VMTECHIE.blog

Tag: windows kubernetes

  • Cloud Director Container Service Extension – Tanzu Contour, Prometheus and Grafana Install Guide

    This post explains how to install and access Tanzu Contour, Promethous and Grafana on Tanzu clusters deployed by Cloud Director Container Service extension. so to get started first ensure TANZU CLI is installed on your local machine, if not then you can install by following documentation given Here

    Next thing you need is the kubeconfig file of your target TKG cluster which is reachable from your local client machine on which you have installed Tanzu CLI, also make sure you run: 

    # tanzu init

    Installation Steps

    NOTE: CSE4 provisioned TKG cluster, cert-manager, kapp-controller, secretgren-controller and tanzu-standard package repository already have been installed. so you can skip step1,2 and 3.

    Step:1- Install kapp-controller

    kapp-controller gives us a flexible way to fetch, template, and deploy our applications to Kubernetes. It will also keep our apps continuously up to date when the configuration in our source repository changes. Install kapp-controller in the cluster using:

    #kubectl apply -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml

    Step:2- Install secretgren-controller

    In order to manage secrets across namespaces, Tanzu utilizes the carvel secret-gen-controller. you can install secretgren-controller in the cluster using:

    #kubectl apply -f https://github.com/vmware-tanzu/carvel-secretgen-controller/releases/latest/download/release.yml

    Step:3- Install cert-manager

    Install cert-controller in the cluster using:

    #kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.yaml

    Verify Tanzu Packages

    Using the Tanzu CLI, you can install packages from the built-in tanzu-standard package repository or from other package repositories that you add to your target cluster, such as the Tanzu Application Platform Repository. Install tanzu-standard package repository v1.6.0.

    #tanzu package repository add tanzu-standard --url projects.registry.vmware.com/tkg/packages/standard/repo:v1.6.0

    Verify that the Prometheus package is available in your Tanzu K8s cluster as well as retrieve the version of the available package:

    #tanzu package available list prometheus.tanzu.vmware.com -A

    Verify that the Contour package is available in your Tanzu K8s cluster as well as retrieve the version of the available package:

    #tanzu package available list contour.tanzu.vmware.com -A

    verify that the Grafana package is available in your Tanzu K8s cluster as well as retrieve the version of the available package:

    #tanzu package available list grafana.tanzu.vmware.com -A

    Step4:- Implement Ingress Control with Contour

    Contour is a Kubernetes ingress controller that uses the Envoy edge and service proxy. Tanzu Kubernetes Grid includes signed binaries for Contour and Envoy, which you can deploy into Tanzu Kubernetes (workload) clusters to provide ingress control services in those clusters.

    You must first create the configuration file that will be used when you install the Contour package and then install the package. you can generate config file using:

    #tanzu package available get contour.tanzu.vmware.com/1.20.2+vmware.1-tkg.1 --values-schema

#tanzu package available get contour.tanzu.vmware.com/PACKAGE-VERSION -generate-default-values-file

    I am using below using data-values.yaml for contour

    envoy:
  service:
    type: LoadBalancer
  hostPorts:
    enable: false
  hostNetwork: false
certificates:
  useCertManager: true

    Install the package as below:

    #tanzu package install contour --package-name contour.tanzu.vmware.com --version 1.20.2+vmware.1-tkg.1 --values-file contour-data-values.yaml

    Step 5:- Deploy Prometheus

    Prometheus is an open-source systems monitoring and alerting toolkit. Tanzu Kubernetes Grid includes signed binaries for Prometheus that you can deploy on workload clusters to monitor cluster health and services.verify the configuration file using below commands, this file configures the Prometheus package.

    #tanzu package available get prometheus.tanzu.vmware.com/2.36.2+vmware.1-tkg.1 --values-schema
#tanzu package available get prometheus.tanzu.vmware.com/PACKAGE-VERSION --generate-default-values-file

    This command lists configuration parameters of the Grafana package and their default values. You can use the output to update your prometheus-data-values.yaml file, I have used below config file which is hosted on git, if you want you can download and use and in my config file ingress is enabled in the yaml which means it works with ingress.

    https://raw.githubusercontent.com/avnish80/prometheus/main/prometheus-data-values.yaml

    Install/update/delete prometheus pkg using below commands..

    #tanzu package install prometheus --package-name prometheus.tanzu.vmware.com --version 2.36.2+vmware.1-tkg.1 --values-file prometheus-data-values.yaml

#tanzu package installed update prometheus --values-file prometheus-data-values.yaml
 
#tanzu package installed delete prometheus

    Step 6:- Deploy Grafana

    Grafana is open-source software that allows you to visualize and analyze metrics data collected by Prometheus on your clusters. Tanzu Kubernetes Grid includes a Grafana package that you can deploy on your Tanzu Kubernetes clusters. verify the configuration file, this file configures the Grafana package..

    #tanzu package available get grafana.tanzu.vmware.com/7.5.16+vmware.1-tkg.1 --values-schema

##tanzu package available get grafana.tanzu.vmware.com/PACKAGE-VERSION --generate-default-values-file

    This command lists configuration parameters of the Grafana package and their default values. You can use the output to update your grafana-data-values.yml file, I have used below config file which is hosted on git, if you want you can download and use and in my config file ingress is enabled in the yaml which means it works with ingress.

    https://raw.githubusercontent.com/avnish80/grafana/main/grafana-data-values.yaml

    #tanzu package install grafana --package-name grafana.tanzu.vmware.com --version 7.5.16+vmware.1-tkg.1 --values-file grafana-data-values.yaml
 
#tanzu package installed update grafana --values-file grafana-data-values.yaml
 
#tanzu package installed delete grafana

    Access the Grafana Dashboard

    After Grafana is deployed, the grafana package creates a Contour HTTPProxy object with a Fully Qualified Domain Name (FQDN) of grafana.system.tanzu. To use this FQDN to access the Grafana dashboard, Use the IP address of the LoadBalancer for the Envoy service in the tanzu-system-ingress namespace.

    In case FQDN to access the Grafana dashboard does not work

    1. Create an entry in your local /etc/hosts file that points an IP address to this FQDN:
    2. Use the IP address of the LoadBalancer for the Envoy service in the tanzu-system-ingress namespace.
    3. Navigate to https://grafana.system.tanzu.

    Another issue is because the site uses self-signed certificates, you might need to navigate through a browser-specific security warning before you are able to access the dashboard.

  • Building Windows Custom Machine Image for Creating Tanzu Workload Clusters

    If your organisation is building an application based on Windows components (such as .NET Framework) and willing to deploy Windows containers on VMware Tanzu, this blog post is on how to build a Windows custom machine image and deploy windows Kubernetes cluster.

    Windows Image Prerequisites 

    • vSphere 6.7 Update 3 or greater
    • A macOS or Linux workstation, Docker Desktop and Ansible must be installed on workstation
    • Tanzu Kubernetes Grid v1.5.x or greater
    • Tanzu CLI
    • A Recent Image of Windows 2019 (newer than April 2021) and must be downloaded from Microsoft Developer Network (MSDN) or Volume Licensing (VL) account.
    • The latest VMware Tools Windows ISO image. Download from VMware Tools
    • on vCenter, Inside a data store create a folder such as iso and upload windows ISO and VMware Tools iso

    Build a Windows Image 

    • Deploy Tanzu Management Cluster with Ubuntu 2004 Kubernetes v1.22.9 OVA
    • Create a YAML file named builder.yaml with the following configuration, On my local system I have saved this yaml as builder.yaml
    apiVersion: v1
kind: Namespace
metadata:
 name: imagebuilder
---
apiVersion: v1
kind: Service
metadata:
 name: imagebuilder-wrs
 namespace: imagebuilder
spec:
 selector:
   app: image-builder-resource-kit
 type: NodePort
 ports:
 - port: 3000
   targetPort: 3000
   nodePort: 30008
---
apiVersion: apps/v1
kind: Deployment
metadata:
 name: image-builder-resource-kit
 namespace: imagebuilder
spec:
 selector:
   matchLabels:
     app: image-builder-resource-kit
 template:
   metadata:
     labels:
       app: image-builder-resource-kit
   spec:
     nodeSelector:
       kubernetes.io/os: linux
     containers:
     - name: windows-imagebuilder-resourcekit
       image: projects.registry.vmware.com/tkg/windows-resource-bundle:v1.22.9_vmware.1-tkg.1
       imagePullPolicy: Always
       ports:
         - containerPort: 3000

    Connect the Kubernetes CLI to your management cluster by running:

    #kubectl config use-context MY-MGMT-CLUSTER-admin@MY-MGMT-CLUSTER

    Apply the builder.yaml file as below:

    To ensure the container is running run below command:

    List the cluster’s nodes, with wide output and take note of Internal IP address value of the node with ROLE listed as control-plane,master

    #kubectl get nodes -o wide

    Retrieve the containerd component’s URL and SHA, Query the control plane’s  nodePort  endpoint:

    #curl http://CONTROLPLANENODE-IP:30008

    Take note of containerd.path and containerd.sha256 values. The containerd.path value ends with something like containerd/cri-containerd-v1.5.9+vmware.2.windows-amd64.tar.

    Create a JSON file in an empty folder named windows.json with the following configuration:

    {
 "unattend_timezone": "WINDOWS-TIMEZONE",
 "windows_updates_categories": "CriticalUpdates SecurityUpdates UpdateRollups",
 "windows_updates_kbs": "",
 "kubernetes_semver": "v1.22.9",
 "cluster": "VSPHERE-CLUSTER-NAME",
 "template": "",
 "password": "VCENTER-PASSWORD",
 "folder": "",
 "runtime": "containerd",
 "username": "VCENTER-USERNAME",
 "datastore": "DATASTORE-NAME",
 "datacenter": "DATACENTER-NAME",
 "convert_to_template": "true",
 "vmtools_iso_path": "VMTOOLS-ISO-PATH",
 "insecure_connection": "true",
 "disable_hypervisor": "false",
 "network": "NETWORK",
 "linked_clone": "false",
 "os_iso_path": "OS-ISO-PATH",
 "resource_pool": "",
 "vcenter_server": "VCENTER-IP",
 "create_snapshot": "false",
 "netbios_host_name_compatibility": "false",
 "kubernetes_base_url": "http://CONTROLPLANE-IP:30008/files/kubernetes/",
 "containerd_url": "CONTAINERD-URL",
 "containerd_sha256_windows": "CONTAINERD-SHA",
 "pause_image": "mcr.microsoft.com/oss/kubernetes/pause:3.5",
 "prepull": "false",
 "additional_prepull_images": "mcr.microsoft.com/windows/servercore:ltsc2019",
 "additional_download_files": "",
 "additional_executables": "true",
 "additional_executables_destination_path": "c:/k/antrea/",
 "additional_executables_list": "http://CONTROLPLANE-IP:30008/files/antrea-windows/antrea-windows-advanced.zip",
 "load_additional_components": "true"
}

    update the values in file as below:

    Add the XML file that contains the Windows settings by following these steps:

    • Go to the autounattend.xml file on VMware {code} Sample Exchange.
    • Select Download.
    • If you are using the Windows Server 2019 evaluation version, remove <ProductKey>...</ProductKey>.
    • Name the file autounattend.xml.
    • Save the file in the same folder as the windows.json file and change permission of file to 777.

    From your client VM run following command from folder containing your windows.json and autounattend.xml file:

    #docker run -it --rm --mount type=bind,source=$(pwd)/windows.json,target=/windows.json --mount type=bind,source=$(pwd)/autounattend.xml,target=/home/imagebuilder/packer/ova/windows/windows-2019/autounattend.xml -e PACKER_VAR_FILES="/windows.json" -e IB_OVFTOOL=1 -e IB_OVFTOOL_ARGS='--skipManifestCheck' -e PACKER_FLAGS='-force -on-error=ask' -t projects.registry.vmware.com/tkg/image-builder:v0.1.11_vmware.3 build-node-ova-vsphere-windows-2019

    NOTE: Before you run below command, make sure your workstation is running “Docker Desktop” as well “Ansible”

    To ensure the Windows image is ready to use, select your host or cluster in vCenter, select the VMs tab, then select VM Templates to see the Windows image listed.

    Use a Windows Image for a Workload Cluster

    Use a Windows Image for a Workload Cluster, below yaml shows you how to deploy a workload cluster that uses your Windows image as a template. (This windows cluster is using NSX Advance LB)

    #! ---------------------------------------------------------------------
#! non proxy env configs
#! ---------------------------------------------------------------------
CLUSTER_CIDR: 100.96.0.0/11
CLUSTER_NAME: tkg-workload02
CLUSTER_PLAN: dev
ENABLE_CEIP_PARTICIPATION: 'true'
IS_WINDOWS_WORKLOAD_CLUSTER: "true"
VSPHERE_WINDOWS_TEMPLATE: windows-2019-kube-v1.22.5
ENABLE_MHC: "false"

IDENTITY_MANAGEMENT_TYPE: oidc

INFRASTRUCTURE_PROVIDER: vsphere
SERVICE_CIDR: 100.64.0.0/13
TKG_HTTP_PROXY_ENABLED: false
DEPLOY_TKG_ON_VSPHERE7: 'true'
VSPHERE_DATACENTER: /SDDC-Datacenter
VSPHERE_DATASTORE: WorkloadDatastore
VSPHERE_FOLDER: /SDDC-Datacenter/vm/tkg-vmc-workload
VSPHERE_NETWORK: /SDDC-Datacenter/network/tkgvmc-workload-segment01
VSPHERE_PASSWORD: <encoded:T1V3WXpkbStlLUlDOTBG>
VSPHERE_RESOURCE_POOL: /SDDC-Datacenter/host/Cluster-1/Resources/Compute-ResourcePool/Tanzu/tkg-vmc-workload
VSPHERE_SERVER: 10.97.1.196
VSPHERE_SSH_AUTHORIZED_KEY: ssh-rsa....loudadmin@vmc.local

VSPHERE_USERNAME: cloudadmin@vmc.local
WORKER_MACHINE_COUNT: 3
VSPHERE_INSECURE: 'true'
ENABLE_AUDIT_LOGGING: 'true'
ENABLE_DEFAULT_STORAGE_CLASS: 'true'
ENABLE_AUTOSCALER: false
AVI_CONTROL_PLANE_HA_PROVIDER: 'true'
OS_ARCH: amd64
OS_NAME: photon
OS_VERSION: 3

WORKER_SIZE: small
CONTROLPLANE_SIZE: large
REMOVE_CP_TAINT: "true"

    if your cluster yaml file is correct, you should see that new windows cluster has been started to deploy.

    and after some time if should deploy cluster sucessfully.

    In case if you are using NSX-ALB AKO or Pinniped and see that those pods are not running, please refer Here

    NOTE – if you see this error during image build process : Permission denied: ‘./packer/ova/windows/windows-2019/autounattend.xml, check the permission of file autounattend.yaml