Configuring vSphere with Tanzu HAProxy VM

vSphere with Tanzu allows customers to use third-party load balancer solutions to deploy Tanzu Kubernetes Grid (TKG) clusters. The HAProxy appliance is the first third-party load balancer supported by VMware for use with vSphere with Tanzu. In this post, we take a look at HAProxy and see how it is deployed and configured.

VMware vSphere 7 Update 1 officially brings Tanzu Kubernetes to the masses. With the release of VMware vSphere 7 Update 1, VMware customers can now provision Tanzu Kubernetes Grid (TKG) clusters in their vSphere environments without the need for VMware Cloud Foundation (VCF). This is known as vSphere with Tanzu.

In using vSphere with Tanzu, VMware customers can "bring their own" load balancer solution to their Tanzu Grid clusters. With vSphere with Tanzu, customers are not required to use NSX-T as the underlying network solution, including using an NSX-T load balancer in front of the TKG clusters. Instead, native vSphere networking with a vSphere Distributed Switch (vDS) is supported. The first open-source load balancer solution that is supported with vSphere with Tanzu is HAProxy. Let's learn more about HAProxy and how it is configured.

Why vSphere with Tanzu is significant ^

While many were excited about the native Kubernetes capabilities with vSphere 7, a major blocker for many organizations was the requirement for VMware Cloud Foundation (VCF) to deploy TKG. However, the "bring your own" approach of vSphere with Tanzu opens the door to the thousands of companies currently running 70+ million workloads on VMware vSphere without VCF.

Since VCF is no longer a requirement, standard vSphere implementations can now take advantage of vSphere with Tanzu using native vSphere networking and a third-party load balancer appliance without having to use NSX-T.

What is HAProxy? ^

The HAProxy appliance is an open-source solution developed by HAProxy Technologies and chosen by VMware as the first supported open-source load balancer for use with vSphere with Tanzu. With the HAProxy, external network traffic is routed to Kubernetes pods running in the vSphere with Tanzu environment.

The HAProxy appliance uses a modern REST API to take advantage of many state-of-the-art advances in the Kubernetes space. Kubernetes maintainers can now use a new object called the GatewayClass, which allows easy definition of a load balancer for routing traffic. The GatewayClass provides a layer of abstraction that enables Kubernetes maintainers such as vSphere to support and deploy multiple load balancers in the vSphere with Tanzu solution in future releases. VMware is taking advantage of this new class type to implement load balancers such as HAProxy in vSphere with Tanzu.

The great thing about the HAProxy component using vSphere with Tanzu is that it is a free appliance available for download from the official Github page here. While most customers may be fine with the default open source capabilities, HAProxy Technologies provides a path for organizations to upgrade to HAProxy Enterprise. What are the features available in HAProxy Enterprise?

HAproxy Technologies specifically notes the following:

  • Additional administration
  • Added security components
  • Support and professional services
HAProxy Enterprise provides more features and support image courtesy of HAProxy Technologies

HAProxy Enterprise provides more features and support image courtesy of HAProxy Technologies

Like any production environment with business-critical workloads, you will want to have support and professional services in case of a "system-down" issue. This may be the primary reason to upgrade to HAProxy Enterprise for many environments.

The Enterprise Suite contains other high-performance modules, including security capabilities:

  • Dynamic updates
  • Antibot
  • Sanitize
  • Fingerprint
  • Web application firewall
  • Google reCAPTCHA v2
  • Geolocation
  • Response body injection
  • Device intelligence

HAProxy Download and Install ^

The HAProxy appliance is available to download as a VMware vSphere OVA file. It makes the process of deploying the device straightforward and intuitive for vSphere administrators. You can download the latest version of the HAProxy appliance from the official Github releases page. At the time of this writing, the latest version is v0.1.8.

Once you have downloaded the OVA appliance, deploy the OVA using the standard process in the vSphere client. For the first few screens, this is the normal OVA appliance deployment, including choosing the OVA file, naming, compute storage, and networking.

First, select the OVA file to download from the official Github repository for the HAProxy.

Choose the HAProxy OVA file for deployment

Choose the HAProxy OVA file for deployment

Next, select a name and folder for the HAProxy appliance VM deployment.

Select a name and folder for the vSphere inventory

Select a name and folder for the vSphere inventory

Select your compute resource for housing the HAProxy appliance VM.

Choose the compute resource in your vSphere environment for the HAProxy

Choose the compute resource in your vSphere environment for the HAProxy

Review the initial configuration of the OVA deployment.

Review the details of the initial HAProxy deployment

Review the details of the initial HAProxy deployment

Accept the EULA.

Accept the HAProxy EULA

Accept the HAProxy EULA

In step 6, you will configure deployment of the network adapter. The simplest option is the default configuration, which will deploy the appliance with two NICs. The first NIC is a management network. The second NIC is a single workload network. Load-balanced IPs are assigned to the workload network.

Choose the deployment configuration

Choose the deployment configuration

Choose the datastore for deploying the HAProxy appliance VM.

Choose the datastore for deployment

Choose the datastore for deployment

Even if you select the default deployment configuration, the Select networks step will still show the frontend source network listed. You can simply choose the same destination network for both the workload and the frontend source networks. If you selected the frontend deployment configuration, choose the appropriate port group to attach for frontend connectivity.

Select the destination network for each source HAProxy network

Select the destination network for each source HAProxy network

Pay special attention to Step 9, the Appliance configuration step. Here, you will configure most of the pertinent details for the HAProxy appliance. If you make a mistake or a misconfiguration here, it will affect the entire deployment of your vSphere with Tanzu configuration. There are three sections to this step: customize the template, customize the network, and load balancing.

In the Customize template section, you need to fill in the password for the root account. If you leave the TLS Certificate Authority Certificate section blank, a self-signed certificate will be generated.

Customize the HAProxy template appliance configuration

Customize the HAProxy template appliance configuration

On the Network config step, you will assign a hostname, DNS, management IP, management gateway, workload IP, and workload gateway. Note that the network IP addresses that you assign for the management and workload IPs are in the CIDR format x.x.x.x/x.

Customize the HAProxy template network config

Customize the HAProxy template network config

The load balancer IP ranges are unique. These also need to be in the CIDR format for proper configuration. Make a note of the API management port and configure an HAProxy user ID and password.

Customize the HAProxy template load balancing

Customize the HAProxy template load balancing

After this step, you are ready to complete the deployment and configuration of the HAProxy appliance. Make a note of the settings displayed in the summary and make any changes as needed before clicking Finish.

Ready to complete the HAProxy deployment

Ready to complete the HAProxy deployment

Concluding thoughts ^

Using vSphere with Tanzu, organizations can use third-party networking solutions for deploying TKG clusters. The first supported third-party load balancer available is the HAProxy appliance from HAProxy Technologies. The HAProxy appliance is simple to deploy and configure for use as the load balancer solution in front of your TKG clusters.

Pay close attention to the details during the configuration and deployment of the OVA template. A single mistake in entering IP address configuration details can cause many issues later during the deployment of vSphere with Tanzu. Once you have the HAProxy up and running, you can begin the deployment of vSphere with Tanzu.

0

Poll: Does your organization plan to introduce Artifical Intelligence?

Read 4sysops without ads and for free by becoming a member!

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account