TKG - Tanzu Kubernetes Service

How to Activate and install Tanzu Kubernetes for VMware Cloud on AWS

Introduction

VMware recently added a service to VMware Cloud on AWS that allows you to run container workloads on the same hosts and infrastructure as your VM’s. This new service is easy to install and uses the latest industry standard distribution of Kubernetes.

What is Tanzu Kubernetes Grid Serivce?

A service architecture built into VMC on AWS that alllows you to easily deploy, manange and upgrade Kubernetes clusters on vSphere. Installation takes minutes vs. hours deploying Kubernetes from source code.

Before you begin you will need 3 free CIDR blocks for the installation

For more information please watch the following video:

Tanzu Service Activation

1. On a fully deployed and configured SDDC, click to Activate the Tanzu Kubernetes Service

NewActivation

2. Enter CIDR blocks as shown

  1. Enter a namespace Network CIDR, this should be an available CIDR block that is not used already on-prem or in the SDDC
  2. Enter an Ingress CIDR, this should be an available CIDR block that is not used already on-prem on in the SDDC
  3. Enter an Egress CIDR, this should be an available CIDR block that is not used already on-prem on in the SDDC
  4. Click to Validate and Proceed

Leave the Service CIDR as default

NewActivation

3. Click to Activate Tanzu Kubernetes Grid

NewActivation

Info

Please Note!
If you get any errors that a CIDR block is not valid, please ensure that it is not an address that is already in use on the management network.

4. You will now see the status of the SDDC change to Activating Tanzu Kubernetes Grid

It should take about 15-20 min. This might be a good time to go grab another cup of coffee.

NewActivation

Info

Note!
If you see a notice that Tanzu Kubernetes Activation has failed go back to step 4 and try again. If it fails a third time you can try to delete the SDDC and deploy again or open a ticket with Support to investigate.

5. In a few minutes, check vCenter as shown below and you will see the supervisor cluster provisioning

NewActivation

6. When activation is complete, go to Workload Management in vCenter

NewActivation

7. Click create Namespace

NewActivation

8. Enter a name for your namespace

  1. Enter a valid namespace name, all namespace names must be valid RFC 1123 DNS labels.
  2. Click create NewActivation

Warning

Please Note!
If you want to add a description there is a known bug if you use a ! in the text for the description and later in step 37 of this guide your TKC cluster deployment will fail.

9. Configure each of the tiles starting with the Permissions tile

NewActivation

10. Add cloudadmin from vmc.local as Owner

NewActivation

11. Click Add Storage

NewActivation

12. Select the VMC Workload Storage Policy

NewActivation

13. Click to add VM Class

NewActivation

14. Click to select all and click Ok

NewActivation

15. Copy the url to the supervisor cluster

Click and copy this link to notepad, we will use it later during the install It should looks something like this:

https://k8s.Cluster-1.vcenter.sddc-10-180-21-15.vmwarevmc.com

NewActivation

16. Go back to Inventory

NewActivation

17. To complete the next steps, we will need to deploy a Linux based workstation to complete the deployment as well as deploy a test application

  1. Right click on Cluster-1
  2. click Deploy OVF Template

NewActivation

18. Enter the following URL and click Next

https://packages.vmware.com/photon/4.0/Rev2/ova/photon-ova-4.0-c001795b80.ova

NewActivation

19. Click Yes

NewActivation

20. Enter a name

  1. Enter a name for your jumphost
  2. Select the workloads folder
  3. Click next NewActivation

21. Select Compute-ResourcePool and click Next

  1. Select the Compute Resource Pool
  2. Click next

NewActivation

22. Click Next

NewActivation

23. Accept and click next

NewActivation

24. Choose WorkloadDatastore

  1. Choose the Workloads Datastore
  2. Click next

NewActivation

25. Select Networks

  1. Select an available and accessible SDDC network
  2. Click next

NewActivation

26. Click Finish

NewActivation

27. When the new VM is provisioned, power it on and and ssh to it

User: root

Password: changeme

NewActivation

28. To complete the installation we will need to install a couple services, enter the following and press enter

tdnf install -y wget unzip

NewActivation

29. Download the command line tools from vCenter, make sure the item below in red is changed to your supervisor cluster address that you copied earlier

wget https://k8s.cluster-1.vcenter.sddc-10-180-20-102.vmwarevmc.com/wcp/plugin/linux-amd64/vsphere-plugin.zip
![NewActivation](https://vmc-onboarding-images.s3.us-west-2.amazonaws.com/4.Deploy-add-ons/tkg/now-let-s-grab-the-command-line-tools--make-sure-the-item-below-in-red-is-changed-to-your-supervisor.jpg) ### 30. Upzip that file by typing the following and press enter
unzip vsphere-plugin.zip -d /usr/

NewActivation

31. Login to the supervisor cluster by entering the following and changing the item in red to your cluster name we used earlier and press enter, enter the password for cloudadmin to complete the login

kubectl vsphere login --vsphere-username cloudadmin@vmc.local --server=k8s.cluster-1.vcenter.sddc-10-180-21-15.vmwarevmc.com

NewActivation

32. Change to the namespace you created earlier in vCenter, type the following, change the item in red to your namespace name and press enter

kubectl config use-context rkelly

NewActivation

33. Leave the ssh session open and switch over to Tanzu Mission Control to deploy the TKC cluster

  1. Click the waffle tab
  2. Click VMWare Tanzu Mission Control

NewActivation

34. Add your SDDC to Tanzu Mission Control

  1. Select Administration
  2. Select Management Clusters
  3. Click Register Management Cluster
  4. Select vSphere with Tanzu

NewActivation

35. Enter a name for the new Management Cluster

  1. Enter the SDDC name
  2. change to default
  3. Click Next

NewActivation

36. Accept defaults

Click next

NewActivation

Once copied click View Management Cluster

NewActivation

38. Go back to your Linux machine we configured earlier and type the following and press enter

kubectl get ns
Copy the svc-tmc-## to your notepad, you will use this in the next step ![NewActivation](https://vmc-onboarding-images.s3.us-west-2.amazonaws.com/4.Deploy-add-ons/tkg/go-back-to-your-linux-machine-we-configured-earlier-and-type-the-following-and-press-enter.jpg) ### 39. Create a new Tanzu Mission Control registration yaml file by typing the following and pressing enter
vi tmc-registration.yaml

NewActivation

40. Press i and then paste the following into the file changing items in Red to the names we copied to your notepad earlier, press esc key then hold shift and pres z z to save it

apiVersion: installers.tmc.cloud.vmware.com/v1alpha1
kind: AgentInstall
metadata:
  name: tmc-agent-installer-config
  namespace: TMC-NAMESPACE
spec:
  operation: INSTALL
  registrationLink: TMC-REGISTRATION-URL

NewActivation

41. Type the following and press enter

kubectl create -f tmc-registration.yaml

NewActivation

42. Go back to Tanzu Mission Control and after a few minutes you should see your Supervisor cluster ready

NewActivation

43. You are now ready to deploy your TKC cluster so you can deploy containers

  1. Select Clusters
  2. Click Create Cluster

NewActivation

44. Select your Management Cluster we just configured

  1. Select the Supervisor Cluster we just configured
  2. Click Continue to Create Cluster

NewActivation

45. Select your namespace as Provisioner and click next

NewActivation

46. Enter a name for the new cluster

  1. Enter a cluster name using yournamespace-tkc1 for example rkelly-tkc1
  2. Select Default for Cluster Group
  3. Click next

NewActivation

47. Keep all defaults here but select a storage class

  1. Select the Workload-Storage Policy
  2. Click Next

NewActivation

48. Select Control Plane size

  1. Choose Single Node
  2. Choose the instance type
  3. Click Next

NewActivation

49. Keep defaults and click Create Cluster

NewActivation

50. It takes several minutes but if you go to your namespace in vCenter you should see it start to deploy the cluster

NewActivation

Info

Note!
If it does not start to deploy or does not deploy after 20 minutes go back to Tanzu Mission Control and deactivate the cluster and try agin. If it still does not deploy please review the previous steps for accuracy or contact Support for help.

51. Once complete you will see it as healthy in Tanzu Mission Control

NewActivation

52. Go back to your Linux machine and deploy a container.

First, you need to login again and specify the TKC cluster you just created, enter the following after you edit the items in red to your environment and press enter, then enter the cloudadmin@vmc.local password when prompted

kubectl-vsphere login --server=k8s.cluster-1.vcenter.sddc-10-182-162-186.vmwarevmc.com -u cloudadmin@vmc.local \
--tanzu-kubernetes-cluster-name rkelly-tkc1 \
--tanzu-kubernetes-cluster-namespace rkelly

NewActivation

53. Change context to the TKC cluster, again making sure you change the item in red to your TKC cluster name

kubectl config use-context rkelly-tkc1

NewActivation

54. Create a new name space in the cluster, type the following and press enter

kubectl create ns poc

NewActivation

55. List the namespaces with the following command

kubectl get ns

NewActivation

56. Change to that namespace with the following command

kubectl config set-context --current --namespace=poc

NewActivation

57. Before we deploy a container we need to disable some old Kubernetes security features with the following command

kubectl apply -f https://raw.githubusercontent.com/vmtocloud/tanzuonvmc/main/disable-psp.yaml

NewActivation

58. Deploy a container with the following command

kubectl create deployment --image=public.ecr.aws/m0z6y2h1/nginx:latest nginx --port=80

NewActivation

59. Check the status of the deployment with the following command

kubectl get deployments

NewActivation

60. When you get a Ready status , expose the deployment so you can access the container application with the following command

kubectl expose deployment nginx --type=LoadBalancer --name=nginx-service

NewActivation

61. Get the IP address of the Web Server of this container with the following command

kubectl describe services nginx-service

NewActivation

Copy that IP to the clipboard for the next step

62. Check that the site is up by typing the following command changing the Item in red to your Load Balancer ingress IP you copied earlier

wget http://10.10.2.6

NewActivation

63. You can also open a web browser to the same url to test it.

NewActivation



Last modified November 9, 2022: Updated verbage (6b0a132)