This is the sixth blog post of the TMC Self-Managed blog series. In the previous post of this series, I showed how to configure the final prerequisite (Harbour registry) of the installation. If you are following along with me, you are now ready for the installation.
If you have landed on this post directly by mistake, I encourage you to read the previous blog posts of this series using the below links:
1: TMC Self-Managed – Introduction & Architecture
2: Configure DNS for TMC Self-Managed
3: Configure OIDC Complaint Identity Provider (Okta)
4: Install Cluster Issuer for TLS Certificates
This blog post is focused on installing TMC Self-Managed on Tanzu Kubernetes Grid multi-cloud (TKGm). I will cover the installation procedure for TKGS (vSphere with Tanzu) in a separate post.
I have used the following BOM in my lab
Software Components | Version |
Tanzu Kubernetes Grid | 2.1.0 |
VMware vSphere ESXi | 7.0 U3n |
VMware vCenter (VCSA) | 7.0 U3n |
VMware vSAN | 7.0 U3n |
NSX Advanced LB | 22.1.3 |
Step 1: Connect to the workload cluster where TMC Self-managed will be installed.
Step 2: Create the tmc-local namespace. All the artifacts for the Tanzu Mission Control Self-Managed service will be installed in this namespace.
1 |
# kubectl create namespace tmc-local |
Step 3: Add the Tanzu package repository to your cluster in the tmc-local namespace.
1 2 3 |
# tanzu package repository add tanzu-mission-control-packages --url "{{repositoryImage}}:{{version}}" --namespace tmc-local Example: tanzu package repository add tanzu-mission-control-packages --url "registry.vstellar.lab/tmc-sm/package-repository:1.0.1" --namespace tmc-local |
Step 4: Verify that the package repository is successfully reconciled by the kapp-controller.
1 2 3 4 5 6 7 8 9 10 11 |
# tanzu package repository get tanzu-mission-control-packages --namespace tmc-local NAMESPACE: tmc-local NAME: tanzu-mission-control-packages SOURCE: (imgpkg) registry.vstellar.lab/tmc-sm/package-repository:1.0.0 STATUS: Reconcile succeeded CONDITIONS: - type: ReconcileSucceeded status: "True" reason: "" message: "" USEFUL-ERROR-MESSAGE: |
Step 5: Create the TMC Self-Managed configuration file
Tanzu Mission Control Self-Managed installation requires a configuration file named values.yaml which contains the key-values pair for your configuration. The complete list of key-value pairs is described in the TMC Self-Managed documentation.
Alternatively, you can run the command tanzu package available get “{{repositoryImage}}:{{version}}” –namespace tmc-local –values-schema to view the values schema.
Create a values.yaml file based on the key-value pair defined in the schema. A sample values.yaml file is provided below for reference. This file uses a preferred load balancer IP with Avi Kubernetes Operator and Okta as the OIDC IDP.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
harborProject: "registry.vstellar.lab/tmc-sm" dnsZone: "tmc.vstellar.lab" supportFlags: - tmc-integration-environment clusterIssuer: "local-issuer" oidc: issuerType: "pinniped" issuerURL: "https://dev-57449883.okta.com/oauth2/default" clientID: "xxxxxxx" clientSecret: "xxxxxxxxxx" trustedCAs: custom-ca.pem: | -----BEGIN CERTIFICATE----- Certificate content -----END CERTIFICATE----- harbor-ca.pem: | -----BEGIN CERTIFICATE----- Certificate content -----END CERTIFICATE----- contourEnvoy: serviceType: LoadBalancer serviceAnnotations: ako.vmware.com/load-balancer-ip: "172.16.18.10" pinnipedExtraEnvVars: [] alertmanager: criticalAlertReceiver: {} warningAlertReceiver: {} minio: username: root password: "VMware1!" postgres: userPassword: "VMware1!" maxConnections: 300 telemetry: ceipOptIn: false eanNumber: ean-not-specified ceipAgreement: false |
Important: The name of the custerIssuer should match the name that you specified in the local-issuer.yaml file that you created in the article Install Cluster Issuer for TLS certificates
Step 6: Deploy the TMC Self-Managed Stack
Use the following command to initiate the installation:
1 |
# tanzu package install tanzu-mission-control -p tmc.tanzu.vmware.com --version "1.0.1" --values-file values.yaml --namespace tmc-local |
The installation process roughly takes 15-20 minutes to complete. After the installation process is completed, do the following:
- open a browser and go to the URL of your Tanzu Mission Control Self-Managed deployment. The URL contains the DNS zone that you defined when you prepared the cluster for deployment. For example, https://tmc.<dns-zone>
- The start page of the Tanzu Mission Control console prompts you to sign in.
- When you click Sign In, you are redirected to your upstream IDP to log in.
- Log in with your IDP credentials.
And that’s it for this post. In the next post, I will demonstrate installing TMC Self-Managed in a vSphere with Tanzu environment running on vSphere 7.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing.