On-boarding TKG Clusters on Tanzu Service Mesh

VMware Tanzu

What is Tanzu Kubernetes Grid Cluster?

Read more detail here:

What is Tanzu Service Mesh?

Read more detail here:

TKG Cluster on-boarding Pre-requirements

Technical Pre-requirements

Access Requirement

On-boarding TKG Cluster on Tanzu Service Mesh Steps

Note: If you see 400 Bad Request, try opening in Incognito Window.

Error while opening Tanzu Service Mesh portal

2. Once it is opened, You will see portal like below.

Tanzu Service Mesh Landing Page

In my case, there are no cluster on-boarded yet. Let’s start TKG Cluster on-boarding.

3. Click on ADD NEW in left corner. It will give you different options. Click on Onboard New Cluster.

TSM — ADD NEW

4. Enter the Cluster Name and Click on “GENERATE SECURITY TOKEN” button.

Note: Cluster name provided here need not be same as TKG Cluster name

5. After clicking on Generate Security Token button, Next step will be highlighted with token filled in.

6. Copy both and apply them on your TKG cluster.

$ kubectl apply -f <copy above link>
namespace/vmware-system-tsm created
customresourcedefinition.apiextensions.k8s.io/tsmclusters.tsm.vmware.com unchanged
customresourcedefinition.apiextensions.k8s.io/clusterhealths.client.cluster.tsm.tanzu.vmware.com configured
configmap/tsm-agent-operator created
serviceaccount/operator--srv-acnt created
clusterrolebinding.rbac.authorization.k8s.io/operator-cluster-admin-rb configured
deployment.apps/tsm-agent-operator created
serviceaccount/operator-ecr-read-only--service-account created
secret/operator-ecr-read-only--aws-credentials created
role.rbac.authorization.k8s.io/operator-ecr-read-only--role created
rolebinding.rbac.authorization.k8s.io/operator-ecr-read-only--role-binding created
cronjob.batch/operator-ecr-read-only--renew-token created
job.batch/operator-ecr-read-only--renew-token created

$ kubectl -n vmware-system-tsm create secret generic cluster-token --from-literal=token=<token removed>
secret/cluster-token created

7. In few sec, you will notice that the next step is highlighted to install Tanzu Service Mesh.

Before we install, Let see what changes has already been made on TKG Cluster. You will see that the vmware-system-tsm namespace is created and there are few resource created too. e.g. below

$ k get ns
NAME STATUS AGE
adminspace Active 7d17h
cert-manager Active 16d
controller-my-tkg-controller Active 7d18h
default Active 54d
kube-node-lease Active 54d
kube-public Active 54d
kube-system Active 54d
tanzu-system-ingress Active 54d
tkg-system Active 54d
vmware-system-auth Active 54d
vmware-system-cloud-provider Active 54d
vmware-system-csi Active 54d
vmware-system-tsm Active 2m30s

$ k get all -n vmware-system-tsm
NAME READY STATUS RESTARTS AGE
pod/allspark-ws-proxy-84f46b6c7b-h9hv7 1/1 Running 0 2m15s
pod/k8s-cluster-manager-7f65f4597c-jpxpq 1/1 Running 0 2m15s
pod/operator-ecr-read-only--renew-token-2qb5h 0/1 Completed 0 2m36s
pod/tsm-agent-operator-84459cfdb8-r6qqh 1/1 Running 0 2m36s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/k8s-cluster-manager ClusterIP 10.106.18.113 <none> 40041/TCP 2m15s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/allspark-ws-proxy 1/1 1 1 2m15s
deployment.apps/k8s-cluster-manager 1/1 1 1 2m15s
deployment.apps/tsm-agent-operator 1/1 1 1 2m36s
NAME DESIRED CURRENT READY AGE
replicaset.apps/allspark-ws-proxy-84f46b6c7b 1 1 1 2m15s
replicaset.apps/k8s-cluster-manager-7f65f4597c 1 1 1 2m15s
replicaset.apps/tsm-agent-operator-84459cfdb8 1 1 1 2m36s
NAME COMPLETIONS DURATION AGE
job.batch/operator-ecr-read-only--renew-token 1/1 2s 2m36s
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
cronjob.batch/operator-ecr-read-only--renew-token 0 */8 * * * False 0 <none> 2m36s

8. You can select specific namespace if you need to exclude and then Click on Install Tanzu Service Mesh button.

TSM Installation is in progress

9. Let’s notice the changes in TKG cluster.

List the namespace and you will see that the New namespace is created. List the pods being created inside this namespace too.

istio-system                   Active   13s$ k get po -n istio-system
NAME READY STATUS RESTARTS AGE
allspark-telegraf-node-pjh2j 1/1 Running 0 7m40s
allspark-telegraf-node-s6fxt 1/1 Running 0 7m40s
allspark-telegraf-node-xszpj 1/1 Running 0 7m40s
istio-egressgateway-544d8dd96b-k4q9k 1/1 Running 0 9m10s
istio-egressgateway-544d8dd96b-qjlj8 1/1 Running 0 9m10s
istio-ingressgateway-55678bc575-b6v84 1/1 Running 0 9m10s
istio-ingressgateway-55678bc575-vnqdt 1/1 Running 0 9m10s
istio-telemetry-d564c59df-f97gh 2/2 Running 0 9m8s
istio-telemetry-d564c59df-vpqlv 2/2 Running 0 9m8s
istiocoredns-599c554d55-6zd77 2/2 Running 0 9m10s
istiocoredns-599c554d55-r77c6 2/2 Running 0 9m10s
istiod-bb6f7548-fw4fn 1/1 Running 0 9m27s
istiod-bb6f7548-vs9f9 1/1 Running 0 9m27s

10. Wait for sometime and above step will take take around 3–4 mins. Keep watching the resource deployment under istio-system namespace.

11. After few mins, you will see that the cluster onboarding is successful.

12. Click on EXIT TO CONSOLE button. You will see the newly onboarded cluster is listed.

So, our TKG Cluster is onboaded successfully. In the next post, i will talk about different concepts of TSM e.g. Global Namespace, SLO etc. and how to use them.

Resources

Refer VMware Documentation for more detail

Learn VMware Tanzu Portfolio and Application Modernization using Tanzu quickly and easily.

Learn VMware Tanzu Portfolio and Application Modernization using Tanzu quickly and easily.