Documentation

Step 2B: Deploy a VMware Tanzu™ Community Edition managed cluster

In this step of the tutorial, we will install a managed TCE cluster .

VMware Tanzu™ Community Edition supports the following infrastructure providers for managed clusters:

  • AWS
  • Azure
  • Docker
  • vSphere

TCE offers a UI for setting up all the different parameters needed.

Preparing the OpenID Connect (OIDC) authentication

Before creating the cluster, we will need to set up a proper OIDC provider that Kubernetes will use to authenticate requests.

For this tutorial we will use Google Identity Platform OIDC provider, but there are more options of using an OAuth2/OIDC Provider with Kubeapps .

Setting up the Google credentials client

In the case of Google, we can use an OAuth 2.0 client. Create a new “Web Application” client following this steps .

At the end of this section, we should have:

  • Issuer URL: The IP or DNS address of the OIDC server. In our case, this might be https://accounts.google.com.
  • Client ID: The client_id value that you obtain from your OIDC provider.
  • Client Secret: The secret value that you obtain from your OIDC provider.
  • Scopes: A comma-separated list of additional scopes to request in the token response.
  • Username Claim: The name of your username claim. This is used to set a user’s username in the JSON Web Token (JWT) claim.
  • Groups Claim: The name of your group’s claim. This is used to set a user’s group in the JWT claim.

This information will be used to both set up the Kubernetes cluster, and in a further step, configure Kubeapps so that both use Google as an identity provider.

Deploying the cluster

  1. Initialise the Tanzu Community Edition installer UI to spin up a management cluster.

    tanzu management-cluster create --ui
    
  2. Choose your infrastructure provider and follow the wizard steps in the UI. For more information, visit the official TCE documentation on clusters deployment .

    OIDC data obtained in the previous section needs to be set in the UI during this step.

  3. Once the management cluster is created, validate that it started successfully.

    tanzu management-cluster get
    

    The output will look similar to the following:

    NAME          NAMESPACE   STATUS   CONTROLPLANE  WORKERS  KUBERNETES        ROLES       PLAN
    kubeapps-tce  tkg-system  running  1/1           1/1      v1.22.8+vmware.1  management  dev
    
    
    Details:
    
    NAME                                                             READY  SEVERITY  REASON  SINCE  MESSAGE
    /kubeapps-tce                                                    True                     3m37s
    ├─ClusterInfrastructure - AWSCluster/kubeapps-tce                True                     3m42s
    ├─ControlPlane - KubeadmControlPlane/kubeapps-tce-control-plane  True                     3m37s
    │ └─Machine/kubeapps-tce-control-plane-n9bbs                     True                     3m42s
    └─Workers
    └─MachineDeployment/kubeapps-tce-md-0                            True                     3m54s
        └─Machine/kubeapps-tce-md-0-95787cb65-gfnkz                  True                     3m42s
    
    
    Providers:
    
    NAMESPACE                          NAME                   TYPE                    PROVIDERNAME  VERSION  WATCHNAMESPACE
    capa-system                        infrastructure-aws     InfrastructureProvider  aws           v1.2.0
    capi-kubeadm-bootstrap-system      bootstrap-kubeadm      BootstrapProvider       kubeadm       v1.0.1
    capi-kubeadm-control-plane-system  control-plane-kubeadm  ControlPlaneProvider    kubeadm       v1.0.1
    capi-system                        cluster-api            CoreProvider            cluster-api   v1.0.1
    
  4. Capture the management cluster’s kubeconfig:

    tanzu management-cluster kubeconfig get kubeapps-tce --admin
    

    and select the cluster context to be used with kubectl:

    kubectl config use-context kubeapps-tce-admin@kubeapps-tce
    
  5. Unlike unmanaged clusters, the TCE packages catalog is not added by default to managed clusters. In order to add it, run:

    tanzu package repository add tce-repo --url projects.registry.vmware.com/tce/main:0.12.0 --namespace tanzu-package-repo-global
    

The outcome of the actions above will be a management, managed TCE cluster running on your preferred infrastructure provider. Starting with that, workload clusters could be created and be controlled from this management cluster. For simplicity reasons, we will continue the tutorial using only the management cluster, but it is not a recommended strategy for production setups.

For further information on how to create TCE workload clusters please check the official documentation .

Continue the tutorial by preparing the Kubeapps deployment .

Getting started

Discover how to deploy Kubeapps in your cluster, add some package repositories and start managing your applications!