- Azure Automanage: Configuring Azure VMs according to best practices - Mon, Nov 23 2020
- Configuring vSphere with Tanzu HAProxy VM - Fri, Nov 20 2020
- AdRem Software NetCrunch v11: Compelling monitoring solution with new features - Tue, Nov 17 2020
VMware vSphere 7 Update 1 officially brings Tanzu Kubernetes to the masses. With the release of VMware vSphere 7 Update 1, VMware customers can now provision Tanzu Kubernetes Grid (TKG) clusters in their vSphere environments without the need for VMware Cloud Foundation (VCF). This is known as vSphere with Tanzu.
In using vSphere with Tanzu, VMware customers can "bring their own" load balancer solution to their Tanzu Grid clusters. With vSphere with Tanzu, customers are not required to use NSX-T as the underlying network solution, including using an NSX-T load balancer in front of the TKG clusters. Instead, native vSphere networking with a vSphere Distributed Switch (vDS) is supported. The first open-source load balancer solution that is supported with vSphere with Tanzu is HAProxy. Let's learn more about HAProxy and how it is configured.
Why vSphere with Tanzu is significant ^
While many were excited about the native Kubernetes capabilities with vSphere 7, a major blocker for many organizations was the requirement for VMware Cloud Foundation (VCF) to deploy TKG. However, the "bring your own" approach of vSphere with Tanzu opens the door to the thousands of companies currently running 70+ million workloads on VMware vSphere without VCF.
Since VCF is no longer a requirement, standard vSphere implementations can now take advantage of vSphere with Tanzu using native vSphere networking and a third-party load balancer appliance without having to use NSX-T.
What is HAProxy? ^
The HAProxy appliance is an open-source solution developed by HAProxy Technologies and chosen by VMware as the first supported open-source load balancer for use with vSphere with Tanzu. With the HAProxy, external network traffic is routed to Kubernetes pods running in the vSphere with Tanzu environment.
The HAProxy appliance uses a modern REST API to take advantage of many state-of-the-art advances in the Kubernetes space. Kubernetes maintainers can now use a new object called the GatewayClass, which allows easy definition of a load balancer for routing traffic. The GatewayClass provides a layer of abstraction that enables Kubernetes maintainers such as vSphere to support and deploy multiple load balancers in the vSphere with Tanzu solution in future releases. VMware is taking advantage of this new class type to implement load balancers such as HAProxy in vSphere with Tanzu.
The great thing about the HAProxy component using vSphere with Tanzu is that it is a free appliance available for download from the official Github page here. While most customers may be fine with the default open source capabilities, HAProxy Technologies provides a path for organizations to upgrade to HAProxy Enterprise. What are the features available in HAProxy Enterprise?
HAproxy Technologies specifically notes the following:
- Additional administration
- Added security components
- Support and professional services
Like any production environment with business-critical workloads, you will want to have support and professional services in case of a "system-down" issue. This may be the primary reason to upgrade to HAProxy Enterprise for many environments.
The Enterprise Suite contains other high-performance modules, including security capabilities:
- Dynamic updates
- Web application firewall
- Google reCAPTCHA v2
- Response body injection
- Device intelligence
HAProxy Download and Install ^
The HAProxy appliance is available to download as a VMware vSphere OVA file. It makes the process of deploying the device straightforward and intuitive for vSphere administrators. You can download the latest version of the HAProxy appliance from the official Github releases page. At the time of this writing, the latest version is v0.1.8.
- Download VMware-HAproxy
- File size 597 MB
Once you have downloaded the OVA appliance, deploy the OVA using the standard process in the vSphere client. For the first few screens, this is the normal OVA appliance deployment, including choosing the OVA file, naming, compute storage, and networking.
First, select the OVA file to download from the official Github repository for the HAProxy.
Next, select a name and folder for the HAProxy appliance VM deployment.
Select your compute resource for housing the HAProxy appliance VM.
Review the initial configuration of the OVA deployment.
Accept the EULA.
In step 6, you will configure deployment of the network adapter. The simplest option is the default configuration, which will deploy the appliance with two NICs. The first NIC is a management network. The second NIC is a single workload network. Load-balanced IPs are assigned to the workload network.
Choose the datastore for deploying the HAProxy appliance VM.
Even if you select the default deployment configuration, the Select networks step will still show the frontend source network listed. You can simply choose the same destination network for both the workload and the frontend source networks. If you selected the frontend deployment configuration, choose the appropriate port group to attach for frontend connectivity.
Pay special attention to Step 9, the Appliance configuration step. Here, you will configure most of the pertinent details for the HAProxy appliance. If you make a mistake or a misconfiguration here, it will affect the entire deployment of your vSphere with Tanzu configuration. There are three sections to this step: customize the template, customize the network, and load balancing.
In the Customize template section, you need to fill in the password for the root account. If you leave the TLS Certificate Authority Certificate section blank, a self-signed certificate will be generated.
On the Network config step, you will assign a hostname, DNS, management IP, management gateway, workload IP, and workload gateway. Note that the network IP addresses that you assign for the management and workload IPs are in the CIDR format x.x.x.x/x.
The load balancer IP ranges are unique. These also need to be in the CIDR format for proper configuration. Make a note of the API management port and configure an HAProxy user ID and password.
After this step, you are ready to complete the deployment and configuration of the HAProxy appliance. Make a note of the settings displayed in the summary and make any changes as needed before clicking Finish.
Concluding thoughts ^
Using vSphere with Tanzu, organizations can use third-party networking solutions for deploying TKG clusters. The first supported third-party load balancer available is the HAProxy appliance from HAProxy Technologies. The HAProxy appliance is simple to deploy and configure for use as the load balancer solution in front of your TKG clusters.
Pay close attention to the details during the configuration and deployment of the OVA template. A single mistake in entering IP address configuration details can cause many issues later during the deployment of vSphere with Tanzu. Once you have the HAProxy up and running, you can begin the deployment of vSphere with Tanzu.