Creating a Container Host with vSphere Integrated Containers

Once you have the VIC virtual machine deployed you can create a container host. for information on deploying the VIC VM see either of these posts:

Deploying vSphere Integrated Containers using the PowerCli

Deploying VIC from the GUI on ESX nodes

I already have a VIC VM deployed on with the registry listening on port 443 and admiral listening on port 8282.

Download VIC tools

The first step is to download the vic-machine tools from the VM that is deployed. This is done by accessing you VM on port 9443 which is the default port if you did not select some thing different when deploying it.

Downloading the vic tools

Download and untar the vic_1.1.1.tar.gz file to a location where you want to run the commands from.

Get vCenter SSL cert thumbprint

While executing the commands to deploy the container host we will be asked for the thumbprint of vCenter’s SSL cert for security reasons. To get the thumbprint we need to inspect the SSL cert from a browser. There are other ways but the easiest I find is via the browser.

I am using chrome and to access the cert details you need to open the developer tools. This can be done by clicking on the 3 dots to the right of the address bar while on the vCenter webpage. Select More Tools then Developer Tools like below.

Chrome Developer Tools

This in turn opens a sidebar that has chromes developer tools.

Chrome View Certificate

Click on Security and then  View Certificate.

vCenter Certificate

If you click on the Details  tab and scroll down to the thumbprint parameter. Copy this value as we will need it later.

Download Harbor’s Root CA

Download root CA

If you intend on using the Harbor container registry, you will also need to download the root CA from our previously deployed registry.

Access the registry and log in as admin with the password you specified while creating it.

On the top right, click on the drop down beside the admin username and you select Download Root Cert.

Save this file to a location where you can access it later.

To make things easy, I have saved this file to the same folder where I extracted our VIC files earlier.

VIC Files

Create a bridge Network

For each and every Virtual Container Host you deploy you will need a bridge network. It is one of the mandatory networks that are required within each VCH. I will discuss networking in greater detail in a later post but for now we will create the bridge network.

Within vCenter, navigate to the networking section and click on your distributed switch.

Create New Dist Port Group

Right click and add new distributed port group.

Group Name

Give your new port group a name that is recognisable as the bridge network for that VCH. In this case I named mine VCH01-Bridge.

group settings

I left these values at their default but change any of these as you see necessary. Proceed to the next page and confirm.

This can also be achieved with a simple command using the PowerCli.

New-VDPortgroup -Name VCH01-Bridge -VDSwitch LabDistSwitch


Creating the container host

There are different executables depending on your OS but in my case I am using windows so I will use the vic-machine-windows executable to deploy my VCH. Open powershell or a command prompt and navigate to the root directory that contains these executables.

To deploy the Virtual container host, I executed the following command:

$password = Read-Host 'What is your Password?'

c:\vic\vic-machine-windows.exe create `
--target "https://dartagnan.home.lab/home.lab" `
--user "eamonn@home.lab" `
--password $password `
--no-tlsverify `
--tls-cname "vch01.home.lab" `
--organization "Home Lab" `
--name "VCH01" `
--image-store "vsanDatastore" `
--bridge-network "VCH01-Bridge" `
--public-network "Management" `
--public-network-ip "" `
--public-network-gateway "" `
--dns-server "" `
--dns-server "" `
--timeout 60m `
--registry-ca="c:\vic\ca.crt" `

This should result in the following output:

results of command

You can now execute docker commands against the VCH.

Docker results

One comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s