Introduction
In the modern world of IT infrastructure, automation is the key to simplifying complex tasks and accelerating deployment processes. VMware vSphere is a powerful platform for managing virtualized environments, which has evolved to support Kubernetes through its vSphere Supervisor feature. When combined with Terraform, an open-source infrastructure-as-code (IaC) tool, provisioning and managing this sophisticated setup becomes even easier.
This blog post is a step-by-step guide to installing vSphere Supervisor using Terraform.
Let’s jump into the nitty-gritty and get started with automating vSphere Supervisor deployment by using Terraform!
Terraform Installation
Terraform is an open-source infrastructure-as-code (IaC) tool that allows you to define and provision infrastructure using a high-level configuration language. It is widely used for automating and managing cloud resources and on-premises infrastructure.
For this blog post, I am using Ubuntu to install Terraform. However, you are free to choose an operating system of your choice.
Terraform does not have many system dependencies or prerequisites but you need to make sure you have the following
- A system running Ubuntu 20.04 or later
- A user account with sudo privileges to install software
- Internet access to download Terraform and dependencies
Step 1 : Update Ubuntu
First, updating your system is always a good practice. This ensures you have the latest packages and security patches. Open a terminal window and run the commands
sudo apt update && sudo apt upgrade -yStep 2 : Install Terraform
Run the below command on a terminal window which would install terraform on the system
wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraformReference – https://developer.hashicorp.com/terraform/install
Step 3 : Verify Terraform Installation
After installation, verify that Terraform was successfully installed by checking its version. Run the command:
terraform --versionYou should a output like this
Terraform v1.10.4
on linux_amd64Supervisor Installation
vSphere Supervisor requires NSX or vSphere Networking stack to provide connectivity to Supervisor Control Plane VMs , services and workloads.
In this blog I am using NSX as the networking stack for deployment.
Step by Step Guide for preparation of NSX Environment for vSphere Supervisor is available here .
The first step would be to setup vSphere Provider in providers.tf file for Terraform . Providers.tf should include all providers required . For this configuration we would be using vSphere and NSX Terraform providers.
providers.tf
### Required Provider for WCP Configuration
terraform {
required_providers {
nsxt = {
source = "vmware/nsxt"
}
vsphere = {
source = "hashicorp/vsphere"
}
}
}
### vSphere Configuration
provider "vsphere" {
user = var.vsphere_user
password = var.vsphere_password
vsphere_server = var.vsphere_server
allow_unverified_ssl = true
api_timeout = 10
}
### NSX Configuration
provider "nsxt" {
host = var.nsx_server
username = var.nsx_username
password = var.nsx_password
allow_unverified_ssl = true
max_retries = 2
}The next step would be to set up all variables required for vSphere Supervisor. These variables would be declared in the variables.tf file.
variables.tf
variable "nsx_server" {
type = string
}
variable "nsx_username" {
type = string
}
variable "nsx_password" {
type = string
}
variable "vsphere_server" {
type = string
}
variable "vsphere_user" {
type = string
}
variable "vsphere_password" {
type = string
}
variable "certificate_thumbprint" {
type = string
}
variable "vmware_datacenter" {
type = string
}
variable "vsphere_cluster" {
type = string
}
variable "supervisor_storage_policy" {
type = string
}
variable "supervisor_datastore" {
type = string
}
variable "dns_server" {
type = list(string)
}
variable "sup_edge_cluster" {
type = string
}
variable "distributed_virtual_switch" {
type = string
}
variable "distributed_virtual_switch_port" {
type = string
}
variable "search_domains" {
type = list(string)
}
variable "management_subnet_mask" {
type = string
}
variable "management_network_starting_ip" {
type = string
}
variable "management_network_gateway" {
type = string
}
variable "management_network_address_count" {
type = string
}
variable "ingress_cidr_range" {
type = string
}
variable "egress_cidr_range" {
type = string
}
variable "pod_cidr_range" {
type = string
}
variable "service_cidr_range" {
type = string
}
variable "ingress_cidr_range_prefix" {
type = string
}
variable "egress_cidr_range_prefix" {
type = string
}
variable "pod_cidr_range_prefix" {
type = string
}
variable "service_cidr_range_prefix" {
type = string
}
variable "worker_ntp" {
type = list(string)
}
variable "main_ntp" {
type = list(string)
}
All values for the variables would be configured in terraform.tfvars. This would be the vCenter Server on which vSphere Supervisor has to be enabled. You also need to provide the network configuration details. Additionally, include the storage policy and datastore for placement of Supervisor Control plane nodes.
The certificate thumbprint of the vCenter Server can be retrieved by running the command
echo -n | openssl s_client -connect <hostname>:443 2>/dev/null | openssl x509 -noout -fingerprint -sha256terraform.tfvars
#username and passwords for setup
vsphere_server = "vcsa1.env2.lab.test"
vsphere_user = "administrator@vsphere.local"
vsphere_password = "VMware1!"
certificate_thumbprint = "88:F4:FA:2F:D3:DB:1A:3F:2C:EE:E3:90:B5:F2:6E:BE:BE:E7:60:D9:93:02:37:3A:25:F2:A0:EF:03:22:01:47"
nsx_server = "nsx.env2.lab.test"
nsx_username = "admin"
nsx_password = "VMware1!VMware1!"
vmware_datacenter = "Datacenter"
vsphere_cluster = "Cluster"
supervisor_storage_policy = "Supervisor_Storage_Policy"
supervisor_datastore = "vsanDatastore"
distributed_virtual_switch = "DSwitch"
distributed_virtual_switch_port = "mgmt"
search_domains = ["env2.lab.test"]
dns_server = ["192.168.100.1"]
sup_edge_cluster = "sup-edge-cluster"
management_subnet_mask = "255.255.254.0"
management_network_starting_ip = "192.168.100.90"
management_network_gateway = "192.168.100.1"
management_network_address_count = "5"
ingress_cidr_range = "10.10.10.0"
egress_cidr_range = "10.10.20.0"
pod_cidr_range = "10.244.8.0"
service_cidr_range = "10.96.2.0"
ingress_cidr_range_prefix = "24"
egress_cidr_range_prefix = "24"
pod_cidr_range_prefix = "21"
service_cidr_range_prefix = "24"
main_ntp = ["192.168.100.1"]
worker_ntp = ["192.168.100.1"]The main.tf file required for installation of vSphere Supervisor.
main.tf
data "vsphere_datacenter" "vmware_datacenter" {
name = var.vmware_datacenter
}
data "vsphere_compute_cluster" "vsphere_cluster" {
name = "Cluster"
datacenter_id = data.vsphere_datacenter.vmware_datacenter.id
}
data "vsphere_storage_policy" "supervisor_storage_policy" {
name = var.supervisor_storage_policy
}
data "vsphere_datastore" "supervisor_datastore" {
name = var.supervisor_datastore
datacenter_id = data.vsphere_datacenter.vmware_datacenter.id
}
data "nsxt_policy_edge_cluster" "sup_edge_cluster" {
display_name = var.sup_edge_cluster
}
data "vsphere_distributed_virtual_switch" "distributed_virtual_switch" {
name = var.distributed_virtual_switch
datacenter_id = data.vsphere_datacenter.vmware_datacenter.id
}
data "vsphere_network" "distributed_virtual_switch_port" {
name = var.distributed_virtual_switch_port
datacenter_id = data.vsphere_datacenter.vmware_datacenter.id
}
resource "vsphere_content_library" "cl_vsphere" {
name = "CL"
storage_backing = [data.vsphere_datastore.supervisor_datastore.id]
}
resource "vsphere_supervisor" "nsx-sup-tkgs" {
cluster = data.vsphere_compute_cluster.vsphere_cluster.id
storage_policy = data.vsphere_storage_policy.supervisor_storage_policy.id
content_library = vsphere_content_library.cl_vsphere.id
main_dns = var.dns_server
worker_dns = var.dns_server
worker_ntp = var.worker_ntp
main_ntp = var.main_ntp
edge_cluster = data.nsxt_policy_edge_cluster.sup_edge_cluster.id
dvs_uuid = data.vsphere_distributed_virtual_switch.distributed_virtual_switch.id
sizing_hint = "SMALL"
management_network {
network = data.vsphere_network.distributed_virtual_switch_port.id
subnet_mask = var.management_subnet_mask
starting_address = var.management_network_starting_ip
gateway = var.management_network_gateway
address_count = var.management_network_address_count
}
ingress_cidr {
address = var.ingress_cidr_range
prefix = var.ingress_cidr_range_prefix
}
egress_cidr {
address = var.egress_cidr_range
prefix = var.egress_cidr_range_prefix
}
pod_cidr {
address = var.pod_cidr_range
prefix = var.pod_cidr_range_prefix
}
service_cidr {
address = var.service_cidr_range
prefix = var.service_cidr_range_prefix
}
search_domains = var.search_domains
}
Next step would be format the terraform files by running terraform fmt .
At this stage you can run the terraform script. Run terraform apply –auto-approve. However, I would recommend running terraform plan. This allows you to see implementation details. If there are any errors in the configuration files, terraform plan would identify them.
Run terraform apply –auto-approve to start deployment of vSphere Supervisor.
Post successful deployment, you will see a running vSphere Supervisor Cluster.
Disclaimer: All posts, contents and examples are for educational purposes in lab environments only and does not constitute professional advice. No warranty is implied or given. The user accepts that all information, contents, and opinions are my own. They do not reflect the opinions of my employer.
VMware Cloud Foundation 
Leave a comment