The SCP Toolkit is packaged and distributed using the carvel set of tools, and it is possible to consume the package from one of two repositories:

  1. The Tanzu Application Platform Package Repository
  2. The SCP Package Repository

For information on how to install SCP Toolkit as part of Tanzu Application Platform, please refer to the Tanzu Application Platform documentation. For information on how to install just the SCP Toolkit (without the other Tanzu Application Platform packages), please follow the documentation below.

Step 1: Kubernetes clusters

In order to fully utilize the SCP Toolkit it is recommended to create, or have access to, at least two Kubernetes clusters. One of the clusters will act as an Application Workload Cluster, a cluster on which development teams deploy their application workloads. The other cluster will act as a Service Cluster, a cluster on which Service Operators deploy and run their Kubernetes operators.

One quick way to get started is to create these clusters using kind.

kind create cluster --name workload
kind create cluster --name service

The following installation steps must then be run on both clusters individually, resulting in the SCP Toolkit controller manager and related CRDs on both clusters.

For more advanced cluster topologies, please see Supported Topologies.

Step 2: Install pre-reqs

# Install kapp-controller (v0.24.0+)
kubectl apply -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/download/v0.24.0/release.yml

# Install secretgen-controller (v0.5.0+)
kubectl apply -f https://github.com/vmware-tanzu/carvel-secretgen-controller/releases/download/v0.5.0/release.yml

# Install cert manager
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.yaml

# Wait for kapp-controller APIService to be available
kubectl wait --for=condition=Available=true apiservice/v1alpha1.data.packaging.carvel.dev

Step 3: Create the serviceaccount and RBAC for the scp-toolkit installation via kapp-controller

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kapp-controller-sa
  namespace: kapp-controller-packaging-global
EOF

# Note: This is a very open ClusterRole at present, we are aiming to refine the permissions in an upcoming release.
cat <<EOF | kubectl apply -f -
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kapp-controller-scp
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]
EOF

cat <<EOF | kubectl apply -f -
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kapp-controller-scp
subjects:
- kind: ServiceAccount
  name: kapp-controller-sa
  namespace: kapp-controller-packaging-global
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kapp-controller-scp
EOF

Step 4: Create a Secret containing registry credentials and corresponding SecretExport for kapp-controller to pull PackageRepository and for the Deployment to pull the scp-toolkit images

Run the following command substituting REGISTRY-USERNAME and REGISTRY-PASSWORD values. These are the credentials that you use to login to TanzuNet.

kubectl create secret docker-registry tap-registry \
  --namespace=kapp-controller-packaging-global \
  --docker-username='<REGISTRY-USERNAME>' \
  --docker-password='<REGISTRY-PASSWORD>' \
  --docker-server=registry.tanzu.vmware.com \
  --dry-run=client -oyaml \
  | kubectl apply -f -

cat <<EOF | kubectl apply -f -
---
apiVersion: secretgen.carvel.dev/v1alpha1
kind: SecretExport
metadata:
  name: tap-registry
  namespace: kapp-controller-packaging-global
spec:
  toNamespaces:
  - "*"
EOF

Note: The name and namespace for these resources are arbitrary however both names must match and both namespaces must match.

Step 5: Create the scp-toolkit PackageRepository

cat <<EOF | kubectl apply -f -
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageRepository
metadata:
  name: scp-toolkit-repository
  namespace: kapp-controller-packaging-global
spec:
  fetch:
    imgpkgBundle:
      image: registry.tanzu.vmware.com/scp-toolkit/scp-toolkit-packagerepository-bundle@sha256:8fd545cc1c031e5204d94b093d1437618c8d9578b08eda16006b81fb929f0160
EOF

Step 6: Create a PackageInstall

cat <<EOF | kubectl apply -f -
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
  name: scp-toolkit
  namespace: kapp-controller-packaging-global
spec:
  serviceAccountName: kapp-controller-sa
  packageRef:
    refName: scp-toolkit.tanzu.vmware.com
    versionSelection:
      constraints: "0.3.0"
EOF

Confirm that the installation was successful by running:

kubectl get deployments -n scp-toolkit
kubectl get crds | grep services.tanzu.vmware.com
check-circle-line exclamation-circle-line close-line
Scroll to top icon