Tag Archives: Kubernetes

Tanzu Kubernetes Grid 1.6 – Management Cluster deployment failure – unable to patch the cluster object

December 23, 2022VMware, Kubernetes1.6, Deployment, Error, Kubernetes, Tanzu, TKGDean

The Issue

When deploying a brand new Tanzu Kubernete Grid Management Cluster to a vSphere environment we kept hitting failures like the below. The deployment was very vanilla with the default settings, no extra metadata inputted into the build.

!! [1223 15:26:17.84239]: init.go:732] Failure while deploying management cluster, Here are some steps to investigate the cause:
!! [1223 15:26:17.84256]: init.go:733] Debug:
!! [1223 15:26:17.84262]: init.go:734] kubectl get po,deploy,cluster,kubeadmcontrolplane,machine,machinedeployment -A --kubeconfig /home/michael/.kube-tkg/tmp/config_Qd01VhPd
!! [1223 15:26:17.84272]: init.go:735] kubectl logs deployment.apps/ -n  manager --kubeconfig /home/michael/.kube-tkg/tmp/config_Qd01VhPd
!! [1223 15:26:17.84278]: init.go:738] To clean up the resources created by the management cluster:
!! [1223 15:26:17.84283]: init.go:739] tanzu management-cluster delete
✘ [1223 15:26:17.84291]: init.go:91] unable to set up management cluster, : unable to patch cluster object: unable to patch optional metadata under labels: unable to patch the management cluster object with optional metadata: unable to patch the cluster object: error while applying patch for "&TypeMeta{Kind:,APIVersion:,}" tkg-system/tkg-mgmt-vsphere-20221223151757: Cluster.cluster.x-k8s.io "tkg-mgmt-vsphere-20221223151757" is invalid: [metadata.labels: Invalid value: "": name part must be non-empty, metadata.labels: Invalid value: "": name part must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]')]

The Cause

The tooling creates an erronous value in the cluster config file, which causes the build error.

The Fix

Search for the latest yaml file created in:

~/.config/tanzu/tkg/clusterconfigs/

and comment out the following line:

CLUSTER_LABELS: :,

# The line will now look like this:

#CLUSTER_LABELS: :,

Now re-run the creation of your cluster using the CLI

tanzu mc create --file {file_name.yaml}

Regards

Follow @Saintdle

Dean Lewis

Creating a kubeconfig file for a Kubernetes Service Account

September 1, 2022KubernetesCreate, Kubeconfig, Kubernetes, Service AccountDean

Recently I was working with a software integration that required a Kubernetes Kubeconfig file. I didn’t want to provide my own kubeconfig file, and I also wanted to set the right permissions via a service account.

Below is the code I put together for this, partially inspired by this stackoverflow post I came across. If you scroll further, I’ve included creating a service account and giving it cluster-admin access, in case you need it.

######################
#  Set the variables #
#                    #
######################

clusterName=veducate-eks
## the Namespace and ServiceAccount name that is used for the config
namespace=kube-system
serviceAccount=veducate-ca
## New Kubeconfig file name
newfile=something.kubeconfig

######################
#  Main Script       #
#                    #
######################

server=${kubectl config view --minify --raw -o jsonpath='{.clusters[].cluster.server}' | sed 's/"//'}
secretName=$(kubectl --namespace $namespace get serviceAccount $serviceAccount -o jsonpath='{.secrets[0].name}')
ca=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.ca\.crt}')
token=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.token}' | base64 --decode)

echo "
---
apiVersion: v1
kind: Config
clusters:
  - name: ${clusterName}
    cluster:
      certificate-authority-data: ${ca}
      server: ${server}
contexts:
  - name: ${serviceAccount}@${clusterName}
    context:
      cluster: ${clusterName}
      namespace: ${namespace}
      user: ${serviceAccount}
users:
  - name: ${serviceAccount}
    user:
      token: ${token}
current-context: ${serviceAccount}@${clusterName}
" >> ${newfile}.yaml

Below is the code I used to create a Service Account that has cluster admin access, then if I use the above code, I can get a kubeconfig file for that. Continue reading Creating a kubeconfig file for a Kubernetes Service Account →

VMware Cloud on AWS – Managed Tanzu Kubernetes Grid with Tanzu Mission Control

July 5, 2022VMware, KubernetesKubernetes, Tanzu, Tanzu Mission Control, TKG, TMC, VMCDean

In my previous blog post, I detailed a full end to end guide in deploying and configurating the managed Tanzu Kubernetes Service offering as part of VMware Cloud on AWS (VMC), finishing with some example application deployments and configurations.

In this blog post, I am moving on to show you how to integrate this environment with Tanzu Mission Control, which will provide fleet management for your Kubernetes instances. I’ve wrote several blog posts on TMC previous which you can find below:

Tanzu Mission Control 
- Getting Started Tanzu Mission Control 
- Cluster Inspections 
- Workspaces and Policies  
- Data Protection 
- Deploying TKG clusters to AWS 
- Upgrading a provisioned cluster 
- Delete a provisioned cluster 
- TKG Management support and provisioning new clusters
- TMC REST API - Postman Collection
- Using custom policies to ensure Kasten protects a deployed application

Management with Tanzu Mission Control

The first step is to connect the Supervisor cluster running in VMC to our Tanzu Mission Control environment.

Connecting the Supervisor Cluster to TMC

Within the TMC console, go to:

Administration
Management Clusters
Register Management Cluster
- Select “vSphere with Tanzu”

On the Register Management Cluster page:

Set the friendly name for the cluster in TMC
Select the default cluster group for managed workload clusters to be added into
Set any description and labels as necessary

Proxy settings for a Supervisor Cluster running in VMC are not supported, so ignore Step 2.

Copy the registration URL.

Log into your vSphere with Tanzu Supervisor cluster.
Find the namespace that identifies your cluster and is used for TMC configurations, “kubectl get ns”
- It will start “svc-tmc-xx”
- Copy this namespace name

Continue reading VMware Cloud on AWS – Managed Tanzu Kubernetes Grid with Tanzu Mission Control →

Tanzu Kubernetes Grid – Manual Certificate Renewal

May 11, 2022VMware, KubernetesCertificate, Kubernetes, renewal, Tanzu, TKGDean

The Issue

Note: VMware has released a full in-depth KB Article that I'd advise you review along with this blog post. If you have any queries or concerns with the processes detailed, always open a support ticket!
- How to rotate certificates in a Tanzu Kubernetes Grid cluster (86251)

One day my Kubernetes cluster just stopped responding. I could no longer connect to the Kubernetes API.

I rebooted all the nodes (as it was a demo environment) to no luck, and still nothing. So I had to go off digging.

The Cause

I SSH’d into one of my control-plane nodes, and started to tail the kubelet logs. Continue reading Tanzu Kubernetes Grid – Manual Certificate Renewal →

vEducate.co.uk

Fixing issues and blogging

Tag Archives: Kubernetes

Tanzu Kubernetes Grid 1.6 – Management Cluster deployment failure – unable to patch the cluster object

Creating a kubeconfig file for a Kubernetes Service Account

VMware Cloud on AWS – Managed Tanzu Kubernetes Grid with Tanzu Mission Control

Management with Tanzu Mission Control

Connecting the Supervisor Cluster to TMC

Tanzu Kubernetes Grid – Manual Certificate Renewal

The Issue

The Cause

Part 1

Part 2

Management with Tanzu Mission Control

Connecting the Supervisor Cluster to TMC

The Issue

The Cause