vSphere with Tanzu and NSX ALB (AVI) Installation, Configuration and Implementation
Hi, as an alternative to the series I have published before, this time we are going to install a new TANZU Supervisor Cluster using NSX Advanced Load Balancer.
This new series will be quite simple and understandable, but we will be going into as much detail.
In the previous series, we activated the TANZU Supervisor Cluster on VMware NSX-T. If you want to review, you can access the previous article via the link below.
The topology of our environment is going to be as follows.
The topics we will focus on are going to be as follows.
- NSX Advanced Load Balancer setup and configuration
- Preparations before TANZU Supervisor installation
- TANZU Supervisor Cluster setup and NSX ALB integration
- Creating Namespace on TANZU Supervisor
- Kubernetes Cluster configurations on TANZU Supervisor via CLI
- Application deployment with a sample YAML on Kubernetes Cluster
- Bitnami integration and application deployment with HELM on Kubernetes Cluster
- Examining the services deployed on vCenter and NSX ALB via GUI
NSX ALB (AVI) is a highly advanced Software-Defined LB, GSLB, WAF, DDOS solution. In our article, we will proceed with the basic level, Essentials. The Essentials version is a free version that we have with the TANZU Add-on license that will provide our needs for Kubernetes Cluster services.
If you do not use NSX in your company, NSX ALB will be the most suitable solution for you. If you want to access advanced features such as Ingress, Tanzu Multi-Zone, DNS, WAF, GLBS, BGP, DDOS, IP-Reputation, then you will need to upgrade to the Enterprise version.
NSX-T or NSX ALB? If you ask which one, it will vary according to your infrastructure. Since VMware licensing types change frequently, I can’t be very clear here. The NSX ALB is a product in itself. The differences are as follows.
If you work in a Multi-Site organization. If BC/DR is important to you. If you are thinking of evolving into Active-Active infrastructure, NSX will be a more suitable solution for you here. Licenses aren’t cheap, so it takes a lot of planning ;)
You can examine the differences of NSX ALB versions below.
In addition to NSX ALB Essentials, there also is a Basic version. If you are using NSX Advanced, Enterprise and RO-BO, you can use these versions as free.
NSX ALB works multi-layered as Controller and Data Plane just like NSX.
NSX ALB Controller (AVI) provides all orchestration on GUI and distributes necessary services over Service Engine VMs and DATA Plane.
The Services Engine is deployed by the Controller. (Like NSX Edge Node) Its capabilities and capacity increase according to the NSX ALB version you are using. Such as Active-Active HA, BGP, Throughput, TPS.
We are going to use 3 networks on NSX ALB.
Management Network (Controller and Service Engine)
Frontend Network (LB VIP)
Workload Network (Kubernetes Workload Cluster)
Management network already existed. I created 2 new vLANs on pfSense for Frontend and Workload and assigned it to Physical Infrastructure as TRUNK. (See Topology)
Then we create 2 Port Groups on Nested Infrastructure.
Now, we can begin to the NSX ALB Controller OVA installation. You should check compatibility for NSX ALB with vCenter before installation. I used v21.1.6.
You can check compatibility on Product Interoperability Matrix (vmware.com)
If you are not going to do an integration between NSX and NSX ALB in the configuration section while importing OVA, you do not need to enter the relevant NSX parameters.
After the import process is completed, you need to wait about 10 minutes after the Controller is Power-On. You can access it on the GUI after some post-processing is done.
We set our password in this field.
Now, we set a different password for the configurations. We enter our DNS and Domain Name information and continue.
You can continue by default.
First, we convert our trial license to Essentials. It is important to make these settings before installing Supervisor, because all features are activated in the trial license. If you use the Enterprise features, there will be a high probability of having problems after the trial license expires. When you choose the Essentials license, there will be no such risk as the relevant features will be turned off automatically.
Then we create a new SSL certificate for the Controller.
We enter Controller IP as SAN Name. If we had installed Controller as HA, then we would write Controller VIP IP here.
We define our new SSL certificate via Access Settings.
After replacing the new certificate with the old ones, we activate Allow Basic Authentication and save our settings.
Since your SSL certificate has changed, you will no longer receive a response on the GUI, we refresh our page and log in again.
We create an IPAM profile for Frontend VIP.
We choose Frontend Port Group that we have created as IPAM Network.
After making the presets. We change the Default Cloud definition to vCenter via the Clouds tab.
We choose the Service Engine group by default for the Service Engine VMs that will be deployed by the controller.
We enter our access information for vCenter integration.
After the vCenter connection is established, we commit our initial settings with SAVE & RELAUNCH.
We enter our network information for Service Engine VMs. Since I don’t use DHCP, I entered an IP Range as static here.
We select our IPAM profile that we have created and save our settings.
Our vCenter connection is provided on Status.
You can see all your vCenter networks in the Network tab. Since we do not use DHCP, we are going to enter a IP range as static for the Frontend VIP network.
NSX ALB supports BGP. But in this environment we will enter static routing.
For both Default Gateway and Workload Network, we enter 2 static routing definitions for Frontend network.
Yes, we have completed all our settings on the NSX ALB. Now we can begin to the TANZU Supervisor installation.
