vSphere Integrated Containers (VIC) Part I – Deploy and Prep VIC

A Little context on Containers and Virtual Machines

A hypervisor provides, via software, hardware presentation to a virtual machine/host. The hypervisor, such as ESXi emulates compute with minimal overhead, according to vmware documentation, no more than 1-5%. Your guestOS, be it, Windows Server 2016, Debian, or MacOS, are completely unaware that the hardware presented to it is virtualized. Isolation of concerns for virtual workloads are handled by the hypervisor at the vhardware level. The OS of choice is only capable of seeing the hardware that has been partitioned to it by the hypervisor. Leakage between vms is notably, to a point, almost nonexistent.

Containers do not require a hypervisor to run. Containers via platforms like Docker, for instance, make use of control groups (wiki states: “is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes.”) and namespaces, a way to isolate processes so they are unable to see one another. ie one namespace cannot see the resources of another. A container can be described as a process running within a host operating system, and isolation is done at the OS kernel. VMware documentation states “Each kernel function has to explicitly check which namespace it executes in and take measures to isolate it from others. Because of this, the number of points where a leak between workloads can happen is…larger than with a hypervisor. Also, isolation is dependent on the host OS and you have to take great care to run only host OSes that are known to be safe and that have all current patches installed.”


VMware vSphere integrated containers (VIC) leverage the the existing strength of the vSphere suite where vms can run along side containers on the same infrastructure, allowing folks used to running containerized apps, and already familiar with Docker, can develop applications in containers, by using the Docker compatible interface. Many features that the VMware admin/engineer is used to, such as DRS all come into play while making use of VIC. Ill circle back with an article on the three pieces that make up the VIC system, the container engine, VMware Harbor container registry, and the VMware Admiral management portal. Ill also go into more detail on the benefits and potential drawbacks of each.


Build Out VIC Framework

Download the OVA from http://www.vmware.com/go/download-vic. as of writing this, it is at version 1.3.1

Deploy the template using standard deployment procedures. I am using my lab vCenter as an example, I have seen that VIC will work on standalone hosts as well, which ill have to give a try at some point. Do pay heed of the configuration portion for domain name servers, as it says to enter them with “spaces” not commas. Go ahead and power on the appliance once complete.


Go to the ip address of the newly deployed VIC appliance and you should be prompted to complete the installation by entering your vcenter credentials.


After the appliance is online and the vcenter credentials added, you will then download the container engine bundle.  Towards the bottom left you will see Deploy a VCH > Download the vSphere Integrated Containers Engine Bundle.


Installation of the client plug-in for vCenter Server Applaince

These steps will get you through installation of the plugin, my example uses the vcsa and the html5 client – (making use of 6.5.0d or later)


Connect as root user to the vcsa

sh root@ip_of_your_vcsa

Enable shell

> shell

Set required environment varibles

export VIC_ADDRESS=vic_appliance_addres

-VIC file bundle variable (make sure this matches the file, my version was 1.3.1
export VIC_BUNDLE=vic_v1.3.1.tar.gz

Use curl as below to copy the VIC bundle to the vcener
curl -kL https://${VIC_ADDRESS}:9443/files/${VIC_BUNDLE} -o ${VIC_BUNDLE}

Untar the VIC binaries
tar -zxf ${VIC_BUNDLE}
CD to vi ui folder and run the installation script
cd vic/ui/VCSA

When prompted, enter the ip address of the vcsa, as well as the username and password for an administrator account

Lastly you will then need to restart vsphere client services.
service-control --stop vsphere-ui
service-control --start vsphere-ui
service-control --stop vsphere-client
service-control --start vsphere-client


Now you should be able to log into your vcenter via HTML client, and click the vsphere logo in top left > then under inventories click the new icon for vsphere integrated containers.

If you get a permissions or ssl error, you may need to go to the appliance and approve. You can go to https://VIC-IP:8443/container/hello





work in progress

source: vmware github VIC