TKG - Tanzu Kubernetes Service
Introduction
VMware recently added a service to VMware Cloud on AWS that allows you to run container workloads on the same hosts and infrastructure as your VM’s. This new service is easy to install and uses the latest industry standard distribution of Kubernetes.
What is Tanzu Kubernetes Grid Serivce?
A service architecture built into VMC on AWS that alllows you to easily deploy, manange and upgrade Kubernetes clusters on vSphere. Installation takes minutes vs. hours deploying Kubernetes from source code.
Before you begin you will need 3 free CIDR blocks for the installation
For more information please watch the following video:
Tanzu Service Activation
1. On a fully deployed and configured SDDC, click to Activate the Tanzu Kubernetes Service
2. Enter CIDR blocks as shown
- Enter a namespace Network CIDR, this should be an available CIDR block that is not used already on-prem or in the SDDC
- Enter an Ingress CIDR, this should be an available CIDR block that is not used already on-prem on in the SDDC
- Enter an Egress CIDR, this should be an available CIDR block that is not used already on-prem on in the SDDC
- Click to Validate and Proceed
Leave the Service CIDR as default
3. Click to Activate Tanzu Kubernetes Grid
Info
Please Note!
If you get any errors that a CIDR block is not valid, please ensure that it is not an address that is already in use on the management network.
4. You will now see the status of the SDDC change to Activating Tanzu Kubernetes Grid
It should take about 15-20 min. This might be a good time to go grab another cup of coffee.
Info
Note!
If you see a notice that Tanzu Kubernetes Activation has failed go back to step 4 and try again. If it fails a third time you can try to delete the SDDC and deploy again or open a ticket with Support to investigate.
5. In a few minutes, check vCenter as shown below and you will see the supervisor cluster provisioning
6. When activation is complete, go to Workload Management in vCenter
7. Click create Namespace
8. Enter a name for your namespace
- Enter a valid namespace name, all namespace names must be valid RFC 1123 DNS labels.
- Click create
Warning
Please Note!
If you want to add a description there is a known bug if you use a ! in the text for the description and later in step 37 of this guide your TKC cluster deployment will fail.
9. Configure each of the tiles starting with the Permissions tile
10. Add cloudadmin from vmc.local as Owner
11. Click Add Storage
12. Select the VMC Workload Storage Policy
13. Click to add VM Class
14. Click to select all and click Ok
15. Copy the url to the supervisor cluster
Click and copy this link to notepad, we will use it later during the install It should looks something like this:
https://k8s.Cluster-1.vcenter.sddc-10-180-21-15.vmwarevmc.com
16. Go back to Inventory
17. To complete the next steps, we will need to deploy a Linux based workstation to complete the deployment as well as deploy a test application
- Right click on Cluster-1
- click Deploy OVF Template
18. Enter the following URL and click Next
https://packages.vmware.com/photon/4.0/Rev2/ova/photon-ova-4.0-c001795b80.ova
19. Click Yes
20. Enter a name
- Enter a name for your jumphost
- Select the workloads folder
- Click next
21. Select Compute-ResourcePool and click Next
- Select the Compute Resource Pool
- Click next
22. Click Next
23. Accept and click next
24. Choose WorkloadDatastore
- Choose the Workloads Datastore
- Click next
25. Select Networks
- Select an available and accessible SDDC network
- Click next
26. Click Finish
27. When the new VM is provisioned, power it on and and ssh to it
User: root
Password: changeme
28. To complete the installation we will need to install a couple services, enter the following and press enter
tdnf install -y wget unzip
29. Download the command line tools from vCenter, make sure the item below in red is changed to your supervisor cluster address that you copied earlier
wget https://k8s.cluster-1.vcenter.sddc-10-180-20-102.vmwarevmc.com/wcp/plugin/linux-amd64/vsphere-plugin.zip![NewActivation](https://vmc-onboarding-images.s3.us-west-2.amazonaws.com/4.Deploy-add-ons/tkg/now-let-s-grab-the-command-line-tools--make-sure-the-item-below-in-red-is-changed-to-your-supervisor.jpg) ### 30. Upzip that file by typing the following and press enter
unzip vsphere-plugin.zip -d /usr/
31. Login to the supervisor cluster by entering the following and changing the item in red to your cluster name we used earlier and press enter, enter the password for cloudadmin to complete the login
kubectl vsphere login --vsphere-username cloudadmin@vmc.local --server=k8s.cluster-1.vcenter.sddc-10-180-21-15.vmwarevmc.com
32. Change to the namespace you created earlier in vCenter, type the following, change the item in red to your namespace name and press enter
kubectl config use-context rkelly
33. Leave the ssh session open and switch over to Tanzu Mission Control to deploy the TKC cluster
- Click the waffle tab
- Click VMWare Tanzu Mission Control
34. Add your SDDC to Tanzu Mission Control
- Select Administration
- Select Management Clusters
- Click Register Management Cluster
- Select vSphere with Tanzu
35. Enter a name for the new Management Cluster
- Enter the SDDC name
- change to default
- Click Next
36. Accept defaults
Click next
37. Copy the registration link to notepad, you will use it in the next steps
Once copied click View Management Cluster
38. Go back to your Linux machine we configured earlier and type the following and press enter
kubectl get nsCopy the svc-tmc-## to your notepad, you will use this in the next step ![NewActivation](https://vmc-onboarding-images.s3.us-west-2.amazonaws.com/4.Deploy-add-ons/tkg/go-back-to-your-linux-machine-we-configured-earlier-and-type-the-following-and-press-enter.jpg) ### 39. Create a new Tanzu Mission Control registration yaml file by typing the following and pressing enter
vi tmc-registration.yaml
40. Press i and then paste the following into the file changing items in Red to the names we copied to your notepad earlier, press esc key then hold shift and pres z z to save it
apiVersion: installers.tmc.cloud.vmware.com/v1alpha1
kind: AgentInstall
metadata:
name: tmc-agent-installer-config
namespace: TMC-NAMESPACE
spec:
operation: INSTALL
registrationLink: TMC-REGISTRATION-URL
41. Type the following and press enter
kubectl create -f tmc-registration.yaml
42. Go back to Tanzu Mission Control and after a few minutes you should see your Supervisor cluster ready
43. You are now ready to deploy your TKC cluster so you can deploy containers
- Select Clusters
- Click Create Cluster
44. Select your Management Cluster we just configured
- Select the Supervisor Cluster we just configured
- Click Continue to Create Cluster
45. Select your namespace as Provisioner and click next
46. Enter a name for the new cluster
- Enter a cluster name using yournamespace-tkc1 for example rkelly-tkc1
- Select Default for Cluster Group
- Click next
47. Keep all defaults here but select a storage class
- Select the Workload-Storage Policy
- Click Next
48. Select Control Plane size
- Choose Single Node
- Choose the instance type
- Click Next
49. Keep defaults and click Create Cluster
50. It takes several minutes but if you go to your namespace in vCenter you should see it start to deploy the cluster
Info
Note!
If it does not start to deploy or does not deploy after 20 minutes go back to Tanzu Mission Control and deactivate the cluster and try agin. If it still does not deploy please review the previous steps for accuracy or contact Support for help.
51. Once complete you will see it as healthy in Tanzu Mission Control
52. Go back to your Linux machine and deploy a container.
First, you need to login again and specify the TKC cluster you just created, enter the following after you edit the items in red to your environment and press enter, then enter the cloudadmin@vmc.local password when prompted
kubectl-vsphere login --server=k8s.cluster-1.vcenter.sddc-10-182-162-186.vmwarevmc.com -u cloudadmin@vmc.local \
--tanzu-kubernetes-cluster-name rkelly-tkc1 \
--tanzu-kubernetes-cluster-namespace rkelly
53. Change context to the TKC cluster, again making sure you change the item in red to your TKC cluster name
kubectl config use-context rkelly-tkc1
54. Create a new name space in the cluster, type the following and press enter
kubectl create ns poc
55. List the namespaces with the following command
kubectl get ns
56. Change to that namespace with the following command
kubectl config set-context --current --namespace=poc
57. Before we deploy a container we need to disable some old Kubernetes security features with the following command
kubectl apply -f https://raw.githubusercontent.com/vmtocloud/tanzuonvmc/main/disable-psp.yaml
58. Deploy a container with the following command
kubectl create deployment --image=public.ecr.aws/m0z6y2h1/nginx:latest nginx --port=80
59. Check the status of the deployment with the following command
kubectl get deployments
60. When you get a Ready status , expose the deployment so you can access the container application with the following command
kubectl expose deployment nginx --type=LoadBalancer --name=nginx-service
61. Get the IP address of the Web Server of this container with the following command
kubectl describe services nginx-service
Copy that IP to the clipboard for the next step
62. Check that the site is up by typing the following command changing the Item in red to your Load Balancer ingress IP you copied earlier
wget http://10.10.2.6
63. You can also open a web browser to the same url to test it.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.