VMware 5V0-23.20 Practice Test - Questions Answers, Page 2

A ReplicaSet declares how the functionality of a pod is made scalable and resilient through redundancy. The ReplicaSet ensures that a specified number of pods is kept running. Example:

Deploy a ReplicaSet.

• The ReplicaSet name is nginx-replica-demo.

• Two replicas are expected to be running.

• The ReplicaSet applies to pods with label nginx.

For more information about Kubernetes replica sets, see

https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/

The Workload Network, such as TKGS-VLAN1000, is where the Tanzu Kubernetes clusters run.

A workload network is a network construct that is used by supervisor control plane VMs and vSphere namespaces:

• The workload network is supported by a vSphere Distributed Switch port group.

• An IP range is defined to allocate an IP address for VMs attached to the workload network.

• A primary workload network must be selected.

• The supervisor control plane VMs attach to the primary workload networks port group.

A workload network can be used by multiple namespaces. A namespace can be assigned only one workload network.

https://docs.docker.com/docker-hub/repos/

• Registry Service: Developers can store and manage Docker and OCI images using Harbor. Harbor is an open-source container image registry that secures images with role-based access control.

Procedure

Login to Harbor Registry with the vSphere Docker Credential Helper.

docker-credential-vsphere login <container-registry-IP> --user [email protected]

Note:While providing --user username is acceptable for login, you should use the UserPrincipalName (UPN) syntax ( --user [email protected]) to login and use docker push commands.

Tag the image that you want to push to the project in Harbor Registry with same name as the

namespace, where you want to use it:

docker tag <image-name>[:TAG] <container-registry-IP>/<project-name>/<image-name>[:TAG]

For example:

docker tag hello-world:latest 10.179.145.77/tkgs-cluster-ns/hello-world:latest

docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

10.179.145.77/tkgs-cluster-ns/hello-world latest bf756fb1ae65 10 months ago

13.3kB

hello-world latest bf756fb1ae65 10 months ago 13.3kB

To push an image to a project in Harbor, run the following command:Syntax:

docker push <container-registry-IP>/<namespace-name>/<image_name>

For example:

docker push 10.179.145.77/tkgs-cluster-ns/hello-world:latest

Expected result.

The push refers to repository [10.179.145.77/tkgs-cluster-ns/hello-world]

9c27e219663c: Pushed

latest: digest: sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042

size: 525

The Cloud Native Storage server resides in vCenter Server:

• Provisions and manages life cycle operations for container volumes

• Creates First Class Disks (FCDs) to support the container volumes

• First Class Disks exist as .vmdk and -flat.vmdk files on a vSphere datastore • Integrates with storage policy based management (SPBM) for the placement of disks A First Class Disk (FCD) is also called an improved virtual disk. It is a named virtual disk that is unassociated with a VM. These disks reside on a VMFS, NFS, or vSAN datastore and support container volumes.

Storage policy based management (SPBM) is a vCenter Server service that supports provisioning of persistent volumes according to specified storage requirements. After provisioning, the service monitors compliance of the volume with the required policy characteristics.

As a vSphere administrator, you can enable the Workload Management platform on a vSphere cluster by configuring the vSphere networking stack to provide connectivity to workloads. A Supervisor Cluster that is configured with vSphere networking supports the deployment of Tanzu Kubernetes clusters created by using the Tanzu Kubernetes Grid Service. It does not support running vSphere Pod or using the embedded Harbor Registry.

As a vSphere administrator, you can replace the certificate for the virtual IP address (VIP) to securely connect to the Supervisor Cluster API endpoint with a certificate signed by a CA that your hosts already trust. The certificate authenticates the Kubernetes control plane to DevOps engineers, both during login and subsequent interactions with the Supervisor Cluster.

Prerequisites

Verify that you have access to a CA that can sign CSRs. For DevOps engineers, the CA must be installed on their system as a trusted root.

Procedure

In the vSphere Client, navigate to the Supervisor Cluster.

Click Configure then under Namespaces select Certificates.

In the Workload platform MTG pane, select Actions > Generate CSR.

Provide the details for the certificate.

Once the CSR is generated, click Copy.

Sign the certificate with a CA.

From the Workload platform MTG pane, select Actions > Replace Certificate.

Upload the signed certificate file and click Replace Certificate.

Validate the certificate on the IP address of the Kubernetes control plane.

• VM storage policies are translated into Kubernetes storage classes.

• Developers can access all assigned VM storage policies in the form of storage classes. • Developers cannot manage storage classes.

Virtual Machine Class Types for Tanzu Kubernetes Clusters

A virtual machine class defines the resource sizing for Tanzu Kubernetes cluster VMs:

• CPU

• Memory

• Storage Virtual machine class types range from extra small (xsmall) to extra large (xlarge). Class types are categorized as guaranteed or best effort:

• Guaranteed: Reserve all CPU and memory allocations.

• Best effort: Allocate the same CPU and memory but do not reserve the resources.

The class type guaranteed-small allocates 2 CPU, 4 GB of memory, and 16 GB of storage and reserves CPU and memory allocations. Custom virtual machine class types cannot be defined.

Static IPs for Kubernetes control plane VMs

Block of 5A block of 5 consecutive static IP addresses to be assigned to the Kubernetes control plane VMs in the Supervisor Cluster.