TP-SM

cd /nfs/Download/
tar -xzvf hub-self-managed-1.0.0-rc.1085-vcd426e7.tar.gz -C ./tanzu-installer
cd ./tanzu-installer

kubectl --context tkgs.dersllc.com apply -f https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TP-SM/hub-cluster.yaml
kubectl-vsphere login --insecure-skip-tls-verify -u admin --server tkgs.dersllc.com --tanzu-kubernetes-cluster-namespace tmc --tanzu-kubernetes-cluster-name hub

kubectl --context hub apply -f https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TP-SM/tkgs-default-sc.yaml
curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/STAR_dersllc_com.crt > /data/ders-star.crt
kubectl --context tkgs.dersllc.com get KappControllerConfig -n ${CLUSTER_NS} ${CLUSTER_NAME}-kapp-controller-package -o yaml > ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package.yaml
cat ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package.yaml | yq eval '.spec.kappController.config.caCerts = "'"$(< /data/ders-star.crt)"'"' > ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package-fixed.yaml
#yq eval '.spec.kappController.config.caCerts = "'"$(< /data/ders-star.crt)"'"' ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package.yaml > ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package-fixed.yaml
kubectl --context tkgs.dersllc.com apply -f ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package-fixed.yaml

curl --insecure https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TP-SM/config.yaml > config.yaml
export TANZU_SM_VERSION=1.0.0-rc.1085-vcd426e7
export ARTIFACTORY_USER=admin
export ARTIFACTORY_API_TOKEN=DERS4me!
export DOCKER_REGISTRY=harbor.dersllc.com
./cli_bundle/linux/amd64/hubsm install -f config.yaml -u "${ARTIFACTORY_USER}:${ARTIFACTORY_API_TOKEN}" -r ${DOCKER_REGISTRY}/hub-self-managed/${TANZU_SM_VERSION}/repo --install-version ${TANZU_SM_VERSION} -i hub-${TANZU_SM_VERSION}.tar --yes

kubectl get svc -n hub contour-envoy
## ADD The "EXTERNAL-IP" to DNS under "hub.dersllc.com"
## ADD The "EXTERNAL-IP" to DNS under "*.hub.dersllc.com"

TP-SM UNINSTALL

tanzu package installed -n hub delete hub --yes
kubectl --context hub delete ns
kubectl --context hub delete clusterrolebindings hub-hub-binding
kubectl --context hub delete clusterrolebindings hub-self-managed-install-binding
kubectl --context hub delete -n hub secret hub-hub-values

Troubleshooting

COULD NOT PROCEED: ERROR FETCHING PACKAGEINSTALL: UNAUTHORIZED

CMD

./cli_bundle/linux/amd64/hubsm install -f config.yaml -u "${ARTIFACTORY_USER}:${ARTIFACTORY_API_TOKEN}" -r ${DOCKER_REGISTRY}/hub-self-managed/${TANZU_SM_VERSION}/repo --install-version ${TANZU_SM_VERSION} -i hub-${TANZU_SM_VERSION}.tar --yes

ERROR

kubectl is already installed.
[x] Could not proceed: error fetching PackageInstall: Unauthorized

SOLUTION

kubectl-vsphere login --insecure-skip-tls-verify -u admin --server tkgs.dersllc.com --tanzu-kubernetes-cluster-namespace tmc --tanzu-kubernetes-cluster-name hub

TLS FAILED TO VERIFY CERT

CMD

./cli_bundle/linux/amd64/hubsm install -f config.yaml -u "${ARTIFACTORY_USER}:${ARTIFACTORY_API_TOKEN}" -r ${DOCKER_REGISTRY}/hub-self-managed/${TANZU_SM_VERSION}/repo --install-version ${TANZU_SM_VERSION} -i hub-${TANZU_SM_VERSION}.tar --yes

ERROR

Checking Hub Self Managed version 1.0.0-rc.1085-vcd426e7 in repository harbor.dersllc.com/hub-self-managed/1.0.0-rc.1085-vcd426e7/repo
[x] Could not determine if step needed: failed to fetch tags from repository with error Get "https://harbor.dersllc.com/v2/hub-self-managed/1.0.0-rc.1085-vcd426e7/repo/tags/list": tls: failed to verify certificate: x509: certificate signed by unknown authority step="Installing Image"

SOLUTION

sudo apt-get install -y ca-certificates
sudo curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/AddTrustExternalCARoot.crt > /usr/local/share/ca-certificates/ders-star-ca.crt
sudo curl --insecure https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/HomeLab/DERS-CA-CERT/ders-ca.cer > /usr/local/share/ca-certificates/ders-ssca.crt
sudo update-ca-certificates

PKGR x509 ERROR

CMD

kubectl describe pkgr -n hub tanzu.vmware.com

ERROR

Unable to create round tripper:
Get "https://harbor.dersllc.com/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority

SOLUTION

export CLUSTER_NAME="hub"
export CLUSTER_NS="tmc"
mkdir -p /data
curl --insecure https://ders-gitlab.dersllc.com/ders/ders-proxy/-/raw/master/STAR_dersllc_com.crt > /data/ders-star.crt
kubectl --context tkgs.dersllc.com get KappControllerConfig -n ${CLUSTER_NS} ${CLUSTER_NAME}-kapp-controller-package -o yaml > ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package.yaml
cat ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package.yaml | yq eval '.spec.kappController.config.caCerts = "'"$(< /data/ders-star.crt)"'"' > ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package-fixed.yaml
#yq eval '.spec.kappController.config.caCerts = "'"$(< /data/ders-star.crt)"'"' ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package.yaml > ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package-fixed.yaml
kubectl --context tkgs.dersllc.com apply -f ${CLUSTER_NS}-${CLUSTER_NAME}-kapp-controller-package-fixed.yaml

tanzu package repository kick --namespace hub -r tanzu.vmware.com

PVC's Pending

CMD

kubectl get pvc -n hub

ERROR

hub                     data-clickhouse-shard0-0                  Pending                                                                                                             12m                  │
hub                     data-clickhouse-shard1-0                  Pending                                                                                                             12m                  │
hub                     data-clickhouse-shard2-0                  Pending                                                                                                             12m                  │
hub                     data-opensearch-data-0                    Pending                                                                                                             2m43s                │
hub                     data-opensearch-data-1                    Pending                                                                                                             2m43s                │
hub                     data-opensearch-master-0                  Pending                                                                                                             2m43s                │
hub                     data-opensearch-master-1                  Pending                                                                                                             2m43s                │
hub                     data-postgresql-0                         Pending                                                                                                             2m45s                │
hub                     prometheus-server                         Pending                                                                                                             12m                  │
hub                     redis-data-redis-master-0                 Pending                                                                                                             12m                  │
hub                     redis-data-redis-replicas-0               Pending                                                                                                             12m 

SOLUTION

kubectl --context hub apply -f https://ders-gitlab.dersllc.com/ders/vmware-se/-/raw/main/TP-SM/tkgs-default-sc.yaml