A new OKTA application was created. Please record the "Client ID", "Client Secret" and "Okta domain". We will use them in the next step.
### Use the "Client ID", "Client Secret" and "Okta domain" to creat the TKG MGMT Cluster YAML File: avi_okta_mgmt.yaml ###
AVI_CA_DATA_B64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN6VENDQWJXZ0F3SUJBZ0lVWXoxODdqUE9Lc3N4U004S0hLOVdnMC8zUXBvd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xNVGt5TGpFMk9DNHlMalF3SGhjTk1qRXdOekF5TURZek5ETTBXaGNOTWpJdwpOekF5TURZek5ETTBXakFXTVJRd0VnWURWUVFEREFzeE9USXVNVFk0TGpJdU5EQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOY2FIOTVBektuK3Yza0lybkE4VDUwOGZvTmxha3I3N091T0VhazAKQm5JWENtOGt4TklxbWlMaGYyaGRRc2c4ZDVMc1dPb1Q4Z2s0MHdIaVMrK3lhOExNYS95TWtRUk5tajBIejdpcgp6UzNOdmp5MmV6YWllWTNDZlNXV0xLMnVvN0NWVkVtYThKSGtRZmVXbkZHTU9nYmxzYTBPSnYwUk5CbnlyRkVzCm5WaUh3TWZlL3NzRVl5UE93aVJ0UitON1ZMYnU4TC9zVWJCSWl6d1R0aUpCRTYwR2toMm5sNERxekZCbkZHWkEKd01RSU9EYnhHK0QwMVkrWW00S3VlMlc1dFBYdDl6d1VXSmFmSDFaUzd0SVBJOHU2dloyNytyZXlBR3hrZDNHaApGV2haTnA2WmJLZ2Z4SThVYWZtcUh0dWdORis5ZEs4ZUF4eTA0Y3U3YmZkcHpLc0NBd0VBQWFNVE1CRXdEd1lEClZSMFJCQWd3Qm9jRXdLZ0NCREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBR1EydVAvVmpzdFczaW1NdVc1OWkKMEhhQXXXXXXXXXXJ6VlJCaDZuRXhQWnlxNGo5VU9vL09qcW5aVWtTWGtla0Q2QnlTc0c0RXBtVzMra3YwQStWNgpNQUhPS0VOeG9LT0RxRUhWaGtreitCN0I4eWNPcU5RVjIvWUJEclBUL0dmUGkyR2RrVGhBRnRzZlExdy9FZk94CkYrZ3h3ak1lV253K1JNV3F5TEVmNS9hZzNzVGIzY1RSMEZVQ1FFTzRmVURTY3dBOEd5c2xWQ2wxbVBtcFpKb1gKeEhIeUg0eXVMTi9SaGM1emF6K2Q0ckh5d0tHWmNyNEJyRzBxT0l4SldwQU5YN0xQMXZGczZTM3RMaFBOMCtFcgplYU1kNzhnU1dVUVZHUzB0WmlBYXlLb01NZkJNd3NwUTV6OWZNaWhJczRMRHlOS2tuNnRNZCtuS1R0c1doTlR6CnBnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
AVI_CLOUD_NAME: Default-Cloud
AVI_CONTROLLER: 192.168.2.4
AVI_DATA_NETWORK: net_192_168_100m24
AVI_DATA_NETWORK_CIDR: 192.168.100.0/24
AVI_ENABLE: "true"
AVI_LABELS: ""
AVI_PASSWORD: <encoded:aWxvdmXXXXdhcmUxIQ==>
AVI_SERVICE_ENGINE_GROUP: Default-Group
AVI_USERNAME: admin
CLUSTER_CIDR: 100.96.0.0/11
CLUSTER_NAME: vmc-tkg-mgmt
CLUSTER_PLAN: prod
ENABLE_CEIP_PARTICIPATION: "true"
ENABLE_MHC: "true"
IDENTITY_MANAGEMENT_TYPE: oidc
INFRASTRUCTURE_PROVIDER: vsphere
LDAP_BIND_DN: ""
LDAP_BIND_PASSWORD: ""
LDAP_GROUP_SEARCH_BASE_DN: ""
LDAP_GROUP_SEARCH_FILTER: ""
LDAP_GROUP_SEARCH_GROUP_ATTRIBUTE: ""
LDAP_GROUP_SEARCH_NAME_ATTRIBUTE: cn
LDAP_GROUP_SEARCH_USER_ATTRIBUTE: DN
LDAP_HOST: ""
LDAP_ROOT_CA_DATA_B64: ""
LDAP_USER_SEARCH_BASE_DN: ""
LDAP_USER_SEARCH_FILTER: ""
LDAP_USER_SEARCH_NAME_ATTRIBUTE: ""
LDAP_USER_SEARCH_USERNAME: userPrincipalName
OIDC_IDENTITY_PROVIDER_CLIENT_ID: 0oaar7yxxxxxqA357
OIDC_IDENTITY_PROVIDER_CLIENT_SECRET: <encoded:bTlHNEFVTDVhXXXXXXXXXXXNUZ6WndNUlg4VmdWdDdZNWFFZw==>
OIDC_IDENTITY_PROVIDER_GROUPS_CLAIM: groups
OIDC_IDENTITY_PROVIDER_ISSUER_URL: <https://dev-xxxxxx.okta.com>
OIDC_IDENTITY_PROVIDER_NAME: ""
OIDC_IDENTITY_PROVIDER_SCOPES: email
OIDC_IDENTITY_PROVIDER_USERNAME_CLAIM: email
SERVICE_CIDR: 100.64.0.0/13
TKG_HTTP_PROXY_ENABLED: "false"
VSPHERE_CONTROL_PLANE_DISK_GIB: "20"
VSPHERE_CONTROL_PLANE_ENDPOINT: 192.168.2.3
VSPHERE_CONTROL_PLANE_MEM_MIB: "4096"
VSPHERE_CONTROL_PLANE_NUM_CPUS: "2"
VSPHERE_DATACENTER: /SDDC-Datacenter
VSPHERE_DATASTORE: /SDDC-Datacenter/datastore/WorkloadDatastore
VSPHERE_FOLDER: /SDDC-Datacenter/vm/TKG
VSPHERE_NETWORK: net_192_168_2m24
VSPHERE_PASSWORD: <encoded:OUsqexxxxxxaEp6SW4r>
VSPHERE_RESOURCE_POOL: /SDDC-Datacenter/host/Cluster-1/Resources/Compute-ResourcePool
VSPHERE_SERVER: 10.2.1.196
VSPHERE_SSH_AUTHORIZED_KEY: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoud4zk2Dx+5+mThVQ5TekyGlZqtxdGDVFKcxZn14O2lktXhytsXzW2KYe1kvy5xp3zWSwA8wgeedgs1fYXz1ikyo031uqTxowpxGfb4avFThoz20URzHkO6aSF9hwOCEsTZYl3ryfizvy7NxD+3cwTM08KOQdxWkR0IlljZulHXXXXXXXi3y5gbI5/LPo5BDFuROdHpr6Sn0nt45cYTz/seKWVAlIE6rw3NV9sv/5TCidVNvwL+cSjSzFWG8comGPndpzt8218Glv03r9T+NrCGYNg4CByWO1vt1B818rOwNT+VWrIvv7iIwdPaRsy6Zsa91g8J+YJVH4+CN [email protected]
VSPHERE_TLS_THUMBPRINT: DD:A1:63:8B:12:72:4D:B4:83:0A:10:58:67:EF:AD:87:7A:FA:CD:EB
VSPHERE_USERNAME: [email protected]
VSPHERE_WORKER_DISK_GIB: "20"
VSPHERE_WORKER_MEM_MIB: "4096"
VSPHERE_WORKER_NUM_CPUS: "2"
tanzu cluster create -f avi_okta_mgmt.yaml -v 6
After MGMT cluster is deployed, check the service and find the "pinniped-supervisor " service and note down the node port 31234.
root@topgun01 [ ~ ]# k get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
capi-kubeadm-bootstrap-system capi-kubeadm-bootstrap-controller-manager-metrics-service ClusterIP 100.67.14.135 <none> 8443/TCP 41h
capi-kubeadm-control-plane-system capi-kubeadm-control-plane-controller-manager-metrics-service ClusterIP 100.67.139.242 <none> 8443/TCP 41h
capi-system capi-controller-manager-metrics-service ClusterIP 100.66.97.71 <none> 8443/TCP 41h
capi-webhook-system capi-kubeadm-bootstrap-webhook-service ClusterIP 100.67.76.186 <none> 443/TCP 41h
capi-webhook-system capi-kubeadm-control-plane-webhook-service ClusterIP 100.67.178.243 <none> 443/TCP 41h
capi-webhook-system capi-webhook-service ClusterIP 100.64.50.63 <none> 443/TCP 41h
capi-webhook-system capv-webhook-service ClusterIP 100.68.86.224 <none> 443/TCP 41h
capv-system capv-controller-manager-metrics-service ClusterIP 100.64.118.231 <none> 8443/TCP 41h
cert-manager cert-manager ClusterIP 100.70.93.20 <none> 9402/TCP 41h
cert-manager cert-manager-webhook ClusterIP 100.67.148.2 <none> 443/TCP 41h
default kubernetes ClusterIP 100.64.0.1 <none> 443/TCP 41h
kube-system antrea ClusterIP 100.66.108.110 <none> 443/TCP 41h
kube-system cloud-controller-manager NodePort 100.67.164.218 <none> 443:31277/TCP 41h
kube-system kube-dns ClusterIP 100.64.0.10 <none> 53/UDP,53/TCP,9153/TCP 41h
kube-system metrics-server ClusterIP 100.71.138.205 <none> 443/TCP 41h
pinniped-concierge pinniped-concierge-api ClusterIP 100.66.47.204 <none> 443/TCP 41h
pinniped-supervisor pinniped-supervisor NodePort 100.68.240.214 <none> 443:31234/TCP 41h
tkg-system-networking ako-operator-controller-manager-metrics-service ClusterIP 100.65.209.12 <none> 8443/TCP 41h
