TestDrive

Access your k8s cluster

Updated

In this section, we will access our kubernetes cluster and deploy nginx on it

22. View TKC on vSphere

Kubernetes is now built into vSphere with Tanzu which allows developers to continue using the same industry-standard tools and interfaces they've been using to create modern applications. vSphere Admins also benefit because they can help manage the Kubernetes infrastructure using the same tools and skills they have developed around vSphere. To help bridge these two worlds, we've introduced a new vSphere construct called Namespaces, allowing vSphere Admins to create a logical set of resources, permissions and policies that enable an application-centric approach.

Here's a quick view of how the TKC deployment looks during creation on vSphere. The TKC Control Plane and Worker nodes are getting created within Cluster Group that we chose, under the pathfinder-tanzu provisioner.

23. Access Namespace under Workload Management

  • Launch the 'vCenter Server - Tanzu' shortcut from the desktop. You will be automatically logged in. If for some reason you don't, then the login credentials are also available in the Demo Credentials document on desktop.
  • Select the 'pathfinder-tanzu' namespace from under Namespaces. The Summary tab would show up by default.
  • In the Summary tab you see the various configuration sections for the vSphere Namespace, including Status, Permissions, Storage, Capacity and Usage, vSphere Pods and Tanzu Kubernetes Status. From this screen an admin can manage any of these settings.

24. Access your Cluster

Now let's navigate back to your TMC Tab on the browser. Once your cluster status is 'Ready' and the health status is 'Healthy', click on 'Actions' at the top right corner and choose 'Access this cluster'

25. Download kubeconfig YAML File

[IMPORTANT] A new dialog box will open. Click on 'DOWNLOAD KUBECONFIG FILE' and Save As 'config.yml'

Click OK button.

NOTE: It is important to save the file as config.yml in order for the next set of steps to work. 

26. Setting environment variables

Launch Windows PowerShell from the Desktop by double clicking on the shortcut. Set the KUBECONFIG environment variable to point to our config.yml file saved in the previous step by copying the below command and pasting it in PowerShell.

$env:KUBECONFIG = "\\vmwtd.com\tdpublic\UEM-REDIRECT\$env:USERNAME\Downloads\config.yml"
  • Copy using CTRL+c (Windows) or 
  • Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or  Command (⌘) + v (macOS) on your keyboard

27. List K8s pods

Once the environment variable is set successfully, enter the command to list all pods.

kubectl get pods -A
  • Copy using CTRL+c (Windows) or  command + c (macOS) on your keyboard
  • Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or   + v (macOS) on your keyboard.

28. Paste API Token

This is where we will use the API token previously copied on Notepad++. 

  • Highlight the token pasted on your Notepad++ window and copy it by using Ctrl + c (Windows) or Command (⌘) + c (macOS)
  • Paste your copied token on your Windows PowerShell window by using Ctrl + v (Windows) or Command (⌘) + v (macOS) and hit 'Enter'. If the token doesn't paste, use your mouse right click to paste the token. 
  • You may be asked to set the login-context name, set a name for it (for e.g. <your-username>-tanzu) and hit 'Enter'.

You will get a 'context successfully created' message along with a list of all pods running on your cluster.

29. Bind to default PSP

By default, Pod Security Policies are enabled in this cluster which will prevent any pods from being created. Tanzu Kubernetes clusters include default PodSecurityPolicy (PSP) that you can bind to for privileged and restricted workload deployment.

Run the following command to bind to the default privileged PSP:

kubectl create clusterrolebinding tkgs-admin-privileged-binding --clusterrole=psp:vmware-system-privileged --group=system:authenticated
  • Copy using CTRL+c (Windows) or  Command (⌘) + c (macOS) on your keyboard
  • Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or  Command (⌘) + v (macOS) on your keyboard

30. Create a deployment

Now, let us deploy a sample application to verify the permissions were applied correctly. On the Powershell Window, run the following command to deploy nginx on your k8s cluster

kubectl create deployment nginx --image=nginx
  • Copy using CTRL+c (Windows) or Command (⌘) + c (macOS) on your keyboard
  • Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or  Command (⌘) + v (macOS) on your keyboard

31. List Pods

Run  the  following command to verify the deployment of nginx pods

kubectl get pods
  • Copy using CTRL+c (Windows) or  Command (⌘) + c (macOS) on your keyboard
  • Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or Command (⌘) + v (macOS) on your keyboard
Previous Article Tanzu Mission Control Overview
Next Article TMC Cluster Groups and Access Policies