List of required VCD resources

  • Organization
  • VirtualDataCenter
  • vApp
  • StoragePolicy
  • SizingPolicy
  • Network
  • EdgeRouter
  • Catalog

Organization, VirtualDataCenter, StoragePolicy, SizingPolicy, EdgeRouter, and Catalog must be provided by your VMware Cloud Director service provider. Also, in the tenant, you will need to grant the following rights to able to modify the VM parameters (refer to the instruction):

  • guestinfo.metadata
  • guestinfo.metadata.encoding
  • guestinfo.userdata
  • guestinfo.userdata.encoding
  • disk.enableUUID
  • guestinfo.hostname

Network (internal network) can be configured by your VMware Cloud Director service provider, or you can configure it yourself. Next, we consider setting up the internal network yourself.

Adding a network

Go to the Networking tab and click on the NEW button:

Adding a network, step 1

Select the Data Center:

Adding a network, step 2

Note that Network type must be Routed:

Adding a network, step 3

Connect the EdgeRouter to the network:

Adding a network, step 4

Set the network name and CIDR:

Adding a network, step 5

Do not add Static IP Pools, because DHCP will be used:

Adding a network, step 6

Specify the DNS server addresses:

Adding a network, step 7

Configuring DHCP

To provision nodes dynamically, you have to enable the DHCP server for the internal network.

We recommend allocating the beginning of the network address range to system consumers (control plane, frontend nodes, system nodes) and the rest to the DHCP pool. For example, for a /24 mask network it would be enough to allocate 20 addresses to system consumers.

Click the Networking tab and open the network you created:

DHCP, step 1

In the window that opens, select the IP Management -> DHCP -> Activate tab:

DHCP, step 2

In the General settings tab, set the parameters as shown in the example:

DHCP, step 3

Next, add a pool:

DHCP, step 3

Set the DNS server addresses:

DHCP, step 3

Adding a vApp

Switch to the Data Centers -> vApps -> NEW -> New vApp tab:

Adding a vApp, step 1

Set a name and enable the vApp:

Adding a vApp, step 2

Adding a network to the vApp

Once the vApp is created, you have to connect the created internal network to it.

Switch to the Data Centers -> vApps tab and open the target vApp:

Adding a network to the vApp, step 1

Go to the Networks tab and click on the NEW button:

Adding a network to the vApp, step 2

In the window that opens, click the Direct type and select the network:

Adding a network to the vApp, step 3

Incoming traffic

Incoming traffic should be routed to the edge router (ports 80, 443) using DNAT rules to be forwarded to a dedicated address on the internal network.
This address can be created by running MetalLB in L2 mode for dedicated frontend nodes.

Configuring DNAT rules on the edge gateway

Navigate to the Networking -> Edge Gateways tab, open the edge gateway:

Configuring DNAT rules on the edge gateway, step 1

Switch to the Services -> NAT tab:

Configuring DNAT rules on the edge gateway, step 2

Add the following rules:

Configuring DNAT rules on the edge gateway, step 3

The first two rules are used for incoming traffic, while the third rule is used for SSH access to the control plane host (without this rule the installation will not be possible).

Configuring a firewall

Once DNAT is configured, you have to set up the firewall. First, configure the IP sets.

Switch to the Security -> IP Sets tab:

Configuring the edge gateway firewall, step 1

Create the following set of IPs (the MetalLB address here is .10 and the control plane node address is .2):

Configuring the edge gateway firewall, step 1

Configuring the edge gateway firewall, step 1

Configuring the edge gateway firewall, step 1

Add the following firewall rules:

Configuring the edge gateway firewall, step 1

Virtual machine template

The provider is confirmed to work with Ubuntu 22.04-based virtual machine templates only.

The cloud-init package must be installed on the VMs. After the virtual machine is started, the following services associated with this package must be started:

  • cloud-config.service;
  • cloud-final.service;
  • cloud-init.service.

The example below uses the OVA file provided by Ubuntu, updated to include two fixes. Those fixes are essential for CloudPermanent nodes to be provisioned correctly and to be able to mount CSI-created disks.

Making a template from an OVA file

Download the OVA file:

Setting up the template, step 1

Switch to the Libraries -> Catalogs -> Organization Catalog tab:

Setting up the template, step 2

Select the template you downloaded and add it to the catalog:

Setting up the template, step 3

Setting up the template, step 4

Setting up the template, step 5

Create a virtual machine from the template:

Setting up the template, step 6

Setting up the template, step 7

Enter the default password and public key. You will need them to log in to the VM console.

Setting up the template, step 8

Follow these steps to be able to connect to the virtual machine:

  1. Start the virtual machine
  2. Wait for the IP address to be set
  3. Forward port 22 to the virtual machine:

Setting up the template, step 9

Log on to the virtual machine over SSH and run the following commands:

echo -e '\n[deployPkg]\nwait-cloudinit-timeout=1800\n' >> /etc/vmware-tools/tools.conf
passwd -d ubuntu
passwd -d root
rm /home/ubuntu/.ssh/authorized_keys
history -c
shutdown -P now

Shut down the virtual machine and create a virtual machine template:

Setting up the template, step 10

Setting up the template, step 11

After creating a virtual machine template, ask your VMware Cloud Director service provider to enable the disk.enableUUID parameter for the template.

Using the storage

  • VCD supports CSI; disks are created as VCD Independent Disks.
  • The disk.EnableUUID guest property must be set for the virtual machine templates in use.
  • Deckhouse Kubernetes Platform supports disk resizing as of v1.59.1.