You deploy the first application, a Wordpress blog, by using Bitnami KubeApps to your Tanzu Kubernetes cluster.

Deploy Bitnami Kubeapps to Your Tanzu Kubernetes Cluster for Developer Ready Infrastructure for VMware Cloud Foundation

Before you can deploy the first sample application, you must deploy and configure Bitnami Kubeapps on your Tanzu Kubernetes cluster.

Procedure

  1. Log in to the Supervisor as a vCenter Single Sign-On Administrator user.
    kubectl vsphere login --server supervisor_cluster_IP_address --TanzuKubernetesCluster tanzu_Kubernetes_cluster_name --TanzuKubernetesClusterNamespace tanzu_kubernetes_cluster_namespace --vsphere-username supervisor_cluster_administrator
  2. Switch the kubectl context to the Tanzu Kubernetes cluster.
    kubectl config set-context tanzu_kubernetes_cluster_name
  3. Run kubectl get nodes to verify you only see the Tanzu Kubernetes control plane and worker nodes.
    PS C:\> kubectl get nodes
NAME                                           STATUS   ROLES    AGE    VERSION
sfo-w01-tkc01-control-plane-5klxl              Ready    master   93m    v1.19.7+vmware.1
sfo-w01-tkc01-control-plane-hfpw7              Ready    master   102m   v1.19.7+vmware.1
sfo-w01-tkc01-control-plane-rqgpr              Ready    master   86m    v1.19.7+vmware.1
sfo-w01-tkc01-workers-bvzr6-5b446d4ccb-lnxsr   Ready    <none>   94m    v1.19.7+vmware.1
sfo-w01-tkc01-workers-bvzr6-5b446d4ccb-prpvc   Ready    <none>   94m    v1.19.7+vmware.1
sfo-w01-tkc01-workers-bvzr6-5b446d4ccb-xvc9n   Ready    <none>   94m    v1.19.7+vmware.1
  4. Create a new namespace kubeapps.
    kubectl create namespace kubeapps

  5. Create a YAML file to define ClusterRole and ClusterRoleBinding required to deploy Kubeapps into the Tanzu Kubernetes cluster.

    In this example, the save the file as C:\kube\yaml\tkc-security-policy.yaml.

    apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: psp:privileged
rules:
- apiGroups: ['policy']
  resources: ['podsecuritypolicies']
  verbs: ['use']
  resourceNames:
  - vmware-system-privileged
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: all:psp:privileged
roleRef:
  kind: ClusterRole
  name: psp:privileged
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
  name: system:serviceaccounts
  apiGroup: rbac.authorization.k8s.io
  6. Apply the ClusterRole and ClusterRoleBinding configuration.
    kubectl apply -f C:\kube\yaml\tkc-security-policy.yaml --namespace kubeapps

  7. Create a YAML file to define the network policy to deploy Kubeapps to the Tanzu Kubernetes cluster.

    In this example, you save the file as C:\kube\yaml\allow-network.yaml.

    apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-ingress-egress
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}
  policyTypes:
  - Ingress
  - Egress
  8. Apply the NetworkPolicy configuration.
    kubectl apply -f C:\kube\yaml\allow-network.yaml --namespace kubeapps
  9. Add the Bitnami repository to a Helm configuration.
    helm repo add bitnami https://charts.bitnami.com/bitnami
  10. Install Kubeapps.
    helm install kubeapps --namespace kubeapps bitnami/kubeapps --set useHelm3=true
  11. Create a service account in the Tanzu Kubernetes cluster.
    kubectl create serviceaccount kubeapps-operator

  12. Assign the new service account to a cluster role with required permissions to run Kubeapps.

    The cluster-admin role is not required for Kubeapps installation, but it provides sufficient access for this proof-of-concept. Refer to the Kubeapps documentation for RBAC permissions for a production deployment.

    kubectl create clusterrolebinding kubeapps-operator --clusterrole=cluster-admin --serviceaccount=default:kubeapps-operator
  13. Retrieve the token required to log in to the Kubeapps web interface.
    1. Using a Windows client, create a getToken.cmd file with the following content.
      @ECHO OFF
REM Get the Service Account
kubectl get serviceaccount kubeapps-operator -o jsonpath={.secrets[].name} > s.txt
SET /p ks=<s.txt
DEL s.txt

REM Get the Base64 encoded token
kubectl get secret %ks% -o jsonpath={.data.token} > b64.txt

REM Decode The Token
DEL token.txt
certutil -decode b64.txt token.txt
    2. In a PowerShell or command prompt window, run the script to decode the authentication token.
      PS C:\kube> .\getToken.cmd
    3. Open the newly created token.txt file and copy its contents.
  14. Set up a port forward to your local machine for the Kubeapps web interface. 
    kubectl port-forward -n kubeapps svc/kubeapps 8080:80
  15. In a Web browser, log in to the Kubeapps instance athttp://127.0.0.1:8080/ and use the token that you copied earlier.

Results

If the installation is successful, you must see the Kubeapps management console in your Web browser.

Deploy a Wordpress Instance to your Tanzu Kubernetes Cluster by Using Kubeapps for Developer Ready Infrastructure for VMware Cloud Foundation

After you have deployed and configured Kubeapps, you can add new applications to your Tanzu Kubernetes cluster by using the Kubeapps Web interface.

Procedure

  1. Log in to the Supervisor as a vCenter Single Sign-On Administrator user.
    kubectl vsphere login --server supervisor_cluster_IP_address --TanzuKubernetesCluster tanzu_Kubernetes_cluster_name --TanzuKubernetesClusterNamespace tanzu_kubernetes_cluster_namespace --vsphere-username supervisor_cluster_administrator
  2. Switch the kubectl context to the Tanzu Kubernetes cluster.
    kubectl config set-context tanzu_kubernetes_cluster_name
  3. Create a wordpress namespace.
    kubectl create namespace wordpress
  4. Retrieve the token required to log in to the Kubeapps web interface.
    1. Using a Windows client, create a getToken.cmd file with the following content.
      @ECHO OFF
REM Get the Service Account
kubectl get serviceaccount kubeapps-operator -o jsonpath={.secrets[].name} > s.txt
SET /p ks=<s.txt
DEL s.txt

REM Get the Base64 encoded token
kubectl get secret %ks% -o jsonpath={.data.token} > b64.txt

REM Decode The Token
DEL token.txt
certutil -decode b64.txt token.txt
    2. In a PowerShell or command prompt window, run the script to decode the authentication token.
      PS C:\kube> .\getToken.cmd
    3. Open the token.txt file and copy its contents.
  5. In a Web browser, log in to the Kubeapps instance at http://127.0.0.1:8080/ by using your token.
  6. In the Kubeapps window, select the Current Context drop-down menu, select wordpress for the Namespace, and click Change Context.
  7. In the Kubeapps window, click the Catalog button to switch to the Catalog view.
  8. In the Catalog view, search for the keyword wordpress and select the Wordpress tile.
  9. In thebitnami/wordpress Helm Chart view, click the Deploy button.
  10. On the Form tab, configure the settings for the chart deployment.

    Setting

    Value

    Name

    wordpress-name

    Username

    wp-admin

    Password

    wp-admin password

    Blog Name

    Wordpress Instance
  11. Click the YAML tab, enter the following setting and click Deploy version.
    global:
  storageClass: vsphere-with-tanzu-storage-policy

    After the deployment completes, you see the Helm Chart page that shows 2 pods in the ready state.

  12. After the deployment complets, click the link for the http access URL, for example http://192.168.21.4.

Results

A new browser window or tab opens with the "WORDPRESS INSTANCE" heading and with the "Just another Wordpress site" subheading. This is the Web interface for your new Wordpress website.