edit

Deploying BOSH for CFCR on vSphere

This topic describes how to deploy BOSH for Cloud Foundry Container Runtime (CFCR) on vSphere. Installing CFCR requires deploying a BOSH Director.

After completing the procedures in this topic, continue to the Deploying CFCR topic.

Note

CFCR was formerly known as Kubo, and many CFCR assets described in this topic still use the Kubo name.

Step 1: Create User Accounts

Log in to vCenter and then complete the procedures in the sections below to create the user accounts required for your CFCR installation.

Create a BOSH User

BOSH needs a user account with a particular set of privileges. This topic refers to this account as the "BOSH user."

The role associated with the BOSH user must grant the privileges described in the following table.

Privilege Type Privilege Name
Datastore
  • Allocate space
  • Browse datastore
  • Low level file operations
  • Remove file
  • Update virtual machine files
  • Update virtual machine metadata
Folder All
Global
  • Manage custom attributes
  • Set custom attribute
Host
  • Inventory
    • Modify cluster
  • Local operations
Network All
Resource
  • Assign virtual machine to resource pool
  • Migrate powered off virtual machine
  • Migrate powered on virtual machine
Virtual Machine
  • Configuration
  • Guest Operations
  • Interaction
  • Inventory
  • Provisioning
  • Service configuration
  • Snapshot management
vApp All
vCenter Inventory Service All

For more information about user accounts and roles, see the vSphere documentation.

(Optional) Create a Persistence User

If you plan to provide your Kubernetes applications with access to persistent volumes, create a separate user account with a smaller set of privileges. This topic refers to this account as the "persistence user."

The role associated with the persistence user must grant the privileges described in the following table.

Privilege Type Privilege Name
Datastore
  • Allocate space
  • Low level file Operations
Virtual Machine
  • Configuration
  • Add existing disk
  • Add or remove device
  • Remove disk

If you plan to use the VSAN-policy-based volume provisioning feature in Kubernetes, the persistence user must grant the additional privileges described in the following table.

Privilege Type Privilege Name
Network
  • Assign network
Virtual Machine
  • Configuration
    • Add new disk
  • Inventory
    • Create new
Resource
  • Assign virtual machine to resource pool

Step 2: Retrieve Information

Retrieve the following vSphere configuration details from vCenter. These values will be required later during the deployment of BOSH and CFCR.

  • vCenter IP address
  • Username and password for the BOSH user
  • (optional) Username and password for the persistence user
  • vSphere datacenter name
  • Name of an existing cluster in the above datacenter
  • Name of an existing datastore in the same datacenter
  • Name of an existing resource pool in the cluster

Step 3: Generate a Configuration Template

Perform the following steps to generate a CFCR configuration template:

  1. Ensure you are using a machine that has access to the VMs on the vSphere network. Depending on your network topology, you may need to execute the commands below on a bastion host.
  2. Change into the home directory. Enter the following command:

    $ cd ~

  3. See the release notes for a link to the latest kubo-deployment release. Enter the following command, replacing KUBO-RELEASE-URL with the release artifact URL:

    $ wget https://KUBO-RELEASE-URL.tgz

  4. Expand the tarball. Enter the following command, replacing KUBO-RELEASE with the name of the file you downloaded in the previous step:

    $ tar -xvf KUBO-RELEASE.tgz

  5. Change into kubo-deployment. Enter the following command:

    $ cd ~/kubo-deployment

  6. Set three environment variables with the following commands:

    $ export kubo_env=~/kubo-env $ export kubo_env_name=kubo $ export kubo_env_path="${kubo_env}/${kubo_env_name}"

    Note

    kubo_env_path points to the directory containing the CFCR configuration. Later topics will refer to this path as KUBO_ENV.

  7. Make a new directory path with the following command:

    $ mkdir -p "${kubo_env}"

  8. Generate a CFCR configuration template:

    $ ./bin/generate_env_config "${kubo_env}" ${kubo_env_name} vsphere

Step 4: Configure Routing

If you want to configure Cloud Foundry to handle routing for CFCR, perform the procedures in Configuring Cloud Foundry Routing.

If you want to configure an external load balancer, perform the following steps:

  1. Navigate to KUBO_ENV and open the newly created director.yml file.
  2. Under the IaaS routing mode settings section, set the routing_mode to external.
  3. Set the kubernetes_master_host to the IP address of your external load balancer.
  4. Set the kubernetes_master_port to the port exposed by the external load balancer.
  5. Comment out the master_target_pool property.

Step 5: Deploy BOSH

Perform the following steps to deploy a BOSH Director:

  1. Continue working in the director.yml file to configure BOSH by populating the remaining uncommented lines. You will need the vSphere configuration details you retrieved in Step 2: Retrieve Information.
  2. In the same directory, open the director-secrets.yml file.
  3. Set the vcenter_password to the password for the BOSH user you created in Step 1: Create User Accounts.

    Warning

    The director-secrets.yml file contains sensitive information and should not be under version control.

  4. Ensure your vCenter hostname can be resolved using 8.8.8.8 as the nameserver. For example:

    $ dig @8.8.8.8 ab2-host-a101-11.foo-12.bar.cf-example.com

    If the hostname cannot be resolved, open ~/kubo-deployment/bosh-deployment/bosh.yml and locate the dns property. Replace 8.8.8.8 with the nameserver of your vSphere environment.

  5. Deploy the BOSH Director for CFCR. Enter the following command:

    $ ./bin/deploy_bosh "${kubo_env_path}"

    The deploy_bosh script deploys a BOSH Director with all of the necessary components to install CFCR.

    After the script completes, KUBO_ENV contains the following:

    • Credentials and SSL certificates for the BOSH Director, stored in creds.yml

      Warning

      The creds.yml file contains sensitive information and should not be under version control.

    • The deployment state, stored in state.json

      Note

      Subsequent runs of deploy_bosh will use creds.yml and state.json to apply changes to the BOSH environment.

After deploying the BOSH Director, continue to the Deploying CFCR topic.