Kubeapps is a web-based UI for deploying and managing applications in Kubernetes clusters. This guide shows how you can deploy Kubeapps into your TKG clusters deployed in VMware Cloud Director.
With Kubeapps you can:
- Customize deployments through an intuitive, form-based user interface
- Inspect, upgrade and delete applications installed in the cluster
- Browse and deploy Helm charts from public or private chart repositories (including VMware Marketplace™ and Bitnami Application Catalog)
- Browse and deploy Kubernetes Operators
- Secure authentication to Kubeapps using a standalone OAuth2/OIDC provider or using Pinniped
- Secure authorization based on Kubernetes Role-Based Access Control
Pre-requisites:
- a Kubernetes cluster deployed in VCD
- Avi is setup for VCD to provide L4 load balancer to Kubernetes services
- NSX-T is is setup for VCD
- A default storageclass is defined for your Kubernetes cluster
- Helm installed to your workstation, if using Photon OS, its already installed
Step 1: Install KubeApps
helm repo add bitnami https://charts.bitnami.com/bitnami
kubectl create namespace kubeapps
helm install kubeapps --namespace kubeapps bitnami/kubeapps
Step 2: Create demo credentials
kubectl create --namespace default serviceaccount kubeapps-operator
kubectl create clusterrolebinding kubeapps-operator --clusterrole=cluster-admin --serviceaccount=default:kubeapps-operator
Step 3: Obtain token to login to KubeApps
kubectl get --namespace default secret $(kubectl get --namespace default serviceaccount kubeapps-operator -o jsonpath='{range .secrets[*]}{.name}{"\n"}{end}' | grep kubeapps-operator-token) -o jsonpath='{.data.token}' -o go-template='{{.data.token | base64decode}}' && echo
Step 4: Expose KubeApps using Avi load balancer
k edit svc kubeapps -n kubeapps
change the line from
"type: ClusterIP"
to
"type: LoadBalancer"
Or: Expose using Gateway API, add ako.vmware.com labels into the kubeapps service like this (Not supported in VCD clouds):
apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: kubeapps
meta.helm.sh/release-namespace: kubeapps
creationTimestamp: "2022-03-26T13:47:45Z"
labels:
ako.vmware.com/gateway-name: gateway-tkg-workload-vip
ako.vmware.com/gateway-namespace: default
app.kubernetes.io/component: frontend
app.kubernetes.io/instance: kubeapps
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kubeapps
helm.sh/chart: kubeapps-7.8.13
name: kubeapps
namespace: kubeapps
Step 5: Log into KubeApps with the token