On-boarding TKG Clusters on Tanzu Service Mesh

VMware Tanzu

What is Tanzu Kubernetes Grid Cluster?

TKG Cluster is a VMware opinionated production ready Kubernetes cluster that can run across hybrid multicloud environment.

Read more detail here:

https://tanzu.vmware.com/kubernetes-grid

What is Tanzu Service Mesh?

VMware Tanzu Service Mesh, is a service mesh solution from VMware that provides consistent control and security for microservices running across multicloud environment. Currently Tanzu Service Mesh is offered as a Service from VMware.

Read more detail here:

https://tanzu.vmware.com/kubernetes-grid

TKG Cluster on-boarding Pre-requirements

Technical Pre-requirements

In order to on-board a TKG cluster on TSM, there are different requirements e.g. TKG version, resource availability on worker nodes, network connectivity etc should be met. Those requirements are very well documented in link below.

https://tanzu.vmware.com/kubernetes-grid

Access Requirement

Tanzu Service Mesh is offered as a Service solution from VMware and it’s access can be validated from VMware Cloud Service portal. Follow the below steps:
1. Login to https://console.cloud.vmware.com/ 
2. On My Services Page, You will find Tanzu Service Mesh is listed.

On-boarding TKG Cluster on Tanzu Service Mesh Steps

  1. Click on the VMware Tanzu Service Mesh tile shown under My Services on VMware Cloud Service portal. This will redirect you to Tanzu Service Mesh portal.

Note: If you see 400 Bad Request, try opening in Incognito Window.

Error while opening Tanzu Service Mesh portal

2. Once it is opened, You will see portal like below.

Tanzu Service Mesh Landing Page

In my case, there are no cluster on-boarded yet. Let’s start TKG Cluster on-boarding.

3. Click on ADD NEW in left corner. It will give you different options. Click on Onboard New Cluster.

TSM — ADD NEW

4. Enter the Cluster Name and Click on “GENERATE SECURITY TOKEN” button.

Note: Cluster name provided here need not be same as TKG Cluster name

5. After clicking on Generate Security Token button, Next step will be highlighted with token filled in.

6. Copy both and apply them on your TKG cluster.

$ kubectl apply -f <copy above link>
namespace/vmware-system-tsm created
customresourcedefinition.apiextensions.k8s.io/tsmclusters.tsm.vmware.com unchanged
customresourcedefinition.apiextensions.k8s.io/clusterhealths.client.cluster.tsm.tanzu.vmware.com configured
configmap/tsm-agent-operator created
serviceaccount/operator--srv-acnt created
clusterrolebinding.rbac.authorization.k8s.io/operator-cluster-admin-rb configured
deployment.apps/tsm-agent-operator created
serviceaccount/operator-ecr-read-only--service-account created
secret/operator-ecr-read-only--aws-credentials created
role.rbac.authorization.k8s.io/operator-ecr-read-only--role created
rolebinding.rbac.authorization.k8s.io/operator-ecr-read-only--role-binding created
cronjob.batch/operator-ecr-read-only--renew-token created
job.batch/operator-ecr-read-only--renew-token created

$ kubectl -n vmware-system-tsm create secret generic cluster-token --from-literal=token=<token removed>
secret/cluster-token created

7. In few sec, you will notice that the next step is highlighted to install Tanzu Service Mesh.

Before we install, Let see what changes has already been made on TKG Cluster. You will see that the vmware-system-tsm namespace is created and there are few resource created too. e.g. below

$ k get ns
NAME                           STATUS   AGE
adminspace                     Active   7d17h
cert-manager                   Active   16d
controller-my-tkg-controller   Active   7d18h
default                        Active   54d
kube-node-lease                Active   54d
kube-public                    Active   54d
kube-system                    Active   54d
tanzu-system-ingress           Active   54d
tkg-system                     Active   54d
vmware-system-auth             Active   54d
vmware-system-cloud-provider   Active   54d
vmware-system-csi              Active   54d
vmware-system-tsm              Active   2m30s

$ k get all -n vmware-system-tsm
NAME                                            READY   STATUS      RESTARTS   AGE
pod/allspark-ws-proxy-84f46b6c7b-h9hv7          1/1     Running     0          2m15s
pod/k8s-cluster-manager-7f65f4597c-jpxpq        1/1     Running     0          2m15s
pod/operator-ecr-read-only--renew-token-2qb5h   0/1     Completed   0          2m36s
pod/tsm-agent-operator-84459cfdb8-r6qqh         1/1     Running     0          2m36s
NAME                          TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)     AGE
service/k8s-cluster-manager   ClusterIP   10.106.18.113   <none>        40041/TCP   2m15s
NAME                                  READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/allspark-ws-proxy     1/1     1            1           2m15s
deployment.apps/k8s-cluster-manager   1/1     1            1           2m15s
deployment.apps/tsm-agent-operator    1/1     1            1           2m36s
NAME                                             DESIRED   CURRENT   READY   AGE
replicaset.apps/allspark-ws-proxy-84f46b6c7b     1         1         1       2m15s
replicaset.apps/k8s-cluster-manager-7f65f4597c   1         1         1       2m15s
replicaset.apps/tsm-agent-operator-84459cfdb8    1         1         1       2m36s
NAME                                            COMPLETIONS   DURATION   AGE
job.batch/operator-ecr-read-only--renew-token   1/1           2s         2m36s
NAME                                                SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
cronjob.batch/operator-ecr-read-only--renew-token   0 */8 * * *   False     0        <none>          2m36s

8. You can select specific namespace if you need to exclude and then Click on Install Tanzu Service Mesh button.

TSM Installation is in progress

9. Let’s notice the changes in TKG cluster.

List the namespace and you will see that the New namespace is created. List the pods being created inside this namespace too.

istio-system                   Active   13s
$ k get po -n istio-system
NAME                                    READY   STATUS    RESTARTS   AGE
allspark-telegraf-node-pjh2j            1/1     Running   0          7m40s
allspark-telegraf-node-s6fxt            1/1     Running   0          7m40s
allspark-telegraf-node-xszpj            1/1     Running   0          7m40s
istio-egressgateway-544d8dd96b-k4q9k    1/1     Running   0          9m10s
istio-egressgateway-544d8dd96b-qjlj8    1/1     Running   0          9m10s
istio-ingressgateway-55678bc575-b6v84   1/1     Running   0          9m10s
istio-ingressgateway-55678bc575-vnqdt   1/1     Running   0          9m10s
istio-telemetry-d564c59df-f97gh         2/2     Running   0          9m8s
istio-telemetry-d564c59df-vpqlv         2/2     Running   0          9m8s
istiocoredns-599c554d55-6zd77           2/2     Running   0          9m10s
istiocoredns-599c554d55-r77c6           2/2     Running   0          9m10s
istiod-bb6f7548-fw4fn                   1/1     Running   0          9m27s
istiod-bb6f7548-vs9f9                   1/1     Running   0          9m27s

10. Wait for sometime and above step will take take around 3–4 mins. Keep watching the resource deployment under istio-system namespace.

11. After few mins, you will see that the cluster onboarding is successful.

12. Click on EXIT TO CONSOLE button. You will see the newly onboarded cluster is listed.

So, our TKG Cluster is onboaded successfully. In the next post, i will talk about different concepts of TSM e.g. Global Namespace, SLO etc. and how to use them.

Resources

I found this video very helpful, watch it once.

Refer VMware Documentation for more detail

https://tanzu.vmware.com/kubernetes-grid

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s