To simplify application deployment and management on Kubernetes, Kubeapps provides a web-based dashboard to deploy, manage, and upgrade applications on a Kubernetes cluster. Kubeapps includes a built-in catalog of Helm charts and operators that allows users to deploy trusted and continuosly maintained content on their clusters.

Kubeapps is the best option for enterprise development teams since Kubeapps uses cluster's existing configured RBAC rules. This allows operators and cluster admins to control which users can access and manage applications. Kubeapps can thus be used as the central place for managing all enterprise application deployments with total confidence.

In addition, you can configure Kubeapps to use your private application repository as its source. This feature gives you the option of extending your catalog with your charts located in a private Helm repository such as ChartMuseum or Harbor, and even to use your customized Helm chart catalog directly from the VMware Tanzu Application Catalog.

Kubeapps can be easily configured to automatically replicate Helm charts from the VMware Tanzu Application Catalog. Users will benefit from a browser-based user interface to customize, upgrade and rollback their deployments using the latest, most secure and up-to-date Helm charts from the Tanzu Application Catalog.

This tutorial will show you how to create and configure an application repository for Tanzu Application Catalog in Kubeapps, and how to deploy a WordPress Helm chart from your TAC catalog from its dashboard. In addition, you will learn how to use an existing MariaDB Galera cluster as an external database in your WordPress deployment to run a production-ready blog.

This guide uses WordPress as an example, but you can follow the instructions shown in this article to deploy on your cluster any other Helm chart from your TAC catalog using the Kubeapps UI.

Assumptions and prerequisites

This guide explains how to create an application repository for Tanzu Application Catalog (TAC) in Kubeapps. It assumes that you have access to TAC and to a pre-built or custom catalog. If you don't have access to TAC, please reach out to your VMware sales representative.

This tutorial assumes that:

  • You have access to the Tanzu Application Catalog Demo environment. If you are a VMware employee, you can ask for access internally. For customer access, please reach out to your VMware sales representative.
  • You have a Kubernetes cluster. Check out our Getting Started with Kubernetes guides for an easy way to get started with one.
  • You have Helm 3 installed.
  • You have Kubeapps installed in your cluster configured with the option useHelm3=true and are logged into the Kubeapps UI with admin credentials. It is highly recommended to use Helm 3 to install Kubeapps.
  • (Optional) You have deployed MariaDB Galera from your TAC catalog and running on the same cluster as Kubeapps.

Step 1: Add the TAC catalog as an application repository

The first step is to create an application repository in Kubeapps pointing to the TAC catalog. Follow these instructions:

  1. Click the menu button in the top right corner and select the "App Repositories" option.

    App repositories

  2. On the resulting screen, click the "Add App Repository" button.

  3. Enter a name for the new repository and add the chart URL, in this case https://charts.trials.tac.bitnami.com/demo to add the demo TAC catalog to Kubeapps. Then select an authentication method (if applicable).

    Add an application repository in Kubeapps

  4. Click "Install Repo" to finish the process.

Step 2: Deploy WordPress from Kubeapps

Once you create the application repository with the TAC catalog as source, all the charts in the catalog will become available for deployment through Kubeapps. This guide uses WordPress as an example, but you can deploy any other chart that you have in your catalog. Follow these steps:

  1. Click the "Catalog" link in the navigation bar and search for WordPress. You will see two charts, one with the "bitnami" tag and another with the "tac" tag. Select the latter.

    Select the WordPress chart from your TAC catalog in Kubeapps

    In the resulting page, you will find information about the WordPress Helm chart. You will also find the version of the chart that exists in your TAC catalog:

    Deploy WordPress Helm chart from Kubeapps

    TIP: If you navigate to your TAC catalog and search for "WordPress", you will see that the version of the chart available in your catalog matches the one shown in Kubeapps. Learn more about the information related to charts and containers releases in TAC.

    Information about the WordPress Helm chart in TAC

  2. Click "Deploy" to deploy the chart. This will take you to a page where you can configure your WordPress deployment. You can use either the form or the "Values (YAML)" tab to customize your deployment as you want: give your chart a name, change the version you want to deploy, add an admin password (if not, a random 10-character alphanumeric string will be set), or configure Helm values.

    Configure your WordPress deployment

    NOTE: Don't forget to select a valid namespace to deploy the chart.

  3. In this example, Ingress will be enabled. If you have an Ingress Controller running in your cluster, you can active the custom hostname in order to use a hostname rather than just a public IP. Also, if CertManager is available in the cluster, you can enable it and enable TLS in order to automatically generate a certificate and use HTTPS.

    To do so, scroll down until the "Ingress Details" section and perform the following steps:

    • Activate the "Use a custom hostname" button.
    • Activate "Enable CertManager"
    • Activate "Create a TLS secret"
    • Enter your custom hostname.

    Enable Ingress and metrics

    You can check that all these values has been correctly added to the values.yaml chart in the "Values (YAML)" tab:

    Enable Ingress and metrics in the values.yaml file

  4. Activate the "Enable Metrics" button to start a side-car Prometheus exporter.

  5. Click "Deploy" to start the deployment. Once submitted, you will be redirected to a page that describes the state of your deployment. The status will be "Deploying" until WordPress is up and running.

Step 3: Access WordPress using Ingress

Once the chart is deployed, you can see all the deployment details, including the URLs to access the application. In this case, you will see two URLs:

  • Ingress: corresponds to the hostname you set when enabling Ingress. This URL redirects you to a WordPress deployment which is already secured by CertManager.
  • Service LoadBalancer: by default, WordPress creates a Service with LoadBalancer type to provide an externally accessible URL for its web interface.

    URLs to access Kubeapps

In the deployment details page, you can also view the secrets assigned to both the database and the application:

Application and database credentials

You can also view important information such as the installation values, as shown in the image below:

Deployment installation values

To access WordPress, click the Ingress URL. This opens a new tab in your browser with your WordPress blog. You will see the lock in the navigation bar, this means that your deployment is secure, using HTTPS with a valid certificate:

WordPress HTTPS

Appendix: Deploy a production-ready WordPress using an external database from Kubeapps

If you need a deployment able to respond in a high-demand environment and ensure failover and high availability, then you can configure a WordPress installation using an existing MariaDB Galera cluster as an external database. The following example uses a MariaDB Galera deployment already running in the Kubeapps cluster so you can fetch all its values directly from the Kubeapps UI.

To deploy a WordPress production-ready using an external MariaDB Galera database, follow these instructions:

  1. Click the "Catalog" link in the navigation bar and browse for WordPress. You will see two charts, one with the "bitnami" tag and another with the "tac" tag. Select this last one.
  2. Click "Deploy" to deploy the chart. This will take you to a page where you can configure your WordPress deployment.
  3. Enter a valid name for your deployment and change the username if needed.
  4. In the "MariaDB Details" section, deactivate the option "Use a new MariaDB database hosted in the cluster".
  5. In the "External Database Details" section, enter the MariaDB Galera database values for the parameters below. To quickly find these values, navigate to the database deployment details page and copy them as explained below:

    • Database Host: enter the MariaDB Galera service name. Find this value under the "Services" deployment section.

    Database Host

    NOTE: Remember to select the same namespace where the MariaDB Galera cluster is running. In case you want to deploy WordPress in a different namespace, you must add it at the end of the database host as follows: DB-HOST.NAMESPACE. Being DB-HOST a placeholder of the service for the external database and NAMESPACE a placeholder for the namespace in which the database is running.

    • Database Username: enter the MariaDB Galera custom username you set when deploying the MariaDB Galera cluster. Find this value in the "Installation Values" section for the MariaDB Galera deployment.
    • Database Password: enter the MariaDB Galera custom user password you set when deploying the MariaDB Galera cluster. Find this value in the "Installation Values" section or the "Secrets" section for the MariaDB Galera deployment.
    • Database Name: enter the same name that you set when deploying the MariaDB Galera cluster. Find this value in the "Installation Values" section for the MariaDB Galera deployment.

    Database name

    • Keep the default "Database Port" value.

    The external database details should look similar to this:

    External database values

Once you have configured the external database values, you can configure other parameters such as enabling Ingress, Metrics, Cert Manager or TLS as described in step 2 for monitoring and securing your deployment. Click "Submit" to start the deployment of the chart. After several minutes, your deployment will be ready and you will be able to access WordPress using Ingress (if you enabled it) or the Service LoadBalancer URL.

WordPress production-ready

Useful links

To learn more about the topics discussed in this guide, use the links below:

check-circle-line exclamation-circle-line close-line
Scroll to top icon