QUESTION 1
An organization is preparing to deploy vSphere with Tanzu and will be using the vSphere Networking stack.
How should the administrator allocate management network IP addresses for the Kubernetes Control Plane within the Supervisor Cluster?
A. Five IP addresses are required, one for each of the Control Plane VMs, one for the floating IP address of the Control Plane VM, and one spare for performing rolling cluster upgrades
B. Four f3 addresses are required, one for each of the Control Plane VMs and one spare for performing rolling cluster upgrades
C. Three P addresses are required, one for each of the Control Plane VMs
D. Six IP addresses are required, one for each of the Control Plane VMs, one for the floating IP address of the Control Plane VM, one for performing rolling cluster upgrades and one for the image Registry VM.
Answer: A
Explanation:
Static IPs for Kubernetes control plane VMs
Block of 5A block of 5 consecutive static IP addresses to be assigned to the Kubernetes control plane VMs in the Supervisor Cluster.
QUESTION 2
Which command should be used by a developer to log in to the vSphere with Tanzu Supervisor Cluster?
A. vmwarectl login –server-<KUBERNETES-CONTROL-PLANE-IP-ADDRESS> –vsphere-username <VCENTER-SSO-USER>
B. kubectl vsphere login –server=<KUBERNETES-CONTROL-PLANE-IP-ADDRESS> –vsphere- username <vcENTER-SSO-USER>
C. vmwarectl vsphere login –server–<KUBERNETES-CONTROL-PLANE-IP-ADDRESS> –vsphere- username <VCENTER-SSO-USER>
D. kubectl login –server=<KUBERNETES-CONTROL-PLANE-lP-ADDRESS> –vsphere-username <VCENTER-SSO-USER>
Answer: B
Explanation:
Authenticating Using kubectl
In vSphere with Tanzu, authentication is performed using vCenter Single Sign-On. You run the command kubectl vsphere login to authenticate a user through vCenter Single Sign-On to Kubernetes clusters.
kubectl vsphere login –server <kubernetes control plane> -u <username>
The –insecure-skip-tls-verify flag is required if the certificate presented by the vSphere with Tanzu control plane is not trusted by the client machine. The control plane is signed by the vCenter Server VMware CA by default. You can replace the control plane certificate with a trusted certificate if needed. Alternatively, install the vCenter Server VMware CA root certificate into your client machine to remove the need for the –insecure-skip-tls-verify flag.
QUESTION 3
Which external load balancer is supported in vSphere 7 U1 using the vSphere networking stack?
A. Nginx
B. Seesaw
C. Loadmaster
D. HAProxy
Answer: D
Explanation:
When using vSphere with Tanzu with vDS networking, HAProxy provides load balancing for developers accessing the Tanzu Kubernetes control plane, and for Kubernetes Services of Type Load Balancer. Review the possible topologies that you can implement for the HAProxy load balancer.
https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-1F885AAE- 92FF-41E6-BF04-0F0FD4173BD9.html
The HAProxy appliance is an open-source solution developed by HAProxy Technologies and chosen by VMware as the first supported open-source load balancer for use with vSphere with Tanzu. With the HAProxy, external network traffic is routed to Kubernetes pods running in the vSphere with Tanzu environment.