Using Tanzu Kubernetes Grid 2 with
vSphere with Tanzu
VMware vSphere 8.0
VMware vCenter 8.0
VMware ESXi 8.0
You can find the most up-to-date technical documentation on the VMware website at:
https://docs.vmware.com/
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
Copyright
©
2022 VMware, Inc. All rights reserved. Copyright and trademark information.
Using Tanzu Kubernetes Grid 2 with vSphere with Tanzu
VMware, Inc. 2
Contents
Using Tanzu Kubernetes Grid 2 with vSphere with Tanzu
8
1 Updated Information 9
2
Running TKG 2 Clusters on Supervisor 11
TKG 2 on Supervisor Components 11
Deploying TKG 2 with Supervisor 17
Reference Architectures for TKG 2 Clusters on Supervisor 19
3 Managing Identity and Access for TKG 2 Clusters on Supervisor 23
About Identity and Access Management for TKG 2 Clusters on Supervisor 23
Installing CLI Tools for TKG 2 Clusters on Supervisor 26
Install the Kubernetes CLI Tools for vSphere 26
Install the vSphere Docker Credential Helper 30
Install the Tanzu CLI for Use with TKG 2 Clusters on Supervisor 32
Connecting to TKG Clusters on Supervisor Using vCenter SSO Authentication 33
Configure Secure Login for vCenter Single Sign-On Authentication 33
Configure vSphere Namespace Permissions for vCenter Single Sign-On Users and Groups
34
Connect to Supervisor as a vCenter Single Sign-On User with Kubectl 35
Connect to a TKG 2 Cluster as a vCenter Single Sign-On User with Kubectl 37
Grant Developers vCenter SSO Access to TKG 2 Clusters on Supervisor 38
Connect to Supervisor Using the Tanzu CLI and vCenter SSO Authentication 39
Connecting to TKG Clusters on Supervisor Using an External Identity Provider 41
Configure an External IDP for Use with TKG 2 on Supervisor 41
Register an External IDP with Supervisor 49
Configure vSphere Namespace Permissions for External Identity Provider Users and Groups
53
Connect to Supervisor Using the Tanzu CLI and an External IDP 54
Connecting to TKG 2 Clusters on Supervisor as a Kubernetes Administrator and System User
55
Connect to the TKG Cluster Control Plane as a Kubernetes Administrator 55
SSH to TKG Cluster Nodes as the System User Using a Private Key 56
SSH to a TKG Cluster Nodes as the System User Using a Password 59
Create a Linux Jump Host VM 61
4 Administering Tanzu Kubernetes Releases for TKG 2 Clusters on Supervisor 63
Using Tanzu Kubernetes Releases with TKG 2 Clusters on Supervisor 63
Create a Subscribed TKR Content Library 67
VMware, Inc.
3
Create a Local TKR Content Library 70
Enable Publishing of a Local TKR Content Library 74
Migrate TKRs to a New Content Library 74
5 Configuring vSphere Namespaces for TKG 2 Clusters on Supervisor 76
Using vSphere Namespaces with TKG Clusters on Supervisor 76
Create a vSphere Namespace for Hosting TKG Clusters on Supervisor 81
Configure a vSphere Namespace for TKG 2 Clusters on Supervisor 82
Override Supervisor Network Settings 86
Create a vSphere Storage Policy for TKG 2 Clusters on Supervisor 88
Using Virtual Machine Classes with TKG 2 Clusters on Supervisor 90
Verify vSphere Namespace Configuration for TKG 2 Cluster Provisioning 92
Enable vSphere Namespace Creation Using Kubectl 93
6 Provisioning TKG 2 Clusters on Supervisor 95
About TKG 2 Cluster Provisioning on Supervisor 95
Workflow for Provisioning TKG 2 Clusters on Supervisor Using Kubectl 97
Workflow for Provisioning TKG Clusters on Supervisor Using the Tanzu CLI 102
Using the TanzuKubernetesCluster v1alpha3 API 104
TanzuKubernetesCluster v1alpha3 API 104
v1alpha3 Example: Default TanzuKubernetesCluster 110
v1alpha3 Example: TKC with Default Storage and Node Volumes 111
v1alpha3 Example: TKC with Custom Network 112
v1alpha3 Example: TKC with Ubuntu TKR 114
v1alpha3 Example: TKC Across vSphere Zones 115
v1alpha3 Example: TKC with Routable Pods Network 117
Using the Cluster v1beta1 API 119
Cluster v1beta1 API 119
v1beta1 Example: Default Cluster 131
v1beta1 Example: Custom Cluster 133
v1beta1 Example: Cluster with Calico CNI 134
v1beta1 Example: Cluster with Ubuntu TKR 136
v1beta1 Example: Cluster Across vSphere Zones 137
v1beta1 Example: Cluster with Routable Pods Network 138
Test TKG 2 Cluster Provisioning Using Kubectl 140
Delete a TKG Cluster Using Kubectl or the Tanzu CLI 142
Using TKG 2 Clusters on Supervisor with Tanzu Mission Control 143
7 Operating TKG 2 Clusters on Supervisor 146
Configure Pod Security 146
Example RBAC for Pod Security Policy 149
Using Tanzu Kubernetes Grid 2 with vSphere with Tanzu
VMware, Inc. 4
Configure a Text Editor for Kubectl 152
Scale a TKG Cluster Using Kubectl or the Tanzu CLI 154
Monitor TKG 2 Cluster Status Using the vSphere Client 163
Monitor TKG 2 Cluster Status Using kubectl 164
Check TKG 2 Cluster Readiness Using Kubectl 165
Check TKG 2 Cluster Machine Health Using Kubectl 168
Check TKG 2 Cluster Health Using Kubectl 170
Check TKG 2 Cluster Volume Health Using Kubectl 172
Get TKG 2 Cluster Secrets Using Kubectl 174
Check TKG 2 Cluster Networking Using Kubectl 174
Check TKG 2 Cluster Operations Using Kubectl 176
View TKG 2 Cluster Lifecycle Status 178
View the Resource Hierarchy for a TKG 2 Cluster Using Kubectl 179
Configure the TKG 2 Controller 180
Rotate TKG 2 Cluster Certificates Manually 183
Rotate NSX Certificates 188
8
Installing Tanzu Packages on TKG 2 Clusters on
Supervisor 193
Persistent Storage Requirements for Tanzu Packages 193
Install Tanzu Packages on TKG 2 Clusters on Supervisor Using the Tanzu CLI 194
Install Tanzu Package Prerequisites Using Kubectl 199
Install the Tanzu Package for Contour Ingress Using Kubectl 201
Install the Tanzu Package for Prometheus Monitoring Using Kubectl 206
Install the Tanzu Package for Fluent Bit Logging Using Kubectl 216
Install the Tanzu Pacakge for Grafana Visualization Using Kubectl 221
Install the Tanzu Package for Harbor Registry Using Kubectl 227
Install the Tanzu Package for External DNS Service Discovery Using Kubectl 235
9 Deploying Workloads on TKG 2 Clusters on Supervisor 238
Pod Deployment with Load Balancer Service 238
Load Balancer Service with Static IP 240
Load Balancer Service with Source IP 242
Load Balancer Service with Local Traffic Policy 242
Ingress Using Nginx 243
Ingress Using Contour 246
Using Storage Classes for Persistent Volumes 251
Creating Persistent Storage Volumes Dynamically 253
Creating Persistent Storage Volumes Statically 254
Deploy the Guestbook Application on a TKG 2 Cluster 256
Guestbook Application YAML 259
Deploy StatefulSet Application Across vSphere Zones with Late Binding Volume Attachment
263
Using Tanzu Kubernetes Grid 2 with vSphere with Tanzu
VMware, Inc. 5
