Steps to Install and Validate Dex & Gangway workflow:
- Install Gangway through the below command
./shared-services-cluster-setup/aws/scripts/05-install-gangway.sh./shared-services-cluster-setup/vsphere/scripts/05-install-gangway.sh-
Validate all the objects have been initialized
kubectl get all -n tanzu-system-auth
-
Download the kubeconfig for the OKTA user which was created in the prerequisites step.
From the
params.ymlfile, get the gangway url for shared service cluster. It should be something similar togangway.svc.tkg.lab.yourdomain. Navigate to the URL.
Sign in using the same account which you used to setup OKTA initially. As soon as you sign in, you will land to the page where you can download the
KUBECONFIGfor this user.
Download the
KUBECONFIGand place it to theK8/shared-svc-clusterfolder of this repository. -
Open a new Terminal and export the
KUBECONFIGvariable with the value of the above location of KubeConfig which was just downloaded.export KUBECONFIG=/Users/.../tkg-hol/k8/shared-svc-cluster/kubeconf.txtOnce the config is set, try to run any kubectl command, and you will see the below error:
Error from server (Forbidden): pods is forbidden: User "user00001" cannot list resource "pods" in API group "" in the namespace "default"Example:
-
To provide proper access to this user, log in to Tanzu Mission Control. Navigate to Policies > Access Polices > Select the Cluster Group / Cluster and add a
Direct Access Policyfor the user
And now run the command, you should be able to see all the objects.
kubectl get all
Continue to Next Step: Configure Wavefront