Configuring BOSH Director with NSX-T for Enterprise PKS
Page last updated:
Warning: Pivotal Container Service (PKS)
v1.5 is no longer supported because it has reached the End
of General Support (EOGS) phase as defined by the
Support Lifecycle Policy.
To stay up to date with the latest software and security updates, upgrade to a supported version.
This topic describes how to configure BOSH Director for vSphere with NSX-T integration for Enterprise Pivotal Container Service (Enterprise PKS).
Before you begin this procedure, ensure that you have successfully completed all preceding steps for installing Enterprise PKS on vSphere with NSX-T, including:
- Preparing to Install Enterprise PKS on vSphere with NSX-T Data Center
- Installing and Configuring NSX-T for Enterprise PKS
- Creating the Enterprise PKS Management Plane
- Create Enterprise PKS Compute Plane
- Deploying Ops Manager with NSX-T for Enterprise PKS
- Generating and Registering the NSX Manager Certificate for Enterprise PKS
Log in to Ops Manager with the username and password credentials that you set up in Configure Ops Manager for Enterprise PKS.
Click the BOSH Director for vSphere tile.
Select vCenter Config.
Enter the following information:
- Name: A name that you provide for your vCenter configuration. This field is used to identify the datacenter configuration in Ops Manager if you are configuring multiple datacenters.
- vCenter Host: The hostname of the vCenter that manages ESXi/vSphere.
- vCenter Username: A vCenter username with create and delete privileges for virtual machines (VMs) and folders.
- vCenter Password: The password for the vCenter user specified above.
- Datacenter Name: The name of the datacenter as it appears in vCenter.
- Virtual Disk Type: The Virtual Disk Type to provision for all VMs. For guidance on selecting a virtual disk type, see vSphere Virtual Disk Types.
- Ephemeral Datastore Names (comma delimited): The names of the datastores that store ephemeral VM disks deployed by Ops Manager.
- Persistent Datastore Names (comma delimited): The names of the datastores that store persistent VM disks deployed by Ops Manager.
Note: The vSphere datastore type must be Datastore. Enterprise PKS does not support the use of vSphere Datastore Clusters with or without Storage DRS. For more information, see Datastores and Datastore Clusters in the vSphere documentation.
Select NSX Networking, then select NSX-T.
Configure NSX-T networking as follows:
- NSX Address: Enter the IP address of the NSX Manager host.
- NSX Username and NSX Password: Enter the NSX Manager username and password.
- NSX CA Cert: Provide the CA certificate in PEM format that authenticates to the NSX server. Open the NSX CA Cert that you generated and copy/paste its content to this field.
Configure the following folder names:
- VM Folder: The vSphere datacenter folder where Ops Manager places VMs. Enter
- Template Folder: The vSphere datacenter folder where Ops Manager places VMs. Enter
- Disk path Folder: The vSphere datastore folder where Ops Manager creates attached disk images. You must not nest this folder. Enter
Note: After your initial deployment, you cannot edit the VM Folder, Template Folder, and Disk path Folder names.
- VM Folder: The vSphere datacenter folder where Ops Manager places VMs. Enter
Select Director Config.
In the NTP Servers (comma delimited) field, enter your NTP server addresses.
Note: The NTP server configuration only updates after VM recreation. Ensure that you select the Recreate all VMs checkbox if you modify the value of this field.
Leave the JMX Provider IP Address field blank.
Leave the Bosh HM Forwarder IP Address field blank.
Select the Enable VM Resurrector Plugin to enable BOSH Resurrector functionality.
Select Enable Post Deploy Scripts to run a post-deploy script after deployment. This script allows the job to execute additional commands against a deployment.
Note: You must enable post-deploy scripts to install Enterprise PKS.
Select Recreate all VMs to force BOSH to recreate all VMs on the next deploy. This process does not destroy any persistent disk data.
For typical Enterprise PKS deployments, the default settings for all other BOSH Director configuration parameters are suitable. Optionally you can apply additional configurations to BOSH Director. See Director Config Pane in Configuring BOSH Director on vSphere in the PCF documentation for details.
Note: If you need to be able to remotely access the BOSH Director VM using the BOSH CLI, and you are deploying Enterprise PKS with NSX-T in a NAT topology, you must provide the Director Hostname for BOSH at the time of installation. See Director Config Pane in Configuring BOSH Director on vSphere in the PCF documentation for details.
Ops Manager Availability Zones correspond to your vCenter clusters and resource pools.
Multiple Availability Zones allow you to provide high-availability and load balancing to your applications. When you run more than one instance of an application, Ops Manager balances those instances across all of the Availability Zones assigned to the application.
For a highly available installation of your chosen runtime, use at least three availability zones.
Note: For more information about AZs and high availability in vSphere, see Compute and HA Considerations in vSphere Reference Architecture.
Select Create Availability Zones.
Use the following steps to create one or more Availability Zones for Enterprise PKS to use:
- Click Add and create the Enterprise PKS Management AZ.
- Enter a unique Name for the Availability Zone, such as
- Select the IaaS configuration (vSphere/vCenter).
- Enter the name of an existing vCenter Cluster to use as an Availability Zone, such as
- Enter the name of the Enterprise PKS Management Resource Pool in the vCenter cluster that you specified above, such as
RP-MGMT-PKS. The jobs running in this Availability Zone share the CPU and memory resources defined by the pool.
- Click Add Cluster and create at least one Enterprise PKS Compute AZ.
- Specify the Cluster and the Resource Pool, such as
RP-PKS-AZ. Alternatively, specify the Cluster and the Host Group. See Using vSphere Host Group for more information.
- Add additional clusters as necessary. Click the trash icon to delete a cluster. The first cluster cannot be deleted.
Select Create Networks.
Select Enable ICMP checks to enable ICMP on your networks. Ops Manager uses ICMP checks to confirm that components within your network are reachable.
Click Add Network.
Create the following network:
NET-MGMT-PKS: Network for Ops Manager, BOSH Director, and the PKS API. This network maps to the NSX logical switch created for the Enterprise PKS Management Network. See Creating Enterprise PKS Management Plane.
Note: NSX-T automatically creates the service network to be used by the master and worker nodes (VMs) for Kubernetes clusters managed by Enterprise PKS. You should not manually create this network.
Use the following values as a guide when you define the network in BOSH. Replace the IP addresses with ranges you defined for the Enterprise PKS Management Network.. Reserve any IP addresses from the subnet that are already in use, such as the IP for Ops Manager and subnet gateway.
Field Configuration Name
vSphere Network Name
Reserved IP Ranges
Select the AZ-MGMT Availability Zone to use with the
Note: Do not select the COMPUTE network at this point in the configuration. It will be configured at the end of the procedure.
Select Assign AZs and Networks.
Use the drop-down menu to select a Singleton Availability Zone. The Ops Manager Director installs in this Availability Zone. For Enterprise PKS, this will be the
Use the drop-down menu to select a Network for BOSH Director. BOSH Director runs on the Enterprise PKS Management Plane network. Select the
In Trusted Certificates, enter a custom certificate authority (CA) certificate to insert into your organization’s certificate trust chain. This feature allows all BOSH-deployed components in your deployment to trust a custom root certificate.
Choose Generate passwords or Use default BOSH password. Use the Generate passwords option for increased security.
Click Save. To view your saved Director password, click the Credentials tab.
Select BOSH DNS Config.
(Optional) In Excluded Recursors, enter a list of prohibited recursor addresses.
(Optional) In Recursor Timeout, enter a time limit for contacting the connected recursors. This includes dialing, writing, and reading from the recursor. If any of these actions exceeds the time limit you set, the action fails.
Note: This time limit must include one of the Go parse duration time units. For example, entering
5ssets the timeout limit to five seconds. For more information about supported time units, see func ParseDuration in the Go Programming Language documentation.
(Optional) In Handlers, enter a list of custom domain handlers in JSON format.
(Optional) To send BOSH Director system logs to a remote server, select Yes.
In the Address field, enter the IP address or DNS name for the remote server.
In the Port field, enter the port number that the remote server listens on.
In the Transport Protocol dropdown menu, select TCP or UDP. This selection determines which transport protocol is used to send the logs to the remote server.
(Optional) Select the Enable TLS checkbox to send encrypted logs to remote server with TLS. After you select the checkbox, perform the following steps:
- Enter either the name or SHA1 fingerprint of the remote peer in Permitted Peer.
- Enter the SSL certificate for the remote server in SSL Certificate.
Note: For an optimal security configuration, enable TLS encryption when you are forwarding logs. Logs can contain sensitive information, such as cloud provider credentials.
(Optional) Enter an integer in Queue Size. This value specifies the number of log messages held in the buffer. The default value is 100,000.
(Optional) Select the checkbox to Forward Debug Logs to an external source. This option is deselected by default. If you select it, you may generate a large amount of log data.
(Optional) Enter configuration details for rsyslog in the Custom rsyslog Configuration field. This field requires the rainerscript syntax.
Click Save Syslog Settings.
Select Resource Config.
Adjust any values as necessary for your deployment. Under the Instances, Persistent Disk Type, and VM Type fields, choose Automatic from the drop-down menu to allocate the recommended resources for the job. If the Persistent Disk Type field reads None, the job does not require persistent disk space.
Note: Ops Manager requires a Director VM with at least 8 GB memory.
Note: If you set a field to Automatic and the recommended resource allocation changes in a future version, Ops Manager automatically uses the updated recommended allocation.
Use the Ops Manager API to add custom properties to your VMs such as associated security groups and load balancers.
For more information, see Managing Custom VM Extensions.
Follow the steps below to deploy BOSH:
Go to the Ops Manager Installation Dashboard.
Click Review Pending Changes.
Click Apply Changes.
Confirm changes applied successfully.
Check BOSH VM. Log in to vCenter and check for the
p-boshVM deployment in the Enterprise PKS Management resource pool.
Ater BOSH is successfully deployed, update the network you defined above (
NET-MGMT-PKS) to include each of the COMPUTE AZs that you defined. This ensures that both the Management AZ and the Compute AZs appear in the Enterprise PKS tile for the Plans.
Return to the BOSH tile and click Create Networks.
Edit the network (
NET-MGMT-PKS) and each COMPUTE AZ.
Review pending changes, and click Apply Changes to redeploy BOSH.
Please send any feedback you have to email@example.com.