HackMD
    • Create new note
    • Create a note from template
      • Sharing URL Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Customize slides
      • Note Permission
      • Read
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Write
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • More features Commenting, Suggest edit
      • Invitee
      • No invitee
    • Publish Note

      Publish Note

      Everyone on the web can find and read all notes of this public team.
      Once published, notes can be searched and viewed by anyone online.
      See published notes
      Please check the box to agree to the Community Guidelines.
    • Commenting
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Suggest edit
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
    • Options
    • Versions and GitHub Sync
    • Transfer ownership
    • Delete this note
    • Note settings
    • Template
    • Save as template
    • Insert from template
    • Export
    • Dropbox
    • Export to Google Drive
    • Gist
    • Import
    • Dropbox
    • Import from Google Drive
    • Gist
    • Clipboard
    • Download
    • Markdown
    • HTML
    • Raw HTML
Menu Note settings Sharing URL Create Help
Create Create new note Create a note from template
Menu
Options
Versions and GitHub Sync Transfer ownership Delete this note
Export
Dropbox Export to Google Drive Gist
Import
Dropbox Import from Google Drive Gist Clipboard
Download
Markdown HTML Raw HTML
Back
Sharing URL Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Customize slides
Note Permission
Read
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Write
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
More features Commenting, Suggest edit
Invitee
No invitee
Publish Note

Publish Note

Everyone on the web can find and read all notes of this public team.
Once published, notes can be searched and viewed by anyone online.
See published notes
Please check the box to agree to the Community Guidelines.
More features
Commenting
Permission
Disabled Forbidden Owners Signed-in users Everyone
Enable
Permission
  • Forbidden
  • Owners
  • Signed-in users
  • Everyone
Suggest edit
Permission
Disabled Forbidden Owners Signed-in users Everyone
Enable
Permission
  • Forbidden
  • Owners
  • Signed-in users
   owned this note    owned this note      
Published Linked with GitHub
Subscribed
  • Any changes
    Be notified of any changes
  • Mention me
    Be notified of mention me
  • Unsubscribe
Subscribe
# Workshop Guide for Demo Appliance for Tanzu Kubernetes Grid 1.3.1 Fling Pre-requisites: https://hackmd.io/rHOUvdS3QsGlhCpGRU-hOQ # TKG Cluster Deployment ## Step 1. SSH to TKG Demo Appliance SSH to the TKG Demo Appliance using `root`. If you can access the VM without going over the public internet, then the address would be 192.168.2.2 or whatever address you had configured for the TKG Demo Appliance. ![](https://i.imgur.com/jZnOWqq.png) ## Step 2. Create SSH Key Createa public SSH key which is required for deployment and can be used for debugging and troubleshooting purposes. Run `ssh-kegen` command and just hit return on all the defaults ``` ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. ... ``` The generated public key is stored in `/root/.ssh/id_rsa.pub` and this will be required for setting up both TKG Management and Workload Cluster. ## Step 3. Deploy TKG Management Cluster TKG Management Cluster can be deployed using either the Tanzu UI or CLI. When using the TKG Demo Appliance, the Tanzu CLI method is the only supported option due to its use of an embedded private Harbor Registry. ### Tanzu CLI The TKG Demo Appliance includes 6 example YAML files: For VMware Cloud on AWS environment * **vmc-tkg-mgmt-template.yaml** * **vmc-tkg-workload-1-template.yaml** * **vmc-tkg-workload-2-template.yaml** For On-Premises vSphere envionrment * **vsphere-tkg-mgmt-template.yaml** * **vsphere-tkg-workload-1-template.yaml** * **vsphere-tkg-workload-2-template.yaml** Edit the respective TKG Mgmt and Workload Templates based on your enviornment using either the vi or nano editor and update the `VSPHERE_SERVER` variable with the Internal IP Address of your VMC vCenter Server (e.g. 10.2.224.4) and `VSPHERE_PASSWORD` variable with the credentials for cloudadmin@vmc.local account. ``` VSPHERE_SERVER: 10.2.224.4 VSPHERE_PASSWORD: FILL-ME-IN ```` You will also need to update the `VSPHERE_SSH_AUTHORIZED_KEY` variable and fill in the SSH key that was generated from Step 2 and save the file when you have finished. ``` VSPHERE_SSH_AUTHORIZED_KEY: FILL-ME-IN ``` If you have other changes that deviate from this example, make sure to update those as well. > **Note:** The YAML files is just an example for demo purposes. You can update other variables to match your environment. In this example, the Virtual IP Address that will be used for the Management Control Plane to deploy K8s Management Cluster will be `192.168.2.3` which can be changed by updating the `VSPHERE_CONTROL_PLANE_ENDPOINT` variable Run the following command to create the TKG Management Cluster: ``` # tanzu management-cluster create -f vmc-tkg-mgmt-template.yaml -v2 Validating the pre-requisites... vSphere 7.0 Environment Detected. You have connected to a vSphere 7.0 environment which does not have vSphere with Tanzu enabled. vSphere with Tanzu includes an integrated Tanzu Kubernetes Grid Service which turns a vSphere cluster into a platform for running Kubernetes workloads in dedicated resource pools. Configuring Tanzu Kubernetes Grid Service is done through vSphere HTML5 client. Tanzu Kubernetes Grid Service is the preferred way to consume Tanzu Kubernetes Grid in vSphere 7.0 environments. Alternatively you may deploy a non-integrated Tanzu Kubernetes Grid instance on vSphere 7.0. Deploying TKG management cluster on vSphere 7.0 ... Identity Provider not configured. Some authentication features won't work. Setting up management cluster... Validating configuration... Using infrastructure provider vsphere:v0.7.7 Generating cluster configuration... Setting up bootstrapper... Bootstrapper created. Kubeconfig: /root/.kube-tkg/tmp/config_ERY0D78L Installing providers on bootstrapper... Fetching providers Installing cert-manager Version="v0.16.1" Waiting for cert-manager to be available... Installing Provider="cluster-api" Version="v0.3.14" TargetNamespace="capi-system" Installing Provider="bootstrap-kubeadm" Version="v0.3.14" TargetNamespace="capi-kubeadm-bootstrap-system" Installing Provider="control-plane-kubeadm" Version="v0.3.14" TargetNamespace="capi-kubeadm-control-plane-system" Installing Provider="infrastructure-vsphere" Version="v0.7.7" TargetNamespace="capv-system" Start creating management cluster... Saving management cluster kubeconfig into /root/.kube/config Installing providers on management cluster... Fetching providers Installing cert-manager Version="v0.16.1" Waiting for cert-manager to be available... Installing Provider="cluster-api" Version="v0.3.14" TargetNamespace="capi-system" Installing Provider="bootstrap-kubeadm" Version="v0.3.14" TargetNamespace="capi-kubeadm-bootstrap-system" Installing Provider="control-plane-kubeadm" Version="v0.3.14" TargetNamespace="capi-kubeadm-control-plane-system" Installing Provider="infrastructure-vsphere" Version="v0.7.7" TargetNamespace="capv-system" Waiting for the management cluster to get ready for move... Waiting for addons installation... Moving all Cluster API objects from bootstrap cluster to management cluster... Performing move... Discovering Cluster API objects Moving Cluster API objects Clusters=1 Creating objects in the target cluster Deleting objects from the source cluster Waiting for additional components to be up and running... Context set for management cluster tkg-mgmt-01 as 'tkg-mgmt-01-admin@tkg-mgmt-01'. Management cluster created! You can now create your first workload cluster by running the following: tanzu cluster create [name] -f [file] Some addons might be getting installed! Check their status by running the following: kubectl get apps -A ``` ## Step 3. Deploy TKG Workload Cluster In this example, the Virtual IP Address that will be used for the Management Control Plane to deploy K8s Workload Cluster called `tkg-cluster-01` will be `192.168.2.4` which can be changed by updating the `VSPHERE_CONTROL_PLANE_ENDPOINT` variable. By default, this will deploy the latest version of K8s. Run the following command to create the first TKG Workload Cluster: ``` # tanzu cluster create -f vmc-tkg-workload-1-template.yaml Validating configuration... Warning: Pinniped configuration not found. Skipping pinniped configuration in workload cluster. Please refer to the documentation to check if you can configure pinniped on workload cluster manually Creating workload cluster 'tkg-cluster-01'... Waiting for cluster to be initialized... Waiting for cluster nodes to be available... Waiting for addons installation... Workload cluster 'tkg-cluster-01' created ``` > **Note:** This can take up to 10 minutes to complete Once the TKG Cluster is up and running, we need to retrieve the credentials before we can use it. To do so, run the following command: ``` # tanzu cluster kubeconfig get --admin tkg-cluster-01 Credentials of workload cluster 'tkg-cluster-01' have been saved You can now access the cluster by running 'kubectl config use-context tkg-cluster-01-admin@tkg-cluster-01' ``` To switch context to our newly provisioned TKG Cluster, run the following command which will be based on the name of the cluster: ``` # k config use-context tkg-cluster-01-admin@tkg-cluster-01 ``` > **Note:** Another benefit of the TKG Demo Appliance is that the terminal prompt is automatically updated based on TKG Cluster context that you are currently in. If you had TKG CLI running on your desktop, this would not be known and you would have to interograte your context by using standard kubectl commands. Here is what your terminal prompt would look like after deployingn TKG Management Cluster: ![](https://i.imgur.com/XXiw8wu.png) Here is what your terminal prompt would look like after switching context to the TKG Worload Cluster: ![](https://i.imgur.com/K74XIbe.png) To list all available Kubernetes contexts in case you wish to switch, you can use the following command: ``` # k config get-contexts CURRENT NAME CLUSTER AUTHINFO NAMESPACE * tkg-cluster-01-admin@tkg-cluster-01 tkg-cluster-01 tkg-cluster-01-admin tkg-mgmt-01-admin@tkg-mgmt-01 tkg-mgmt-01 tkg-mgmt-01-admin ``` Lets ensure all pods in our new TKG Cluster is up by running the following command: ``` # k get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system antrea-agent-25jql 2/2 Running 0 5m53s kube-system antrea-agent-mqtt9 2/2 Running 1 4m15s kube-system antrea-agent-rdp75 2/2 Running 0 5m54s kube-system antrea-agent-rgkrq 2/2 Running 0 5m54s kube-system antrea-agent-sxvmr 2/2 Running 0 95s kube-system antrea-agent-xmt66 2/2 Running 0 5m53s kube-system antrea-controller-744f9d6565-fcwcs 1/1 Running 0 5m54s kube-system coredns-6d8c4747b6-75rrt 1/1 Running 0 6m55s kube-system coredns-6d8c4747b6-pbvdc 1/1 Running 0 6m55s kube-system etcd-tkg-cluster-01-control-plane-4dvqr 1/1 Running 0 4m4s kube-system etcd-tkg-cluster-01-control-plane-65hb8 1/1 Running 0 92s kube-system etcd-tkg-cluster-01-control-plane-fzc27 1/1 Running 0 6m42s kube-system kube-apiserver-tkg-cluster-01-control-plane-4dvqr 1/1 Running 0 4m13s kube-system kube-apiserver-tkg-cluster-01-control-plane-65hb8 1/1 Running 0 93s kube-system kube-apiserver-tkg-cluster-01-control-plane-fzc27 1/1 Running 0 6m43s kube-system kube-controller-manager-tkg-cluster-01-control-plane-4dvqr 1/1 Running 0 4m13s kube-system kube-controller-manager-tkg-cluster-01-control-plane-65hb8 1/1 Running 0 93s kube-system kube-controller-manager-tkg-cluster-01-control-plane-fzc27 1/1 Running 1 6m43s kube-system kube-proxy-7488n 1/1 Running 0 5m54s kube-system kube-proxy-9h77v 1/1 Running 0 5m54s kube-system kube-proxy-dmf7g 1/1 Running 0 4m15s kube-system kube-proxy-jnjk5 1/1 Running 0 95s kube-system kube-proxy-l4twp 1/1 Running 0 6m55s kube-system kube-proxy-x9fqj 1/1 Running 0 5m53s kube-system kube-scheduler-tkg-cluster-01-control-plane-4dvqr 1/1 Running 0 4m4s kube-system kube-scheduler-tkg-cluster-01-control-plane-65hb8 1/1 Running 0 94s kube-system kube-scheduler-tkg-cluster-01-control-plane-fzc27 1/1 Running 1 6m43s kube-system kube-vip-tkg-cluster-01-control-plane-4dvqr 1/1 Running 0 4m13s kube-system kube-vip-tkg-cluster-01-control-plane-65hb8 1/1 Running 0 93s kube-system kube-vip-tkg-cluster-01-control-plane-fzc27 1/1 Running 0 6m43s kube-system metrics-server-6f7854bb4f-rgmkl 1/1 Running 0 6m28s kube-system vsphere-cloud-controller-manager-46dfc 1/1 Running 1 5m57s kube-system vsphere-cloud-controller-manager-g6dnf 1/1 Running 0 3m17s kube-system vsphere-cloud-controller-manager-rwwkd 1/1 Running 0 89s kube-system vsphere-csi-controller-79f8c6d6d8-l5zb8 6/6 Running 4 6m29s kube-system vsphere-csi-node-g4rvl 3/3 Running 0 5m53s kube-system vsphere-csi-node-mg9wc 3/3 Running 0 5m54s kube-system vsphere-csi-node-ng94q 3/3 Running 0 95s kube-system vsphere-csi-node-pt7kw 3/3 Running 0 5m54s kube-system vsphere-csi-node-wmxdz 3/3 Running 0 6m29s kube-system vsphere-csi-node-zf4hw 3/3 Running 0 4m15s tkg-system kapp-controller-7466874568-vxjvz 1/1 Running 0 6m57s ``` ## Step 4. Upgrade TKG Workload Cluster To be able to deploy earlier releases of K8s version, we can list the diffrent K8s releases by using the following command: ``` # tanzu kubernetes-release get NAME VERSION COMPATIBLE UPGRADEAVAILABLE v1.19.9---vmware.2-tkg.1 v1.19.9+vmware.2-tkg.1 True True v1.20.5---vmware.2-tkg.1 v1.20.5+vmware.2-tkg.1 True False ``` > **Note:** The TKG Demo Appliance has only been configured to support the latest two versions To deploy TKG v1.19.9 for example, we will need to specify version as `v1.19.9---vmware.2-tkg.1` using the `--tkr` command-line option. Run the following command to deploy a TKG v1.19.9 Workload Cluster called `tkg-cluster-02` which will use `192.168.2.5` as the Virtual IP Address for TKG Workload Cluster Control Plane. ``` # tanzu cluster create -f vmc-tkg-workload-2-template.yaml --tkr v1.19.9---vmware.2-tkg.1 Validating configuration... Warning: Pinniped configuration not found. Skipping pinniped configuration in workload cluster. Please refer to the documentation to check if you can configure pinniped on workload cluster manually Creating workload cluster 'tkg-cluster-02'... Waiting for cluster to be initialized... Waiting for cluster nodes to be available... Waiting for addons installation... Workload cluster 'tkg-cluster-02' created ``` > **Note:** This can take up to 10 minutes to complete Once the new TKG v1.19.9 Cluster has been provisioned, we can confirm its version before upgrading by running the following command: ``` # tanzu cluster list NAME NAMESPACE STATUS CONTROLPLANE WORKERS KUBERNETES ROLES PLAN tkg-cluster-01 default running 3/3 3/3 v1.20.5+vmware.2 <none> prod tkg-cluster-02 default running 3/3 3/3 v1.19.9+vmware.2 <none> prod ``` To start the upgrade, simply run the following command and specify the name of the cluster: ``` # tanzu cluster upgrade tkg-cluster-02 Upgrading workload cluster 'tkg-cluster-02' to kubernetes version 'v1.20.5+vmware.2'. Are you sure? [y/N]: y Validating configuration... Verifying kubernetes version... Retrieving configuration for upgrade cluster... Using custom image repository: registry.rainpole.io/library Create InfrastructureTemplate for upgrade... Configuring cluster for upgrade... Upgrading control plane nodes... Patching KubeadmControlPlane with the kubernetes version v1.20.5+vmware.2... Warning: Image accessibility verification failed. Image registry.rainpole.io/library/kube-proxy:v1.19.9_vmware.2 is not reachable from current machine. Please make sure the image is pullable from the Kubernetes node for upgrade to complete successfully Waiting for kubernetes version to be updated for control plane nodes Upgrading worker nodes... Patching MachineDeployment with the kubernetes version v1.20.5+vmware.2... Waiting for kubernetes version to be updated for worker nodes... updating additional components: 'metadata/tkg' ... updating additional components: 'addons-management/kapp-controller' ... Cluster 'tkg-cluster-02' successfully upgraded to kubernetes version 'v1.20.5+vmware.2' ``` > **Note:** The warning message about Image accessiblity is expected and is a benign message due to the air-gap setup of the TKG Demo Appliance Depending on the size of your TKG Cluster, this operation can take some time to complete. To confirm the version of TKG Cluster after the upgrade, we can run the following command to verify: ``` # tanzu cluster list NAME NAMESPACE STATUS CONTROLPLANE WORKERS KUBERNETES ROLES PLAN tkg-cluster-01 default running 3/3 3/3 v1.20.5+vmware.2 <none> prod tkg-cluster-02 default running 3/3 3/3 v1.20.5+vmware.2 <none> prod ``` ## Step 5 Tanzu Mission Control (Optional) > **Note:** Internet connectivity will be required from the TKG Network to reach Tanzu Mission Control service. Login to [VMware Cloud Console](https://console.cloud.vmware.com/) and ensure that you have been entitled to the Tanzu Mission Control(TMC) service. You can confirm this by making sure you see the TMC Service tile as shown below. If you are not entitled, please reach out to your VMware account team to register for TMC evaluation. ![](https://i.imgur.com/bjAae69.png) ### Register TKG Management Cluster This enables the ability to manage and easily register TKG Workload Clusters directly from the TMC console. Click on **Cluster groups** and create a new TMC Cluster Group. In this example, the group is named **vmc-cluster** ![](https://i.imgur.com/147429D.png) Navigate to **Administration** and then click on **Register Management Cluster** button to begin the process. Provide a name for our TKG Management Cluster which in this example will be named **tkg-mgmt-01** and select the TMC Cluster Group that was created in previous step. ![](https://i.imgur.com/yT736Dh.png) The last step is to deploy the TMC Control Agent to our TKG Management Cluster. ![](https://i.imgur.com/wiRjwZr.png) Copy the TMC URL and run the following command within the context of the TKG Management Cluster. ``` # k config use-context tkg-mgmt-01-admin@tkg-mgmt-01 # k apply -f '<tmcControlAgentYAMLURL>' namespace/vmware-system-tmc created configmap/stack-config created secret/tmc-access-secret created Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition customresourcedefinition.apiextensions.k8s.io/agents.clusters.tmc.cloud.vmware.com created customresourcedefinition.apiextensions.k8s.io/extensionconfigs.intents.tmc.cloud.vmware.com created customresourcedefinition.apiextensions.k8s.io/extensionintegrations.clusters.tmc.cloud.vmware.com created customresourcedefinition.apiextensions.k8s.io/extensionresourceowners.clusters.tmc.cloud.vmware.com created customresourcedefinition.apiextensions.k8s.io/extensions.clusters.tmc.cloud.vmware.com created serviceaccount/extension-manager created clusterrole.rbac.authorization.k8s.io/extension-manager-role created clusterrolebinding.rbac.authorization.k8s.io/extension-manager-rolebinding created service/extension-manager-service created deployment.apps/extension-manager created serviceaccount/extension-updater-serviceaccount created podsecuritypolicy.policy/vmware-system-tmc-agent-restricted created clusterrole.rbac.authorization.k8s.io/vmware-system-tmc-psp-agent-restricted created Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole clusterrole.rbac.authorization.k8s.io/extension-updater-clusterrole created clusterrolebinding.rbac.authorization.k8s.io/vmware-system-tmc-psp-agent-restricted created Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding clusterrolebinding.rbac.authorization.k8s.io/extension-updater-clusterrolebinding created deployment.apps/extension-updater created serviceaccount/agent-updater created clusterrole.rbac.authorization.k8s.io/agent-updater-role created clusterrolebinding.rbac.authorization.k8s.io/agent-updater-rolebinding created deployment.apps/agent-updater created cronjob.batch/agentupdater-workload created ``` Once the deployment has completed, navigate back to TMC Console and click on **View Management Cluster** and you should now see TKG Management Cluster has been successfully registered. ![](https://i.imgur.com/2fwri4o.png) > **Note:** Provisioning of TKG Workload Cluster using the TMC UI is not supported with the air-gap configuratios of TKG Demo Appliance. ### TMC UI to Attach TKG Workload Cluster Click on **Workload Clusters** tab and then select all TKG Workload Cluster that you wish to attach to TMC and click on **Manage Clusters** button. ![](https://i.imgur.com/RrstmeN.png) You will be prompted to select the TMC Cluster Group and click **Manage** button to complete the process. ![](https://i.imgur.com/DUbfsHr.png) Once the operation has completed, the **Managed** column for the TKG Workload Cluster should now show **Yes** ### Manually Attach TKG Workload Cluster This enables the ability to manage existing TKG Workload Clusters that have been deployed using the TKG CLI. Click on your user name and navigate to "My Accounts" to create the required API token ![](https://i.imgur.com/Re1rrjk.png) Generate a new API token for the TMC service which will be required to attach our TKG Cluster that we have deployed earlier. ![](https://i.imgur.com/hszgDVL.png) Make a note of the API Token as we will need this later. If you forget to copy it or have lost it, you can simply come back into this screen and just re-generate. Lets now jump back into the TKG Demo Appliance to attach our TKG Cluster to TMC. Run the following command to login to the TMC service and provide the API Token that you had created earlier along with a context name which is user defined. ``` # tmc login -c -n tkg-cluster-01 ``` ![](https://i.imgur.com/HkRpwcc.png) To attach our TKG Cluster, we need to run the following command which will generate YAML manifest which we will need to run to actually deploy TMC Pod into our TKG Cluster ``` # tmc cluster attach -g vmc-cluster -n vmc-tkg-cluster-01 ✔ cluster "vmc-tkg-cluster-01" created successfully ℹ Run `kubectl apply -f k8s-attach-manifest.yaml` to attach the cluster ``` Finally, we run the apply to attach our TKG Cluster to TMC ``` # k apply -f k8s-attach-manifest.yaml namespace/vmware-system-tmc created configmap/stack-config created secret/tmc-client-secret created customresourcedefinition.apiextensions.k8s.io/agents.clusters.tmc.cloud.vmware.com created customresourcedefinition.apiextensions.k8s.io/extensions.clusters.tmc.cloud.vmware.com created serviceaccount/extension-manager created clusterrole.rbac.authorization.k8s.io/extension-manager-role created clusterrolebinding.rbac.authorization.k8s.io/extension-manager-rolebinding created service/extension-manager-service created deployment.apps/extension-manager created serviceaccount/extension-updater-serviceaccount created clusterrole.rbac.authorization.k8s.io/extension-updater-clusterrole created clusterrolebinding.rbac.authorization.k8s.io/extension-updater-clusterrolebinding created service/extension-updater created deployment.apps/extension-updater created serviceaccount/agent-updater created clusterrole.rbac.authorization.k8s.io/agent-updater-role created clusterrolebinding.rbac.authorization.k8s.io/agent-updater-rolebinding created deployment.apps/agent-updater created cronjob.batch/agentupdater-workload created ``` ![](https://i.imgur.com/blxDjKg.png) # TKG Demos ## Step 1. Storage Class and Persistent Volume Change into `storage` demo directory on the TKG Demo Appliance ``` cd /root/demo/storage ``` Retrieve the vSphere Datastore URL from the vSphere UI which will be used to create our Storage Class definition ![](https://i.imgur.com/rBp1ZYb.png) > **Note:** There are many ways of associating a vSphere Datastore to Storage Class definition. In VMC, this is currently required as the Cloud Native Storage/Container Storage Interface in VMC can leverage vSphere Tags yet. Edit the `defaultstorageclass.yaml` and update the `datastoreurl` property ``` kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: standard annotations: storageclass.kubernetes.io/is-default-class: "true" provisioner: csi.vsphere.vmware.com parameters: datastoreurl: ds:///vmfs/volumes/vsan:c4f738225e324622-b1e100dd1abe8249/ ``` > **Note** Make there is a trailing "/" at the end of the datastoreurl value, this is required. If you copy the URL from the vSphere UI, the correct URL will be included. Create Storage Class definition: ``` # k apply -f defaultstorageclass.yaml persistentvolumeclaim/pvc-test created ``` Confirm the Storage Class was created: ``` # k get sc NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE standard (default) csi.vsphere.vmware.com Delete Immediate false 3s ``` Create 2GB Persistent Volume called `pvc-test` using our default Storage Class: ``` # k apply -f pvc.yaml persistentvolumeclaim/pvc-test created ``` Confirm the Persistent Volum was created: ``` # k get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE pvc-test Bound pvc-ff86c605-d600-4bcc-ac03-9f511fe7cb77 2Gi RWO standard 13m ``` > **Note:** This can take up to a few seconds before the PV has been realized in vSphere We can also see the new Persistent Volume in vSphere UI by navigating to the specific vSphere Datatore under `Monitor->Container Volumes` ![](https://i.imgur.com/bzQzGSG.png) Delete the Persistent Volume: ``` # k delete pvc pvc-test persistentvolumeclaim "pvc-test" deleted ``` ## Step 2. Simple K8s Demo App Change into `yelb` demo directory on the TKG Demo Appliance ``` cd /root/demo/yelb ``` Create `yelb` namespace for our demo: ``` k create ns yelb ``` Deploy the yelb application: ``` # k apply -f yelb.yaml service/redis-server created service/yelb-db created service/yelb-appserver created service/yelb-ui created deployment.apps/yelb-ui created deployment.apps/redis-server created deployment.apps/yelb-db created deployment.apps/yelb-appserver created ``` Wait for the deployment to complete by running the following: ``` # k -n yelb get deployments NAME READY UP-TO-DATE AVAILABLE AGE redis-server 1/1 1 1 47s yelb-appserver 1/1 1 1 47s yelb-db 1/1 1 1 47s yelb-ui 1/1 1 1 47s ``` Retrieve the "UI" Pod ID: ``` # k -n yelb get pods | grep ui yelb-ui-79c68df689-66bwq 1/1 Running 0 2m ``` Retrieve the IP Address of the Worker Node running the "UI" container: ``` # k -n yelb describe pod yelb-ui-79c68df689-66bwq Name: yelb-ui-79c68df689-66bwq Namespace: yelb Priority: 0 Node: william-02-md-0-848878f85b-vddk4/192.168.2.185 Start Time: Tue, 24 Mar 2020 18:19:23 +0000 ... ... ``` The IP Address can be found at the top under the `Node:` property and in this example, it is `192.168.2.185` If you have a desktop machine that has a browser and can access the TKG Network, you can open a browser to the following address: `http://192.168.2.185:31001` If you do not have a system, then we can still connect but we will need to setup SSH port forwarding to IP Address above. ``` ssh root@[TKG-DEMO-APPLIANCE-IP] -L 30001:192.168.2.185:31001 ``` Once you have established the SSH tunnel, you can open browser on your local system `localhost:31001` The Yelb application is interactive, so you feel free to play around with it ![](https://i.imgur.com/0jffUU7.png) > **Note:** Details about this demo app can be found [here](https://www.virtuallyghetto.com/2020/03/how-to-fix-extensions-v1beta1-missing-required-field-selector-for-yelb-kubernetes-application.html) and the original author of the application is Massimo Re'Ferre (his legacy lives on as Ex-VMware) Befor proceeding to the next two demo, you will need to delete the `yelb` application: ``` k delete -f yelb.yaml ``` ## Step 3. Basic Load Balancer Change into `metallb` demo directory on the TKG Demo Appliance ``` cd /root/demo/metallb ``` Edit the `metallb-config.yaml` and update the `addresses` property using small subset of the DHCP range from the `tkg-network` network. In our example, we used 192.168.2.0/24, so lets chose the last 5 IP Addresses for the Metal LB to provision from. ``` apiVersion: v1 kind: ConfigMap metadata: namespace: metallb-system name: config data: config: | address-pools: - name: default protocol: layer2 addresses: - 192.168.2.246-192.168.2.250 ``` Create the `metallb-system` namespace: ``` # k create ns metallb-system namespace/metallb-system created ``` Create required secret: ``` # k create secret generic -n metallb-system memberlist --from-literal=secretkey="\$(openssl rand -base64 128)" secret/memberlist created ``` Deploy Metal LB: ``` # k apply -n metallb-system -f metallb.yaml podsecuritypolicy.policy/controller created podsecuritypolicy.policy/speaker created serviceaccount/controller created serviceaccount/speaker created clusterrole.rbac.authorization.k8s.io/metallb-system:controller created clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created role.rbac.authorization.k8s.io/config-watcher created role.rbac.authorization.k8s.io/pod-lister created clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created rolebinding.rbac.authorization.k8s.io/config-watcher created rolebinding.rbac.authorization.k8s.io/pod-lister created daemonset.apps/speaker created deployment.apps/controller created ``` Apply our Metal LB configuration: ``` # kubectl apply -n metallb-system -f metallb-config.yaml configmap/config created ``` Verify all pods within `metallb-system` namespace is running: ``` # k -n metallb-system get pod NAME READY STATUS RESTARTS AGE controller-66fdff65b9-bwxq7 1/1 Running 0 2m40s speaker-8jz5m 1/1 Running 0 2m40s speaker-bmxcq 1/1 Running 0 2m40s speaker-fsxq5 1/1 Running 0 2m40s speaker-t2pgj 1/1 Running 0 2m40s speaker-vggr8 1/1 Running 0 2m40s speaker-zjw7v 1/1 Running 0 2m40s ``` ## Step 4. Basic K8s Demo App Using Load Balancer Change into `yelb` demo directory on the TKG Demo Appliance ``` cd /root/demo/yelb ``` Deploy the yelb Load Balancer version of the application: ``` # k apply -f yelb-lb.yaml service/redis-server created service/yelb-db created service/yelb-appserver created service/yelb-ui created deployment.apps/yelb-ui created deployment.apps/redis-server created deployment.apps/yelb-db created deployment.apps/yelb-appserver created ``` Wait for the deployment to complete by running the following: ``` # k -n yelb get deployments NAME READY UP-TO-DATE AVAILABLE AGE redis-server 1/1 1 1 52s yelb-appserver 1/1 1 1 52s yelb-db 1/1 1 1 52s yelb-ui 1/1 1 1 52s ``` Retrieve the Load Balancer IP for the Yelb Service: ``` # k -n yelb get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE redis-server ClusterIP 100.66.186.168 <none> 6379/TCP 84s yelb-appserver ClusterIP 100.65.7.122 <none> 4567/TCP 84s yelb-db ClusterIP 100.69.33.14 <none> 5432/TCP 84s yelb-ui LoadBalancer 100.68.255.238 192.168.2.245 80:31376/TCP 84s ``` We should see an IP Address allcoated from our Metal LB range in the `EXTERNAL-IP` column. Instead of connecting directly to a specific TKG Cluster Node, we can now connect via this Load Balancer IP and you will see it is mapped to port 80 instead of the original appplicatio port on 31001 If you have a desktop machine that has a browser and can access the TKG Network, you can open a browser to the following address: `http://192.168.2.245` If you do not have a system, then we can still connect but we will need to setup SSH port forwarding to IP Address above and we'll use local port of 8081 to ensure there are no conflicts ``` ssh root@[TKG-DEMO-APPLIANCE-IP] -L 8081:192.168.2.245:80 ``` Once you have established the SSH tunnel, you can open browser on your local system `localhost:8081` # Extras (Optional) ## Harbor A local Harbor instance is running on the TKG Demo Appliance and provides all the required containers for setting up TKG Clusters and TKG demos in an air-gap/non-internet environment. You can connect to the Harbor UI by pointing a browser to the address of your TKG Demo Appliance with the following credentials: Username: `admin` Password: `Tanzu1!` ![](https://i.imgur.com/evV3YoG.png) You can also login to Harbor using Docker CLI to push and/or pull additional containers by using the following: ``` # docker login -u admin -p Tanzu1! registry.rainpole.io/library WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded ``` > **Note:** You must use `registry.rainpole.io` which is a real certificate generated by letsencrypt which requires a domain that you own using DNS-challenge. To support air-gap/non-internet scenarios, TKG today requires a registry that has a proper signed certificate (self-sign and custom CA) are NOT currently supported. ## Octant To easily navigate, learn and debug Kubernetes a useful tool such as Octant can be used. Octant is already installed on the TKG Demo Appliance and you can launch it running the following command: ``` octant ``` ![](https://i.imgur.com/BXzpSBp.png) Octant listens locally on `127.0.0.1:7777` and to be able to access the Octant UI, we need to setup SSH port forwarding to TKG Demo Appliance IP on port `7777` To do so, run the following command in another terminal: ``` ssh root@[TKG-DEMO-APPLIANCE-IP] -L 7777:127.0.0.1:7777 ``` > **Note:** You can also use Putty to setup SSH port forwarding, please refer to the TKG UI for instructions. Once you have established the SSH tunnel, you can open browser on your local system `localhost:7777` and you should see the Octant UI. ![](https://i.imgur.com/qyKNwxr.png) For more information on how to use Octan, please refer to the official documentation [here](https://octant.dev/docs/master/) ## Forward TKG logs to vRealize Log Intelligence Cloud > **Note:** Internet connectivity will be required from the TKG Network to reach the vRLIC service. Please see [https://blogs.vmware.com/management/2020/06/configure-log-forwarding-from-vmware-tanzu-kubernetes-cluster-to-vrealize-log-insight-cloud.html](https://blogs.vmware.com/management/2020/06/configure-log-forwarding-from-vmware-tanzu-kubernetes-cluster-to-vrealize-log-insight-cloud.html) for more details ## Monitor TKG Clusters with vRealize Operations Cloud > **Note:** Internet connectivity will be required from the TKG Network to reach the vROPs Cloud service. Please see [https://blogs.vmware.com/management/2020/06/monitor-tanzu-kubernetes-clusters-using-vrealize-operations.html](https://blogs.vmware.com/management/2020/06/monitor-tanzu-kubernetes-clusters-using-vrealize-operations.html) for more details ## Setup Network Proxy for TKG Mgmt and Workload Clusters Please see [https://www.virtuallyghetto.com/2020/05/how-to-configure-network-proxy-with-standalone-tanzu-kubernetes-grid-tkg.html](https://www.virtuallyghetto.com/2020/05/how-to-configure-network-proxy-with-standalone-tanzu-kubernetes-grid-tkg.html) for more details

Import from clipboard

Advanced permission required

Your current role can only read. Ask the system administrator to acquire write and comment permission.

This team is disabled

Sorry, this team is disabled. You can't edit this note.

This note is locked

Sorry, only owner can edit this note.

Reach the limit

Sorry, you've reached the max length this note can be.
Please reduce the content or divide it to more notes, thank you!

Import from Gist

Import from Snippet

or

Export to Snippet

Are you sure?

Do you really want to delete this note?
All users will lose their connection.

Create a note from template

Create a note from template

Oops...
This template has been removed or transferred.


Upgrade

All
  • All
  • Team
No template.

Create a template


Upgrade

Delete template

Do you really want to delete this template?

This page need refresh

You have an incompatible client version.
Refresh to update.
New version available!
See releases notes here
Refresh to enjoy new features.
Your user state has changed.
Refresh to load new user state.

Sign in

Forgot password

or

By clicking below, you agree to our terms of service.

Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox Sign in with Wallet
Wallet ( )
Connect another wallet

New to HackMD? Sign up

Help

  • English
  • 中文
  • Français
  • Deutsch
  • 日本語
  • Español
  • Català
  • Ελληνικά
  • Português
  • italiano
  • Türkçe
  • Русский
  • Nederlands
  • hrvatski jezik
  • język polski
  • Українська
  • हिन्दी
  • svenska
  • Esperanto
  • dansk

Documents

Tutorials

Book Mode Tutorial

Slide Example

YAML Metadata

Contacts

Facebook

Twitter

Discord

Feedback

Send us email

Resources

Releases

Pricing

Blog

Policy

Terms

Privacy

Cheatsheet

Syntax Example Reference
# Header Header 基本排版
- Unordered List
  • Unordered List
1. Ordered List
  1. Ordered List
- [ ] Todo List
  • Todo List
> Blockquote
Blockquote
**Bold font** Bold font
*Italics font* Italics font
~~Strikethrough~~ Strikethrough
19^th^ 19th
H~2~O H2O
++Inserted text++ Inserted text
==Marked text== Marked text
[link text](https:// "title") Link
![image alt](https:// "title") Image
`Code` Code 在筆記中貼入程式碼
```javascript
var i = 0;
```		 
var i = 0;
:smile: :smile: Emoji list
{%youtube youtube_id %} Externals
$L^aT_eX$ LaTeX
:::info
This is a alert area.
:::

This is a alert area.

Versions and GitHub Sync

Sign in to link this note to GitHub Learn more
This note is not linked with GitHub Learn more
 
Add badge Pull Push GitHub Link Settings
Upgrade now

Version named by    

More Less
  • Edit
  • Delete

Note content is identical to the latest version.
Compare with
    Choose a version
    No search result
    Version not found

Feedback

Submission failed, please try again

Thanks for your support.

On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

Please give us some advice and help us improve HackMD.

 

Thanks for your feedback

Remove version name

Do you want to remove this version name and description?

Transfer ownership

Transfer to
    Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

      Link with GitHub

      Please authorize HackMD on GitHub

      Please sign in to GitHub and install the HackMD app on your GitHub repo. Learn more

       Sign in to GitHub

      HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.

      Push the note to GitHub Push to GitHub Pull a file from GitHub

        Authorize again
       

      Choose which file to push to

      Select repo
      Refresh Authorize more repos
      Select branch
      Select file
      Select branch
      Choose version(s) to push
      • Save a new version and push
      • Choose from existing versions
      Include title and tags
      Available push count

      Upgrade

      Pull from GitHub

       
      File from GitHub
      File from HackMD

      GitHub Link Settings

      File linked

      Linked by
      File path
      Last synced branch
      Available push count

      Upgrade

      Danger Zone

      Unlink
      You will no longer receive notification when GitHub file changes after unlink.

      Syncing

      Push failed

      Push successfully