Standard
The Standard layout is intended for deploying a cluster within the vSphere infrastructure with full control over resources, networking, and storage.
Key features:
- Uses a vSphere Datacenter as a
region. - Uses a vSphere Cluster as a
zone. - Supports multiple zones and node placements across zones.
- Supports using different datastores for disks and volumes.
- Supports network connectivity including additional network isolation (for example, MetalLB + BGP).
Example configuration:
apiVersion: deckhouse.io/v1
kind: VsphereClusterConfiguration
layout: Standard
provider:
server: '<SERVER>'
username: '<USERNAME>'
password: '<PASSWORD>'
vmFolderPath: dev
regionTagCategory: k8s-region
zoneTagCategory: k8s-zone
region: X1
internalNetworkCIDR: 192.168.199.0/24
masterNodeGroup:
replicas: 1
zones:
- ru-central1-a
- ru-central1-b
instanceClass:
numCPUs: 4
memory: 8192
template: dev/golden_image
datastore: dev/lun_1
mainNetwork: net3-k8s
nodeGroups:
- name: khm
replicas: 1
zones:
- ru-central1-a
instanceClass:
numCPUs: 4
memory: 8192
template: dev/golden_image
datastore: dev/lun_1
mainNetwork: net3-k8s
sshPublicKey: "<SSH_PUBLIC_KEY>"
zones:
- ru-central1-a
- ru-central1-b
Required parameters for the VsphereClusterConfiguration resource:
region: Tag assigned to the Datacenter object.zoneTagCategoryandregionTagCategory: Tag categories used to identify regions and zones.internalNetworkCIDR: Subnet for assigning internal IP addresses.vmFolderPath: Path to the folder where cluster virtual machines will be placed.sshPublicKey: Public SSH key used to access the nodes.zones: List of zones available for node placement.
All nodes placed in different zones must have access to shared datastores with matching zone tags.
List of required privileges
To create a role and assign it to a user, refer to Configuration in vSphere Client and Configuration with govc sections.
A detailed list of privileges required for Deckhouse Kubernetes Platform to work in vSphere:
| Privilege category in UI | Privileges in UI | Privileges in API | Purpose in Deckhouse |
|---|---|---|---|
| — | — (assigned by default when creating a role) |
System.AnonymousSystem.ReadSystem.View
|
Basic access to vSphere Inventory objects required for all Deckhouse vSphere integration components. |
| Cns | Searchable | Cns.Searchable |
Search and mapping of Container Native Storage objects when the CSI driver works with Kubernetes volumes. |
| Datastore |
Allocate space, Browse datastore, Low level file operations |
Datastore.AllocateSpaceDatastore.BrowseDatastore.FileManagement
|
Disk provisioning when creating virtual machines and ordering PersistentVolumes in the cluster. |
| Folder |
Create folder, Delete folder, Move folder, Rename folder |
Folder.CreateFolder.DeleteFolder.MoveFolder.Rename
|
Grouping a Deckhouse Kubernetes Platform cluster in a single Folder in vSphere Inventory. |
| Global |
Global tag, System tag |
Global.GlobalTagGlobal.SystemTag
|
Access to global and system tags used by Deckhouse Kubernetes Platform when working with vSphere objects. |
| vSphere Tagging |
Assign or Unassign vSphere Tag, Assign or Unassign vSphere Tag on Object, Create vSphere Tag, Create vSphere Tag Category, Delete vSphere Tag, Delete vSphere Tag Category, Edit vSphere Tag, Edit vSphere Tag Category, Modify UsedBy Field for Category, Modify UsedBy Field for Tag |
InventoryService.Tagging.AttachTagInventoryService.Tagging.ObjectAttachableInventoryService.Tagging.CreateTagInventoryService.Tagging.CreateCategoryInventoryService.Tagging.DeleteTagInventoryService.Tagging.DeleteCategoryInventoryService.Tagging.EditTagInventoryService.Tagging.EditCategoryInventoryService.Tagging.ModifyUsedByForCategoryInventoryService.Tagging.ModifyUsedByForTag
|
Deckhouse Kubernetes Platform uses tags to identify the Datacenter, Cluster, and Datastore objects available to it, as well as to identify the virtual machines under its control. |
| Network | Assign network | Network.Assign |
Connecting networks and port groups to Deckhouse Kubernetes Platform cluster virtual machines. |
| Resource |
Assign virtual machine to resource pool, Create resource pool, Modify resource pool, Remove resource pool, Rename resource pool |
Resource.AssignVMToPoolResource.CreatePoolResource.DeletePoolResource.EditPoolResource.RenamePool
|
Placement of Deckhouse Kubernetes Platform cluster virtual machines into the target resource pool and management of this pool. |
| VM Storage Policies (Profile-driven Storage Privileges in vSphere 7) | View VM storage policies (Profile-driven storage view in vSphere 7) | StorageProfile.View |
Viewing storage policies used when creating virtual machines and dynamically provisioning volumes in the cluster. |
| vApp |
Add virtual machine, Assign resource pool, Create, Delete, Import, Power Off, Power On, View OVF Environment, vApp application configuration, vApp instance configuration, vApp resource configuration |
VApp.ApplicationConfigVApp.AssignResourcePoolVApp.AssignVMVApp.CreateVApp.DeleteVApp.ExtractOvfEnvironmentVApp.ImportVApp.InstanceConfigVApp.PowerOffVApp.PowerOnVApp.ResourceConfig
|
Managing operations related to deployment and configuration of vApp and OVF templates used when creating virtual machines. |
| Virtual Machine > Change Configuration |
Add existing disk, Add new disk, Add or remove device, Advanced configuration, Set annotation, Change CPU count, Toggle disk change tracking, Extend virtual disk, Acquire disk lease, Modify device settings, Configure managedBy, Change Memory, Query unowned files, Configure Raw device, Reload from path, Remove disk, Rename, Reset guest information, Change resource, Change Settings, Change Swapfile placement, Upgrade virtual machine compatibility |
VirtualMachine.Config.AddExistingDiskVirtualMachine.Config.AddNewDiskVirtualMachine.Config.AddRemoveDeviceVirtualMachine.Config.AdvancedConfigVirtualMachine.Config.AnnotationVirtualMachine.Config.CPUCountVirtualMachine.Config.ChangeTrackingVirtualMachine.Config.DiskExtendVirtualMachine.Config.DiskLeaseVirtualMachine.Config.EditDeviceVirtualMachine.Config.ManagedByVirtualMachine.Config.MemoryVirtualMachine.Config.QueryUnownedFilesVirtualMachine.Config.RawDeviceVirtualMachine.Config.ReloadFromPathVirtualMachine.Config.RemoveDiskVirtualMachine.Config.RenameVirtualMachine.Config.ResetGuestInfoVirtualMachine.Config.ResourceVirtualMachine.Config.SettingsVirtualMachine.Config.SwapPlacementVirtualMachine.Config.UpgradeVirtualHardware
|
Managing the lifecycle of Deckhouse Kubernetes Platform cluster virtual machines. |
| Virtual Machine > Edit Inventory |
Create new, Create from existing, Remove, Move |
VirtualMachine.Inventory.CreateVirtualMachine.Inventory.CreateFromExistingVirtualMachine.Inventory.DeleteVirtualMachine.Inventory.Move
|
Creating, deleting, and moving Deckhouse Kubernetes Platform cluster virtual machines in vSphere Inventory. |
| Virtual Machine > Guest Operations | Guest Operation Queries | VirtualMachine.GuestOperations.Query |
Retrieving information from the guest operating system of virtual machines. |
| Virtual Machine > Interaction |
Answer question, Device connection, Guest operating system management by VIX API, Power Off, Power On, Reset, Configure CD media, Install VMware Tools |
VirtualMachine.Interact.AnswerQuestionVirtualMachine.Interact.DeviceConnectionVirtualMachine.Interact.GuestControlVirtualMachine.Interact.PowerOffVirtualMachine.Interact.PowerOnVirtualMachine.Interact.ResetVirtualMachine.Interact.SetCDMediaVirtualMachine.Interact.ToolsInstall
|
Managing virtual machine power state, device connections, and interaction with the guest operating system. |
| Virtual Machine > Provisioning |
Clone virtual machine, Customize guest, Deploy template, Allow virtual machine download, Allow virtual machine files upload, Read customization specifications |
VirtualMachine.Provisioning.CloneVirtualMachine.Provisioning.CustomizeVirtualMachine.Provisioning.DeployTemplateVirtualMachine.Provisioning.GetVmFilesVirtualMachine.Provisioning.PutVmFilesVirtualMachine.Provisioning.ReadCustSpecs
|
Cloning virtual machine templates, customizing them, and deploying them when creating Deckhouse Kubernetes Platform cluster nodes. |
| Virtual Machine > Snapshot Management |
Create snapshot, Remove Snapshot, Rename Snapshot |
VirtualMachine.State.CreateSnapshotVirtualMachine.State.RemoveSnapshotVirtualMachine.State.RenameSnapshot
|
Managing snapshots of virtual machines and volumes in scenarios where this functionality is used by platform components. |