A Tanzu Kubernetes cluster is a full distribution of the open-source Kubernetes software that is packaged, signed, and supported by VMware. In the context of vSphere with Kubernetes, DevOps Engineers can use the Tanzu Kubernetes Grid Service to provision Tanzu Kubernetes clusters on the Supervisor Cluster. They can invoke the Tanzu Kubernetes Grid Service API declaratively by using kubectl and a YAML definition. A Tanzu Kubernetes cluster resides in a Supervisor Namespace and DevOps and Developers can deploy workloads and services to Tanzu Kubernetes clusters using the same tools as they would with standard Kubernetes clusters.
This test case procedure demonstrates a DevOps Engineer creating a Tanzu Kubernetes cluster in the SC namespace. Next, it demonstrates the DevOps Engineer accessing the TKC cluster API, authenticating, and browsing API resources and default settings. Lastly, it demonstrates visibility into the TKC cluster from the perspective of the vSphere Administrator.
- Completion of SC01-TC01, SC01-TC02
- vSphere Administrator console and user credentials
- DevOps Engineer console and user credentials
- VC content library subscribed/imported for TKC nodes images and synchronized
-
Using the vSphere Administrator console and credentials, login to the VC Web UI. Navigate to Menu > Workload Management. Select the Clusters tab then, select the vSphere_Cluster_Name hyperlink.
-
Select the Configure tab and under Namespaces, select General. In the Content Library section, select Edit. Then select the radio button next to the content library hosting the TKC node images. Select OK to save and close the window.
-
Using the DevOps Engineer console and credentials, login to the SC API.
kubectl vsphere login --vsphere-username ${DEVOPS_USER_NAME} --server=https://${SC_API_VIP} --insecure-skip-tls-verify --tanzu-kubernetes-cluster-namespace ${SC_NAMESPACE_01}Expected:
Logged in successfully.
You have access to the following contexts:
${SC_API_VIP}
${SC_NAMESPACE_01} -
Confirm you are logged into the ${SC_NAMESPACE_01} namespace
kubectl config current-contextExpected:
${SC_NAMESPACE_01} -
Identify the vSphere storage-policy name, also the Kubernetes storage class name, by describing the namespace storage quota. Record the resource name, which is
Storage_Resource_Name.storageclass.storage.k8s.io/requests.storage; omit the first "." and everything to the right of it.kubectl describe resourcequota ${SC_NAMESPACE_01}-storagequota -
List the virtual machine image class options with the command
kubectl get virtualmachineclasses -
List the virtual machine images available in the content library with the command
kubectl get virtualmachineimages -
Describe the virtualmachineimage(s) to identify details such as the Kubernetes version and vSphere compatibility
kubectl describe virtualmachineimage VirtualMachine_Image_Name
-
Using a text-editor, open the tkc01-small.yaml file. Update
spec.distribution.versionwith theVirtualMachine_Image_Nameidentified in Step 7. Updatespec.topology.controlPlane.storageClass,spec.topology.workers.storageClass, andspec.settings.storage.defaultClasswith theStorage_Resource_Nameidentified in Step 5. Note: Enter the storage policy name in all lower-case. For example, "wrkldmgmt-storage-policy". Save and close the file.Note: Only enter the latter portion of the
VirtualMachine_Image_Namestarting with "v" and everything to the right. For example, "v1.18" -
Apply the TanzuKubernetesCluster spec to the SC namespace, ${SC_NAMESPACE_01}
kubectl apply -f scenarios/devops/tkc01-small.yamlNOTE: To delete a TanzuKubernetes Cluster simply run the following
kubectl delete TanzuKubernetesCluster [cluster-name] -n [namespace-name]
-
Monitor the TKC cluster deployment progress with the following commands. This step is complete when the output from
kubectl get tanzukubernetesclusters tkc01-small -wreportsPHASEasrunningandkubectl describe tanzukubernetesclusters tkc01-smallreports theNode Statusfor all nodes asready.kubectl get tanzukubernetesclusters -wExpected:
NAME CONTROL PLANE WORKER DISTRIBUTION AGE PHASE ... tkc01-small 1 1 v1.18.19+vmware.1-tkg.1.17af790 7m37s running
kubectl describe tanzukubernetescluster tkc01-smallExpected:
... Node Status: tkc01-small-control-plane-8mhw9: ready tkc01-small-workers-s8fxw-65df5bc489-zpzbv: ready ...
-
Using the DevOps Engineer console and credentials, login to the newly created tkc01-small Tanzu Kubernetes Cluster
kubectl vsphere login --vsphere-username ${DEVOPS_USER_NAME} --server=https://${SC_API_VIP} --insecure-skip-tls-verify --tanzu-kubernetes-cluster-namespace ${SC_NAMESPACE_01} --tanzu-kubernetes-cluster-name tkc01-smallExpected:
Logged in successfully.
You have access to the following contexts:
${SC_API_VIP}
${SC_NAMESPACE_01}
tkc01-small -
Confirm you are logged into the tkc01-small Tanzu Kubernetes Cluster context
kubectl config current-contextExpected:
tkc01-small
-
Verify status of SC, Kubernetes master and URL with the command
kubectl cluster-infoExpected:
Kubernetes master is running at https://${SC_API_VIP}:6443 KubeDNS is running at https://${SC_API_VIP}:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy -
Verify status for all control-plane nodes and worker nodes
kubectl get nodesExpected:
NAME STATUS ROLES AGE VERSION tkc01-small-control-plane-8mhw9 Ready master 13m v1.18.19+vmware.1 tkc01-small-workers-s8fxw-65df5bc489-zpzbv Ready 10m v1.18.19+vmware.1
-
Review the available TKC API resources with the command
kubectl api-resources -
Review the available TKC API versions with the command
kubectl api-versions -
Run to verify all TKC pods report either “Running” or “Completed”
kubectl get pods -A -
Verify the default storage class is set to the vSphere storage policy with the command
kubectl get sc -
Review the default clusterRoleBindings with the following command. Identify the clusterrolebindings for
group:vsphere.local:administratorsandgroup:Domain_Name:DevOps_GroupNameor if user-level permissions set on namespace,user:Domain_Name:DevOps_UserNamekubectl get clusterrolebindings -
View the associated
ClusterRoleandSubjectforgroup:vsphere.local:administratorswith the commandkubectl describe clusterrolebinding vmware-system-auth-sync-wcp:${SC_NAMESPACE_01}:group:vsphere.local:administrators -
View the associated ClusterRole and Subject for
group:Domain_Name:DevOps_GroupNameoruser:Domain_Name:DevOps_UserNamewith the commandkubectl describe clusterrolebinding vmware-system-auth-sync-wcp:${SC_NAMESPACE_01}:group:Domain_Name:DevOps_GroupNameNote: If applying user-level permissions, in the above command replace group:Domain_Name:DevOps_GroupName with user:Domain_Name:DevOps_UserName
-
Using the vSphere Administrator console and credentials, login to the vCenter Web UI and navigate to Menu > Workload Management. Select the Clusters tab then, select the vSphere_Cluster_Name hyperlink. In the left pane, expand the Namespaces resource pool, then select the ${SC_NAMESPACE_01} namespace.
-
From the ${SC_NAMESPACE_01} Summary view, verify Tanzu Kubernetes tile reports one (1) Tanzu Kubernetes Cluster, and one (1) healthy, control plane node
-
Select the Compute tab, expand VMware Resources, and select Tanzu Kubernetes. Review the summary information for tkc01-small confirm Phase reports Running
-
In the left pane, expand the ${SC_NAMESPACE_01} object and select the tkc01-small resource pool
-
From tkc01-small Summary view, expand Resource Setting to view CPU and Memory configuration
-
Select the Monitor tab > Utilization to view TKC cluster resources usage
-
Select the VMs tab to list all TKC cluster nodes and verify the Status reports Normal
- [ ] Pass
- [ ] Fail
Return to Test Cases Inventory