This third blog describe the steps to do once your cluster is initialized and in ready state.
In case you missed the first 2 blogs you can find them here and there. Ok, now from our jump server, we need to configure our Tanzu managed cluster with base tools then we’ll configure tools regarding our licence (Tanzu Kubernetes Standard Edition).
Tanzu Kubernetes CLI
You need to install Tanzu CLI, thus you’ll be able to manage your cluster(s) to
- Create and manage management clusters
- Create and manage workload clusters
- Manage Kubernetes releases
- Install and manage packages
- Create and manage application workloads
- Configure the Tanzu CLI itself
As a reminder, we are on a jump server (We can also call it the bootstrap machine as named in the official documentation), so we have to install the CLI as mentioned in the documentation.
Once installed, let’s try to initialize the Tanzu CLI.
$ tanzu init
Checking for required plugins...
Installing plugin 'login:v0.25.0'
Installing plugin 'management-cluster:v0.25.0'
Installing plugin 'package:v0.25.0'
Installing plugin 'pinniped-auth:v0.25.0'
Installing plugin 'secret:v0.25.0'
Installing plugin 'telemetry:v0.25.0'
Successfully installed all required plugins
✔ successfully initialized CLI
$ tanzu version
version: v0.25.0
buildDate: 2022-08-25
sha: 6288c751-dirty
If installation is correct, you should see the following.
$ tanzu plugin list
NAME DESCRIPTION SCOPE DISCOVERY VERSION STATUS
login Login to the platform Standalone default v0.25.0 installed
management-cluster Kubernetes management-cluster operations Standalone default v0.25.0 installed
package Tanzu package management Standalone default v0.25.0 installed
pinniped-auth Pinniped authentication operations (usually not directly invoked) Standalone default v0.25.0 installed
secret Tanzu secret management Standalone default v0.25.0 installed
telemetry Configure cluster-wide telemetry settings Standalone default v0.25.0 installed
Before we continue, let’s create the kube config for our managed cluster.
$ tanzu login
? Select login type Local kubeconfig
? Enter path to kubeconfig (if any)
? Enter kube context to use tkgs-cluster-1
? Give the server a name DEV
✔ successfully logged in to management cluster using the kubeconfig DEV
Checking for required plugins...
All required plugins are already installed and up-to-date
Tanzu Kubernetes packages
At that point, we are ready to install packages in our cluster, theses packages are part of what’s available regarding the licence we have chosen. If you remember, I said we have the Tanzu Standard licence, so we start by installing the standard repository
$ tanzu package repository get tanzu-standard -n tanzu-package-repo-global
NAME: tanzu-standard
VERSION: 11066922
REPOSITORY: projects.registry.vmware.com/tkg/packages/standard/repo
TAG: v1.6.0
STATUS: Reconcile succeeded
REASON:
$ tanzu package repository update tanzu-standard --url projects.registry.vmware.com/tkg/packages/standard/repo -n tanzu-package-repo-global
Updating package repository 'tanzu-standard'
Getting package repository 'tanzu-standard'
Validating provided settings for the package repository
Updating package repository resource
Waiting for 'PackageRepository' reconciliation for 'tanzu-standard'
'PackageRepository' resource install status: Reconciling
'PackageRepository' resource install status: ReconcileSucceeded
Updated package repository 'tanzu-standard' in namespace 'tanzu-package-repo-global'
In case you get this error, check your firewall configuration.
NAME: tanzu-standard
VERSION: 11039009
REPOSITORY: projects.registry.vmware.com/tkg/packages/standard/repo
TAG: v1.6.0
STATUS: Reconcile failed: Fetching resources: Error (see .status.usefulErrorMessage for details)
REASON: vendir: Error: Syncing directory '0':
Syncing directory '.' with imgpkgBundle contents:
Imgpkg: exit status 1 (stderr: imgpkg: Error: Checking if image is bundle:
Fetching image:
Error while preparing a transport to talk with the registry:
Unable to create round tripper:
Get "https://projects.registry.vmware.com/v2/": dial tcp x.x.x.x:443: i/o timeout)
Let’s list all components that are available.
$ tanzu package available list
NAME DISPLAY-NAME SHORT-DESCRIPTION LATEST-VERSION
cert-manager.tanzu.vmware.com cert-manager Certificate management 1.7.2+vmware.1-tkg.1
contour.tanzu.vmware.com contour An ingress controller 1.20.2+vmware.1-tkg.1
external-dns.tanzu.vmware.com external-dns This package provides DNS synchronization functionality. 0.11.0+vmware.1-tkg.2
fluent-bit.tanzu.vmware.com fluent-bit Fluent Bit is a fast Log Processor and Forwarder 1.8.15+vmware.1-tkg.1
fluxcd-helm-controller.tanzu.vmware.com Flux Helm Controller Helm controller is one of the components in FluxCD GitOps toolkit. 0.21.0+vmware.1-tkg.1
fluxcd-kustomize-controller.tanzu.vmware.com Flux Kustomize Controller Kustomize controller is one of the components in Fluxcd GitOps toolkit. 0.24.4+vmware.1-tkg.1
fluxcd-source-controller.tanzu.vmware.com Flux Source Controller The source-controller is a Kubernetes operator, specialised in artifacts 0.24.4+vmware.1-tkg.4
acquisition from external sources such as Git, Helm repositories and S3 buckets.
grafana.tanzu.vmware.com grafana Visualization and analytics software 7.5.16+vmware.1-tkg.1
harbor.tanzu.vmware.com harbor OCI Registry 2.5.3+vmware.1-tkg.1
multus-cni.tanzu.vmware.com multus-cni This package provides the ability for enabling attaching multiple network 3.8.0+vmware.1-tkg.1
interfaces to pods in Kubernetes
prometheus.tanzu.vmware.com prometheus A time series database for your metrics 2.36.2+vmware.1-tkg.1
whereabouts.tanzu.vmware.com whereabouts A CNI IPAM plugin that assigns IP addresses cluster-wide 0.5.1+vmware.2-tkg.1
The Tanzu Standard Licence comes with
- Cert-manager: A certificates management
- Contour: An ingress controller
- External-dns: A complement to coreDNS but for external name resolution
- Fluent-bit: For logging
- Flux: For the CI/CD
- Grafana: A dashboard tool to visualize metrics
- Harbor: An OCI registry
- Multus-cni: A tool to enable attaching multiple network
- Prometheus: A TSDB for metrics
- Whereabouts: A CNI IPAM
The first package to install is cert-manager as it will simplify the process of obtaining, renewing and using certificates. Remember that it is required to install it first.
$ tanzu package install cert-manager \
> --package-name cert-manager.tanzu.vmware.com \
> --version 1.7.2+vmware.1-tkg.1 \
> --namespace tanzu-packages \
> --create-namespace
Installing package 'cert-manager.tanzu.vmware.com'
Creating namespace 'tanzu-packages'
Getting package metadata for 'cert-manager.tanzu.vmware.com'
Creating service account 'cert-manager-tanzu-packages-sa'
Creating cluster admin role 'cert-manager-tanzu-packages-cluster-role'
Creating cluster role binding 'cert-manager-tanzu-packages-cluster-rolebinding'
Creating package resource
Waiting for 'PackageInstall' reconciliation for 'cert-manager'
'PackageInstall' resource install status: Reconciling
'PackageInstall' resource install status: ReconcileSucceeded
Added installed package 'cert-manager'
Then, you are free to install the components that comes with your Tanzu licence or install yours. To keep it simple i suggest you install contour so that your ingress configuration will be smoother. Out-of-the-Box installation will go like that.
$ tanzu package install contour \
> --package-name contour.tanzu.vmware.com \
> --version 1.20.2+vmware.1-tkg.1 \
> --namespace tanzu-packages \
> --create-namespace
Installing package 'contour.tanzu.vmware.com'
Updating package 'contour'
Getting package install for 'contour'
Updated installed package 'contour'
$ tanzu package installed list -A
NAME PACKAGE-NAME PACKAGE-VERSION STATUS NAMESPACE
cert-manager cert-manager.tanzu.vmware.com 1.7.2+vmware.1-tkg.1 Reconcile succeeded tanzu-packages
contour contour.tanzu.vmware.com 1.20.2+vmware.1-tkg.1 Reconcile succeeded tanzu-packages
Once installed, you can check the status in the dedicated namespace
$ kubectl get all -n tanzu-system-ingress
NAME READY STATUS RESTARTS AGE
pod/contour-f446f5f57-9kdsh 1/1 Running 0 2m38s
pod/contour-f446f5f57-th9jw 1/1 Running 0 2m38s
pod/envoy-8lg9k 2/2 Running 0 2m39s
pod/envoy-rm2s9 2/2 Running 0 2m39s
pod/envoy-xt9mb 2/2 Running 0 2m39s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/contour ClusterIP 10.108.109.150 <none> 8001/TCP 2m39s
service/envoy NodePort 10.99.237.57 <none> 80:31532/TCP,443:32046/TCP 2m38s
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/envoy 3 3 3 3 3 <none> 2m39s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/contour 2/2 2 2 2m38s
NAME DESIRED CURRENT READY AGE
replicaset.apps/contour-f446f5f57 2 2 2 2m38
Uhh something looks not good, my external-IP has a <none> instead of an IP.
Well, I will have to reinstall it with custom properties. It will be a good exercise to remove a package in Tanzu.
Deleting a package is an easy-peasy task in case your require it, in our case, we wanted to customize its configuration to set envoy service as LoadBalancer type to be able to expose our applications. Let’s delete contour package.
$ tanzu package installed delete contour -n tanzu-packages
Deleting installed package 'contour' in namespace 'tanzu-packages'. Are you sure? [y/N]: y
Uninstalling package 'contour' from namespace 'tanzu-packages'
Getting package install for 'contour'
Deleting package install 'contour' from namespace 'tanzu-packages'
'PackageInstall' resource deletion status: Deleting
Deleting admin role 'contour-tanzu-packages-cluster-role'
Deleting role binding 'contour-tanzu-packages-cluster-rolebinding'
Deleting service account 'contour-tanzu-packages-sa'
Uninstalled package 'contour' from namespace 'tanzu-packages'
Then to generate the default values and adapt it for our needs we can do the following.
$ tanzu package available get contour.tanzu.vmware.com/1.20.2+vmware.1-tkg.1 --generate-default-values-file
NAME: contour.tanzu.vmware.com
VERSION: 1.20.2+vmware.1-tkg.1
RELEASED-AT: 2022-06-14 02:00:00 +0200 CEST
DISPLAY-NAME: contour
SHORT-DESCRIPTION: An ingress controller
PACKAGE-PROVIDER: VMware
MINIMUM-CAPACITY-REQUIREMENTS: Varies significantly based on number of Services, Ingresses/HTTPProxies, etc. A starting point is 128MB RAM and 0.5 CPU for each Contour and Envoy pod, but this can and should be tuned based on observed usage.
LONG-DESCRIPTION: An Envoy-based ingress controller that supports dynamic configuration updates and multi-team ingress delegation. See https://projectcontour.io for more information.
MAINTAINERS: [{Steve Kriss} {Steve Sloka} {Nick Young} {Sunjay Bhatia} {Nicholas Seemiller}]
RELEASE-NOTES: contour 1.20.2 https://github.com/projectcontour/contour/releases/tag/v1.20.2
LICENSE: [VMware’s End User License Agreement (Underlying OSS license: Apache License 2.0)]
SUPPORT: Support provided by VMware for deployment on TKG 1.4+ clusters. Best-effort support for deployment on any conformant Kubernetes cluster. Contact support by opening a support request via VMware Cloud Services or my.vmware.com.
CATEGORY: [ingress]
Created default values file at /home/tanzu/contour-default-values.yaml
I set the following.
envoy:
service:
type: LoadBalancer
Then rerun the installation of contour with my custom values file.
$ tanzu package install contour --package-name contour.tanzu.vmware.com --version 1.20.2+vmware.1-tkg.1 --namespace tanzu-packages --create-namespace --values-file contour-data-values.yaml
Installing package 'contour.tanzu.vmware.com'
Creating namespace 'tanzu-packages'
Getting package metadata for 'contour.tanzu.vmware.com'
Creating service account 'contour-tanzu-packages-sa'
Creating cluster admin role 'contour-tanzu-packages-cluster-role'
Creating cluster role binding 'contour-tanzu-packages-cluster-rolebinding'
Creating secret 'contour-tanzu-packages-values'
Creating package resource
Waiting for 'PackageInstall' reconciliation for 'contour'
'PackageInstall' resource install status: Reconciling
'PackageInstall' resource install status: ReconcileSucceeded
'PackageInstall' resource successfully reconciled
Added installed package 'contour'
Now check our envoy configuration
$ kubectl get all -n tanzu-system-ingress
NAME READY STATUS RESTARTS AGE
pod/contour-6c5977c549-46hw4 1/1 Running 0 8m55s
pod/contour-6c5977c549-vdswd 1/1 Running 0 8m55s
pod/envoy-d6kmv 2/2 Running 0 8m55s
pod/envoy-fvpn6 2/2 Running 0 8m55s
pod/envoy-wjk4m 2/2 Running 0 8m55s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/contour ClusterIP 10.110.74.158 <none> 8001/TCP 8m55s
service/envoy LoadBalancer 10.107.24.71 172.15.160.111 80:31930/TCP,443:31169/TCP 8m55s
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/envoy 3 3 3 3 3 <none> 8m55s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/contour 2/2 2 2 8m55s
NAME DESIRED CURRENT READY AGE
replicaset.apps/contour-6c5977c549 2 2 2 8m55s
Conclusion

You are now ready to have some fun and install some applications in your cluster.
I hope this “tuto” helped you a bit to start your journey with Tanzu Kubernetes.