Kubernetes

• Tanzu
• Workload Management
• Commands and Bindings
• Services
• AWX Operator

Tanzu

Workload Management

Management

management vlan 99
management subnet /24 (255.255.255.0)
management tanzu starting address 10.0.99.48
management proxy 10.0.99.10 (api plane)
management gateway 10.0.99.1
supervisor node range 10.0.99.64/29

Workload
workload vlan 101
loadbalance range (aka VIP range) 10.0.101.16/28
workload range (cluster node range) 10.0.101.128/25 10.0.101.128-10.0.101.254
workload gateway 10.0.101.1
workload subnet /24 (255.255.255.0)

Haproxy

hostname: haproxy
management ip: 10.0.99.10/24
management gateway: 10.0.99.1

workload ip (haproxy vip): 10.0.101.15/24

Commands and Bindings

Tanzu Login
kubectl-vsphere login --server=https://10.105.0.1 --insecure-skip-tls-verify --tanzu-kubernetes-cluster-namespace production --vsphere-username administrator@vsphere.snowlab.tech --tanzu-kubernetes-cluster-name tkgs-cl01

Privledged Rolebinding
kubectl create clusterrolebinding default-tkg-admin-privileged-binding --clusterrole=psp:vmware-system-privileged --group=system:authenticated

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rolebinding-cluster-user-administrator
namespace: default
roleRef:
kind: ClusterRole
name: psp:vmware-system-privileged #Default ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: User
name: sso:administrator@vsphere.snowlab.tech #sso<username>@<domain>
apiGroup: rbac.authorization.k8s.io

Harbor Deploy
helm install harbor bitnami/harbor \
--set harborAdminPassword='CHANGEME' \
--set global.storageClass=tanzu-default \
--set service.type=LoadBalancer \
--set externalURL=harbor.corp.snowlab.tech \
--set service.tls.commonName=harbor.corp.snowlab.tech \
-n harbor

Supervisor Cluster Admin
kubectl get secret TKGS-CLUSTER-NAME-kubeconfig -o jsonpath='{.data.value}' | base64 -d > tkgs-cluster-kubeconfig-admin

Storage Policies
vsan-default-storage-policy (dont use)
tanzu-default (default)

Password Var
export KUBECTL_VSPHERE_PASSWORD=CHANGEME

Permissions Manager
---
apiVersion: v1
kind: Secret
metadata:
name: permission-manager
namespace: permission-manager
type: Opaque
stringData:
PORT: "4000" # port where server is exposed
CLUSTER_NAME: "tkgs-cl01" # name of the cluster to use in the generated kubeconfig file
CONTROL_PLANE_ADDRESS: "https://10.0.101.16:6443" # full address of the control plane to use in the generated kubeconfig file
BASIC_AUTH_PASSWORD: "CHANGEME" # password used by basic auth (username is `admin`)

 

Services

AWX Operator

kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/0.13.0/deploy/awx-operator.yaml