de
Banner; Laptop vor blauem Hintergund mit einem Kreis auf dem Display | SPIRIT/21
Von Muhamed Ahmovic am 19.09.2023 Network Services

Helm Charts on vSphere with Tanzu

Technical requirement

Linux VM and Vulnerability Scanner (ClairDB) with internet access

To roll out an application with Helm Charts in an environment with Internet access, the following technical requirements must be met:

  1. two Linux VMs
  2. openssh server, kubectl, helm, bash-completion and docker engine packages must be installed on both VMs
  3. internet access from one VM (access to public registry and Helm repositories)
  4. the vSphere CLI tools packages (vsphere-plugin and vsphere-docker-credential-helper) are also required on the VM without Internet access
  5. SSH access from Linux VM (without internet access) to VM with internet access - to download the packages and Helm charts
  6. VCF WLD with vSphere with Tanzu
  7. HTTPS access from Linux VM without internet access to vSphere Tanzu Workload Management Harbor Registry and Helm Repository
  8. vSphere Embedded Harbor Registry or separate Harbor Registry Instance (for images)
  9. helmet repository (for helmet charts) *
  10. two Vulnerability Scanner Instances (Clair)
  11. Tanzu Kubernetes Grid Cluster in which the pods are to be deployed

*Optional - Helm charts can also be stored locally on the Linux file system.

vSphere Embedded Harbor and Harbor >= v2.8.0 no longer includes ChartMuseum, neither in the user interface nor in the backend. Harbor can serve OCI Helm charts.

Linux VM and Vulnerability Scanner (ClairDB) without internet access

To roll out an application with Helm Charts in an environment without Internet access, the following technical requirements must be met:

  1. two Linux VMs
  2. openssh server, kubectl, helm, bash-completion and docker engine packages must be installed on both VMs
  3. internet access from one VM (access to public registry and Helm repositories)
  4. the vSphere CLI tools packages (vsphere-plugin and vsphere-docker-credential-helper) are also required on the VM without Internet access
  5. SSH access from Linux VM (without internet access) to VM with internet access - to download the packages and Helm charts
  6. VCF WLD with vSphere with Tanzu
  7. HTTPS access from Linux VM without internet access to vSphere Tanzu Workload Management Harbor Registry and Helm Repository
  8. vSphere Embedded Harbor Registry or separate Harbor Registry Instance (for images)
  9. helmet repository (for helmet charts) *
  10. two Vulnerability Scanner Instances (Clair)
  11. Tanzu Kubernetes Grid Cluster in which the pods are to be deployed

*Optional - Helm Charts can also be stored locally on the Linux file system.

vSphere Embedded Harbor and Harbor >= v2.8.0 no longer includes ChartMuseum, neither in the user interface nor in the backend. Harbor can handle OCI Helm Charts.

Deployment

The individual deployment steps on a Linux VM with Internet access

  • Download images and charts from public registry and repository to Linux VM
  • Upload images from Linux VM to local Harbor Registry
  • Save charts locally on Linux VM file system or upload to local Helm repository
  • Roll out images from Linux VM with helm tool
Schaubild mit den einzelnen Deployment-Schritte an einer Linux-VM mit Internetzugang | SPIRIT/21

The individual deployment steps on Linux VMs without Internet access

  • The vulnerability database from the Vulnerability Scanner instance with Internet access (which is up-to-date) must be copied and imported to the Vulnerability Scanner instance without Internet access
  • Download images and charts from the public registry and repository to the Linux VM with Internet access
  • Copy images and charts from the Linux VM with Internet access to the Linux VM without Internet access
  • Upload images from Linux VM without Internet access to local Harbor Registry
  • Save charts locally on the Linux VM without Internet access in the file system or upload them to the local Helm repository
  • Roll out images on the Linux VM without Internet access using helm Tool.
Schaubild der einzelnen Deployment-Schritte an Linux-VMs ohne Internetzugang | SPIRIT/21

Learn more

Ein KI-generierter Laptop vor blauem Hintergrund mit einer Datenbank und Wolken auf dem Display | SPIRIT/21

Find out how you can take the security of your VMware infrastructure to the next level. In our informative blog post on certificate management in VMware, we show you step by step how to manage certificates efficiently and protect your data from threats. Use our expert tips and preserve the integrity of your virtual environment.

Certificate management in VMWARE
Banner; Grafik eines Computers mit einer Wolke und einem Menschen am Schreibtisch in blau; Symbolisiert Cloudcomputing mit VMWare oder Alternativen | SPIRIT/21

VMware acquisition by Broadcom: Discover alternatives to cut costs and reduce dependencies!

VMware - what to do?
EIn Laptop zeigt Grafik von 0 und 1 | SPIRIT/21

To set up supervisor services in vSphere with Tanzu without Internet access, you have to be creative.

Deploy Supervisor Services in airless environments

Muhamed Ahmovic

Technischer Presales

Phone: +49 172 629 6400
E-Mail:

Muhamed is responsible for the design, planning and implementation of IT solutions with a focus on VMware, Storages and Microsoft. If you have any questions about encryption technologies, you’ve come to the right place.

Muhamed Ahmovic