When adding Kubernetes components to a vRealize Automation Cloud Assembly cloud template, you can choose to add clusters or enable users to create namespaces in various configurations. Typically, this choice depends on your access control requirements, how you have configured your Kubernetes components, and your deployment requirements.

To add a Kubernetes component to a cloud template in vRealize Automation Cloud Assembly, select Design > Cloud Templates , click New, and then locate and expand the Kubernetes option on the left menu. Then, make the desired selection, either Cluster or KBS Namespace by dragging it to the canvas.

Adding a Kubernetes cluster that is associated with a project to a cloud template is the most straightforward method of making Kubernetes resources available to valid users. You can use tags on clusters to control where they are deployed just as you do with other Cloud Assembly resources. You can use tags to select a zone and a VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) plan during the allocation phase of cluster deployment.

Once you add a cluster in this way, it is automatically available to all valid users.

Cloud template examples

The first cloud template example shows a template for a simple Kubernetes deployment that is controlled by tagging. A Kubernetes zone was created with two deployment plans, configured on the New Kubernetes Zone page. In this case, a tag called placement:tag was added as a capability on the zone, and it was used to match the analogous constraint on the cloud template. If there were more than one zone configured with the tag, the one with the lowest priority number would be selected.

formatVersion: 1
inputs: {}
resources:
  Cluster_provisioned_from_tag:
    type: Cloud.K8S.Cluster
    properties:
      hostname: 109.129.209.125
      constraints:
	-tag: 'placement tag'
      port: 7003
      workers: 1
      connectBy: hostname 

The second cloud template examples shows how to set up a template with a variable called $(input.hostname) so that users can input the desired cluster hostname when requesting a deployment. Tags can also be used to select a zone and a TKGI plan durring the resource allocation phase of cluster deployment.

formatVersion: 1
inputs:
  hostname:
    type: string
    title: Cluster hostname
resources:
  Cloud_K8S_Cluster_1:
    type: Cloud.K8S.Cluster
    properties:
      hostname: ${input.hostname}
      port: 8443
      connectBy: hostname
      workers: 1

If you want to use namespaces to mange cluster usage, you can set up a variable in the cloud template called name: ${input.name} to substitute for the namespace name which a user enters when requesting a deployment. For this sort of deployment, you would create a template something like the following example:

1 formatVersion: 1
2 inputs:
3 name:
4    type: string
5    title: "Namespace name"
6 resources:
7    Cloud_KBS_Namespace_1:
8        type: Cloud.K8S.Namespace
9        properties:
10            name: ${input.name}

Users can manage deployed clusters via kubeconfig files that are accessible from the Infrastructure > Resources > Kubernetes Clusters page. Locate the card on the page for the desired cluster and click Kubeconfig.

Supervisor Namespaces in VMware Cloud Templates

The following is the schema for a basic Supervisor namespace in a vRealize Automation Cloud Assembly cloud template.

{
  "title": "Supervisor namespace schema",
  "description": "Request schema for provisioning of Supervisor namespace resource",
  "type": "object",
  "properties": {
    "name": {
      "title": "Name",
      "description": "Alphabetic (a-z and 0-9) string with maximum length of 63 characters. The character ‘-’ is allowed anywhere except the first or last position of the identifier.",
      "type": "string",
      "pattern": "^.*\\$\\{.*\\}.*$|^((?!-)[a-z0-9-]{1,63}(?<!-))$",
      "ignoreOnUpdate": true
    },
    "description": {
      "title": "Description",
      "description": "An optional description of this Supervisor namespace.",
      "type": "string",
      "ignoreOnUpdate": true
    },
    "constraints": {
      "title": "Constraints",
      "description": "To target the correct resources, blueprint constraints are matched against infrastructure capability tags. Constraints must include the key name. Options include value, negative [!], and hard or soft requirement.",
      "type": "array",
      "recreateOnUpdate": true,
      "items": {
        "type": "object",
        "properties": {
          "tag": {
            "title": "Tag",
            "description": "Constraint definition in syntax `[!]tag_key[:tag_value][:hard|:soft]` \nExamples:\n```\n!location:eu:hard\n location:us:soft\n!pci\n```",
            "type": "string",
            "recreateOnUpdate": true
          }
        }
      }
    },
    "limits": {
      "title": "Limits",
      "description": "Defines namespace resource limits such as pods, services, etc.",
      "type": "array",
      "recreateOnUpdate": false,
      "items": {
        "type": "object",
        "properties": {
          "stateful_set_count": {
            "title": "stateful_set_count",
            "description": "This represents the new value for 'statefulSetCount' option which is the maximum number of StatefulSets in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
          "deployment_count": {
            "title": "deployment_count",
            "description": "This represents the new value for 'deploymentCount' option which is the maximum number of deployments in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
          "cpu_limit_default": {
            "title": "cpu_limit_default",
            "description": "This represents the new value for the default CPU limit (in Mhz) for containers in the pod. If specified, this limit should be at least 10 MHz.",
            "type": "integer",
            "recreateOnUpdate": false
          },
          "config_map_count": {
            "title": "config_map_count",
            "description": "This represents the new value for 'configMapCount' option which is the maximum number of ConfigMaps in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
          "pod_count": {
            "title": "pod_count",
            "description": "This represents the new value for 'podCount' option which is the maximum number of pods in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
          "job_count": {
            "title": "job_count",
            "description": "This represents the new value for 'jobCount' option which is the maximum number of jobs in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
          "secret_count": {
            "title": "secret_count",
            "description": "This represents the new value for 'secretCount' option which is the maximum number of secrets in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
          "cpu_limit": {
            "title": "cpu_limit",
            "description": "This represents the new value for 'limits.cpu' option which is equivalent to the maximum CPU limit (in MHz) across all pods in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
          "cpu_request_default": {
            "title": "cpu_request_default",
            "description": "This represents the new value for the default CPU request (in Mhz) for containers in the pod. If specified, this field should be at least 10 MHz.",
            "type": "integer",
            "recreateOnUpdate": false
          },
           "memory_limit_default": {
            "title": "memory_limit_default",
            "description": "This represents the new value for the default memory limit (in mebibytes) for containers in the pod.",
            "type": "integer",
            "recreateOnUpdate": false
          },
           "memory_limit": {
            "title": "memory_limit",
            "description": "This represents the new value for 'limits.memory' option which is equivalent to the maximum memory limit (in mebibytes) across all pods in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
           "memory_request_default": {
            "title": "memory_request_default",
            "description": "This represents the new value for the default memory request (in mebibytes) for containers in the pod.",
            "type": "integer",
            "recreateOnUpdate": false
          },
           "service_count": {
            "title": "service_count",
            "description": "This represents the new value for 'serviceCount' option which is the maximum number of services in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
           "replica_set_count": {
            "title": "replica_set_count",
            "description": "This represents the new value for 'replicaSetCount' option which is the maximum number of ReplicaSets in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
           "replication_controller_count": {
            "title": "replication_controller_count",
            "description": "This represents the new value for 'replicationControllerCount' option which is the maximum number of ReplicationControllers in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
           "storage_request_limit": {
            "title": "storage_request_limit",
            "description": "This represents the new value for 'requests.storage' which is the limit on storage requests (in mebibytes) across all persistent volume claims from pods in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
           "persistent_volume_claim_count": {
            "title": "persistent_volume_claim_count",
            "description": "This represents the new value for 'persistentVolumeClaimCount' option which is the maximum number of PersistentVolumeClaims in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          },
           "daemon_set_count": {
            "title": "daemon_set_count",
            "description": "This represents the new value for 'daemonSetCount' option which is the maximum number of DaemonSets in the namespace.",
            "type": "integer",
            "recreateOnUpdate": false
          }
        },
         "additionalProperties": false
      }
    }
  },
  "required": [
    "name"
  ]
}

VMware cloud templates support the use of limits with supervisor namespaces. Limits enable you to control resource usage for CPUs and memory as well as the maximum number of pods allowed in the namespace by deployed machines.

formatVersion: 1
inputs: {}
resources:
  Cloud_SV_Namespace_1:
    type: Cloud.SV.Namespace
    properties:
      name: '${env.deploymentName}'
      limits:
        - cpu_limit: 1000
          cpu_request_default: 800
          memory_limit: 2000
          memory_limit_default: 1500
          pod_count: 200