Reading Time: 6 minsPrerequisites
DNS Records
Tanzu Learning Center allocates a wildcard subdomain for your workshops and content. This wildcard should be pointed at the external IP address of the tanzu-system-ingress’s envoy service.
kubectl -n tanzu-system-ingress get svc | grep envoy
envoy LoadBalancer 10.28.4.173 35.197.48.244 80:32484/TCP,443:32230/TCP 9d
Kubernetes cluster requirements
Installation requires:
- Kubernetes cluster versions 1.20, 1.21, or 1.22 on one of the following Kubernetes providers:
- Azure Kubernetes Service
- Amazon Elastic Kubernetes Service
- Google Kubernetes Engine
- GKE Autopilot clusters do not have required features enabled
- Minikube
- Reference the resource requirements below
- Hyperkit driver is supported on macOS only; Docker driver is not supported.
Resources requirements
- To deploy all Tanzu Application Platform packages, your cluster must have at least:
- 8 GB of RAM across all nodes available to Tanzu Application Platform
- 8 CPUs for i9 (or equivalent) available to Tanzu Application Platform components
- 12 CPUs for i7 (or equivalent) available to Tanzu Application Platform components
- 12 GB of RAM is available to build and deploy applications, including Minikube. VMware recommends 16 GB of RAM for an optimal experience.
- 70 GB of disk space available per node
Tools and CLIs requirements
Installation requires:
- The Kubernetes CLI, kubectl, v1.20, v1.21 or v1.22, installed and authenticated with administrator rights for your target cluster. See Install Tools in the Kubernetes documentation.
- Set the context to the cluster that you want to use for the Learning Center packages install.
Accept the EULAs
Before installing packages, you have to accept the End User License Agreements (EULAs).
To accept EULAs:
- Sign in to Tanzu Network.
- Accept or confirm that you have accepted the EULA for Cluster Essentials for VMware Tanzu
Install Cluster Essentials for VMware Tanzu
- Sign in to Tanzu Network.
- Navigate to Cluster Essentials for VMware Tanzu on Tanzu Network.
- Download tanzu-cluster-essentials-darwin-amd64-1.0.0.tgz (for OS X) or tanzu-cluster-essentials-linux-amd64-1.0.0.tgz (for Linux) and unpack the TAR file into tanzu-cluster-essentials directory:
mkdir $HOME/tanzu-cluster-essentials
tar -xvf tanzu-cluster-essentials-darwin-amd64-1.0.0.tgz -C $HOME/tanzu-cluster-essentials
4. Configure and run install.sh, which installs kapp-controller and secretgen-controller on your cluster:
export INSTALL_BUNDLE=registry.tanzu.vmware.com/tanzu-cluster-essentials/cluster-essent
ials-bundle@sha256:82dfaf70656b54dcba0d4def85ccae1578ff27054e7533d08320244af7fb0343
export INSTALL_REGISTRY_HOSTNAME=registry.tanzu.vmware.com
export INSTALL_REGISTRY_USERNAME=TANZU-NET-USER
export INSTALL_REGISTRY_PASSWORD=TANZU-NET-PASSWORD
cd $HOME/tanzu-cluster-essentials
Where TANZU-NET-USER and TANZU-NET-PASSWORD are your credentials for Tanzu Network.
5. Install the kapp CLI onto your $PATH:
sudo cp $HOME/tanzu-cluster-essentials/kapp /usr/local/bin/kapp
Install or update the Tanzu CLI and plug-ins
To install the Tanzu CLI on a Mac operating system:
- Create a directory named tanzu:
- Sign in to Tanzu Network.
- Navigate to Tanzu Application Platform on Tanzu Network.
- Click the tanzu-cli-v0.10.0 folder.
- Download tanzu-framework-bundle-mac and unpack the TAR file into the tanzu directory:
tar -xvf tanzu-framework-darwin-amd64.tar -C $HOME/tanzu
- Set env var TANZU_CLI_NO_INIT to true to assure the local downloaded versions of the CLI core and plug-ins are installed:
export TANZU_CLI_NO_INIT=true
- Install the CLI core by running:
cd $HOME/tanzu
install cli/core/v0.10.0/tanzu-core-darwin_amd64 /usr/local/bin/tanzu
- Confirm installation of the CLI core by running:
Expected output: version: v0.10.0
Clean install Tanzu CLI plug-ins
To perform a clean installation of the Tanzu CLI plug-ins:
- If it hasn’t been done already, set env var TANZU_CLI_NO_INIT to true to assure the locally downloaded plug-ins are installed:
export TANZU_CLI_NO_INIT=true
- From your tanzu directory, Install the local versions of the plug-ins you downloaded by running:
cd $HOME/tanzu
tanzu plugin install --local cli all
- Check the plug-in installation status by running:
Expect to see the following:
Ensure that you have the accelerator, apps, package, secret, and services plug-ins. You need these plug-ins to install and interact with the Tanzu Application Platform.
Tanzu Application Platform requires cluster-admin privileges. Running commands associated with the additional plug-ins can have unintended side effects. VMware recommends against running cluster, kubernetes-release, login, management-cluster, and pinniped-auth commands.
Install cert-manager and contour
cert-manager:
- List version information for the package by running:
tanzu package available list cert-manager.tanzu.vmware.com -n tap-install
Example:
tanzu package available list cert-manager.tanzu.vmware.com -n tap-install
/ Retrieving package versions for cert-manager.tanzu.vmware.com...
NAME VERSION RELEASED-AT
cert-manager.tanzu.vmware.com 1.5.3+tap.1 2021-08-23T17:22:51Z
- Create a cert-manager-rbac.yml and Apply the config.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cert-manager-tap-install-cluster-admin-role
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cert-manager-tap-install-cluster-admin-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-tap-install-cluster-admin-role
subjects:
- kind: ServiceAccount
name: cert-manager-tap-install-sa
namespace: tap-install
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cert-manager-tap-install-sa
namespace: tap-install
For example:
kubectl apply -f cert-manager-rbac.yml
Create a cert-manager-install.yml using below sample and Apply the config.
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
name: cert-manager
namespace: tap-install
spec:
serviceAccountName: cert-manager-tap-install-sa
packageRef:
refName: cert-manager.tanzu.vmware.com
versionSelection:
constraints: "VERSION-NUMBER"
prereleases: {}
Where
VERSION-NUMBER is the version of the package listed in step 1.
For example:
kubectl apply -f cert-manager-rbac.yml
Verify the package install by running:
tanzu package installed get cert-manager -n tap-install
For example:
tanzu package installed get cert-manager -n tap-install
/ Retrieving installation details for cert-manager...
NAME: cert-manager
PACKAGE-NAME: cert-manager.tanzu.vmware.com
PACKAGE-VERSION: 1.5.3+tap.1
STATUS: Reconcile succeeded
CONDITIONS: [{ReconcileSucceeded True }]
USEFUL-ERROR-MESSAGE:
Verify that STATUS is Reconcile succeeded
kubectl get deployment cert-manager -n cert-manager
For example:
kubectl get deploy cert-manager -n cert-manager
NAME READY UP-TO-DATE AVAILABLE AGE
cert-manager 1/1 1 1 2m18s
Verify that STATUS is Running
Contour:
- List version information for the package by running:
tanzu package available list contour.tanzu.vmware.com -n tap-install
For example:
$ tanzu package available list contour.tanzu.vmware.com -n tap-install
- Retrieving package versions for contour.tanzu.vmware.com...
NAME VERSION RELEASED-AT
contour.tanzu.vmware.com 1.18.2+tap.1 2021-10-05T00:00:00Z
- Create a contour-rbac.yml using the below sample and apply the configuration.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: contour-tap-install-cluster-admin-role
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: contour-tap-install-cluster-admin-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: contour-tap-install-cluster-admin-role
subjects:
- kind: ServiceAccount
name: contour-tap-install-sa
namespace: tap-install
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: contour-tap-install-sa
namespace: tap-install
- Apply the configuration by running:
kubectl apply -f contour-rbac.yml
- Create a contour-install.yml using the sample below and apply the configuration. The following configuration installs the contour package with default options. If you want to make changes to the default installation settings, go to the next step.
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
name: contour
namespace: tap-install
spec:
serviceAccountName: contour-tap-install-sa
packageRef:
refName: contour.tanzu.vmware.com
versionSelection:
constraints: 1.18.2+tap.1
prereleases: {}
values:
- secretRef:
name: contour-values
---
apiVersion: v1
kind: Secret
metadata:
name: contour-values
namespace: tap-install
stringData:
values.yaml: |
envoy:
service:
type: LoadBalancer
- Install the package by running:
kubectl apply -f contour-install.yaml
- Verify the package install by running:
tanzu package installed get contour -n tap-install
For example:
$ tanzu package installed get contour -n tap-install
/ Retrieving installation details for contour...
NAME: contour
PACKAGE-NAME: contour.tanzu.vmware.com
PACKAGE-VERSION: 1.18.2+tap.1
STATUS: Reconcile succeeded
CONDITIONS: [{ReconcileSucceeded True }]
USEFUL-ERROR-MESSAGE:
Verify that STATUS is Reconcile succeeded
Ensure that all pods are Running with all containers ready.
kubectl get po -n tanzu-system-ingress
For example:
kubectl get po -n tanzu-system-ingress
NAME READY STATUS RESTARTS AGE
contour-857d46c845-4r6c5 1/1 Running 1 18d
contour-857d46c845-p6bbq 1/1 Running 1 18d
envoy-mxkjk 2/2 Running 2 18d
envoy-qlg8l 2/2 Running 2 18d
Ensure that all pods are Running with all containers ready.
- As cert-manager needs to be able to add records to Route53 in order to solve the DNS01 challenge, create a user with the following IAM policy and an access key for this user in AWS.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:GetChange",
"Resource": "arn:aws:route53:::change/*"
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
}
]
}
- Create the learningcenter namespace manually:
kubectl create ns learningcenter
- Create a Kubernetes secret to store the credentials of AWS secret key & access key which later will be used by cert-manager in the learningcenter namespace:
kubectl create secret generic route53-secret --namespace=learningcenter --from-literal=secret-access-key=<Your ACCESS Key>
- Create an issuer.yml for cert-manager using the sample below and apply it. Don’t forget to modify with your region, your AWS access key id, your email and your DNS domain.
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-prod
namespace: learningcenter
spec:
acme:
# now pointing to Let's Encrypt production API
server: https://acme-v02.api.letsencrypt.org/directory
email: <Your EMAIL>
privateKeySecretRef:
# storing key material for the ACME account in dedicated secret
name: account-key-prod
solvers:
- selector:
dnsZones:
- "<Your DNS Domain>"
dns01:
route53:
region: <Your Region>
accessKeyID: <Your ACCESS Key Id>
secretAccessKeySecretRef:
name: route53-secret
key: secret-access-key
- Create a certificate.yml for cert-manager using the sample below and apply it. Don’t forget to modify with your DNS domain.
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: certificate-prod
namespace: learningcenter
spec:
# dedicate secret for the TLS cert
secretName: <Your DNS Domain>-tls
issuerRef:
# referencing the production issuer
name: letsencrypt-prod
commonName: "*.<Your DNS Domain>"
dnsNames:
- "*.<Your DNS Domain>"
- Wait until the certificate is issued successfully:
kubectl -n learningcenter get certificate -w
NAME READY SECRET AGE
certificate-prod True dcris.link-tls 5h
Verify that READY is True
Procedure to Install Learning Center
Learning Center Operator
- Create a learning-center-config.yml using the sample below. Modify with your DNS domain.
ingressDomain: <Your DNS Domain>
ingressSecret:
secretName: <Your DNS Domain>-tls
- Install Learning Center Operator by running:
tanzu package install learning-center --package-name learningcenter.tanzu.vmware.com --version 0.1.0 -f learning-center-config.yml -n tap-install
You can check that the operator deployed successfully by running:
kubectl get all -n learningcenter
The pod for the operator should be marked as running.
Hello World workshop training portal
Sample workshop content using Markdown formatting for pages.
- Deploy the sample workshop
kubectl apply -f https://raw.githubusercontent.com/chdubois/lab-hello-world/master/resources/workshop.yaml
kubectl apply -f https://raw.githubusercontent.com/chdubois/lab-hello-world/master/resources/training-portal.yaml
This will deploy a training portal hosting just this workshop.
- To get the URL for accessing the training portal run:
kubectl get trainingportals
NAME URL ADMINUSERNAME ADMINPASSWORD STATUS
lab-hello-world-sample http://lab-hello-world-sample-ui.dcris.link learningcenter ZlUBfH7KOtCoJrM0TpFhNLRY1Vie9q5u Running
