Check out the newest release of the Tanzu Kubernetes Grid (TKG) Demo Appliance Fling which includes the following new features:
- Support for the latest TKG 1.2.1 release
-
Support for TKG Workload Cluster upgrade workflow from Kubernetes v1.18.10 to v1.19.3
-
Updated embedded Harbor to use self-sign TLS certificate
One of the biggest feature I was excited for in the new TKG 1.2.1 release was support for an external container registry that was configured with a self-signed TLS certificate. Previously, TKG only supported container registries that were configured with a trusted CA signed certificate and that made it difficult for proof of concept/testing but also for environments that were air-gapped.
With previous releases of the TKG Demo Appliance, a valid TLS certificate was acquired from Let's Encrypt (LE) with the help of my good friend Ryan Johnson who owns the domain rainpole.io. The one downside to LE-based certificates is the short expiry period, which is every 90 days. This meant that any TKG Demo Appliance deployed after the expiry would stop functioning due to the certificate no longer being valid. Although I have been able to manage this by updating the appliance roughly every 90 days, usually in-conjunction with new release of TKG, it was less than ideal.