List of required VCD resources

  • Organization
  • VirtualDataCenter
  • vApp
  • StoragePolicy
  • SizingPolicy
  • Network
  • EdgeRouter
  • Catalog

The Organization, VirtualDataCenter, StoragePolicy, SizingPolicy, EdgeRouter, and Catalog resources must be provided by your VMware Cloud Director service provider.

Network (internal network) can be configured by your VMware Cloud Director service provider, or you can configure it yourself. The following sections describe how you can configure the internal network.

User permissions

The user accessing the VMware Cloud Director API must have the following permissions:

  • The role of Organization Administrator with the additional permission Preserve All ExtraConfig Elements During OVF Import and Export.
  • The permission Preserve All ExtraConfig Elements During OVF Import and Export must be duplicated in the user’s Right Bundle.

Adding a network

  1. Go to the Networking tab and click NEW:

    Adding a network, step 1

  2. Select the Data Center:

    Adding a network, step 2

  3. At the Network type step, select Routed:

    Adding a network, step 3

  4. Connect EdgeRouter to the network:

    Adding a network, step 4

  5. Specify the network name and CIDR:

    Adding a network, step 5

  6. Do not add Static IP Pools because DHCP will be used:

    Adding a network, step 6

  7. Specify the DNS server addresses:

    Adding a network, step 7

Configuring DHCP

To provision nodes dynamically, enable the DHCP server for the internal network.

We recommend allocating the beginning of the network address range to system consumers (control plane, frontend nodes, system nodes) and the rest to the DHCP pool. For example, for a /24 mask network it would be enough to allocate 20 addresses to system consumers.

  1. Click the Networking tab and open the network you created:

    DHCP, step 1

  2. In the opened window, select IP Management -> DHCP -> Activate:

    DHCP, step 2

  3. In the General settings tab, set the parameters as shown in the example:

    DHCP, step 3

  4. Add a pool:

    DHCP, step 3

  5. Set the DNS server addresses:

    DHCP, step 3

Adding a vApp

  1. Switch to the Data Centers tab -> vApps -> NEW -> New vApp:

    Adding a vApp, step 1

  2. Specify a name and enable the vApp:

    Adding a vApp, step 2

Adding a network to the vApp

Once the vApp is created, connect the created internal network to it.

  1. Switch to the Data Centers tab -> vApps and open the target vApp:

    Adding a network to the vApp, step 1

  2. Go to the Networks tab and click NEW:

    Adding a network to the vApp, step 2

  3. In the opened window, click the Direct type and select the network:

    Adding a network to the vApp, step 3

Incoming traffic

Incoming traffic should be routed to the edge router (ports 80, 443) using DNAT rules to be forwarded to a dedicated address on the internal network.
This address can be created by running MetalLB in L2 mode for dedicated frontend nodes.

Configuring DNAT/SNAT rules on the edge gateway

  1. Navigate to the Networking tab -> Edge Gateways and open the edge gateway:

    Configuring DNAT rules on the edge gateway, step 1

  2. Switch to the Services tab -> NAT:

    Configuring DNAT rules on the edge gateway, step 2

  3. Add the following rules:

    Configuring DNAT rules on the edge gateway, step 3

    The first two rules are used for incoming traffic, while the third rule is used for SSH access to the control plane host (without this rule the installation will not be possible).

  4. To allow virtual machines to access the internet, configure SNAT rules following the example:

    Configuring SNAT rules on the edge gateway, step 1

    This rule will allow virtual machines from the 192.168.199.0/24 subnet to access the internet.

Configuring a firewall

Once DNAT is configured, set up the firewall. Start by configuring the IP sets.

  1. Switch to the Security tab -> IP Sets:

    Configuring the edge gateway firewall, step 1

  2. Create the following set of IPs (the MetalLB address here is .10 and the control plane node address is .2):

    Configuring the edge gateway firewall, step 1

    Configuring the edge gateway firewall, step 1

    Configuring the edge gateway firewall, step 1

  3. Add the following firewall rules:

    Configuring the edge gateway firewall, step 1

Virtual machine template

The provider is confirmed to work with Ubuntu 22.04-based virtual machine templates only.

The cloud-init package must be installed on the VMs. After the virtual machine is started, the following services associated with this package must be started:

  • cloud-config.service;
  • cloud-final.service;
  • cloud-init.service.

The example below uses the OVA file provided by Ubuntu, updated to include two fixes. Those fixes are essential for CloudPermanent nodes to be provisioned correctly and to be able to mount CSI-created disks.

Making a template from an OVA file

  1. Download the OVA file:

    Setting up the template, step 1

  2. Switch to the Libraries tab -> Catalogs -> Organization Catalog:

    Setting up the template, step 2

  3. Select the template you downloaded and add it to the catalog:

    Setting up the template, step 3

    Setting up the template, step 4

    Setting up the template, step 5

  4. Create a virtual machine from the template:

    Setting up the template, step 6

    Setting up the template, step 7

Enter the default password and public key. You will need them to log in to the VM console.

Setting up the template, step 8

Follow these steps to be able to connect to the virtual machine:

  1. Start the virtual machine.
  2. Wait for the IP address to be set.

  3. Forward port 22 to the virtual machine:

    Setting up the template, step 9

Log on to the virtual machine over SSH and run the following commands:

rm /etc/netplan/99-netcfg-vmware.yaml
echo -e '\n[deployPkg]\nwait-cloudinit-timeout=1800\n' >> /etc/vmware-tools/tools.conf
echo 'disable_vmware_customization: true' > /etc/cloud/cloud.cfg.d/91_vmware_cust.cfg
dpkg-reconfigure cloud-init

In the dialog box that appears, leave the checkmark only on OVF: Reads data from OVF transports, and make sure to scroll down and remove checkmarks from other options:

Setting up the template, OVF

Execute the remaining commands:

truncate -s 0 /etc/machine-id
rm /var/lib/dbus/machine-id
ln -s /etc/machine-id /var/lib/dbus/machine-id
cloud-init clean --logs --seed
passwd -d ubuntu
passwd -d root
rm /home/ubuntu/.ssh/authorized_keys
history -c

shutdown -P now

Setting up the template in VCD

  1. Shut down the virtual machine and clear all populated fields in Guest Properties:

    Setting up the template, Guest Properties 1

    Setting up the template, Guest Properties 5

  2. Create a virtual machine template:

    Setting up the template, step 10

    Setting up the template, step 11

  3. In the created template, navigate to the Metadata tab and add the following six fields:

    • guestinfo.metadata
    • guestinfo.metadata.encoding
    • guestinfo.userdata
    • guestinfo.userdata.encoding
    • disk.enableUUID
    • guestinfo.hostname

    Setting up the template, Guest Properties 2

    Setting up the template, Guest Properties 3

  4. In the vCenter management panel for the template, enable the disk.EnableUUID parameter:

    Setting up the template, vCenter 1

    Setting up the template, vCenter 2

    Setting up the template, vCenter 3

    Setting up the template, vCenter 4

    Setting up the template, vCenter 5

Using the storage

  • VCD supports CSI; disks are created as VCD Independent Disks.
  • The disk.EnableUUID guest property must be set for the virtual machine templates in use.
  • Deckhouse Kubernetes Platform supports disk resizing as of v1.59.1.