Installing vSphere Supervisor with Terraform

Introduction

In the modern world of IT infrastructure, automation is the key to simplifying complex tasks and accelerating deployment processes. VMware vSphere is a powerful platform for managing virtualized environments, which has evolved to support Kubernetes through its vSphere Supervisor feature. When combined with Terraform, an open-source infrastructure-as-code (IaC) tool, provisioning and managing this sophisticated setup becomes even easier.

This blog post is a step-by-step guide to installing vSphere Supervisor using Terraform.

Let’s jump into the nitty-gritty and get started with automating vSphere Supervisor deployment by using Terraform.

Terraform Installation

Terraform is an open-source infrastructure-as-code (IaC) tool that allows you to define and provision infrastructure using a high-level configuration language. It is widely used for automating and managing cloud resources and on-premises infrastructure.

For this blog post, I am using Ubuntu to install Terraform. However, you are free to choose an operating system of your choice.

Terraform does not have many system dependencies or prerequisites but you need to make sure you have the following

A system running Ubuntu 20.04 or later
A user account with sudo privileges to install software
Internet access to download Terraform and dependencies

Step 1 : Update Ubuntu

First, updating your system is always a good practice. This ensures you have the latest packages and security patches. Open a terminal window and run the commands

sudo apt update && sudo apt upgrade -y

Step 2 : Install Terraform

Run the below command on a terminal window which would install terraform on the system

			
wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform

Reference – https://developer.hashicorp.com/terraform/install

Step 3 : Verify Terraform Installation

After installation, verify that Terraform was successfully installed by checking its version. Run the command:

terraform --version

You should a output like this

			
Terraform v1.10.4
on linux_amd64

Supervisor Installation

vSphere Supervisor requires NSX or vSphere Networking stack to provide connectivity to Supervisor Control Plane VMs , services and workloads.

In this blog I am using NSX as the networking stack for deployment.

Step by Step Guide for preparation of NSX Environment for vSphere Supervisor is available here .

The first step would be to setup vSphere Provider in providers.tf file for Terraform . Providers.tf should include all providers required . For this configuration we would be using vSphere and NSX Terraform providers.

providers.tf

			
###  Required Provider for WCP Configuration
terraform {
  required_providers {
    nsxt = {
      source = "vmware/nsxt"
    }
     vsphere = {
      source = "hashicorp/vsphere"
    }
  }
}
###  vSphere Configuration
provider "vsphere" {
  user                 = var.vsphere_user
  password             = var.vsphere_password
  vsphere_server       = var.vsphere_server
  allow_unverified_ssl = true
  api_timeout          = 10
}
###  NSX Configuration
provider "nsxt" {
  host                 = var.nsx_server
  username             = var.nsx_username
  password             = var.nsx_password
  allow_unverified_ssl = true
  max_retries          = 2
}

		

The next step would be to set up all variables required for vSphere Supervisor. These variables would be declared in the variables.tf file.

variables.tf

			
variable "nsx_server" {
  type = string
}
variable "nsx_username" {
  type = string
}
variable "nsx_password" {
  type = string
}
variable "vsphere_server" {
  type = string
}
variable "vsphere_user" {
  type = string
}
variable "vsphere_password" {
  type = string
}
variable "certificate_thumbprint" {
  type = string
}
variable "vmware_datacenter" {
  type = string
}
variable "vsphere_cluster" {
  type = string
}
variable "supervisor_storage_policy" {
  type = string
}
variable "supervisor_datastore" {
  type = string
}
variable "dns_server" {
  type = list(string)
}
variable "sup_edge_cluster" {
  type = string
}
variable "distributed_virtual_switch" {
  type = string
}
variable "distributed_virtual_switch_port" {
  type = string
}
variable "search_domains" {
  type = list(string)
}
variable "management_subnet_mask" {
  type = string
}
variable "management_network_starting_ip" {
  type = string
}
variable "management_network_gateway" {
  type = string
}
variable "management_network_address_count" {
  type = string
}
variable "ingress_cidr_range" {
  type = string
}
variable "egress_cidr_range" {
  type = string
}
variable "pod_cidr_range" {
  type = string
}
variable "service_cidr_range" {
  type = string
}
variable "ingress_cidr_range_prefix" {
  type = string
}
variable "egress_cidr_range_prefix" {
  type = string
}
variable "pod_cidr_range_prefix" {
  type = string
}
variable "service_cidr_range_prefix" {
  type = string
}
variable "worker_ntp" {
  type = list(string)
}
variable "main_ntp" {
  type = list(string)
}

		

All values for the variables would be configured in terraform.tfvars. This would be the vCenter Server on which vSphere Supervisor has to be enabled. You also need to provide the network configuration details. Additionally, include the storage policy and datastore for placement of Supervisor Control plane nodes.

The certificate thumbprint of the vCenter Server can be retrieved by running the command

			
echo -n | openssl s_client -connect <hostname>:443 2>/dev/null | openssl x509 -noout -fingerprint -sha256

terraform.tfvars

			
#username and passwords for setup
vsphere_server                   = "vcsa1.env2.lab.test"
vsphere_user                     = "administrator@vsphere.local"
vsphere_password                 = "VMware1!"
certificate_thumbprint           = "88:F4:FA:2F:D3:DB:1A:3F:2C:EE:E3:90:B5:F2:6E:BE:BE:E7:60:D9:93:02:37:3A:25:F2:A0:EF:03:22:01:47"
nsx_server                       = "nsx.env2.lab.test"
nsx_username                     = "admin"
nsx_password                     = "VMware1!VMware1!"
vmware_datacenter                = "Datacenter"
vsphere_cluster                  = "Cluster"
supervisor_storage_policy        = "Supervisor_Storage_Policy"
supervisor_datastore             = "vsanDatastore"
distributed_virtual_switch       = "DSwitch"
distributed_virtual_switch_port  = "mgmt"
search_domains                   = ["env2.lab.test"]
dns_server                       = ["192.168.100.1"]
sup_edge_cluster                 = "sup-edge-cluster"
management_subnet_mask           = "255.255.254.0"
management_network_starting_ip   = "192.168.100.90"
management_network_gateway       = "192.168.100.1"
management_network_address_count = "5"
ingress_cidr_range               = "10.10.10.0"
egress_cidr_range                = "10.10.20.0"
pod_cidr_range                   = "10.244.8.0"
service_cidr_range               = "10.96.2.0"
ingress_cidr_range_prefix        = "24"
egress_cidr_range_prefix         = "24"
pod_cidr_range_prefix            = "21"
service_cidr_range_prefix        = "24"
main_ntp                         = ["192.168.100.1"]
worker_ntp                       = ["192.168.100.1"]

		

The main.tf file required for installation of vSphere Supervisor.

main.tf

			
data "vsphere_datacenter" "vmware_datacenter" {
  name = var.vmware_datacenter
}
data "vsphere_compute_cluster" "vsphere_cluster" {
  name          = "Cluster"
  datacenter_id = data.vsphere_datacenter.vmware_datacenter.id
}
data "vsphere_storage_policy" "supervisor_storage_policy" {
  name = var.supervisor_storage_policy
}
data "vsphere_datastore" "supervisor_datastore" {
  name          = var.supervisor_datastore
  datacenter_id = data.vsphere_datacenter.vmware_datacenter.id
}
data "nsxt_policy_edge_cluster" "sup_edge_cluster" {
  display_name = var.sup_edge_cluster
}
data "vsphere_distributed_virtual_switch" "distributed_virtual_switch" {
  name          = var.distributed_virtual_switch
  datacenter_id = data.vsphere_datacenter.vmware_datacenter.id
}
data "vsphere_network" "distributed_virtual_switch_port" {
  name          = var.distributed_virtual_switch_port
  datacenter_id = data.vsphere_datacenter.vmware_datacenter.id
}
resource "vsphere_content_library" "cl_vsphere" {
  name            = "CL"
  storage_backing = [data.vsphere_datastore.supervisor_datastore.id]
}
resource "vsphere_supervisor" "nsx-sup-tkgs" {
  cluster         = data.vsphere_compute_cluster.vsphere_cluster.id
  storage_policy  = data.vsphere_storage_policy.supervisor_storage_policy.id
  content_library = vsphere_content_library.cl_vsphere.id
  main_dns        = var.dns_server
  worker_dns      = var.dns_server
  worker_ntp      = var.worker_ntp
  main_ntp        = var.main_ntp
  edge_cluster    = data.nsxt_policy_edge_cluster.sup_edge_cluster.id
  dvs_uuid        = data.vsphere_distributed_virtual_switch.distributed_virtual_switch.id
  sizing_hint     = "SMALL"
  management_network {
    network          = data.vsphere_network.distributed_virtual_switch_port.id
    subnet_mask      = var.management_subnet_mask
    starting_address = var.management_network_starting_ip
    gateway          = var.management_network_gateway
    address_count    = var.management_network_address_count
  }
  ingress_cidr {
    address = var.ingress_cidr_range
    prefix  = var.ingress_cidr_range_prefix
  }
  egress_cidr {
    address = var.egress_cidr_range
    prefix  = var.egress_cidr_range_prefix
  }
  pod_cidr {
    address = var.pod_cidr_range
    prefix  = var.pod_cidr_range_prefix
  }
  service_cidr {
    address = var.service_cidr_range
    prefix  = var.service_cidr_range_prefix
  }
  search_domains = var.search_domains
}

		

Next step would be format the terraform files by running terraform fmt .

At this stage you can run the terraform script. Run terraform apply –auto-approve. However, I would recommend running terraform plan. This allows you to see implementation details. If there are any errors in the configuration files, terraform plan would identify them.

Run terraform apply –auto-approve to start deployment of vSphere Supervisor.

Post successful deployment, you will see a running vSphere Supervisor Cluster on vCenter Server.

Conclusion

Automating the deployment of vSphere Supervisor with Terraform brings a powerful infrastructure-as-code approach to modern VMware environments. Instead of relying on manual configuration in the vSphere Client, administrators can define the entire Supervisor setup—including networking, storage policies, edge clusters, and CIDR ranges—through reusable Terraform configuration files.

In this blog, we covered the complete workflow: installing Terraform, configuring the required vSphere and NSX providers, defining variables and infrastructure parameters, and finally deploying the Supervisor Cluster using Terraform. This method not only accelerates the deployment process but also ensures consistency, repeatability, and easier lifecycle management of your Kubernetes-enabled vSphere infrastructure.

Disclaimer: All posts, contents and examples are for educational purposes in lab environments only and does not constitute professional advice. No warranty is implied or given. The user accepts that all information, contents, and opinions are my own. They do not reflect the opinions of my employer.

Installing vSphere Supervisor with Terraform

Share this:

Comments

Leave a comment Cancel reply