kubectl vsphere login --server 192.168.139.4 -u [email protected] --insecure-skip-tls-verify
kubectl config use-context test-namespacekubectl config get-contextswill show two contexts - the IP, and demo-namespacekubectl config use-context test-namespacekubectl describe virtualmachineclasses- shows virtual machine classes availablekubectl describe ns test-namespace- shows storage classes availablekubectl describe TkgServiceConfiguration- show/edit global parameters for TKGSkubectl get storageclasses- also shows storage classeskubectl get TanzuKubernetesReleases- shows what Kubernetes versions are availablekubectl get VirtualMachineImages- shows virtual machine images which is similar to Kubernetes versions, but doesn't show upgrade pathskubectl vsphere logout
kubectl apply -f 00-createcluster.yaml(took about 25 minutes)kubectl get TanzuKubernetesClusterswatch progress of cluster creation
You have very little authority in the supervisor cluster - need to get into your own cluster before you can really do
anything. You can see this with kubectl get clusterroles - not authorized
Login to the cluster you created:
kubectl vsphere logout
kubectl vsphere login --server 192.168.139.3 --tanzu-kubernetes-cluster-namespace test-namespace \
--tanzu-kubernetes-cluster-name tap-cluster -u [email protected] \
--insecure-skip-tls-verify
kubectl config use-context tap-cluster
Show roles and role bindings:
kubectl get clusterroleskubectl get clusterrolebindings
On vSphere with Tanzu we need to give permission to the default service account for deployments to work.
Run kubectl apply -f 01-deployment.yaml
Run kubectl describe rs to show the security error
Run this to fix the error:
kubectl create clusterrolebinding default-tkg-admin-privileged-binding \
--clusterrole=psp:vmware-system-privileged \
--group=system:authenticatedRun kubectl describe rs to show things working
Run kubectl apply -f 02-loadbalancerservice.yaml to create the service
Run kubectl get svc to see the IP address created from HA Proxy
Navigate to the IP Address