Deploying Cluster Essentials v1.9.2

This topic tells you how to install, upgrade, and uninstall Cluster Essentials v1.9.2.

Supported Kubernetes versions

Installation requires Kubernetes cluster v1.25, v1.26, v1.27, v1.28 or v1.29 on one of the following Kubernetes providers:

  • Azure Kubernetes Service
  • Amazon Elastic Kubernetes Service
  • Google Kubernetes Engine
  • Red Hat OpenShift v4.14 or v4.15 running on vSphere and baremetal clusters
  • Minikube
  • Kind

Supported Platforms

The Cluster Essentials install script can only be run on AMD64 CPUs with macOS, Windows or Linux.

Install

If you are using a VMware Tanzu Kubernetes Grid cluster, you do not need to install Cluster Essentials because the contents of Cluster Essentials are already installed on your cluster.

For all other clusters, install Cluster Essentials using the following steps.

Download artifacts from the Broadcom Support Portal

  1. Sign in to the Broadcom Support Portal.

  2. Go to Cluster Essentials for VMware Tanzu in Tanzu > My Downloads.

  3. Expand the Cluster Essentials for VMWare Tanzu section.

  4. Retrieve your Broadcom registry API token:

    1. Click the Token Download icon next to the Cluster Essentials version you want to download.

      Screenshot of the Cluster Essentials download page in the Broadcom Support Portal with the Token Download icon highlighted.

    2. Follow the instructions in the dialog box. Save the token as a variable named MY_BROADCOM_SUPPORT_ACCESS_TOKEN. For example:

      export MY_BROADCOM_SUPPORT_ACCESS_TOKEN=API-TOKEN
      

      Where API-TOKEN is your token from the Broadcom Support Portal.

  5. Click 1.9.2.

  6. Select the I agree to Terms and Conditions check box.

  7. Choose a download according to your Kubernetes provider and operating system:

    • For macOS, download tanzu-cluster-essentials-darwin-amd64-1.9.2.tgz.
    • For Linux, download tanzu-cluster-essentials-linux-amd64-1.9.2.tgz.
    • For Windows, download tanzu-cluster-essentials-windows-amd64-1.9.2.tgz.
  8. Unpack the TAR file into the tanzu-cluster-essentials directory:

    • On macOS or Linux:

      mkdir $HOME/tanzu-cluster-essentials
      tar -xvf DOWNLOADED-CLUSTER-ESSENTIALS-BUNDLE -C $HOME/tanzu-cluster-essentials
      

      Where DOWNLOADED-CLUSTER-ESSENTIALS-BUNDLE is the name of the bundle you downloaded.

    • On Windows, in Command Prompt:

      :: Ensure you are in the directory where you have downloaded DOWNLOADED-CLUSTER-ESSENTIALS-BUNDLE
      mkdir tanzu-cluster-essentials
      tar -xvf DOWNLOADED-CLUSTER-ESSENTIALS-BUNDLE -C tanzu-cluster-essentials
      

      Where DOWNLOADED-CLUSTER-ESSENTIALS-BUNDLE is the name of the bundle you downloaded.

  9. For air-gapped installation, download the bundle:

    • On macOS or Linux:

      $ cd tanzu-cluster-essentials
      
      $ IMGPKG_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com \
        IMGPKG_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME \
        IMGPKG_REGISTRY_PASSWORD=${MY_BROADCOM_SUPPORT_ACCESS_TOKEN} \
        ./imgpkg copy \
          -b cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:267c635556b060fb917d1b9165bbbc5c5b2f3bb576f2ca7c8ec61d1b7b465fbc \
          --to-tar cluster-essentials-bundle-1.9.2.tar \
          --include-non-distributable-layers
      

      Where BROADCOM-REGISTRY-USERNAME is your username for Broadcom registry.

    • On Windows, in Command Prompt:

      cd tanzu-cluster-essentials
      
      set IMGPKG_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com
      set IMGPKG_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME
      set /p IMGPKG_REGISTRY_PASSWORD=password:
      :: Interactively enter $MY_BROADCOM_SUPPORT_ACCESS_TOKEN
      imgpkg copy ^
        -b cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:267c635556b060fb917d1b9165bbbc5c5b2f3bb576f2ca7c8ec61d1b7b465fbc ^
        --to-tar cluster-essentials-bundle-1.9.2.tar ^
        --include-non-distributable-layers
      

      Where BROADCOM-REGISTRY-USERNAME is your username for Broadcom registry.

Set Kubernetes cluster context

  1. List the existing contexts by running:

    kubectl config get-contexts
    
  2. Set the context to the cluster that you want to use for the Cluster Essentials install.

    kubectl config use-context CONTEXT-NAME
    

    Where CONTEXT-NAME can be retrieved from the outputs of the previous step.

Deploy onto the cluster

To deploy to your cluster, create a configuration secret if your registry requires a custom certificate then run the script to install Cluster Essentials.

(Optional) Set your custom certificate

If your registry needs a custom certificate, you must load that configuration into the cluster before installing kapp-controller.

If your registry uses a public certificate, these steps are not required.

  1. Create the kapp-controller namespace:

    kubectl create namespace kapp-controller
    
  2. Create a configuration secret by using the registry’s ca.crt stored on local disk:

    kubectl create secret generic kapp-controller-config \
      --namespace kapp-controller \
      --from-file caCerts=ca.crt
    

Deploy using macOS or Linux

Configure and run install.sh, which installs kapp-controller and secretgen-controller on your cluster:

  • For online installation, run:

    export INSTALL_BUNDLE=cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:267c635556b060fb917d1b9165bbbc5c5b2f3bb576f2ca7c8ec61d1b7b465fbc
    export INSTALL_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com
    export INSTALL_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME
    export INSTALL_REGISTRY_PASSWORD=${MY_BROADCOM_SUPPORT_ACCESS_TOKEN}
    export CA_PATH=/PATH-TO-CA-CERT/ca.crt
    cd $HOME/tanzu-cluster-essentials
    ./install.sh --yes
    

    Where:

    • BROADCOM-REGISTRY-USERNAME is your username for Broadcom registry.
    • PATH-TO-CA-CERT is the location of your custom CA certificate.

      Note

      CA_PATH is only required if your registry needs the custom certificate you optionally provided earlier to pull the image and deploy kapp-controller.

  • For air-gapped installation:

    Upload the previously downloaded bundle to the air-gapped registry and install Cluster Essentials by running:

    $ cd tanzu-cluster-essentials
    
    $ IMGPKG_REGISTRY_HOSTNAME=MY-REGISTRY \
      IMGPKG_REGISTRY_USERNAME=MY-REGISTRY-USER \
      IMGPKG_REGISTRY_PASSWORD=MY-REGISTRY-PASSWORD \
      CA_PATH=/PATH-TO-CA-CERT/ca.crt \
      ./imgpkg copy \
        --tar cluster-essentials-bundle-1.9.2.tar \
        --to-repo MY-REGISTRY/cluster-essentials-bundle \
        --include-non-distributable-layers \
        --registry-ca-cert-path CA_PATH
    
    $ INSTALL_BUNDLE=MY-REGISTRY/cluster-essentials-bundle@sha256:678c20e14e1065c6a97828632d02b0716ef453e2c9b3c5e1ea0dba1817bd8125 \
      INSTALL_REGISTRY_HOSTNAME=MY-REGISTRY \
      INSTALL_REGISTRY_USERNAME=MY-REGISTRY-USER \
      INSTALL_REGISTRY_PASSWORD=MY-REGISTRY-PASSWORD \
      ./install.sh
    

    Where:

    • MY-REGISTRY is your air-gapped container registry.
    • MY-REGISTRY-USER is the user with write access to MY-REGISTRY.
    • MY-REGISTRY-PASSWORD is the password for MY-REGISTRY-USER.
    • PATH-TO-CA-CERT is the location of your custom CA certificate.

      Note

      CA_PATH is only required if your registry needs the custom certificate you optionally provided earlier to pull the image and deploy kapp-controller.

Deploy using Windows

Configure and run install.bat, which installs kapp-controller and secretgen-controller on your cluster:

  • For online installation, run:

    cd tanzu-cluster-essentials
    
    set INSTALL_BUNDLE=cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:267c635556b060fb917d1b9165bbbc5c5b2f3bb576f2ca7c8ec61d1b7b465fbc
    set INSTALL_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com
    set INSTALL_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME
    set /p INSTALL_REGISTRY_PASSWORD=password:
    :: Interactively enter $MY_BROADCOM_SUPPORT_ACCESS_TOKEN
    set CA_PATH=/PATH-TO-CA-CERT/ca.crt
    install.bat
    

    Where:

    • BROADCOM-REGISTRY-USERNAME is your username for Broadcom registry.
    • PATH-TO-CA-CERT is the location of your custom CA certificate.

      Note

      CA_PATH is only required if your registry needs the custom certificate you provided earlier to pull the image and deploy kapp-controller.

  • For air-gapped installation:

    Upload the previously downloaded bundle to the air-gapped registry and install Cluster Essentials by running:

    cd tanzu-cluster-essentials
    
    set IMGPKG_REGISTRY_HOSTNAME=MY-REGISTRY
    set IMGPKG_REGISTRY_USERNAME=MY-REGISTRY-USER
    set IMGPKG_REGISTRY_PASSWORD=password:
    :: Interactive enter MY-REGISTRY-PASSWORD
    set CA_PATH=/PATH-TO-CA-CERT/ca.crt
    imgpkg copy ^
      --tar cluster-essentials-bundle-1.9.2.tar ^
      --to-repo MY-REGISTRY/cluster-essentials-bundle ^
      --include-non-distributable-layers ^
      --registry-ca-cert-path CA_PATH
    
    set INSTALL_BUNDLE=MY-REGISTRY/cluster-essentials-bundle@sha256:678c20e14e1065c6a97828632d02b0716ef453e2c9b3c5e1ea0dba1817bd8125
    set INSTALL_REGISTRY_HOSTNAME=MY-REGISTRY
    set INSTALL_REGISTRY_USERNAME=MY-REGISTRY-USER
    set /p INSTALL_REGISTRY_PASSWORD=password:
    :: Interactively enter MY-REGISTRY-PASSWORD
    install.bat
    

    Where:

    • MY-REGISTRY is your air-gapped container registry.
    • MY-REGISTRY-USER is the user with write access to MY-REGISTRY.
    • MY-REGISTRY-PASSWORD is the password for MY-REGISTRY-USER.
    • PATH-TO-CA-CERT is the location of your custom CA certificate.

      Note

      CA_PATH is only required if your registry needs the custom certificate you provided earlier to pull the image and deploy kapp-controller.

(Optional) Install CLIs onto your $PATH

  1. (Optional) Several Tanzu products, such as Tanzu Application Platform, use the kapp CLI to deploy. For convenience, you can install the kapp CLI onto your $PATH:

    sudo cp $HOME/tanzu-cluster-essentials/kapp /usr/local/bin/kapp
    
  2. (Optional) Several Tanzu products, such as Tanzu Application Platform, use the imgpkg CLI to relocate packages. For convenience, you can install the imgpkg CLI onto your $PATH:

    sudo cp $HOME/tanzu-cluster-essentials/imgpkg /usr/local/bin/imgpkg
    

Upgrade

Cluster Essentials components (such as kapp-controller and secretgen-controller) cannot be upgraded on clusters provisioned using VMware Tanzu Kubernetes Grid and VMware Tanzu Mission Control.

For all other clusters, if you already have Cluster Essentials v1.0 or later installed on your target cluster, you can upgrade to Cluster Essentials v1.9.2 using the following steps. Running this upgrade updates the kapp-controller version on your cluster to v0.51.2 and secretgen-controller version to v0.17.3.

  1. Follow the steps in Download artifacts from the Broadcom Support Portal and Set Kubernetes cluster context.

  2. Configure and run install.sh, which installs kapp-controller and secretgen-controller on your cluster:

    • On macOS or Linux:

      cd $HOME/tanzu-cluster-essentials
      
      export INSTALL_BUNDLE=cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:267c635556b060fb917d1b9165bbbc5c5b2f3bb576f2ca7c8ec61d1b7b465fbc
      export INSTALL_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com
      export INSTALL_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME
      export INSTALL_REGISTRY_PASSWORD=${MY_BROADCOM_SUPPORT_ACCESS_TOKEN}
      
      ./install.sh --yes
      

      Where BROADCOM-REGISTRY-USERNAME is your username for Broadcom registry.

    • On Windows, in Command Prompt:

      cd tanzu-cluster-essentials
      
      set INSTALL_BUNDLE=cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:267c635556b060fb917d1b9165bbbc5c5b2f3bb576f2ca7c8ec61d1b7b465fbc
      set INSTALL_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com
      set INSTALL_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME
      set /p INSTALL_REGISTRY_PASSWORD=password:
      :: Interactively enter $MY_BROADCOM_SUPPORT_ACCESS_TOKEN
      
      install.bat
      

      Where BROADCOM-REGISTRY-USERNAME is your username for Broadcom registry.

  3. (Optional) Follow the steps in Install CLIs onto your $PATH to install newer versions of the kapp and imgpkg CLIs to your path.

Rollback

Caution

Uninstalling Cluster Essentials when the upgrade fails will cause an unrepairable state for your cluster.

To rollback to the previously installed version, follow the previous version of Cluster Essentials deployment instructions.

Uninstall

Caution

Uninstalling Cluster Essentials when the installation fails will cause an unrepairable state for your cluster.

You must uninstall all the Custom Resources created by kapp-controller and secretgen-controller before running the uninstall script for Cluster Essentials.

  1. Follow the steps in Set Kubernetes cluster context.

  2. Run uninstall.sh, which uninstalls kapp-controller and secretgen-controller on your cluster:

    On macOS or Linux:

    cd $HOME/tanzu-cluster-essentials
    ./uninstall.sh --yes
    

    On Windows (in “Command Prompt” app):

    cd tanzu-cluster-essentials
    uninstall.bat
    
check-circle-line exclamation-circle-line close-line
Scroll to top icon