TKGs – Quick Tip – How to integrate External Container Registry in vSphere with Tanzu

Hello!

After you’ve enabled Workload Management in vSphere it is a good time to make TKGs trust your own Container Registry if you have one. In my case it’s a Nexus Repository 3 listening on port 5000 on IP address 10.10.60.15. You’ll also need the SSL Certificate of your Container Registry.

In order to tell TKGs to trust our own Container Registry, we need to make TKGs Clusters trust our Container Registry’s Certificate. This can be achieved by creating a custom TkgServiceConfiguration object.

Let’s get started!

1. First we need the Base64 String of our Container Registry Certificate. This can be achieved by executing the following command:

base64 -i <your-container-registry-certificate>.pem

Copy the Base64 String and keep it somewhere handy.

2. Let’s create a new YAML file and enter the details of our TkgServiceConfiguration:

apiVersion: run.tanzu.vmware.com/v1alpha1
kind: TkgServiceConfiguration
metadata:
  name: tkg-service-configuration
spec:
  defaultCNI: antrea
  trust:
    additionalTrustedCAs:
      - name: <Cert-Name>
        data: <Your-Base64-String-Here>

3. Make sure you are connected to your Supervisor Cluster’s Context and apply the TkgServiceConfiguration:

kubectl apply -f <filename>.yaml

4. You should now see your deployed TkgServiceConfiguration in the Supervisor Cluster’s Context:

kubectl get TkgServiceConfiguration
kubectl describe TkgServiceConfiguration tkg-service-configuration

Once you have configured the Tanzu Kubernetes Grid Service to trust your External Container Registry, any new cluster that is provisioned will support your External Container Registry. For existing clusters to support your External Container Registry, a rolling update is required to apply the TkgServiceConfiguration. This can be achieved by scaling your existing clusters for example.

The official VMware Documentation can be found here.

Hope it helped!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s