Administrators can configure vRealize Automation Cloud Assembly to use supervisor namespacess from an existing Pacific-enabled vSphere integration so that users can deploy namespaces in cloud templates and request them in the Service Broker catalog.

This task describes how to add supervisor clusters with vRealize Automation Cloud Assembly for use in deployments and how to create or add namespaces that define what vRealize Automation Cloud Assembly projects and users can access particular Kubernetes resources. This functionality relies on a suitable vSphere cloud account rather than an integration such as VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) or Openshift. Supervisor clusters are customized Kubernetes clusters associated with vSphere. They expose Kubernetes APIs to end users, and they use ESXI as a platform for worker nodes rather than Linux. Supervisor namespaces facilitate access control to Kubernetes resources, because it is typically easier to apply policies to namespaces than to individual virtual machines. You can create multiple namespaces for each supervisor cluster.

When used with Pacific enabled vSpehere instances, Kubernetes zones define which supervisor clusters are available for provisioning with a supervisor namespace. Supervisor namespaces are specific to Pacific enabled vSphere instances. You cannot provision a generic Kubernetes resource to a Pacific enabled vSphere instance.

vRealize Automation Cloud Assembly users designated as project viewers have view only access to namespaces, while project members can edit them.

You can configure the supervisor clusters associated with namespaces if desired.

Prerequisites

  • To use Pacific namespaces with vRealize Automation Cloud Assembly, you must have a vSphere 7.x endpoint configured. vSphere is installed as part of a vCenter cloud account. See Create a vCenter cloud account in vRealize Automation.
  • Project Pacific must be enabled on the vSphere cloud account, and it must contain appropriate supervisor namespaces.
  • Both your vCenter and your vRealize Automation deployment should use the same Active Directory for users to be synched. Though provisioning will still function if this is not the case, vRealize Automation users will not get automatic access to the namespace.

Procedure

  1. Select Infrastructure > Configure > Kubernetes Zone in vRealize Automation Cloud Assembly.
    This page shows managed clusters that are available for use, and enables you to add additional clusters. You can click on any of the clusters to view their details.
  2. Select New Kubernetes Zone.
  3. Specify the Account details for the target vSphere cloud account.
  4. Click the Search icon in the text box to either view all vSphere accounts or search for an account by name.
  5. Type a Name and Description for the new zone.
  6. Add capability tags if appropriate. See Using capability tags in vRealize Automation Cloud Assembly for more information.
  7. Click the Provisioning tab to select the supervisor cluster that will be associated with the namespaces.
  8. Click Add Compute to view and select the available supervisor clusters.
  9. Click Add.
  10. Select Infrastructure > Administration > Projects and then select the project that you want to associate with your Kubernetes zone.
  11. Click the Kubernetes Provisioning tab on the Project page.
  12. Click Add Kubernetes Zone and add the zone that you just created. You can multiple zones if applicable, and you also set the priority on the zones.
  13. Click Save.

What to do next

After a namespace is configured, the Infrastructure > Resources > Kubernetes page in vRealize Automation Cloud Assembly for applicable users displays the namespace. Users can click the Address link on the Summary tab to open the vSphere Kubernetes CLI Tools to manage the namespace. Users must be a cloud administrator or a member of the namespace for the designated project to access a link to the Supervisor namespace details. Also users can download a customized Kubectl to use the Supervisor namespace. Users can log in to the supervisor namespace and use it as they would any other namespace, and then create cloud templates and deploy applications.

To add the namespace to a cloud template select Design > Cloud Template and select an existing cloud template or create a new one. Then you can select the Supervisor namespace item on the left menu and drag it to the canvas.

You can assign storage policies to a supervisor namespace using tags. You can add tags, such as location:local to specify the kubernetes zone you want to use with the deployment and other tags on your storage profiles such as speed:fast and speed:slow.

formatVersion: 1
resources:
  Cloud_SV_Namespace_1:
  type: Cloud.SV.Namespace
  properties:
    name: 'a'
    storage:
      -profile:
         constraints:
           - tag: 'speed:fast'
      -profile:
        liimitMB:1000
        constraints:
           -tag: 'speed:slow'

This cloud template requests a supervisor namespace with no constrains, and specifies two storage profiles with it.

After you deploy cloud templates containing a supervisor namespace, users can also request supervisor namespaces from the Service Broker catalog. Also, you can click on the Deployments page in Cloud Assembly to view information about the deployment and access a link that contains the command to run the kubectl for the namespace on vSphere.