Install Tanzu Package Prerequisites Using Kubectl

TKG 2.0 on Supervisor includes the Carvel packaging system as well as Kapp Controller. To get started with Tanzu Packages, install the Package Repository and Cert Manager applications on each TKG 2.0 cluster where you plan to install Tanzu Packages.

Prerequisites

Installing Tanzu Packages on TKG 2.0 clusters is simplified by the package-based TKR. TKG 2.0 on Supervisor includes the Carvel packaging system as well as Kapp Controller. Both components are automatically managed as part the TKR image on which TKG nodes are based.

Tanzu Packages require two prerequisite components: Package Repository and Cert Manager. Install them as instructed here.

Note: This documentation supports new Tanzu Package deployments for TKG 2.0 on Supervisor using TKR v1.23 and later. For upgrading existing Tanzu Packages, refer to the Tanzu Package documentation.

Install Package Repository

PackageRepository specifies the registry for the Tanzu Package container images.

If the repository version for Tanzu Packages changes, simply update the Package Repository accordingly.

Create the packagerepo.yaml specification.

apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageRepository
metadata:
  name: tanzu-standard
  namespace: tkg-system
spec:
  fetch:
    imgpkgBundle:
      image: projects.registry.vmware.com/tkg/packages/standard/repo:v1.6.0

Install the PackageRepository on the TKG cluster.

kubectl apply -f packagerepo.yaml

Install Cert Manager

Cert Manager includes several components, as well as service accounts and RBAC objects.

Create the cert-manager.yaml specification.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: cert-manager-sa
  namespace: tkg-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: cert-manager-sa
    namespace: tkg-system
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
  name: cert-manager
  namespace: tkg-system
spec:
  serviceAccountName: cert-manager-sa
  packageRef:
    refName: cert-manager.tanzu.vmware.com
    versionSelection:
      constraints: version 1.7.2+vmware.1-tkg.1
  values:
  - secretRef:
      name: cert-manager-data-values
---
apiVersion: v1
kind: Secret
metadata:
  name: cert-manager-data-values
  namespace: tkg-system
stringData:
  values.yml: |
    ---
    namespace: cert-manager

Install Cert Manager on the cluster.

kubectl apply -f cert-manager.yaml