4th May 2020

Bitnami Kubapps deployment to Tanzu Kubernetes Cluster with Helm V3

what is Kubeapps and why might I want to install it? Kubeapps is a web-based UI for deploying and managing applications in kubernetes clusters, it can be used to create and manage a service repository, manage applications and deploy applications. Things that will no doubt come in handy as you build out TKG infrastructure and hand it to teams in the organisation.

This post will walk through the following steps required to get Kubeapps working on a TKG cluster;

Install Helm
Configure TKG Pod Security Policies
Add chart repository, deploy and watch Kubeapps being deployed
Configure Kubeapps

Install Helm

Installing Helm is pretty straight forward, there are detailed instructions available. All that needs to be done is to inflate the tar.gz and move the files to the correct location;

Helm is now available, but not quite ready for use.

Configure Tanzu Kubernetes Pod Security Polices

A Tanzu K8s cluster is enabled by default with PSP, the following two PSP policies are defined;

To proceed bind the group system:authenticated to the cluster role of psp:vmware-system privilaged.

kubectl create clusterrolebinding privileged-cluster-role-binding-authenticated --clusterrole=psp:vmware-system-privileged --group=system:authenticated

Add chart repository, deploy and watch Kubeapps being deployed

The Kubeapps getting started page provides detailed instructions on how to install kubeapps using helm. We’re going to follow them, but add a switch to deploy the chart with a frontend load balancer service – which is needed to get to it from outside the cluster – and the debug flag so I can see a little more of what’s going on during the installation.

helm repo add bitnami https://charts.bitnami.com/bitnami

kubectl create namespace kubeapps

helm install kubeapps --namespace kubeapps bitnami/kubeapps --set frontend.service.type=LoadBalancer --set useHelm3=true --debug

There are a few places that we can monitor and track the progress of the installation. vCentre from monitoring the namespace;

Getting details of the services in the kubeapps namespace;

kubectl get svc -n kubeapps

Also getting details of the pods in the kubeapps namespace;

kubectl get pods -n kubeapps

The deployment seems to be healthy, I’m not seeing any errors. If i had encountered problems I could also look at events from the cluster with the command;

kubectl get events -n kubapps

I could also combine this with “| grep” to search for something specific.

Configure Kubeapps

Following the instructions from the kubeapps page there are a couple more tasks to complete before we can use kubeapps. Firstly Kubeapps needs an operator account with cluster admin privileges that it will use to create namespaces and deploy resources to the cluster. the commands are;

kubectl create serviceaccount kubeapps-operator 

kubectl create clusterrolebinding kubeapps-operator --clusterrole=cluster-admin --serviceaccount=default:kubeapps-operator

The expected output is;

kubectl get secret $(kubectl get serviceaccount kubeapps-operator -o jsonpath='{range .secrets[*]}{.name}{"\n"}{end}' | grep kubeapps-operator-token) -o jsonpath='{.data.token}' -o go-template='{{.data.token | base64decode}}' && echo

Output will look something like this;

Cut and paste the secret into kubeapps and you’ll have access.

Next time, I’ll deploy something with kubeapps to tkg

Thanks

Simon