Category Archives: Kubernetes

How to Deploy a Tanzu Kubernetes Grid cluster using the Cilium CNI

September 5, 2022VMware, KubernetesCilium, CNI, Deploy, Hubble, Tanzu Kubernetes Grid, TKGDean

In this blog post I’m going to dive into how you can create a Tanzu Kubernetes Grid cluster and specify your own container network interface, for example, Cilium. Expanding on the installation, I’ll also cover installing a load balancer service, deploying a demo app, and showing some of the observability feature as well.

What is Cilium?

Cilium is an open source software for providing, securing and observing network connectivity between container workloads - cloud native, and fueled by the revolutionary Kernel technology eBPF

Let’s unpack that from the official website marketing tag line.

Cilium is a container network interface for Kubernetes and other container platforms (apparently there are others still out there!), which provides the cluster networking functionality. It goes one step further than other CNIs commonly used, by using a Linux Kernel software technology called eBPF, and allows for the insertion of security, visibility, and networking control logic into the Linux kernel of your container nodes.

Below is a high-level overview of the features.

And a high-level architecture overview.

Is it supported to run Cilium in Tanzu Kubernetes cluster?

Tanzu Kubernetes Grid allows you to bring your own Kubernetes CNI to the cluster as part of the Cluster bring-up. You will be required to take extra steps to build a cluster during this type of deployment, as described below in this blog post.

As for support for a CNI outside of Calico and Antrea, you as the customer/consumer must provide that. If you are using Cilium for example, then you can gain enterprise level support for the CNI, from the likes of Isovalent.

Recording

How to deploy a Tanzu Kubernete Cluster with Cilium

Before we get started, we need to download the Cilium CLI tool, which is used to install Cilium into our cluster.

The below command downloads and installs the latest stable version to your /usr/local/bin location. You can find more options here. Continue reading How to Deploy a Tanzu Kubernetes Grid cluster using the Cilium CNI →

Creating a kubeconfig file for a Kubernetes Service Account

September 1, 2022KubernetesCreate, Kubeconfig, Kubernetes, Service AccountDean

Recently I was working with a software integration that required a Kubernetes Kubeconfig file. I didn’t want to provide my own kubeconfig file, and I also wanted to set the right permissions via a service account.

Below is the code I put together for this, partially inspired by this stackoverflow post I came across. If you scroll further, I’ve included creating a service account and giving it cluster-admin access, in case you need it.

######################
#  Set the variables #
#                    #
######################

clusterName=veducate-eks
## the Namespace and ServiceAccount name that is used for the config
namespace=kube-system
serviceAccount=veducate-ca
## New Kubeconfig file name
newfile=something.kubeconfig

######################
#  Main Script       #
#                    #
######################

server=${kubectl config view --minify --raw -o jsonpath='{.clusters[].cluster.server}' | sed 's/"//'}
secretName=$(kubectl --namespace $namespace get serviceAccount $serviceAccount -o jsonpath='{.secrets[0].name}')
ca=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.ca\.crt}')
token=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.token}' | base64 --decode)

echo "
---
apiVersion: v1
kind: Config
clusters:
  - name: ${clusterName}
    cluster:
      certificate-authority-data: ${ca}
      server: ${server}
contexts:
  - name: ${serviceAccount}@${clusterName}
    context:
      cluster: ${clusterName}
      namespace: ${namespace}
      user: ${serviceAccount}
users:
  - name: ${serviceAccount}
    user:
      token: ${token}
current-context: ${serviceAccount}@${clusterName}
" >> ${newfile}.yaml

Below is the code I used to create a Service Account that has cluster admin access, then if I use the above code, I can get a kubeconfig file for that. Continue reading Creating a kubeconfig file for a Kubernetes Service Account →

vRealize Automation – Deploying a GKE Cluster with Code Stream, add to Tanzu Mission Control & Tanzu Service Mesh

July 26, 2022Kubernetes, VMwareCode Stream, Deploy, gke, Google Cloud, Tanzu Mission Control, Tanzu Service Mesh, vRA, vRealize AutomationDean

This walk-through will detail the technical configurations for using vRA Code Stream to deploy Google Kubernetes Clusters (GKE), register them as:

Kubernetes endpoints in vRA Cloud Assembly and Code Stream
An attached in Tanzu Mission Control
Onboard in Tanzu Service Mesh

This post mirrors my other blog posts following similar concepts:

Requirement

After covering EKS and AKS, I thought it was worthwhile to finish off the gang and deploy GKE clusters using Code Stream.

Building on my previous work, I also added in the extra steps to onboard this cluster into Tanzu Service Mesh as well.

High Level Steps

Create a Code Stream Pipeline
- Create a Google GKE Cluster
- Create GKE cluster as endpoint in both vRA Code Stream and Cloud Assembly
- Register GKE cluster in Tanzu Mission Control
- Onboard the cluster to Tanzu Service Mesh

Pre-Requisites

vRA Cloud access
- The pipeline can be changed easily for use with vRA on-premises
Google Cloud account that can provision GKE clusters
- The Kubernetes Engine API needs to be enabled
- Basic knowledge of deploying GKE
  - This is a good beginners guide if you need
- You will need to create a Service Account that the gcloud CLI tool can use for authentication
A Docker host to be used by vRA Code Stream
- Ability to run the container image: gcr.io/google.com/cloudsdktool/google-cloud-cli
Tanzu Mission Control account that can register new clusters
VMware Cloud Console Tokens for vRA Cloud, Tanzu Mission Control and Tanzu Service Mesh API access
The configuration files for the pipeline can be found in this GitHub repository

Creating a Code Stream Pipeline to deploy a Azure AKS Cluster and register the endpoints with vRA and Tanzu Mission Control

Create the variables to be used

Continue reading vRealize Automation – Deploying a GKE Cluster with Code Stream, add to Tanzu Mission Control & Tanzu Service Mesh →

VMware Cloud on AWS – Managed Tanzu Kubernetes Grid with Tanzu Mission Control

July 5, 2022VMware, KubernetesKubernetes, Tanzu, Tanzu Mission Control, TKG, TMC, VMCDean

In my previous blog post, I detailed a full end to end guide in deploying and configurating the managed Tanzu Kubernetes Service offering as part of VMware Cloud on AWS (VMC), finishing with some example application deployments and configurations.

In this blog post, I am moving on to show you how to integrate this environment with Tanzu Mission Control, which will provide fleet management for your Kubernetes instances. I’ve wrote several blog posts on TMC previous which you can find below:

Tanzu Mission Control 
- Getting Started Tanzu Mission Control 
- Cluster Inspections 
- Workspaces and Policies  
- Data Protection 
- Deploying TKG clusters to AWS 
- Upgrading a provisioned cluster 
- Delete a provisioned cluster 
- TKG Management support and provisioning new clusters
- TMC REST API - Postman Collection
- Using custom policies to ensure Kasten protects a deployed application

Management with Tanzu Mission Control

The first step is to connect the Supervisor cluster running in VMC to our Tanzu Mission Control environment.

Connecting the Supervisor Cluster to TMC

Within the TMC console, go to:

Administration
Management Clusters
Register Management Cluster
- Select “vSphere with Tanzu”

On the Register Management Cluster page:

Set the friendly name for the cluster in TMC
Select the default cluster group for managed workload clusters to be added into
Set any description and labels as necessary

Proxy settings for a Supervisor Cluster running in VMC are not supported, so ignore Step 2.

Copy the registration URL.

Log into your vSphere with Tanzu Supervisor cluster.
Find the namespace that identifies your cluster and is used for TMC configurations, “kubectl get ns”
- It will start “svc-tmc-xx”
- Copy this namespace name

Continue reading VMware Cloud on AWS – Managed Tanzu Kubernetes Grid with Tanzu Mission Control →

vEducate.co.uk

Fixing issues and blogging

Category Archives: Kubernetes

How to Deploy a Tanzu Kubernetes Grid cluster using the Cilium CNI

What is Cilium?

Is it supported to run Cilium in Tanzu Kubernetes cluster?

Recording

How to deploy a Tanzu Kubernete Cluster with Cilium

Like this:

Creating a kubeconfig file for a Kubernetes Service Account

Like this:

vRealize Automation – Deploying a GKE Cluster with Code Stream, add to Tanzu Mission Control & Tanzu Service Mesh

Requirement

High Level Steps

Pre-Requisites

Creating a Code Stream Pipeline to deploy a Azure AKS Cluster and register the endpoints with vRA and Tanzu Mission Control

Create the variables to be used

Like this:

VMware Cloud on AWS – Managed Tanzu Kubernetes Grid with Tanzu Mission Control

Management with Tanzu Mission Control

Connecting the Supervisor Cluster to TMC

Like this:

What is Cilium?

Is it supported to run Cilium in Tanzu Kubernetes cluster?

Recording

How to deploy a Tanzu Kubernete Cluster with Cilium

Found this useful? Then share:

Like this:

Found this useful? Then share:

Like this:

Requirement

High Level Steps

Pre-Requisites

Creating a Code Stream Pipeline to deploy a Azure AKS Cluster and register the endpoints with vRA and Tanzu Mission Control

Create the variables to be used

Found this useful? Then share:

Like this:

Part 1

Part 2

Found this useful? Then share:

Like this:

Management with Tanzu Mission Control

Connecting the Supervisor Cluster to TMC

Found this useful? Then share:

Like this: