The Services Toolkit is packaged and distributed using the carvel set of tools, and it is possible to consume the package from the Tanzu Application Platform Package Repository or by directly adding the Services Toolkit Package.

For information on how to install Services Toolkit as part of Tanzu Application Platform, please refer to the Tanzu Application Platform documentation. For information on how to install just the Services Toolkit (without the other Tanzu Application Platform packages), please follow the documentation below.

Step 1: Kubernetes clusters

In order to fully utilize the Services Toolkit it is recommended to create, or have access to, at least two Kubernetes clusters. One of the clusters will act as an Application Workload Cluster, a cluster on which development teams deploy their application workloads. The other cluster will act as a Service Cluster, a cluster on which Service Operators deploy and run their Kubernetes operators.

One quick way to get started is to create these clusters using kind.

kind create cluster --name workload
kind create cluster --name service

The following installation steps must then be run on both clusters individually, resulting in the Services Toolkit controller manager and related CRDs on both clusters.

For more advanced cluster topologies, please see Supported Topologies.

Step 2: Install pre-reqs

# Install kapp-controller (v0.24.0+)
kubectl apply -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/download/v0.24.0/release.yml

# Install secretgen-controller (v0.5.0+)
kubectl apply -f https://github.com/vmware-tanzu/carvel-secretgen-controller/releases/download/v0.5.0/release.yml

# Install cert manager
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.yaml

# Wait for kapp-controller APIService to be available
kubectl wait --for=condition=Available=true apiservice/v1alpha1.data.packaging.carvel.dev

Step 3: Create the serviceaccount and RBAC for the services-toolkit installation via kapp-controller

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kapp-controller-sa
  namespace: kapp-controller-packaging-global
EOF

# Note: This is a very open ClusterRole at present, we are aiming to refine the permissions in an upcoming release.
cat <<EOF | kubectl apply -f -
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kapp-controller-services-toolkit
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]
EOF

cat <<EOF | kubectl apply -f -
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kapp-controller-services-toolkit
subjects:
- kind: ServiceAccount
  name: kapp-controller-sa
  namespace: kapp-controller-packaging-global
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kapp-controller-services-toolkit
EOF

Step 4: Create a Secret containing registry credentials and corresponding SecretExport for kapp-controller to pull PackageRepository and for the Deployment to pull the services-toolkit images

Run the following command substituting REGISTRY-USERNAME and REGISTRY-PASSWORD values. These are the credentials that you use to login to TanzuNet.

kubectl create secret docker-registry tap-registry \
  --namespace=kapp-controller-packaging-global \
  --docker-username='<REGISTRY-USERNAME>' \
  --docker-password='<REGISTRY-PASSWORD>' \
  --docker-server=registry.tanzu.vmware.com \
  --dry-run=client -oyaml \
  | kubectl apply -f -

cat <<EOF | kubectl apply -f -
---
apiVersion: secretgen.carvel.dev/v1alpha1
kind: SecretExport
metadata:
  name: tap-registry
  namespace: kapp-controller-packaging-global
spec:
  toNamespaces:
  - "*"
EOF

Note: The name and namespace for these resources are arbitrary however both names must match and both namespaces must match.

Step 5: Create the services-toolkit PackageMetadata and Package

cat <<EOF | kubectl apply -f -
---
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: PackageMetadata
metadata:
  name: services-toolkit.tanzu.vmware.com
  namespace: kapp-controller-packaging-global
spec:
  categories:
  - services
  displayName: Services Toolkit
  longDescription: |
    The Services Toolkit comprises a number of Kubernetes native components which support the management, lifecycle, discoverability and connectivity of Service Resources (databases, message queues, DNS records, etc.) on Kubernetes. These components are:
    * Service Offering
    * Service API Projection
    * Service Resource Replication
    * Service Resource Claims
  shortDescription: The Services Toolkit enables the management, lifecycle, discoverability and connectivity of Service Resources (databases, message queues, DNS records, etc.).
EOF

cat <<EOF | kubectl apply -f -
---
apiVersion: data.packaging.carvel.dev/v1alpha1
kind: Package
metadata:
  name: services-toolkit.tanzu.vmware.com.0.4.0
  namespace: kapp-controller-packaging-global
spec:
  refName: services-toolkit.tanzu.vmware.com
  version: "0.4.0"
  template:
    spec:
      fetch:
      - imgpkgBundle:
          image: registry.tanzu.vmware.com/tanzu-application-platform/tap-packages@sha256:16fdd9fc8f04c78f148724bd75c8e08ea3f261d24a01a9d06dbe48ad09c98d90
      template:
      - ytt:
          paths:
          - "config/"
      - kbld:
          paths:
          - "-"
          - "kbld.yaml"
          - ".imgpkg/images.yml"
      deploy:
      - kapp: {}
EOF

Step 6: Create a PackageInstall

cat <<EOF | kubectl apply -f -
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
  name: services-toolkit
  namespace: kapp-controller-packaging-global
spec:
  serviceAccountName: kapp-controller-sa
  packageRef:
    refName: services-toolkit.tanzu.vmware.com
    versionSelection:
      constraints: "0.4.0"
      prereleases: {}
EOF

Confirm that the installation was successful by running:

kubectl get deployments -n scp-toolkit
kubectl get crds | grep services.tanzu.vmware.com
check-circle-line exclamation-circle-line close-line
Scroll to top icon