Installa Tanzu Community Edition (EN)

Last updated 16th November 2022

Objective

VMware Tanzu Community Edition (TCE) is a full-featured, easy-to-manage Kubernetes platform. You can deploy the product on an OVHcloud infrastructure to leverage its functionality and scalability.

This guide offers a step by step example of TCE installation

Requirements

• Being an administrative contact of your Hosted Private Cloud infrastructure to receive login credentials
• A user account with access to the OVHcloud Control Panel
• A user account with access to vSphere
• A deployed NSX Edge Services Gateway
• DHCP services activated on the NSX Gateway

Instructions

Network

As stated in the Requirements (with links to full docs), an NSX Edge Services Gateway is used in our study case for Firewall and DHCP purposes.
Other Network components can be used as alternative, such as pfSense.

To set up your Network, you will need to define a public IP for external access and an internal network with DHCP service activated for your TCE infrastructure.
Your Datacenter comes with a set of public IPs usable for your different needs. They are visible in the Datacenter Configure tab, in the Network section. You will also see the mask and gateway settings on the page.
Check out our Adding an IP block documentation if you are out of usable public IPs.

For our study case, the NSX Edge Services Gateway is set up with two interfaces as follows:

• an external interface (Uplink) with a primary and secondary public IPs (xxx.xxx.xxx.225 and xxx.xxx.xxx.226)
• an internal interface (Internal) with private IP 172.16.13.1 on VLAN13
  
• DHCP service distributing VLAN13 address scope 172.16.13.10 through 172.16.13.100
  
• a SNAT rule to translate adress range 172.16.13.1/24 into secondary public IP xxx.xxx.xxx.226 for external access
  

In the OVHcloud Control Panel, go to the Security tab of your Hosted Private Cloud and add the public IPs to the allowed adresses to connect.
The addresses should appear as "Authorised and set up".

Node Template

The TCE clusters require a template to build the nodes. Those can be dowloaded from the VMware Customer Connect website. If you do not own an account, you can create one for free.

Select the latest version of the OVA you need to use and download it locally.

In vSphere, right-click a host or a cluster and select Deploy OVF Template.

Browse for the OVA file you downloaded and deploy it.

Once done, right-click the VM and, in the Template section, select Convert to Template.

Bootstrap VM

Once the Network and template are ready, a Bootstrap VM is needed.
It will hold the necessary software components (Docker and Kubectl) and pilot the installation of TCE.
We'll use an Ubuntu VM but any OS allowing the install of the necessary items would work.
VM prerequisites for TCE is 2 CPUs and 6 GB Ram.
You can deploy a VM from an ISO or from an OVF template.

Make sure the VM is set on the VLAN that will be used for the TCE clusters (VLAN13 in our case).

In a terminal window, start with update commands:

sudo apt update

and

sudo apt-get install build-essential

Install NTP

sudo apt-get install ntp

Install Homebrew

Start with git:

sudo apt install git -y

Run the Homebrew install script:

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Add Homebrew to your path:

eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"

Install gcc:

brew install gcc

Install Docker Engine

Start with getting the necessary packages:

sudo apt-get install \
ca-certificates \
curl \
gnupg \
lsb-release

Add Docker’s official GPG key:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

set up the stable repository:

echo \ 
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ 
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Set up the engine:

sudo apt-get install docker-ce docker-ce-cli containerd.io

Post install, add the current user to the docker group to allow it to run it without rights elevation:

sudo usermod -aG docker $USER

Install Kubectl

Download the lastest package:

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

Run the installer:

sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

SSH Key Pair

Run the creation command:

ssh-keygen -t rsa -b 4096 -C "youremail@yourdomain.com"

Press Enter to save the key in default path (/root/.ssh/id_rsa).
Enter and confirm a password for the key.
Add the private key to the SSH agent running on your machine, and enter the password you created in the previous step.

ssh-add ~/.ssh/id_rsa

Keep the .ssh/id_rsa.pub file handy as it holds the public key you will need to input later for TCE configuration.

Tanzu Management Cluster

The VM is now ready for TCE deployment.

Tanzu CLI

In a terminal window, run the CLI install commmand:

brew install vmware-tanzu/tanzu/tanzu-community-edition

Note the output install folder and run the post install script:

{HOMEBREW-INSTALL-LOCATION}/configure-tce.sh 
/home/linuxbrew/.linuxbrew/Cellar/tanzu-community-edition/v0.10.0/libexec/configure-tce.sh

Deployment

Launch the installer with this command:

tanzu management-cluster create --ui

In the opening browser window, select the vSphere option.

Enter the Hosted Private cloud FQDN and fill in administrative credentials before clicking Connect.

Click Continue to verify the SSL thumbprint.

Select your datacenter and fill in the SSH public key created earlier (.ssh/id_rsa.pub).
Click Next.

Choose a type of cluster (Development or Production) and a node size.

Fill in the name of your custer, choose a control plane endpoint provider and IP (same subnet but outside of DHCP scope).
Click Next.

NSX Advanced Load Balancer and Metadata sections are optional and we will not edit them.
Click Next on both of them.

Choose your resource locations.
Click Next.

Enter the Kubernetes Network settings.
Click Next.

Disable Identity Management.
Click Next.

Select the node template to be used.
Click Next.

Click Review Configuration.

When ready, click Deploy Management Cluster.

Upon completion, verify you get a creation message and the nodes are visible in vSphere.

Get the cluster admin credentials for future interactions:

tanzu cluster kubeconfig get "clustername" --admin

Tanzu Workload Cluster

To deploy a workload cluster, we'll duplicate and modify the configuration file for the management cluster.
Start a terminal window in the bootstrap VM and go to the config file folder.

cd .config/tanzu/tkg/clusterconfigs

Use ls to find the yaml configuration file name and copy it into a new one.

cp existing.yaml new.yaml

Use a text editor to modify the key fields:

• CLUSTER_NAME : choose a name for your new cluster
• VSPHERE_CONTROL_PLANE_ENDPOINT : choose an unused IP in the same subnet but not in the DHCP scope
• VSPHERE_FOLDER : this is not mandatory but you can define a different folder for ease of management

Save and close the file.

Back in the terminal, run the deploy command calling your new yaml file.

tanzu cluster create --file .config/tanzu/tkg/clusterconfigs/new.yaml

Upon completion, verify you get a creation message and the nodes are visible in vSphere.

Get the cluster admin credentials for future interactions:

tanzu cluster kubeconfig get "clustername" --admin

TCE is now ready for application install.

Go further

Join our community of users on https://community.ovh.com/en/.

Potrebbero interessarti anche...