Creating namespaces and initial cluster configuration on vSphere 7 with Tanzu Kubernetes Grid Service (TKGS)

Prerequisites

Deploying TKGS Namespaces

Namespace creation

Adding permissions

Adding storage

Creating our cluster spec

$ kubectl vsphere logout
$ kubectl vsphere login --server=10.64.32.1 --insecure-skip-tls-verify
$ kubectl config use-context production
kubectl get virtualmachineimages
apiVersion: run.tanzu.vmware.com/v1alpha1
kind: TanzuKubernetesCluster
metadata:
name: zercurity
namespace: production
spec:
distribution:
version: v1.20.3
topology:
controlPlane:
count: 1
class: best-effort-small
storageClass: tanzu-storage-policy
workers:
count: 3
class: best-effort-small
storageClass: tanzu-storage-policy
$ kubectl get virtualmachineclasses
$ kubectl describe virtualmachineclasses best-effort-small
$ kubectl apply -f tkgs-cluster-production.yaml
$ kubectl get tanzukubernetescluster
$ kubectl get cluster

Troubleshooting

$ kubectl get machines
$ kubectl get virtualmachines
$ kubectl get cluster
$ kubectl describe tanzukubernetescluster

Error: ErrImagePull

Creating a default storage class

helm install harbor bitnami/harbor --set global.storageClass=tanzu-storage-policy ...
kubectl edit tanzukubernetescluster zercurity
spec:
distribution:
fullVersion: v1.18.5+vmware.1-tkg.1.c40d30d
version: v1.18.5
settings:
network:
cni:
name: antrea
pods:
cidrBlocks:
- 192.168.0.0/16
serviceDomain: cluster.local
services:
cidrBlocks:
- 10.96.0.0/12
storage:
defaultClass: tanzu-storage-policy
$ hugh@hugh-ubuntu-dev-2004:~$ kubectl get scNAME                             PROVISIONER              
tanzu-storage-policy (default) csi.vsphere.vmware.com ...

Accessing the cluster

$ kubectl vsphere logout
$ kubectl vsphere login --server=10.64.32.1 --insecure-skip-tls-verify --tanzu-kubernetes-cluster-namespace production --tanzu-kubernetes-cluster-name zercurity
$ kubectl config use-context zercurity
kubectl get pod -A
kubectl create clusterrolebinding default-tkg-admin-privileged-binding --clusterrole=psp:vmware-system-privileged --group=system:authenticated

Deploying harbor

$ kubectl create ns harbor$ helm install harbor bitnami/harbor \
--set harborAdminPassword='adminpass' \
--set global.storageClass=tanzu-storage-policy \
--set service.type=LoadBalancer \
--set externalURL=harbor.test.corp \
--set service.tls.commonName=harbor.test.corp \
-n harbor
$ helm uninstall harbor -n harbor
$ kubectl get pod -n harbor
NAME READY STATUS RESTARTS AGE
harbor-chartmuseum-657b95d5f7-fxzll 1/1 Running 0 9d
harbor-clair-586d8cf9f6-rhzzd 2/2 Running 0 9d
harbor-core-5cd79cc5f6-2r2sw 1/1 Running 4 9d
harbor-jobservice-b6fff8654-kvnmn 1/1 Running 5 9d
harbor-nginx-55d7d6d846-vfr6c 1/1 Running 0 9d
harbor-notary-server-8695c547f5-hrvft 1/1 Running 0 9d
harbor-notary-signer-5647c4968c-pqwmc 1/1 Running 0 9d
harbor-portal-54cc4dbc8c-dgswz 1/1 Running 0 9d
harbor-postgresql-0 1/1 Running 0 9d
harbor-redis-master-0 1/1 Running 0 9d
harbor-registry-dd67784b8-hbthw 2/2 Running 0 9d
harbor-trivy-0 1/1 Running 0 9d
$ kubectl get svc -n harbor

Its all over!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store