Skip to content

tkrausjr/tkg2-poc

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

tkg2-poc

SETUP A CLUSTER and deploy TEST Application

  1. kubectl vsphere login --server 192.168.199.2 --tanzu-kubernetes-cluster-namespace application-a --vsphere-username [email protected] --insecure-skip-tls-verify

  2. cd github/tkg2-poc/clusters/

  3. kubectl apply -f ./gc-small-classy.yaml

  4. kubectl vsphere login --server 192.168.199.2 --tanzu-kubernetes-cluster-namespace application-a --tanzu-kubernetes-cluster-name --vsphere-username [email protected] --insecure-skip-tls-verify

  5. Configure workable PSP - # Reference - https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-with-tanzu-tkg/GUID-0AEC33DE-DCE2-4FBE-A33F-73C4EDCCAB88.html#GUID-0AEC33DE-DCE2-4FBE-A33F-73C4EDCCAB88 a. Create RB to run Privileged Workloads in default Namespace - 1. kubectl create rolebinding rolebinding-default-privileged-sa-ns_default --namespace=default --clusterrole=psp:vmware-system-privileged --group=system:serviceaccounts

    b. Create CRB to run Privileged in ANY namespace - 1. kubectl create clusterrolebinding psp:authenticated --clusterrole=psp:vmware-system-restricted --group=system:authenticated

  6. cd ../apps/guestbook-sc-lb

  7. kubectl apply -f guestbook-all-in-one.yaml

  8. watch kubectl get pods -o wide

  9. kubectl get sc

  10. kubectl get pvc

  11. kubectl get pv

  12. kubectl describe sc thin-disk1

  13. In vCenter goto Datastore and see the two dynamically provisioned VMDK's.

    1. nfs-ubuntu-01 —> kubevols —> Refresh
  14. watch kubectl get pods -o wide

  15. kubectl get services 1. NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 2. frontend LoadBalancer 10.100.200.46 10.40.14.39 80:32324/TCP 3m

  16. Chrome - Access and test the Application - using Chrome 1. Chrome http://10.40.13.39
    2. Enter some text into the application which will be stored in the REDIS DB on Persistent Volumes. 3. Show the Load Balancer that was created and the Virtual Servers etc.

  17. kubectl get po -o wide

    1. redis-master-89d7df6bf-6wrlb 1/1 Running 0 3m
    2. redis-slave-7cf6774dbb-srdxg 1/1 Running 0 3m
  18. kubectl delete po redis-master-89d7df6bf-6wrlb redis-slave-7cf6774dbb-srdxg

  19. watch kubectl get po -o wide

    1. Pods are recreated by the DEPLOYMENT automatically and should reconnect to the same Persistent Volumes
  20. Chrome - TEST !!! - Access the Application again - It should have the same text you entered.

To deploy an nginx test Deployment from a local registry

  1. If Local registry has a self signed CERT you will get an x509 Error pulling images.
  2. You will need to deploy or edit a cluster to include the regsitry trust section
  3. openssl s_client -connect 10.173.13.84:443
    1. CONNECTED(00000003)
    2. depth=0 C = CN, ST = NewYork, L = NewYork, O = example, OU = Personal, CN = harbor.tpmlab.vmware.com
    3. Server certificate
    4. -----BEGIN CERTIFICATE-----
    5. MIIGFTCCA/2gAwIBAgIUAIFOAaVcYubzVcqJ42FFAMUQ5r4wDQYJKoZIhvcNAQEN
    6. BQAweTELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB05ld1lvcmsxEDAOBgNVBAcMB05l
  4. Base64 encode
    • echo "-----BEGIN CERTIFICATE-----MIIGFTCCA/2gAwIBAgIUAIFOAaVcYubzVcqJ42FFAMUQ5r4wDQYJKoZIhvcNAQE.... | base64 -w 0
  5. Copy the output and Base64 encode again
    • echo "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlHRlRDQ0EvM...01TRXd | base64 -w 0
  6. Copy the output into the data section of the secret.
  • vi aci-registryca-v2.yaml

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages