machine.
  4. In the Destination section, enter a name and a description for the item.
  5. Click Import.

Results

The item appears on the Templates tab or on the Other Types tab.

The image appears on the Templates tab

3 Associate a VM Content Library with a Namespace

After you create the content library and populate it with VM templates, add the library to the namespace to give your DevOps users access to the content library.

You can add multiple content libraries to a single namespace. You can add the same content library to different namespaces.
Note: This procedure applies only to content libraries for VM Service. Tanzu Kubernetes Grid content libraries must be managed from the Tanzu Kubernetes Grid card.

Prerequisites

Required privileges:
  • Namespaces.Modify cluster-wide configuration
  • Namespaces.Modify namespace configuration

Procedure

  1. In the vSphere Client, go to the namespace.
    1. From the vSphere Client home menu, select Workload Management.
    2. Click the Namespaces tab and click the namespace.
  2. Add a content library.
    1. On the VM Service card, click Add Content Library.
    2. Select one or several content libraries and click OK.

4 Manage VM Content Libraries on a Namespace

After you associate the library with the namespace, you can remove the library to unpublish it from the Kubernetes namespace. You can also add more libraries.

Removing a content library from a namespace does not affect VMs that were previously deployed with the library images.
Note: This procedure applies only to content libraries for VM Service. Tanzu Kubernetes Grid content libraries must be managed from the Tanzu Kubernetes Grid card.

Prerequisites

Required privileges:
  • Namespaces.Modify cluster-wide configuration
  • Namespaces.Modify namespace configuration

Procedure

  1. In the vSphere Client, go to the namespace.
    1. From the vSphere Client home menu, select Workload Management.
    2. Click the Namespaces tab and click the namespace.
  2. Add or remove a content library.
    1. On the VM Service card, click Manage Content Library.
    2. Perform one of the following operations.
      Option Description
      Remove a content library Deselect the content library and click OK.
      Add a content library Select one or several content libraries and click OK.

What to do next

Contents of the library become available in the Kubernetes namespace as VM images and can be used by DevOps to self-service VMs. See Deploy a Virtual Machine in vSphere with Tanzu.