This repository deploys a software defined data center (SDDC) on VMware Cloud on AWS and a Tanzu Community Edition cluster on top of it.
The script consists of a phased terraform deployment which creates diverse infrastructure resources such as an SDDC, NSX-T segments and policies, a VPN tunnel with your on-premises infrastructure, a TKG management cluster, a TKG compute cluster and a shared services cluster, where packages will be installed. Additionally, it deploys a VPN tunnel between the VMC vSphere environment and the VLAN your workstation is in, which is necessary to deploy the AVI and TKG OVA/OVF Files
- Install Terraform
- Install AWS CLI and add it to path
- Install PowerCLI
- Install OpenSSH Client and Server
- Generate an ssh key by running
ssh-keygen -t rsa -b 2048 - Install OVF tool (might be needed for troubleshooting)
- Download the ubuntu server cloud image OVA (used for the jumpbox VM) and paste it in /SDDC-Deployment/vmware/ovas
- Open your browser and navigate to the download page of the tanzu OVA files
- Clone this repo to your desired location
- Download the photon-3-kube-v1.21.2+vmware.1-tkg.2-12816990095845873721.ova and paste it in /SDDC-Deployment/vmware/ovas
- Download the VMWare TCE CLI for Linux and paste it in /SDDC-Deployment/vmware/tanzu
- Extract your AWS credentials:
- Select the Command line or programmatic access option
- Copy the credentials from option 3 for further use
- Select the Command line or programmatic access option
- Generate a VMware Cloud token (with NSX Cloud admin & administrator rights)
- Navigate to the SDDC-Deployment/variables directory
- Fill in your credentials in vmc_variables.csv, vpn_variables.csv, aws_variables.csv, sddc_variables.csv and tanzu_variables.csv click here for a detailed explanation of the variables
- Open a powershell console
- Navigate to the "SDDC-Deployment" directory
- Execute
.\createSDDC.ps1
Once the SDDC is created, the terminal will prompt the three IP addresses that need to be added to the IPSec tunnel on your on-premises firewall. Additionally, a text file was created (cgw_snat_ip.txt) which contains the Source NAT IP address of the compute network (for later use)
This script will create and configure NSX-T resources, create a IPSec VPN tunnel, upload the OVAs into vSphere and finally create and configure the jumpbox that will serve as bootstrap machine for deploying the TCE cluster.
- Execute
.\jumpbox-deployment.ps1
This script executes three terraform phases: the network configuration and VPN creation, the upload of the OVA files and the creation of the bootstrap machines.
Given that Terraform will not allow us to set some of the variables in the .tfvars file, and requires us to set them as environmental variables, all variables will be inputed into a CSV, and a script will
The previous step will finish by prompting the IP address of the deployed jumpbox. SSH into that VM by running:
ssh -i .\ssh\id_rsa ubuntu@<JUMPBOX_IP_ADDRESS>
Create a tanzu management cluster by running the following
tanzu management-cluster create --file ~/.config/tanzu/tkg/clusterconfigs/mgmt_cluster_config.yaml -v 8In order to install any of the Tanzu packages, it is first necessary to add the Tanzu community edition repository:
tanzu package repository add tce-repo \
--url projects.registry.vmware.com/tce/main:0.12.0 \
--namespace tanzu-package-repo-globalCheck that the repository was successfully imported:
tanzu package repository list -ACreate a tanzu management cluster by running the following
tanzu management-cluster create --file ~/.config/tanzu/tkg/clusterconfigs/dev01_cluster_config.yaml -v 8Create a kubeconfig in order to access your cluster:
tanzu cluster kubeconfig get dev01 --admin --export-file dev01.kubeconfigConnect your workload cluster to a vSphere data store by applying the generated manifest file.
kubectl apply -f vsphere-storageclass.ymlNow that both the management and workload clusters have been deployed, you can deploy a shared services cluster and install some of the Tanzu packages