Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CTE for Kubernetes Integrations and Solutions Guides

Integrating CTE for Kubernetes with Tanzu Kubernetes Grid

search

Integrating CTE for Kubernetes with Tanzu Kubernetes Grid

Tanzu Kubernetes Grid is an enterprise-ready Kubernetes runtime that unifies management of Kubernetes clusters, vSphere-optimized pods, containerized workloads, and VMware virtual machines.

This document describes installing Tanzu and deploying a few workloads to a Kubernetes cluster.

Test Environment

  • CTE for Kubernetes Agent: 1.4.0

  • CipherTrust Manager: 2.15.0

  • OS: ubuntu-2204-kube-v1.28.4+vmware.1-tkg.1.ova

  • VMware Tanzu Kubernetes Grid: 2.5.0

  • VMware Tanzu CLI: 1.1.0

Prerequisites

Prior to Setting up CipherTrust Transparent Encryption with Tanzu, you must:

  • Download the OS .ova from the VMware Tanzu product page

  • Install Tanzu CLI for use with Tanzu Kubernetes Grid v2.5

  • Install Tanzu CLI Plugins for TKG v2.5

  • Install Kubernetes CLI (kubectl)

  • Prepare VMware vSphere Server

  • Create an SSH Key Pair

  • DeployStandalone Management Clusters

References

For more information about deploying Tanzu, reference the following documents:

Deploying Standalone Management Clusters

  1. On the system on which you downloaded and installed the Tanzu CLI, type:

    tanzu management-cluster create –ui

  2. Click Deploy for VMware vSphere.

  3. Enter the vCenter Single Sign-On username and password for a user account that has the required privileges for the Tanzu Kubernetes Grid operation.

    Note

    The account name must include the domain, for example administrator@vsphere.local.

  4. Click Connect.

  5. If the Disable Verification option is deselected in the previous screen, then you must manually verify the SSL thumbprint of the vCenter Server certificate and click Continue.

  6. If you are deploying a management cluster to a vSphere 7 or vSphere 8 instance, confirm whether you want to proceed with the deployment.

  7. Select the Datacenter in which to deploy the management cluster from the Datacenter drop-down menu.

  8. Manually paste the contents of the key into the text box to add your SSH public key and click Next.

  9. In the Management Cluster Settings:

    a. Select a size from the predefined CPU, memory, and storage configurations.

    Note

    Minimum configuration: 2 CPUs and 4 GB memory

    b. Enter a name for your management cluster.

    c. Select the Machine Health Checks option if you want to activate it.

    Note

    You can activate, or deactivate, Machine Health Checks on clusters after deployment using the CLI.

    d. Select the Enable Audit Logging option if you want to record requests made to the Kubernetes API server.

    e. For Worker Node Instance Type, select the configuration for the worker node virtual machine (VM).

    f. For Control Plane Endpoint Provider, select Kube-vip.

    e. For Control Plane Endpoint, enter a static virtual IP address, or FQDN, for API requests to the management cluster.

  10. Click Next two times until you get to the vSphere Resources screen.

    a. Select the VM folder in which to place the management cluster VMs.

    b. Select the vSphere datastores for the management cluster to use.

    Note

    The storage policy for the VMs can only be specified when you deploy the management cluster from a configuration file.

    c. For the Specify Availability Zones, choose where to place the management cluster nodes, and then fill in the specifics:

  11. Configure the Kubernetes network. Use the IP addresses from the Kubernetes CIDR block. Click Next when finished.

  12. Select the base OS image.

  13. Finalize the deployment, click Review configuration.

  14. Click Deploy Management Cluster to deploy the cluster.

Post Deployment

After the deployment completes, you can see one control plane and one worker node.

  1. After the deployment completes, a configuration yaml file is created in .../.config/tanzu/tkg/clusterconfigs/<random_name>.yaml.

  2. Create a copy of this yaml file and name it: <newName>.yaml.

  3. Edit the yaml file. Provide a static IP address for the VSPHERE_CONTROL_PLANE_ENDPOINT.

  4. Save the file.

Create a Workload Cluster

  1. Create workload cluster, type:

    tanzu cluster create workernew -f <newName>.yaml

  2. Scale the worker node count to three, type:

    tanzu cluster scale tkgwork01 --controlplane-machine-count 1 --worker-machine-count 3

  3. Create a Tanzu cluster list, type:

    tanzu cluster list

  4. Get the Kubernetes node list, type:

    kubectl get nodes

  5. Retrieve the information about the current Kubernetes context, type:

    kubectl config get-contexts

Installation

See Install CTE for Kubernetes for more information.

Policy and Policy Elements

Use a policy with the following access:

CTE for Kubernetes Policy

Name Access
all_ops with Permit, Apply Key, Audit
all_ops with Deny, Audit
Default No Access

On this page