There’s no shortage of platform options when it comes to running Kubernetes. Even within VMware’s own Tanzu lineup you have many options. There’s TKGm (Tanzu Kubernetes Grid Multicloud) which allows you to deploy Tanzu on vSphere, AWS, or Azure. Or you could leverage vSphere with Tanzu (TKGs or Tanzu Kubernetes Service) which provides you the ability to deploy pods directly on top of vSphere. There are of course other options such as TKGi (Tanzu Kuberentes Integrated) but we’ll focus on the first two for the sake of this blog.
vRealize Operations 8.1 introduced support for vSphere with Tanzu constructs natively. Meaning you don’t have to do anything beyond connecting vRealize Operations to your vCenter to be able to get insights into your Kubernetes objects such as namespaces and vSphere Pods. vSphere with Tanzu provides the simplest solution when it comes to providing your organization with a Kubernetes platform and monitoring that platform with vRealize Operations.
This simplicity is great for both IT providers and for consumers, however there are circumstances where it’s necessary to provide a full Tanzu Kubernetes Cluster to your consumers. For example, if there are dependencies on particular features or API versions.
As you can see in the screenshot above, vRealize Operations can provide native insights into your Namespaces, Pods, as well as the Tanzu Kubernetes Clusters deployed within your vSphere with Tanzu domain. What if you want to dive deeper into the Namespaces, Pods, Containers, Replica Sets, Services, etc. deployed within those Tanzu Kubernetes Clusters? That’s where the Management Pack for Kubernetes comes in!
The Management Pack for Kubernetes is able to connect to TKG/TKGi clusters, OpenShift, Tanzu Mission Control, Upstream Kubernetes which makes it perfect for monitoring your TKC’s.
Not only can the Management Pack for Kubernetes give you insights into your Kubernetes clusters, but if you’re running on top of vSphere then it can also map them back to the vSphere infrastructure for complete vCenter to Pod visibility.
Now that we understand some of the benefits of running Tanzu Kubernetes Clusters on top of vSphere with Tanzu and the Management Pack for Kubernetes, let’s look at how to connect the two.
First, sign in to your vSphere management cluster.
kubectl vsphere login --server=your.vcenter.domain.lab --insecure-skip-tls-verify --vsphere-username you@domain.labIn order to connect vROps to the TKC cluster, we need to provide a way to authenticate to the cluster. This information can be found in the cluster’s secrets. Switch your context to the namespace where your TKC cluster is deployed
kubectl config use-context tkgThis will help us to narrow the results of the next command (or you could apply –all-namespaces to the following).
kubectl get secrets
We’re looking for the kubeconfig secret for our cluster. In the screenshot above you can see I have two TKC clusters and have identified the kubeconfig secret for cluster 01. The cluster secrets are Base64 encoded, so we will need to decode them.
For Linux use…
kubectl get secret your-tkc-kubeconfig -o jsonpath='{.data.value}' | base64 -d
This will provide you with all the information needed to connect the vRealize Operations Management Pack for Kubernetes to your TKC such as the cluster IP and the necessary keys.
For Windows, you’ll have to use another tool to decode base64.
kubectl get secret tkg-cluster-01-kubeconfig -o jsonCopy everything within the secret’s value (or output to a file and copy from the file).
Open your web browser to https://www.base64decode.org/ and paste the value to decode.
Assuming you already have the Management Pack for Kubernetes installed, open vRealize Operations and navigate to Administration -> Other Accounts and click Add Account.
Select Kubernetes and copy the server value from the decoded secret and paste it in the master URL field in vROps.
The Management Pack for Kubernetes can collect metrics through cAdvisor or Prometheus. Provide the service type and port number if applicable and then click the plus sign to add a new credential.
Create a Client Certificate Auth credential and paste the CA Data, Client Certificate Data, and Client Key Data from the decoded secret. If you’re using Prometheus, enter those details here. Click OK.
Validate the connection and accept the certificate. Click Add and you’re done!
You can now get deeper insights into your Tanzu Kubernetes Clusters!
