Skip to main content

Step 2A: Deploy a VMware Tanzu™ Community Edition unmanaged cluster

In this step, the goal is to install an unmanaged TCE cluster.

By default, unmanaged clusters run locally via kind (default) or minikube with Tanzu components installed atop.

Spin up a TCE unmanaged cluster

  1. Create a cluster named for example kubeapps-cluster:

    tanzu unmanaged-cluster create kubeapps-cluster

  2. Wait for the cluster to initialise:

    📁 Created cluster directory

    🧲 Resolving and checking Tanzu Kubernetes release (TKr) compatibility file
    projects.registry.vmware.com/tce/compatibility
    Compatibility file exists at ~/.config/tanzu/tkg/unmanaged/compatibility/projects.registry.vmware.com_tce_compatibility_v9

    🔧 Resolving TKr
    projects.registry.vmware.com/tce/tkr:v1.22.7-2
    TKr exists at ~/.config/tanzu/tkg/unmanaged/bom/projects.registry.vmware.com_tce_tkr_v1.22.7-2
    Rendered Config: ~/.config/tanzu/tkg/unmanaged/kubeapps-cluster/config.yaml
    Bootstrap Logs: ~/.config/tanzu/tkg/unmanaged/kubeapps-cluster/bootstrap.log

    🔧 Processing Tanzu Kubernetes Release

    🎨 Selected base image
    projects.registry.vmware.com/tce/kind:v1.22.7

    📦 Selected core package repository
    projects.registry.vmware.com/tce/repo-12:0.12.0

    📦 Selected additional package repositories
    projects.registry.vmware.com/tce/main:0.12.0

    📦 Selected kapp-controller image bundle
    projects.registry.vmware.com/tce/kapp-controller-multi-pkg:v0.30.1

    🚀 Creating cluster kubeapps-cluster
    Cluster creation using kind!
    ❤️  Checkout this awesome project at https://kind.sigs.k8s.io
    Base image downloaded
    Cluster created
    To troubleshoot, use:

    kubectl ${COMMAND} --kubeconfig ~/.config/tanzu/tkg/unmanaged/kubeapps-cluster/kube.conf

    📧 Installing kapp-controller
    kapp-controller status: Running

    📧 Installing package repositories
    tkg-core-repository package repo status: Reconcile succeeded

    🌐 Installing CNI
    calico.community.tanzu.vmware.com:3.22.1

    ✅ Cluster created

    🎮 kubectl context set to kubeapps-cluster

    View available packages:
        tanzu package available list
    View running pods:
        kubectl get po -A
    Delete this cluster:
        tanzu unmanaged delete kubeapps-cluster

  3. The new unmanaged cluster is automatically added to your local kubeconfig. If you have kubectl installed locally, you can now use it to interact with the cluster.

  4. Once the cluster is up and running, let's check that the TCE catalog has been automatically added to it.

    tanzu package repository list --all-namespaces

    And the output should contain the most up-to-date TCE main catalog:

    NAME                                          REPOSITORY                                TAG     STATUS               DETAILS  NAMESPACE
    projects.registry.vmware.com-tce-main-0.12.0  projects.registry.vmware.com/tce/main     0.12.0  Reconcile succeeded           tanzu-package-repo-global
    tkg-core-repository                           projects.registry.vmware.com/tce/repo-12  0.12.0  Reconcile succeeded           tkg-system

Authentication for an unmanaged cluster

Unmanaged clusters are meant for development/testing mainly, and this tutorial uses the service account authentication.

Please remember that for any user-facing installation you should configure an OAuth2/OIDC provider to enable secure user authentication with Kubeapps and the cluster.

Credentials creation

Let's continue by creating a demo credential with which to access Kubeapps and Kubernetes. Service account named kubeapps-operator with a cluster-admin role.

kubectl create --namespace default serviceaccount kubeapps-operator
kubectl create clusterrolebinding kubeapps-operator --clusterrole=cluster-admin --serviceaccount=default:kubeapps-operator
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: kubeapps-operator-token
  namespace: default
  annotations:
    kubernetes.io/service-account.name: kubeapps-operator
type: kubernetes.io/service-account-token
EOF

NOTE It's not recommended to assign users the cluster-admin role for Kubeapps production usage.

Please refer to the Access Control documentation to configure fine-grained access control for users.

Credentials retrieval

In order to access Kubeapps, a token is required. Given that you are using plain service account authentication, it is straightforward to obtain a token. Keep the obtained token for later steps of the tutorial.

On Linux/macOS

kubectl get --namespace default secret kubeapps-operator-token -o go-template='{{.data.token | base64decode}}'

On Windows

Open a Powershell terminal and run:

[Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($(kubectl get --namespace default secret kubeapps-operator-token -o jsonpath='{.data.token}')))

Continue the tutorial by preparing the Kubeapps deployment.

Tutorial index

  1. TCE cluster deployment preparation
  2. Deploying a managed cluster or Deploy an unmanaged cluster
  3. Preparing the Kubeapps deployment
  4. Deploying Kubeapps
  5. Further documentation for managing applications in Kubeapps