Best Practices

Getting Started with VMware Tanzu Community Edition

VMware Tanzu Community Edition is a freely available, community-supported, open source distribution of VMware Tanzu that was announced at DevOps Loop 2021. 

Off the bat, Tanzu Community Edition intends to funnel all the capabilities of Tanzu to provide users the ability to create and support the lifecycle of modern applications across multiple cloud and infrastructure providers. The central engine for these platforms is Kubernetes. However, depending on a team’s need, additional tooling can be used to easily layer more platform abstractions and capabilities. For example, Tanzu Community Edition can be used to provision a serverless platform based on Knative, automate the provisioning of the base Kubernetes cluster, provision a container network interface (CNI), install an ingress controller like Contour, and deploy Knative. This process is automated and can be run on any cloud provider.

How to get started with Tanzu Community Edition 

Tanzu Community Edition works based on the Tanzu CLI and provides simple CLI/UI interfaces. It uses Docker to kick off provisioning requests, so Docker must be preinstalled on your bootstrap machine (find instructions here). Make sure to give Docker at least 6GB of memory and two CPUs. As of this date, v. 0.9.1 was the latest version of Tanzu Community Edition.

If you are running on MacOS or Linux, the easiest way to get the Tanzu CLI is via Homebrew. Add the vmware-tanzu tap, install tanzu CLI, and run a configuration script:

brew tap vmware-tanzu/tanzu

brew install tanzu-community-edition

Once installed, run the following, depending on your platform:

Linux : {HOMEBREW-INSTALL-LOCATION}/configure-tce.sh
Mac:    {HOMEBREW-INSTALL-LOCATION}/v0.9.1/libexec/configure-tce.sh

If you are running on Windows or do not have Homebrew installed, download the tar/zip file from here, extract it, and run the installation script from the extracted directory. 

What you can do on Day 0

Development teams building modern applications can use Tanzu Community Edition to create a platform centered around Kubernetes to develop, test, validate, and finally deploy their application code on a given cloud or infrastructure endpoint. It can automatically provision a Kuberernetes cluster on vSphere, AWS, Azure, or on Docker running on your laptop or desktop.

There are two methods to provision a Kubernetes cluster using Tanzu Community Edition:

  • Standalone clusters – The easiest way to provision a development environment is to provision a “standalone” cluster. Tanzu Community Edition will take inputs like the number of nodes needed, infrastructure authentication and authorization to provision nodes, and Docker to kick off the provisioning controllers. At the end of this run, you will have the Kubernetes cluster deployed and the cluster configuration file. However, this method is not recommended for use beyond a quick development environment. Since the Kubeconfig and other details are not stored, it is up to the user to store and save credentials to access the cluster. Also, standalone clusters today cannot scale. For these reasons, standalone clusters are not recommended for many use cases.

  • Workload clusters managed by a management cluster – Another way to provision a Kubernetes cluster is to provision a management cluster first for a given infrastructure and then use that to provision workload clusters. This is recommended whenever provisioning production environments. The management cluster stores authentication details to all workload clusters, can scale workload clusters, and can also provide identity services.

An operations team can provision a Kubernetes cluster and provide access to the Kubernetes API to users via identity and authentication management.

How to provision a standalone cluster 

There are two methods of provisioning a standalone cluster: one is through the UI and one is through the Tanzu CLI by providing a cluster configuration YAML file. The easiest method that takes care of all the dependencies is to run the UI method first. This will automatically generate the configuration YAML needed to provision additional clusters. 

For the UI, begin with this command:

tanzu standalone-cluster create --ui

A browser window will open giving you options to pick the infrastructure provider and further details. Once you fill out the details, the installer will store the configuration data and begin provisioning. 

For example, if you select AWS, the following screen will ask details about how to connect to AWS, how many nodes you would like to have in the cluster, what size the nodes should be, and what virtual private cloud (VPC) to use; then it will begin provisioning the cluster.

For the CLI, begin with this command:

tanzu standalone-cluster create <cluster name> -f <configuration location>

Here, the configuration location is the location of the configuration YAML saved from a previous run.

How to deploy a management cluster 

The process for deploying a management cluster is very similar to how we deployed the standalone cluster, but it begins with the below command instead. You will be asked for the same data, such as how to connect to your infrastructure, cluster configurations, and network details. 

tanzu management-cluster create --ui

Also, while providing inputs for a management cluster, identity management can be enabled. Tanzu Community Edition supports external OpenID Connect- or LDAP-based identity providers. 

How to deploy a workload cluster

Once the management cluster is created, set the kubectl context to the management cluster.

You can fetch the management cluster context using: 

kubectl config get-contexts

Then select the context of the management cluster using the following, where MGMT-CLUSTER-CONTEXT is the context you see based on the name of the management cluster:

kubectl config use-context <MGMT-CLUSTER-CONTEXT>

Log in to Tanzu by running the Tanzu Login command.

When the management cluster was created, a configuration YAML file for the cluster was stored in the location ~/.config/tanzu/tkg/clusterconfigs/<MGMT-CLUSTER-NAME>.yaml. You can reuse this file, change the values for things like node instance type or count, and provide it to create a workload cluster, like so:

tanzu cluster create <CLSUTER_NAME> -f <Path to configuration file.YAML>

The above command will provision a workload cluster and merge the Kubeconfig of the workload cluster into the ~.kube/config file. 

You can change the context and start using the workload cluster using kubectl.

What you can do on Day 1

Once Kubernetes clusters have been deployed, development teams can start layering further abstractions, or operations teams can start adding monitoring and logging capabilities. All of this is done via Tanzu Community Edition’s package management capabilities. This is implemented by the tanzu package command. On the back end, Tanzu Community Edition has a repository of packages it supports with version, metadata information, etc. On the cluster where you want to add additional packages, Tanzu Community Edition deploys a controller that understands how to install a package from the repository and a Custom Resource Definition (CRD) that stores the state of packages that are available for installation or are already installed. 

To add a package, you’ll first need to add a repository: 

tanzu package repository add tce-repo

  --url projects.registry.vmware.com/tce/main:0.9.1

  --namespace tanzu-package-repo-global

This will deploy the repository that the entire cluster can reference from. You can also tie this repository to a specific namespace. 

Once the repository is added and reconciled, you can get a list of available packages by running:

$ tanzu package available list

Below is an example output :

As a developer, you can choose to add a package by fetching the version and updating any metadata needed for the package. For example, to install Cert-Manager, you can fetch the available versions by running: 

tanzu package available list cert-manager.community.tanzu.vmware.com

Once you have the version, you can install Cert-Manager using this command:

tanzu package install cert-manager --package-name cert-manager.community.tanzu.vmware.com  --version 1.3.1

You will see Cert-Manager added to the cluster:

Similarly, the operations team can start installing packages like Fluentbit or Prometheus to centrally collect logs and metrics for the platform.

What you can do on Day 2

You have the clusters provisioned, you set up additional packages, you’ve deployed your application, and things are running fine. Now what? Maybe you run into capacity issues, or newer versions of the packages that were deployed are out. Or perhaps there is a new version of Kubernetes and you want to upgrade your cluster to it. Tanzu Community Edition can help you do all of the above.

Scale a workload cluster

You can scale an existing workload cluster by providing the new node count for controller and worker nodes to the Tanzu CLI:

tanzu cluster scale <CLUSTER-NAME> --controlplane-machine-count 5 --worker-machine-count 10 --namespace tkg-system

Upgrade existing packages

Let’s say we installed version 1.3.1 of Cert-Manager and now version 1.5.1 is available. Upgrade Cert-Manager with this command:

 tanzu package installed update cert-manager --version 1.5.1

Upgrade Kubernetes version

As new Kubernetes versions become available for upgrade, Tanzu Community Edition will provide appropriate node image versions to support and upgrade to. To upgrade a workload cluster, you will need to upgrade the CLI and the management cluster first. 

Check for available upgrades for a given workload cluster by running: 

 tanzu cluster available-upgrades get <CLUSTER-NAME>

And finally, to upgrade a cluster to the latest version, run the command below. The management cluster in Tanzu Community Edition will start to automatically perform a rolling upgrade on the cluster node, by upgrading a single cluster node at a time.

tanzu cluster upgrade <cluster-name>

As you can see, Tanzu Community Edition equips teams with an easy-to-use tool to build, run, and manage Kubernetes platforms that support modern applications. For a more detailed look at the provisioning process, check out this video. If you would like to play with a sandbox where Tanzu Community Edition is preinstalled, head over to learn.tanzu.io, or check out the community website.