はじめに
Tanzu Mission Control Self-Managedをインストールする手順。
HarborへイメージをPush済みの想定。
詳細な手順は後ほど追記予定。
本手順はワークロード管理(スーパーバイザー)が構築済みの後からの手順を記載します。
忘れないようにメモ。
あくまでも参考程度にしてください。
公式ドキュメントを確認してください。
環境
VMware Cloud Foundation (VCF) 5.2.1.0
vSphere8 u3b 24280767
vCenter8.0.3 24305161
NSX 4.2.1.0.0 24304122
NSX Advanced Load Balancer (Avi) 22.1.7 9093
Tanzu環境
TKGs (vSphere with Tanzu)
NSX + NSX ALB を使用した 1-Zone スーパーバイザー
その他環境
IdPとしてOkta。
cert-managerによって証明書を発行/管理。
Cloudflare APIによりLet's Encryptを使用。
Okta グループ設定
tmc:member tmc:admin を作成。
ユーザーに割当
Okta アプリ設定
アプリをOpenID→ネイティブクライアントで作成。
ログインURLは
https://pinniped-supervisor."tmcdomain"/provider/pinniped/callback
クライアントシークレットを控え、TMC設定ファイルへ
詳細な設定は添付画像
Okta Oktaの発行者URI確認/設定
defaultの"ttps://dev-xxx.okta.com/"を使用するのであれば
ttps://dev-xxx.okta.com/oauth2/default
独自ドメインを使用している場合は下記login-01のようにURLが違うため控え
使用するドメインをクリックしクレームに
full_name user.firstName すべて ID 常に
groups グループ: 次で始まる: tmc すべて ID 常に
を追加。
TKGs 名前空間作成
下記の写真ように作成。 仮想マシンクラスはVMware Docsに従い作成。
Control Plane
Nodes:
3 for high availability
1 for testing only
vCPUs: 4
Memory: 8GB
Storage: 40GB
Workers
Nodes:
6 for medium size stack
3 for small size stack
vCPUs: 4
Memory: 8GB
Storage: 40GB
Kuberneteskクラスタ準備
HarborのCAをKubernetesクラスタへ追加します。
"k8s-cluster-name"-user-trusted-ca-secret.yaml
apiVersion: v1
data:
additional-ca-1: TFMwd...以下略
kind: Secret
metadata:
name: "k8s-cluster-name"-user-trusted-ca-secret
namespace: "vsphere 名前空間"
type: Opaque
v1beta1 Example: Cluster with Additional Trusted CA Certificates for SSL/TLS
Kuberneteskクラスタ作成
推奨はControl 3node Workerが6nodeとなっているがリソース問題にて
下記検証用クラスタではControl 1node Workerが3nodeとなっている。
tmc-01-cl01.yaml
apiVersion: cluster.x-k8s.io/v1beta1
kind: Cluster
metadata:
name: tmc-01-cl01
namespace: tmc-01
labels:
tkg-cluster-selector: tmc-01-cl01
spec:
clusterNetwork:
pods:
cidrBlocks:
- 192.168.156.0/20
services:
cidrBlocks:
- 10.96.0.0/12
serviceDomain: cluster.local
topology:
class: tanzukubernetescluster
version: v1.26.5---vmware.2-fips.1-tkg.1
variables:
- name: storageClasses
value:
- vsan-default-storage-policy
- name: defaultStorageClass
value: vsan-default-storage-policy
- name: vmClass
value: tmc-default
- name: storageClass
value: vsan-default-storage-policy
- name: trust
value:
additionalTrustedCAs:
- name: additional-ca-1
- name: controlPlaneVolumes
value:
- name: containerd
mountPath: /var/lib/containerd
storageClass: vsan-default-storage-policy
capacity:
storage: 40Gi
- name: nodePoolVolumes
value: []
controlPlane:
replicas: 1
metadata:
annotations:
run.tanzu.vmware.com/resolve-os-image: os-name=photon
workers:
machineDeployments:
- class: node-pool
name: tmc-01-cl01-wl01
replicas: 3
metadata:
annotations:
run.tanzu.vmware.com/resolve-os-image: os-name=photon
variables:
overrides:
- name: nodePoolVolumes
value:
- name: containerd
mountPath: /var/lib/containerd
storageClass: vsan-default-storage-policy
capacity:
storage: 40Gi
cert-manager 作成
証明書管理のため導入。
今回はCloudflare+DNS01チャレンジによるLet's Encrypts使用。
Tanzu packageでいれるのが正解みたいだがDNS01で使用するネームサーバの設定が
不明のためHelmでインストール実施。
※わかる方がいればご教授をお願いします....
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.12.2 \
--set "podDnsPolicy"="None" \
--set "podDnsConfig.nameservers[0]"="1.1.1.1"\
--set installCRDs=true
cert-manager用CloudflareAPIキー取得/登録
本当はAPIトークンを使用したかったがアクセスができなかったためAPIキーを使用。
cert-managerをインストールしたnamespaceへ追加。
api-key.yaml
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-api-key-secret
type: Opaque
stringData:
api-key: "先ほどCloudflareダッシュボードから取得したAPIキー"
ClusterIssuer作成
cloudflare-issuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cloudflare-issuer
spec:
acme:
email: "メール"
privateKeySecretRef:
name: cloudflare-issuer-secret
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- dns01:
cloudflare:
email: "メール"
apiKeySecretRef:
name: cloudflare-api-key-secret
key: api-key
TMC-SMインストール用NS作成/セキュリティ設定
kubectl create namespace tmc-local
kubectl label ns tmc-local pod-security.kubernetes.io/enforce=privileged
Private Harbarリポジトリ登録
tanzu package repository add tanzu-mission-control-packages --url "Private-harbar"/tmc-sm/package-repository:"version" --namespace tmc-local
TMC-SM設定ファイル作成
tmc-values.yaml
harborProject: "Private-harbar"/tmc-sm
dnsZone: "tmc.example.jp"
clusterIssuer: cloudflare-issuer
postgres:
userPassword: Password
maxConnections: 300
minio:
username: root
password: Password
contourEnvoy:
serviceType: LoadBalancer #Aviの場合はserviceType: LoadBalancerのみ
#serviceAnnotations: # needed only when specifying load balancer controller specific config like preferred IP
# ako.vmware.com/load-balancer-ip: "10.20.10.100"
# when using an auto-assigned IP instead of a preferred IP, please use the following key instead of the serviceAnnotations above
# loadBalancerClass: local
oidc:
issuerType: pinniped
issuerURL: "Oktaの発行者URI"
clientID: "Oktaのクライアントシークレット"
clientSecret: "OktaのクライアントID"
trustedCAs:
local-ca.pem: |-
-----BEGIN CERTIFICATE-----
Let's EncryptsnのCAキー
-----END CERTIFICATE-----
harbar-ca.pem: |
-----BEGIN CERTIFICATE-----
Private harbarのCAキー
-----END CERTIFICATE-----
telemetry:
ceipOptIn: false
eanNumber: ""
ceipAgreement: false
サンプル
tanzu package install tanzu-mission-control -p "tmc.tanzu.vmware.com" --version "1.4.0" --values-file tmc-values.yaml --namespace tmc-local
2:38:34PM: Creating service account 'tanzu-mission-control-tmc-local-sa'
2:38:34PM: Creating cluster admin role 'tanzu-mission-control-tmc-local-cluster-role'
2:38:34PM: Creating cluster role binding 'tanzu-mission-control-tmc-local-cluster-rolebinding'
2:38:34PM: Creating secret 'tanzu-mission-control-tmc-local-values'
2:38:34PM: Creating overlay secrets
2:38:34PM: Creating package install resource
2:38:34PM: Waiting for PackageInstall reconciliation for 'tanzu-mission-control'
2:38:34PM: Fetch started (1s ago)
2:38:35PM: Fetching
| apiVersion: vendir.k14s.io/v1alpha1
| directories:
| - contents:
| - imgpkgBundle:
| image: "Private-harbar"/tmc-sm/package-repository@sha256:432510df9967f3aaa58882a0ad6e7364fbbd19371595d6c4784bfa208fa9534c
| path: .
| path: "0"
| kind: LockConfig
|
2:38:35PM: Fetch succeeded
2:38:36PM: Template succeeded
2:38:36PM: Deploy started (2s ago)
2:38:38PM: Deploying
| Target cluster 'https://10.96.0.1:443' (nodes: tmc-01-cl01-wqfcb-46bpb, 3+)
| Changes
| Namespace Name Kind Age Op Op st. Wait to Rs Ri
| (cluster) tmc-install-cluster-admin-role ClusterRole - create - reconcile - -
| ^ tmc-install-cluster-admin-role-binding ClusterRoleBinding - create - reconcile - -
| ^ tmc-local Namespace 1m update - reconcile ok -
| tmc-local certificate-overlay Secret - create - reconcile - -
| ^ contour PackageInstall - create - reconcile - -
| ^ contour-values-ver-1 Secret - create - reconcile - -
| ^ contour.bitnami.com PackageMetadata - create - reconcile - -
| ^ contour.bitnami.com.18.2.19 Package - create - reconcile - -
| ^ kafka PackageInstall - create - reconcile - -
| ^ kafka-topic-controller PackageInstall - create - reconcile - -
| ^ kafka-topic-controller-values-ver-1 Secret - create - reconcile - -
| ^ kafka-topic-controller.tmc.tanzu.vmware.com PackageMetadata - create - reconcile - -
| ^ kafka-topic-controller.tmc.tanzu.vmware.com.0.0.33 Package - create - reconcile - -
| ^ kafka-values-ver-1 Secret - create - reconcile - -
| ^ kafka.bitnami.com PackageMetadata - create - reconcile - -
| ^ kafka.bitnami.com.28.3.2 Package - create - reconcile - -
| ^ minio PackageInstall - create - reconcile - -
| ^ minio-values-ver-1 Secret - create - reconcile - -
| ^ minio.bitnami.com PackageMetadata - create - reconcile - -
| ^ minio.bitnami.com.14.6.8 Package - create - reconcile - -
| ^ monitoring-values-ver-1 Secret - create - reconcile - -
| ^ monitoring.tmc.tanzu.vmware.com PackageMetadata - create - reconcile - -
| ^ monitoring.tmc.tanzu.vmware.com.0.0.22 Package - create - reconcile - -
| ^ pinniped PackageInstall - create - reconcile - -
| ^ pinniped-values-ver-1 Secret - create - reconcile - -
| ^ pinniped.bitnami.com PackageMetadata - create - reconcile - -
| ^ pinniped.bitnami.com.2.3.1 Package - create - reconcile - -
| ^ postgres PackageInstall - create - reconcile - -
| ^ postgres-endpoint-controller PackageInstall - create - reconcile - -
| ^ postgres-endpoint-controller-values-ver-1 Secret - create - reconcile - -
| ^ postgres-endpoint-controller.tmc.tanzu.vmware.com PackageMetadata - create - reconcile - -
| ^ postgres-endpoint-controller.tmc.tanzu.vmware.com.0.1.71 Package - create - reconcile - -
| ^ postgres-values-ver-1 Secret - create - reconcile - -
| ^ redis PackageInstall - create - reconcile - -
| ^ redis-values-ver-1 Secret - create - reconcile - -
| ^ redis.bitnami.com PackageMetadata - create - reconcile - -
| ^ redis.bitnami.com.19.5.15 Package - create - reconcile - -
| ^ reloader-reloader PackageInstall - create - reconcile - -
| ^ reloader-reloader-values-ver-1 Secret - create - reconcile - -
| ^ reloader-reloader.tmc.tanzu.vmware.com PackageMetadata - create - reconcile - -
| ^ reloader-reloader.tmc.tanzu.vmware.com.1.0.107 Package - create - reconcile - -
| ^ s3-access-operator PackageInstall - create - reconcile - -
| ^ s3-access-operator-values-ver-1 Secret - create - reconcile - -
| ^ s3-access-operator.tmc.tanzu.vmware.com PackageMetadata - create - reconcile - -
| ^ s3-access-operator.tmc.tanzu.vmware.com.0.1.36 Package - create - reconcile - -
| ^ secretgen-controller.tmc.tanzu.vmware.com PackageMetadata - create - reconcile - -
| ^ tmc-install-sa ServiceAccount - create - reconcile - -
| ^ tmc-local-monitoring PackageInstall - create - reconcile - -
| ^ tmc-local-postgres.tmc.tanzu.vmware.com PackageMetadata - create - reconcile - -
| ^ tmc-local-postgres.tmc.tanzu.vmware.com.0.0.138 Package - create - reconcile - -
| ^ tmc-local-stack PackageInstall - create - reconcile - -
| ^ tmc-local-stack-secrets PackageInstall - create - reconcile - -
| ^ tmc-local-stack-secrets.tmc.tanzu.vmware.com PackageMetadata - create - reconcile - -
| ^ tmc-local-stack-secrets.tmc.tanzu.vmware.com.0.0.40457 Package - create - reconcile - -
| ^ tmc-local-stack-values-ver-1 Secret - create - reconcile - -
| ^ tmc-local-stack.tmc.tanzu.vmware.com PackageMetadata - create - reconcile - -
| ^ tmc-local-stack.tmc.tanzu.vmware.com.0.0.40457 Package - create - reconcile - -
| ^ tmc-local-support PackageInstall - create - reconcile - -
| ^ tmc-local-support-values-ver-1 Secret - create - reconcile - -
| ^ tmc-local-support.tmc.tanzu.vmware.com PackageMetadata - create - reconcile - -
| ^ tmc-local-support.tmc.tanzu.vmware.com.0.0.40457 Package - create - reconcile - -
| Op: 60 create, 0 delete, 1 update, 0 noop, 0 exists
| Wait to: 61 reconcile, 0 delete, 0 noop
| 5:38:36AM: ---- applying 2 changes [0/61 done] ----
| 5:38:36AM: create clusterrole/tmc-install-cluster-admin-role (rbac.authorization.k8s.io/v1) cluster
| 5:38:36AM: update namespace/tmc-local (v1) cluster
| 5:38:36AM: ---- waiting on 2 changes [0/61 done] ----
| 5:38:36AM: ok: reconcile clusterrole/tmc-install-cluster-admin-role (rbac.authorization.k8s.io/v1) cluster
| 5:38:36AM: ok: reconcile namespace/tmc-local (v1) cluster
| 5:38:36AM: ---- applying 16 changes [2/61 done] ----
| 5:38:36AM: create secret/certificate-overlay (v1) namespace: tmc-local
| 5:38:36AM: create secret/tmc-local-stack-values-ver-1 (v1) namespace: tmc-local
| 5:38:36AM: create secret/postgres-values-ver-1 (v1) namespace: tmc-local
| 5:38:36AM: create secret/kafka-topic-controller-values-ver-1 (v1) namespace: tmc-local
| 5:38:36AM: create secret/contour-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: create secret/reloader-reloader-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: create secret/redis-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: create secret/s3-access-operator-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: create secret/tmc-local-support-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: create clusterrolebinding/tmc-install-cluster-admin-role-binding (rbac.authorization.k8s.io/v1) cluster
| 5:38:37AM: create secret/monitoring-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: create secret/kafka-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: create serviceaccount/tmc-install-sa (v1) namespace: tmc-local
| 5:38:37AM: create secret/minio-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: create secret/pinniped-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: create secret/postgres-endpoint-controller-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ---- waiting on 16 changes [2/61 done] ----
| 5:38:37AM: ok: reconcile secret/postgres-endpoint-controller-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/contour-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/s3-access-operator-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/kafka-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/reloader-reloader-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/redis-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/tmc-local-stack-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/certificate-overlay (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile clusterrolebinding/tmc-install-cluster-admin-role-binding (rbac.authorization.k8s.io/v1) cluster
| 5:38:37AM: ok: reconcile secret/postgres-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/tmc-local-support-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/monitoring-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile serviceaccount/tmc-install-sa (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/minio-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/pinniped-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ok: reconcile secret/kafka-topic-controller-values-ver-1 (v1) namespace: tmc-local
| 5:38:37AM: ---- applying 29 changes [18/61 done] ----
| 5:38:37AM: create packagemetadata/tmc-local-support.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/s3-access-operator.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/monitoring.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/secretgen-controller.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/tmc-local-postgres.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create package/s3-access-operator.tmc.tanzu.vmware.com.0.1.36 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create package/tmc-local-postgres.tmc.tanzu.vmware.com.0.0.138 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create package/tmc-local-stack-secrets.tmc.tanzu.vmware.com.0.0.40457 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/tmc-local-stack-secrets.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/tmc-local-stack.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/contour.bitnami.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/minio.bitnami.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create package/tmc-local-support.tmc.tanzu.vmware.com.0.0.40457 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/kafka.bitnami.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create package/tmc-local-stack.tmc.tanzu.vmware.com.0.0.40457 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/postgres-endpoint-controller.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/pinniped.bitnami.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create package/postgres-endpoint-controller.tmc.tanzu.vmware.com.0.1.71 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:37AM: create packagemetadata/redis.bitnami.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: create package/pinniped.bitnami.com.2.3.1 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: create package/reloader-reloader.tmc.tanzu.vmware.com.1.0.107 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: create packagemetadata/reloader-reloader.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: create package/minio.bitnami.com.14.6.8 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: create package/contour.bitnami.com.18.2.19 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: create package/monitoring.tmc.tanzu.vmware.com.0.0.22 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: create package/kafka-topic-controller.tmc.tanzu.vmware.com.0.0.33 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: create packagemetadata/kafka-topic-controller.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: create package/kafka.bitnami.com.28.3.2 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: create package/redis.bitnami.com.19.5.15 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ---- waiting on 29 changes [18/61 done] ----
| 5:38:38AM: ok: reconcile packagemetadata/monitoring.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ok: reconcile packagemetadata/tmc-local-support.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ok: reconcile packagemetadata/kafka.bitnami.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ok: reconcile packagemetadata/s3-access-operator.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ok: reconcile package/s3-access-operator.tmc.tanzu.vmware.com.0.1.36 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ok: reconcile packagemetadata/secretgen-controller.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ok: reconcile packagemetadata/tmc-local-postgres.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ok: reconcile package/tmc-local-postgres.tmc.tanzu.vmware.com.0.0.138 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ok: reconcile packagemetadata/tmc-local-stack-secrets.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ok: reconcile packagemetadata/tmc-local-stack.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ok: reconcile package/tmc-local-stack-secrets.tmc.tanzu.vmware.com.0.0.40457 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:38AM: ok: reconcile package/redis.bitnami.com.19.5.15 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile packagemetadata/contour.bitnami.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile packagemetadata/minio.bitnami.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile package/tmc-local-support.tmc.tanzu.vmware.com.0.0.40457 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile package/reloader-reloader.tmc.tanzu.vmware.com.1.0.107 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile package/tmc-local-stack.tmc.tanzu.vmware.com.0.0.40457 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile packagemetadata/postgres-endpoint-controller.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile package/postgres-endpoint-controller.tmc.tanzu.vmware.com.0.1.71 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile packagemetadata/pinniped.bitnami.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile packagemetadata/redis.bitnami.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile packagemetadata/reloader-reloader.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile package/monitoring.tmc.tanzu.vmware.com.0.0.22 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile packagemetadata/kafka-topic-controller.tmc.tanzu.vmware.com (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile package/kafka-topic-controller.tmc.tanzu.vmware.com.0.0.33 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile package/pinniped.bitnami.com.2.3.1 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile package/minio.bitnami.com.14.6.8 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile package/contour.bitnami.com.18.2.19 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ok: reconcile package/kafka.bitnami.com.28.3.2 (data.packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ---- applying 3 changes [47/61 done] ----
| 5:38:39AM: create packageinstall/contour (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: create packageinstall/reloader-reloader (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: create packageinstall/tmc-local-stack-secrets (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ---- waiting on 3 changes [47/61 done] ----
| 5:38:39AM: ongoing: reconcile packageinstall/contour (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ^ Waiting for generation 1 to be observed
| 5:38:39AM: ongoing: reconcile packageinstall/tmc-local-stack-secrets (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ^ Waiting for generation 1 to be observed
| 5:38:39AM: ongoing: reconcile packageinstall/reloader-reloader (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:39AM: ^ Waiting for generation 1 to be observed
| 5:38:42AM: ongoing: reconcile packageinstall/contour (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:42AM: ^ Reconciling
| 5:38:42AM: ongoing: reconcile packageinstall/reloader-reloader (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:42AM: ^ Reconciling
| 5:38:42AM: ongoing: reconcile packageinstall/tmc-local-stack-secrets (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:42AM: ^ Reconciling
| 5:38:45AM: ok: reconcile packageinstall/tmc-local-stack-secrets (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:38:45AM: ---- waiting on 2 changes [48/61 done] ----
| 5:39:06AM: ok: reconcile packageinstall/reloader-reloader (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:06AM: ---- waiting on 1 changes [49/61 done] ----
| 5:39:30AM: ok: reconcile packageinstall/contour (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:30AM: ---- applying 2 changes [50/61 done] ----
| 5:39:30AM: create packageinstall/pinniped (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:30AM: create packageinstall/tmc-local-support (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:30AM: ---- waiting on 2 changes [50/61 done] ----
| 5:39:30AM: ongoing: reconcile packageinstall/pinniped (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:30AM: ^ Waiting for generation 1 to be observed
| 5:39:30AM: ongoing: reconcile packageinstall/tmc-local-support (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:30AM: ^ Waiting for generation 1 to be observed
| 5:39:33AM: ongoing: reconcile packageinstall/tmc-local-support (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:33AM: ^ Reconciling
| 5:39:33AM: ongoing: reconcile packageinstall/pinniped (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:33AM: ^ Reconciling
| 5:39:36AM: ok: reconcile packageinstall/tmc-local-support (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:36AM: ---- applying 5 changes [52/61 done] ----
| 5:39:36AM: create packageinstall/kafka-topic-controller (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:36AM: create packageinstall/kafka (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:36AM: create packageinstall/redis (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:36AM: create packageinstall/postgres (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:36AM: create packageinstall/minio (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:36AM: ---- waiting on 6 changes [51/61 done] ----
| 5:39:36AM: ongoing: reconcile packageinstall/minio (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:36AM: ^ Waiting for generation 1 to be observed
| 5:39:36AM: ongoing: reconcile packageinstall/kafka (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:36AM: ^ Waiting for generation 1 to be observed
| 5:39:36AM: ongoing: reconcile packageinstall/redis (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:36AM: ^ Waiting for generation 1 to be observed
| 5:39:36AM: ongoing: reconcile packageinstall/kafka-topic-controller (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:36AM: ^ Waiting for generation 1 to be observed
| 5:39:36AM: ongoing: reconcile packageinstall/postgres (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:36AM: ^ Waiting for generation 1 to be observed
| 5:39:39AM: ongoing: reconcile packageinstall/kafka (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:39AM: ^ Reconciling
| 5:39:39AM: ongoing: reconcile packageinstall/minio (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:39AM: ^ Reconciling
| 5:39:39AM: ongoing: reconcile packageinstall/postgres (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:39AM: ^ Reconciling
| 5:39:39AM: ongoing: reconcile packageinstall/redis (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:39AM: ^ Reconciling
| 5:39:39AM: ongoing: reconcile packageinstall/kafka-topic-controller (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:39:39AM: ^ Reconciling
| 5:40:00AM: ok: reconcile packageinstall/pinniped (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:00AM: ---- waiting on 5 changes [52/61 done] ----
| 5:40:24AM: ok: reconcile packageinstall/minio (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:24AM: ---- applying 1 changes [57/61 done] ----
| 5:40:25AM: create packageinstall/s3-access-operator (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:25AM: ---- waiting on 5 changes [53/61 done] ----
| 5:40:25AM: ongoing: reconcile packageinstall/s3-access-operator (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:25AM: ^ Waiting for generation 1 to be observed
| 5:40:28AM: ongoing: reconcile packageinstall/s3-access-operator (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:28AM: ^ Reconciling
| 5:40:40AM: ongoing: reconcile packageinstall/redis (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:40AM: ^ Reconciling
| 5:40:40AM: ongoing: reconcile packageinstall/postgres (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:40AM: ^ Reconciling
| 5:40:40AM: ongoing: reconcile packageinstall/kafka (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:40AM: ^ Reconciling
| 5:40:40AM: ongoing: reconcile packageinstall/kafka-topic-controller (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:40AM: ^ Reconciling
| 5:40:46AM: ok: reconcile packageinstall/postgres (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:46AM: ---- applying 1 changes [58/61 done] ----
| 5:40:46AM: create packageinstall/postgres-endpoint-controller (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:46AM: ---- waiting on 5 changes [54/61 done] ----
| 5:40:46AM: ongoing: reconcile packageinstall/postgres-endpoint-controller (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:46AM: ^ Waiting for generation 1 to be observed
| 5:40:49AM: ongoing: reconcile packageinstall/postgres-endpoint-controller (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:49AM: ^ Reconciling
| 5:40:58AM: ok: reconcile packageinstall/kafka-topic-controller (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:40:58AM: ---- waiting on 4 changes [55/61 done] ----
| 5:41:10AM: ok: reconcile packageinstall/s3-access-operator (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:41:10AM: ---- waiting on 3 changes [56/61 done] ----
| 5:41:19AM: ok: reconcile packageinstall/postgres-endpoint-controller (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:41:19AM: ok: reconcile packageinstall/kafka (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:41:19AM: ok: reconcile packageinstall/redis (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:41:19AM: ---- applying 1 changes [59/61 done] ----
| 5:41:19AM: create packageinstall/tmc-local-stack (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:41:19AM: ---- waiting on 1 changes [59/61 done] ----
| 5:41:19AM: ongoing: reconcile packageinstall/tmc-local-stack (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:41:19AM: ^ Waiting for generation 1 to be observed
| 5:41:22AM: ongoing: reconcile packageinstall/tmc-local-stack (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:41:22AM: ^ Reconciling
| 5:42:19AM: ---- waiting on 1 changes [59/61 done] ----
| 5:42:22AM: ongoing: reconcile packageinstall/tmc-local-stack (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:42:22AM: ^ Reconciling
| 5:43:19AM: ---- waiting on 1 changes [59/61 done] ----
| 5:43:22AM: ongoing: reconcile packageinstall/tmc-local-stack (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:43:22AM: ^ Reconciling
| 5:44:20AM: ---- waiting on 1 changes [59/61 done] ----
| 5:44:23AM: ongoing: reconcile packageinstall/tmc-local-stack (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:44:23AM: ^ Reconciling
| 5:45:20AM: ---- waiting on 1 changes [59/61 done] ----
| 5:45:23AM: ongoing: reconcile packageinstall/tmc-local-stack (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:45:23AM: ^ Reconciling
| 5:46:21AM: ---- waiting on 1 changes [59/61 done] ----
| 5:46:24AM: ongoing: reconcile packageinstall/tmc-local-stack (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:46:24AM: ^ Reconciling
| 5:46:54AM: ok: reconcile packageinstall/tmc-local-stack (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:46:54AM: ---- applying 1 changes [60/61 done] ----
| 5:46:55AM: create packageinstall/tmc-local-monitoring (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:46:55AM: ---- waiting on 1 changes [60/61 done] ----
| 5:46:55AM: ongoing: reconcile packageinstall/tmc-local-monitoring (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:46:55AM: ^ Reconciling
| 5:47:56AM: ---- waiting on 1 changes [60/61 done] ----
| 5:47:56AM: ongoing: reconcile packageinstall/tmc-local-monitoring (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:47:56AM: ^ Reconciling
| 5:48:02AM: ok: reconcile packageinstall/tmc-local-monitoring (packaging.carvel.dev/v1alpha1) namespace: tmc-local
| 5:48:02AM: ---- applying complete [61/61 done] ----
| 5:48:02AM: ---- waiting complete [61/61 done] ----
| Succeeded
2:48:02PM: Deploy succeeded
DNS設定
External IPをDNSに登録。
ログイン/動作確認
設定ファイルに登録したtmc.xxxx.comへ
Oktaにてアクセス許可したユーザーでログインできれば終了。
参考
大変参考になりました。ありがとうございました。