container-service-extension
container-service-extension copied to clipboard
vmware
RFE: Allow for CSE Enterprise ONLY Deployment
I have been working with a couple of partners recently that are looking to use CSE only to manage/deploy Enterprise PKS clusters.
Both of these partners have PKS and vCD deployed in an isolated environment with no external internet connection. The requirement to download templates/config files from the public internet is problematic for these types of deployments.
Is it possible to add functionality in the CSE code to allow a partner to ONLY deploy CSE Enterprise with an existing PKS deployment? If the user does not intend to deploy CSE Standard clusters, I don't see the point in forcing them to install and configure the templates to support CSE Standard.
Hi Joe,
CSE relies on vCD for user management and all the multi tenancy enforcement. at the end of the day CSE is still an extension of vCD, so it can't be a standalone solution.
During CSE installation (cse install), template creation can be skipped completely via the flag --skip-template-creation. And later the templates can be created individually via cse template install command. But we do require at least one template to be present in the system for successful CSE startup, viz. the default template.
Relaxing the default template might not be a good idea for CSE in general, but the code can be hacked to skip the check. Alternatively it's possible to side load a template into the cse catalog instead of creating it from scratch. To do so we need to follow a specific naming convention for the template and we will also need to add metadata onto the catalog item (this is a completely different object that the template itself). Both these methods are out of scope for CSE's general roadmap, but if you are interested I will be happy to walk you through them via examples.
Regards Aritra Sen
Hi Aritra,
Thanks for your response, a couple of things:
CSE relies on vCD for user management and all the multi tenancy enforcement. at the end of the day CSE is still an extension of vCD, so it can't be a standalone solution.
Completely understand and agree. My request is centered around allowing the CSE service to run without a template being installed in the scenario a customer/partner wants to use CSE to ONLY deploy Enterprise PKS clusters.
In my use case, a customer would still use the vCD tenancy constructs to create orgs, users, OrgVDC, and PvDC (backed by PKS-managed vCenter and NSX-T) but never have to account for or configure templates as they only intend to use CSE to provision PKS clusters. IMHO, it is counterintuitive to force a user to install a CSE Standard template if they never intend on using it.
During CSE installation (cse install), template creation can be skipped completely via the flag --skip-template-creation. And later the templates can be created individually via cse template install command. But we do require at least one template to be present in the system for successful CSE startup, viz. the default template.
Understood, this is how we perform the installation to only pull the templates we want.
I'll reach out to you offline to discuss the prospects of side loading a template manually for customers/partners that don't readily have external internet connectivity to pull down the images/customization scripts to allow the CSE server to create the template.
Thanks again for your response!
Joe