VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

Content Libraries in
vSphere Supervisor

vSphere Supervisor
 uses content libraries as centralized repositories for templates, VM images,
TKG
 release distributions, and other files related to their deployment.

Creating, Securing, and Synchronizing Content Libraries for
TKG
 Releases

VMware Tanzu distributes Kubernetes software versions as
TKG
 releases. To obtain and use these releases on your
TKG
 clusters, you create subscribed or local content libraries.
A
TKG
 release provides the VMware Kubernetes distribution which can be used with
TKG
 clusters. Each
TKG
 release is distributed as an OVA package. The
TKG
 uses the OVA package to deploy the virtual machine nodes for
TKG
 clusters.
A
TKG
 release is supported on Photon OS. The virtual machine nodes that are built from the OVA package have a 16 GB disk size. You specify the CPU and RAM resource reservations when you use a virtual machine class to size the
TKG
 cluster.
Depending on your need for synchronization frequency and on the access to the published content libraries storing the
TKG
 releases, you can use two approaches for storing
TKG
 releases.
Starting with vSphere 7.0 Update 3, you can protect your content library by a security policy. In such case, make sure that all library items are compliant. If a protected library includes a mix of compliant and non-compliant library items, DevOps engineers are not able to retrieve the list of VM images provided with the library.

Automated Synchronization of
TKG
 Releases

VMware publishes a content library that contains the latest VMware distributions of Kubernetes as an OVA package. If you want to provision
TKG
 clusters, you can create a subscribed content library on the
vCenter Server
 instance where
vSphere Supervisor
 is enabled. When configuring the content library subscription, use the following subscription URL of the publisher : https://wp-content.vmware.com/v2/latest/lib.json. For more information about how to create a subscribed content library, see Subscribe to a Content Library.
When you create the subscription, you configure the synchronization mechanism for downloading the content of the published library. You can select between on demand and automatic download of the virtual machine image for the
TKG
 cluster nodes. If you choose to synchronize the subscribed library on demand, only the metadata for the library content is updated and as a result storage space is saved. This approach is an important consideration as more images containing different Kubernetes versions are published. However, the first time you decide to use a new virtual machine image version, you have to wait for it to download.
Starting with vSphere 7.0 Update3, you can secure a subscribed content library. The Content Library service verifies the library signing certificate during the synchronization process. If the certificate verification fails, only the library metadata is synchronized and the library content is not downloaded. For more information how to apply a security policy when you update a subscribed content library, see Editing the Settings of a Content Library.
You associate the subscribed content library with the
Supervisor
 on which you want to create a
TKG
 cluster, when you first enable
vSphere Supervisor
 on a cluster. See EnablevSphere Supervisor on a Cluster withNSX as the Networking Stack.
The size of the content library can grow over time as new Kubernetes versions and images are published. If the underlying storage runs out of space, you will need to move to a new subscribed content library. After you create a new subscribed content library that has sufficient capacity for the target cluster, update the library association of the
Supervisor
. See Reconfiguring a Supervisor.

Manual Synchronization of
TKG
 Releases

In an air-gapped network environment, you can use the storing functionality provided by a local content library for the needed
TKG
 releases. You must first create a local content library, then download the OVA package for each
TKG
 release that you want to import to the library. See Create a Local Content Library.
Starting with vSphere 7.0 Update3, you can secure a local content library. The Content Library service verifies the library signing certificate during the synchronization process. If the certificate verification fails, only the library metadata is synchronized and the library content is not downloaded. For more information how to apply a security policy when you update a local content library, see Editing the Settings of a Content Library.
You can find the latest versions of the Kubernetes distribution by navigating to the https://wp-content.vmware.com/v2/latest URL. You must download the
photon-ova.ovf
 and
photon-ova-disk1.vmdk
 for each distribution you want and then upload these files from your local file system to your local content library. See Upload an OVF or OVA Package from a Local File System to a Library Item.
Make sure that you use as a name for each library item the Photon image version and the Kubernetes version from the directory where you downloaded the files. For example:
photon-3-k8s-v1.20.2---vmware.1-tkg.1.1d4f79a
.

Creating and Managing Content Libraries for VM Provisioning in
vSphere Supervisor

To provision new virtual machines in a
vSphere Supervisor
 environment, the DevOps engineers rely on VM templates and images. Your role is to make sure the DevOps engineers have access to these VM templates and images by using the Content Library service.
You can create a local content library and populate it with VM templates in OVF or OVA file format, or other types of files. For more information and a sample of how to create a local content library, see Create a Local Content Library.
You can also create a subscription to download the content of a published local content library as described in the following topic: Subscribe to a Content Library.
Starting with vSphere 7.0 Update3, you can secure the content library. The Content Library service verifies the library signing certificate during the synchronization process. If the certificate verification fails, only the library metadata is synchronized and the library content is not downloaded. For more information how to apply a security policy when you update a local or subscribed content library, see Editing the Settings of a Content Library.
After you create the content library, you must populate it with content either from your local file system or from a Web server. You must use only the VM images available on the VMware Cloud Marketplace web site. For example, download or subscribe to VM Service Image for Ubuntu if you want to enable a DevOps engineer to deploy a VM using this image. For more information about the available ways to populate a content library with content, see How To Use Library Items.
You must give the DevOps engineers access to the VM templates stored in the content libraries, so that they can use these templates to provision VMs through the VM Service functionality. To give access, you must associate one or more content libraries to the namespace where the VM Service is present. See Associating a Content Library with a Namespace and Virtual Machines in vSphere Supervisor.

Associating a Content Library with a Namespace

You must give access to a source of VM templates, so that the DevOps engineers can use them to provision VMs in a self-service manner. To give access, you associate a content library with VM templates to the namespace used by the DevOps engineers.
You can add multiple content libraries to a namespace that has the VM Service enabled or the same content library to several namespaces. You associate a content library to a namespace when you create a new namespace, update or reconfigure an existing one.
To make the VM Service aware of the content libraries in your environment that the DevOps engineers can use to self-service VMs, you must
use a
VMServiceSpec
 instance and pass it to the namespace configuration
. The instance contains a list of content libraries that will be used by the VM Service. You can specify this list
by calling the
setContentLibraries(java.util.Set<java.lang.String> contentLibraries)
 method of the VM Service specification
.
You can also associate one or more VM classes with the namespace. See Associating a VM Class with a vSphere Namespace.

Content feedback and comments