This topic describes the user-managed packages that are included in Tanzu Kubernetes Grid. It also explains how to prepare your Tanzu Kubernetes Grid environment before installing these packages.

List of the User-Managed Packages

Tanzu Kubernetes Grid includes the following user-managed packages. These packages provide in-cluster and shared services to the Kubernetes clusters that are running in your Tanzu Kubernetes Grid environment.

Function Package Package repository
Certificate management cert-manager tanzu-standard
Container networking multus-cni tanzu-standard
Container registry harbor tanzu-standard
Ingress control contour tanzu-standard
Log forwarding fluent-bit tanzu-standard
Monitoring grafana tanzu-standard
Monitoring prometheus tanzu-standard
Service discovery external-dns tanzu-standard

To install and manage the above packages, you use the tanzu package plugin of the Tanzu Command Line Interface (CLI). You can also use this plugin to add and manage package repositories and the packages that they contain. For more information, see About User-Managed Packages in CLI Reference for User-Managed Packages.

Preparing to Install the User-Managed Packages

Before installing the user-managed packages from the tanzu-standard package repository, you must install the Tanzu CLI and prepare your Tanzu Kubernetes Grid environment. To prepare your environment:

Locations and Dependencies

In most cases, when you install a user-managed package from the tanzu-standard package repository, you install it in a workload or a shared services cluster. If the package depends on other packages in the package repository, you must install them first. After you prepare your Tanzu Kubernetes Grid environment as described above, follow the links in the Installation procedure column. These topics provide step-by-step instructions on how to configure and install each of the packages in the tanzu-standard package repository. For information about how to use the tanzu package plugin, see Packages in CLI Reference for User-Managed Packages.


Package Dependencies Installation location Installation procedure
cert-manager Required by contour, external-dns, harbor, multus-cni, and prometheus and grafana. Workload or shared services cluster Installing Cert Manager
contour Required by harbor, external-dns if you want to create DNS records for Contour HTTPProxy resources, and grafana. Workload or shared services cluster Implementing Ingress Control with Contour
external-dns Recommended for harbor on infrastructure platforms with load balancing such as Amazon EC2, Azure, and vSphere with NSX Advanced Load Balancer, especially in production or other environments in which Harbor availability is important. Workload or shared services cluster Implementing Service Discovery with External DNS
fluent-bit n/a Workload cluster Implementing Log Forwarding with Fluent Bit
grafana n/a Workload cluster Implementing Monitoring with Prometheus and Grafana
harbor n/a Shared services cluster Deploying Harbor Registry as a Shared Service
multus-cni n/a Workload cluster Implementing Multiple CNIs with Multus
prometheus Required by grafana. Workload cluster Implementing Monitoring with Prometheus and Grafana

Install Cert Manager in Workload Clusters

Cert Manager provides automated certificate management. It already runs by default in management clusters. To install Cert Manager into a workload cluster, see Installing Cert Manager.

Create a Shared Services Cluster

Each Tanzu Kubernetes Grid instance can have only one shared services cluster. Create a shared services cluster if you intend to deploy Harbor.

To create a shared services cluster:

  1. Create a cluster configuration YAML file for the cluster. We recommend using the prod cluster plan rather than the dev plan. For example:

    INFRASTRUCTURE_PROVIDER: vsphere
    CLUSTER_NAME: YOUR-CLUSTER-NAME
    CLUSTER_PLAN: prod
    

    Where YOUR-CLUSTER-NAME is the name you choose for the cluster. For example, tkg-services.

  2. (vSphere only) To deploy the cluster to vSphere, add a line to the configuration file that sets VSPHERE_CONTROL_PLANE_ENDPOINT to a static virtual IP (VIP) address for the control plane of the cluster. Ensure that this IP address is not in the DHCP range, but is in the same subnet as the DHCP range. If you mapped a fully qualified domain name (FQDN) to the VIP address, you can specify the FQDN instead of the VIP address. For example:

    VSPHERE_CONTROL_PLANE_ENDPOINT: 10.10.10.10
    
  3. Deploy the cluster by passing the cluster configuration file to the tanzu cluster create command. For example:

    tanzu cluster create tkg-services --file tkg-services-config.yaml
    

    In this example, tkg-services is the name of the cluster and tkg-services-config.yaml is the name of the cluster configuration file. Throughout the rest of this procedure, the cluster that you just deployed is referred to as the shared services cluster.

  4. Set the context of kubectl to the context of your management cluster. For example:

    kubectl config use-context mgmt-cluster-admin@mgmt-cluster
    

    In this example, mgmt-cluster is the name of the management cluster.

  5. Add the tanzu-services label to the shared services cluster, as its cluster role. This label identifies the shared services cluster to the management cluster and workload clusters. For example:

    kubectl label cluster.cluster.x-k8s.io/tkg-services cluster-role.tkg.tanzu.vmware.com/tanzu-services="" --overwrite=true
    

    In this example, tkg-services is the name of the shared services cluster. You should see the confirmation cluster.cluster.x-k8s.io/tkg-services labeled.

  6. Check that the label has been correctly applied by running the following command:

    tanzu cluster list --include-management-cluster
    

    You should see that your shared services cluster has the tanzu-services role. For example:

    NAME              NAMESPACE   STATUS   CONTROLPLANE  WORKERS  KUBERNETES        ROLES           PLAN
    another-cluster   default     running  1/1           1/1      v1.21.2+vmware.1  <none>          dev
    tkg-services      default     running  3/3           3/3      v1.21.2+vmware.1  tanzu-services  prod
    mgmt-cluster      tkg-system  running  1/1           1/1      v1.21.2+vmware.1  management      dev
    
  7. Get the admin credentials of the shared services cluster. For example:

    tanzu cluster kubeconfig get tkg-services --admin
    
  8. Set the context of kubectl to the shared services cluster. For example:

    kubectl config use-context tkg-services-admin@tkg-services
    

Migrating Tanzu Kubernetes Grid Extensions to Packages

For information about how to upgrade the Tanzu Kubernetes Grid extensions from a previous release, see Migrate Tanzu Kubernetes Grid Extensions to Packages.

check-circle-line exclamation-circle-line close-line
Scroll to top icon