Preparing the Kubernetes Cluster

This topic describes how to create and configure Kubernetes clusters to support Tanzu Application Service for Kubernetes (TAS for Kubernetes).

Overview

TAS for Kubernetes supports Kubernetes clusters in VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) and VMware Tanzu Kubernetes Grid (TKG) environments.

Before creating or configuring Kubernetes clusters in these environments, ensure your environment and configurations support TAS for Kubernetes:

Before using Kubernetes clusters created in these environments, complete the following validations:

Tanzu Kubernetes Grid Integrated Edition

TAS for Kubernetes supports Kubernetes clusters in VMware Tanzu Kubernetes Grid Integrated Edition environments.

Ensure the following before creating or configuring Kubernetes clusters for TAS for Kubernetes on TKGI:

  • Your TKGI version is v1.7 or later.
  • Your Kubernetes clusters have been created with the following characteristics:
    • The Kubernetes cluster has at least 5 worker nodes.
    • Each worker node has at least 2 CPU and 7.5 GB of memory available for allocation.
    • The worker nodes in the Kubernetes clusters trust the container image registry that TAS for Kubernetes uses to store buildpack-based app images. If the registry has a certificate issued from a private certificate authority (CA), this typically entails configuring the worker nodes in the Kubernetes cluster to trust the certificate of that CA.

For information about creating a cluster with TKGI, see Creating Clusters in the TKGI documentation.

Note: TKGI was formerly known as Enterprise PKS.

VMware Tanzu Kubernetes Grid

TAS for Kubernetes supports Kubernetes clusters in VMware Tanzu Kubernetes Grid environments.

Ensure the following before creating or configuring Kubernetes clusters for TAS for Kubernetes on TKG:

  • Your Tanzu Kubernetes Grid version is 1.0 or later.
  • Your Tanzu Kubernetes Grid environment includes metrics-server.
    TKG does not bundle metrics-server, which is required by Tanzu Application Service. To deploy metrics-server, complete the steps in Deploy metrics-server to Tanzu Kubernetes Grid.

  • Your Kubernetes clusters have been created with the following characteristics:

    • The Kubernetes cluster has at least 5 worker nodes.
    • Each worker node has at least 2 CPU and 7.5 GB of memory available for allocation.
    • The worker nodes in the Kubernetes clusters trust the container image registry that TAS for Kubernetes uses to store buildpack-based app images.
      If the registry has a certificate issued from a private certificate authority (CA), this typically entails configuring the worker nodes in the Kubernetes cluster to trust the certificate of that CA.

For information about setting up TKG, see Installing Tanzu Kubernetes Grid.

Deploy metrics-server to Tanzu Kubernetes Grid

TKG does not bundle metrics-server, which is required by Tanzu Application Service.

To deploy metrics-server, complete either of the following:

  • Use a basic kubectl apply command:

    1. Run the following kubectl apply command:

      kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.4.1/components.yaml
      
    2. If this kubectl apply command fails, add the --kubelet-insecure-tls flag to the args on the metrics-server container of the metrics-server deployment.

  • Use kubectl apply with a custom configuration:

    1. Create a file named add-kubelet-insecure-tls-to-metrics-server.yml.
    2. Add the following to the new add-kubelet-insecure-tls-to-metrics-server.yml file and save:

      #@ load("@ytt:overlay", "overlay")
      #@overlay/match by=overlay.subset({"kind": "Deployment", "metadata":{"name":"metrics-server"}}),expects=1
      ---
      spec:
        template:
          spec:
            containers:
              #@overlay/match by=overlay.subset({"name": "metrics-server"}),expects=1
              - args:
                  #@overlay/append
                  - --kubelet-insecure-tls
      
    3. Run the following kubectl apply command:

      kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.4.1/components.yaml -f add-kubelet-insecure-tls-to-metrics-server.yml`
      

Ensure kubectl Targets Your Cluster

To ensure that kubectl targets your cluster:

  1. To get the context name after creating the cluster, run:

    TKG-TKGI get credentials CLUSTER-NAME
    

    Where:

    • TKG-TKGI is either tkg or tkgi depending on your environment.
    • CLUSTER-NAME is your cluster name.
  2. To ensure that kubectl targets the cluster, run:

    kubectl config use-context CONTEXT-NAME
    

    Where CONTEXT-NAME is the context name collected in the last step.

Verify That a Default Storage Class Exists

TAS for Kubernetes requires each Kubernetes cluster provide persistent volumes for its internal Minio blobstore. A default StorageClass resource in the Kubernetes cluster can dynamically provision the persistent volumes that TAS for Kubernetes calls for.

Most of the Kubernetes distributed by the public clouds come with a default storage class. If you are using Kubernetes on a private cloud, you might need to install one instead.

To verify that your Kubernetes cluster already has a default storage class installed, retrieve the list of StorageClass resources in the cluster:

kubectl get storageclass

Review the returned list of StorageClass resources:

NAME             PROVISIONER                    AGE
thin (default)   kubernetes.io/vsphere-volume   34h
  • If the list includes an entry for which (default) follows the StorageClass name, then the Kubernetes cluster has a default storage class installed already, and you are ready to provision volumes dynamically. Proceed to Installing TAS for Kubernetes.

  • If the list does not include a default, you must install one before installing TAS for Kubernetes. See the Installing a Default Storage Class topic for information.

Next Steps

After you complete this procedure, proceed to Installing a Default Storage Class.