Deploy Virtual Container Host for vSphere integrated Containers

I’m using vSphere integrated containers version 1.5. In this version, you can use the vCenter Plugin to create them through the GUI.

Navigate to your VIC Plugin

Click on vSphere Integrated Containers

Click New Virtual Container Host

Select a Name for the VCH, define the naming convention for your “container-VMs” and configure logging, if required.

Choose where to deploy the VCH.
The VCH and its containers are organized in a resource pool. Thus, below advanced, you can define limits and reservations (below advanced) for it. You can also tweak the actual VCH-VM ressources.

Select the Datastore where to put the VCH and your containers
Unless you want to create persistent volumes, you can ignore the “Volume Datastore” section. For more information, about how the storage is organized, check here

The Public Network is used to access repositories from the VCH to pull images, or to expose ports from port-mappings of the containers.
The Bridge Network is used for container to container communication. This Network should not be shared across multiple VCHs.
Both portgroups can be either vDS portgroups or NSX (T / V) logical switches.
Note – If you are using static IP for the public network, the tooltip asks for “Public network”. But it actually requires the VCH Public IP in CIDR format.

Don’t do this in production, but for my LAB setup, I’m going without Client Certificates.

I also keep default settings for Registry Access

Choose the user, which will be used to interact with vSphere

Review the settings and finish.
In case you are using the vic-machine client, you can copy the full command used, to deploy the VCH

If you face the following error:

You obviously need to check the ESXi Firewall settings, where the VCH is going to be deployed to.
So SSH to the ESXi and check the firewall config:

vi /etc/vmware/firewall/services.xml

In my case, the rule was there, but it was disabled:

  <!-- vSphere Integrated Containers Engine to allow outbound 2377/cp -->
  <service id='0044'>
    <id>vic-engine</id>
    <rule id='0000'>
      <direction>outbound</direction>
      <protocol>tcp</protocol>
      <porttype>dst</porttype>
      <port>
        <begin>2377</begin>
        <end>2377</end>
      </port>
    </rule>
    <enabled>false</enabled>
    <required>false</required>
  </service>

I’ve simply enabled them, but in a LAB environment, you could also just disable the firewall completely.
If everything works fine, you should see the following:

The VCH output also shows you the DOCKER API Endpoint, which can be used to deploy containers from the well-known docker cli.

Leave a Reply

Your email address will not be published. Required fields are marked *