Deploy a PCG with Palette CLI

Palette Private Cloud Gateway (PCG) is a crucial infrastructure support component that acts as a bridge between your private cloud environment or data center and Palette.

A PCG is required in environments lacking direct network access to Palette. For example, many infrastructure environments reside within private networks that restrict external connections, preventing internal devices and resources from reaching Palette directly.

Upon installation, the PCG initiates a connection from inside the private network to Palette, serving as an endpoint for Palette to communicate with the infrastructure environment. The PCG continuously polls Palette for instructions to either deploy or delete Kubernetes clusters within the environment. This connection uses a secure communication channel that is encrypted using the Transport Layer Security (TLS) protocol. Once a cluster is deployed, the PCG is no longer involved in the communication between Palette and the deployed cluster. The cluster then communicates directly with Palette through the Palette agent available within each cluster, which originates all network requests outbound toward Palette. Refer to the PCG Architecture section for more information.

In this tutorial, you will deploy a VMware PCG using Palette CLI.

Prerequisites

Follow the steps described in the Set up Palette with VMware guide to authenticate Palette for use with your VMware user account.

You will need a Linux x86-64 machine with access to a terminal and Internet, as well as connection to both Palette and VMware vSphere.

• The following IP address requirements must be met in your VMware vSphere environment:

  • One IP address available for the single-node PCG deployment. Refer to the PCG Sizing section for more information on sizing.
  • One IP address reserved for cluster repave operations.
  • One IP address for the Virtual IP (VIP).
  • DNS must be able to resolve the domain api.spectrocloud.com.
  • NTP server must be reachable from the PCG.

• The following minimum resources must be available in your VMware vSphere environment:

  • CPU: 4 cores.
  • Memory: 4 GiB.
  • Storage: 60 GiB.
  
  
  info

  In production environments, we recommend deploying a three-node PCG, each node with 8 cores of CPU, 8 GiB of memory, and 100 GiB of storage.

• Ensure the following software is installed and available on your Linux machine.

  • Palette CLI.
  • Docker.
  • Kind.
  • Git.

Authenticate with Palette

The initial step to deploy a PCG using Palette CLI involves authenticating with your Palette environment using the palette login command. In your terminal, execute the following command.

palette login

Once issued, you will be prompted for several parameters to complete the authentication. The table below outlines the required parameters along with the values that will be utilized in this tutorial. If a parameter is specific to your environment and Palette account, such as your Palette API key, ensure to input the value according to your environment. Check out the Deploy a PCG to VMware vSphere guide for more information. option.

Parameter	Value	Environment-Specific
Spectro Cloud Console	https://console.spectrocloud.com. If using a self-hosted instance of Palette, enter the URL for that instance.	No
Allow Insecure Connection	Y. Enabling this option bypasses x509 CA verification. In production environments, enter Y if you are using a self-hosted Palette or VerteX instance with self-signed TLS certificates and need to provide a file path to the instance CA. Otherwise, enter N.	No
Spectro Cloud API Key	Enter your Palette API Key.	Yes
Spectro Cloud Organization	Select your Palette Organization name.	Yes
Spectro Cloud Project	None (TenantAdmin)	No
Acknowledge	Accept the login banner message. Login banner messages are only displayed if the tenant admin enabled a login banner.	Yes

After accepting the login banner message, you will receive the following output confirming you have successfully authenticated with Palette.

Welcome to Spectro Cloud Palette

The video below demonstrates Palette's authentication process. Ensure you utilize values specific to your environment, such as the correct Palette URL. Contact your Palette administrator for the correct URL if you use a self-hosted Palette or VerteX instance.

Deploy a PCG

After authenticating with Palette, you can proceed with the PCG creation process. Issue the command below to start the PCG installation.

palette pcg install

The palette pcg install command will prompt you for information regarding your PCG cluster, vSphere environment, and resource configurations. The following tables display the required parameters along with the values that will be used in this tutorial. Enter the provided values when prompted. If a parameter is specific to your environment, such as your vSphere endpoint, enter the corresponding value according to your environment. For detailed information about each parameter, refer to the Deploy a PCG to VMware vSphere guide.

info

The PCG to be deployed in this tutorial is intended for educational purposes only and is not recommended for production environments.

1. PCG General Information

   Configure the PCG general information, including the Cloud Type and Private Cloud Gateway Name, as shown in the table below.

   Parameter	Value	Environment-Specific
   Management Plane Type	Palette	No
   Enable Ubuntu Pro (required for production)	N	No
   Select an image registry type	Default	No
   Cloud Type	VMware vSphere	No
   Private Cloud Gateway Name	gateway-tutorial	No
   Share PCG Cloud Account across platform Projects	Y	No

2. Environment Configuration

   Enter the environment configuration information, such as the Pod CIDR and Service IP Range according to the table below.

   Parameter	Value	Environment-Specific
   HTTPS Proxy	Skip.	No
   HTTP Proxy	Skip.	No
   Pod CIDR	172.16.0.0/20. The pod IP addresses should be unique and not overlap with any machine IPs in the environment.	No
   Service IP Range	10.155.0.0/24. The service IP addresses should be unique and not overlap with any machine IPs in the environment.	No

3. vSphere Account Information

   Enter the information specific to your vSphere account.

   Parameter	Value	Environment-Specific
   vSphere Endpoint	Your vSphere endpoint. You can specify a Full Qualified Domain Name (FQDN) or an IP address. Make sure you specify the endpoint without the HTTP scheme https:// or http://. Example: vcenter.mycompany.com.	Yes
   vSphere Username	Your vSphere account username.	Yes
   vSphere Password	Your vSphere account password.	Yes
   Allow Insecure Connection (Bypass x509 Verification)	Y. Enabling this option bypasses x509 CA verification. In production environments, enter N if using a custom registry with self-signed SSL certificates. Otherwise, enter Y.	No

4. vSphere Cluster Configuration

   Enter the PCG cluster configuration information. For example, specify the vSphere Resource Pool to be targeted by the PCG cluster.

   Parameter	Value	Environment-Specific
   Datacenter	The vSphere data center to target when deploying the PCG cluster.	Yes
   Folder	The vSphere folder to target when deploying the PCG cluster.	Yes
   Network	The port group to which the PCG cluster will be connected.	Yes
   Resource Pool	The vSphere resource pool to target when deploying the PCG cluster.	Yes
   Cluster	The vSphere compute cluster to use for the PCG deployment.	Yes
   Select specific Datastore or use a VM Storage Policy	Datastore	No
   Datastore	The vSphere datastore to use for the PCG deployment.	Yes
   Add another Fault Domain	N	No
   NTP Servers	Skip.	No
   SSH Public Keys	Provide a public OpenSSH key to be used to connect to the PCG cluster.	Yes

5. PCG Cluster Size

   This tutorial will deploy a one-node PCG with dynamic IP placement (DDNS). If needed, you can convert a single-node PCG to a multi-node PCG to provide additional capacity. Refer to the Increase PCG Node Count guide for more information.

   Parameter	Value	Environment-Specific
   Number of Nodes	1	No
   Placement Type	DDNS	No
   Search domains	Comma-separated list of DNS search domains. For example, spectrocloud.dev.	Yes

6. Cluster Settings

   Set the parameter Patch OS on boot to N, meaning the OS of the PCG hosts will not be patched on the first boot.

   Parameter	Value	Environment-Specific
   Patch OS on boot	N	No

7. vSphere Machine Configuration

   Set the size of the PCG as small (S) as this PCG will not be used in production environments.

   Parameter	Value	Environment-Specific
   S	4 CPU, 4 GB of Memory, and 60 GB of Storage	No

8. Node Affinity Configuration Information

   Set Node Affinity to N, indicating no affinity between Palette pods and control plane nodes.

   Parameter	Value	Environment-Specific
   Node Affinity	N	No

After answering the prompts of the pcg install command, a new PCG configuration file is generated, and its location is displayed on the console.

==== PCG config saved ==== Location: /home/ubuntu/.palette/pcg/pcg-20240313152521/pcg.yaml

Next, Palette CLI will create a local kind cluster that will be used to bootstrap the PCG cluster deployment in your VMware environment. Once installed, the PCG registers itself with Palette and creates a VMware cloud account with the same name as the PCG.

The following recording demonstrates the pcg install command with the --config-only flag. When using this flag, a reusable configuration file named pcg.yaml is created under the path .palette/pcg. You can then utilize this file to install a PCG with predefined values using the command pcg install with the --config-file flag. Refer to the Palette CLI PCG Command page for further information about the command.

You can monitor the PCG cluster creation by logging into Palette and switching to the Tenant Admin scope. Next, click on Tenant Settings from the left Main Menu and select Private Cloud Gateways. Then, click on the PCG cluster you just created and check the deployment progress under the Events tab.

You can also track the PCG deployment progress from your terminal. Depending on the PCG size and infrastructure environment, the deployment might take up to 30 minutes. Upon completion, the local kind cluster is automatically deleted from your machine.

Next, log in to Palette as a tenant admin. Navigate to the left Main Menu and select Tenant Settings. Click on Private Cloud Gateways from the Tenant Settings Menu and select the PCG you just created. Ensure that the PCG cluster status is Running and Healthy before proceeding.

Next Steps

In this tutorial, you deployed a PCG to connect Palette to your VMware vSphere environment. To learn how to get started with deploying Kubernetes clusters to VMware, we recommend that you continue to the Create a Cluster Profile tutorial to create a full cluster profile for your host cluster.