Integrate Tanzu Kubernetes with Tanzu Mission Control
Overview of Tanzu Mission Control
VMware Tanzu Mission Control (TMC) is a SaaS offering available through VMware Cloud Services and provides the following features:
- A centralized platform to deploy and manage Kubernetes clusters across multiple clouds.
- Attach existing Kubernetes Clusters in the TMC portal for centralized operations and management.
- A Policy Engine that automates Access control and security policies across a fleet of clusters.
- Manage security across multiple clusters.
- Centralize authentication and authorization, with federated identity from multiple sources.
Why do you need Tanzu Mission Control?
One of the main benefits of using Tanzu Mission Control (TMC) is that by using Cluster Lifecycle Management, you can provision new clusters across vSphere and AWS directly from the TMC portal. The Managed Cluster functionality allows you to manage your Kubernetes cluster regardless of where they are running. You can attach the Kubernetes cluster that is running on vSphere (On-prem or Cloud), Public clouds (AWS, Azure, Google), Managed Services (EKS, AKS, GKE), etc.
This article focuses on integrating TKG clusters deployed in VMC on AWS, cluster life-cycle management, and other benefits that TMC provides.
There are various tasks that you must have completed before you can create or attach your TKG clusters in TMC. Go through the following links and become familiar with the various features and requirements. The provides information about setting up and using VMware Tanzu Mission Control.
- You must have a subscription to TMC. See for details.
- Create a cluster group. See .
- You must be able create and manage workspaces. In the TMC console, workspaces are called namespaces. See .
- You must be familiar with the various policies that are available manage the operation and security posture of your Kubernetes clusters and other organizational objects. You must create the policies that are appropriate for your TKG deployment. See .
- Create a provisioner. A provisioner helps you to deploy TKG clusters across multiple/different platforms, such as AWS, VMware vSphere, etc. See .
- Deploy TKG Management Cluster as a production cluster with multiple control plane nodes. See .
- Deploy TKG Workload Clusters with at least 4 CPUs and 8 GB of memory. See .
Tanzu Kubernetes Cluster Lifecycle Management
VMware Tanzu Mission Control allows you to have complete control over the entire lifecycle of provisioned Tanzu Kubernetes clusters, from creating and deleting clusters, to everything in-between.
You can scale node pools up and down, create and delete namespaces, and perform other actions that are available in attached clusters.
When you register a Tanzu Kubernetes Grid management cluster in Tanzu Mission Control, you can provision new TKG workload clusters and leverage the built-in cluster lifecycle management best practices of Cluster API and Tanzu Kubernetes Grid. Tanzu Mission Control uses the Cluster API declarative pattern of lifecycle management for continuous monitoring and reconciliation of your clusters.
Register TKG Management Cluster in TMC
The first step in the TKG cluster life-cycle management is to register the management cluster. After you register the management cluster, you can identify the existing workload clusters in that Tanzu Kubernetes Grid instance that you want to manage through Tanzu Mission Control. You can also create new workload clusters in a registered management cluster.
Step 1 – Log in to the Tanzu Mission Control portal to register the management cluster. Navigate to the Administration > Management Clusters > Register Management Cluster, and choose the type as Tanzu Kubernetes Grid.
Provide a name for your management cluster that will appear in the TMC portal and select the cluster group in which you want to place the management cluster.
You can optionally provide a description and labels for the management cluster. Click Next.
Step 2 - Tanzu Mission Control generates a YAML file that defines how the management cluster connects to Tanzu Mission Control for registration. The credential provided in the YAML expires after 48 hours.
Copy the URL provided on the Register page, and install the cluster agent on your management cluster to complete the registration process.
Step 3 - To install the TMC agent in the management cluster, you run the cluster agent registration script, provided by Tanzu Mission Control on the cluster.
The cluster agent registration script creates a namespace 'vmware-system-tmc' and installs a set of cluster agent extensions, custom resource definitions, role bindings, services & deployments, etc into your cluster, which enables cluster communication with the Tanzu Mission Control.
Step 4 - After installing the TMC agent, return to the TMC portal and click on Verify Connection. After the connection is verified, the management cluster details page is displayed. It might take a few minutes for Tanzu Mission Control to start receiving health information from the management cluster.
Register TKG Workload Cluster in Tanzu Mission Control
Using Tanzu Mission Control, you can register and manage workload clusters running in a registered management cluster.
Step 1 – Log in to the Tanzu Mission Control console and navigate to the Administration > Management clusters and click on the management cluster that you have registered earlier.
Step 2 - On the management cluster detail page, click the Workload clusters tab and select the clusters you want to add to TMC by clicking the checkbox next to the name, and then click Manage Cluster.
Step 3 - Select the cluster group to which you want to add the clusters, and then click Manage.
The workload cluster is now being managed by Tanzu Mission Control.
In the backend, Tanzu Mission Control installs the cluster agent extensions on the workload cluster and adds it to the specified cluster group.
# kubectl get pod -n vmware-system-tmc NAME READY STATUS RESTARTS AGE agent-updater-59b85d846d-4skkc 1/1 Running 0 13m agentupdater-workload-1629705540-6br99 0/1 Completed 0 13s cluster-auth-pinniped-7dd7fcd65f-fn8k2 1/1 Running 0 12m cluster-auth-pinniped-7dd7fcd65f-vrd2f 1/1 Running 0 12m cluster-auth-pinniped-kube-cert-agent-5d8999dfdb-gx2sf 1/1 Running 0 12m cluster-health-extension-755c5bf45d-brrnj 1/1 Running 0 12m extension-manager-bdccc7486-tx2nk 1/1 Running 0 13m extension-updater-6c779698fd-6qspp 1/1 Running 0 13m gatekeeper-operator-manager-598d687554-ltjf6 1/1 Running 0 12m inspection-extension-5c7567d669-9zf2t 1/1 Running 0 12m intent-agent-7f64d95c5c-mndvc 1/1 Running 0 12m logs-collector-cluster-auth-pinniped-20210823074638-nmqsb 0/1 Completed 0 12m logs-collector-cluster-health-extension-20210823074638-489fw 0/1 Completed 0 12m logs-collector-extension-manager-20210823074639-wrbbq 0/1 Completed 0 12m logs-collector-gatekeeper-operator-20210823074639-ffnl2 0/1 Completed 0 12m logs-collector-inspection-20210823074639-x6vxt 0/1 Completed 0 12m logs-collector-intent-agent-20210823074639-2rpc2 0/1 Completed 0 12m logs-collector-policy-insight-extension-20210823074639-d8v8l 0/1 Completed 0 12m logs-collector-policy-sync-extension-20210823074640-jtg5v 0/1 Completed 0 12m logs-collector-tmc-observer-20210823074640-6rwcs 0/1 Completed 0 12m policy-insight-extension-manager-5858b4dc68-gdr8w 1/1 Running 0 12m policy-sync-extension-5db4cb4947-mzpvl 1/1 Running 0 12m sync-agent-75ddbfc5b7-rmfl4 1/1 Running 0 12m tmc-observer-67cb4c7fc8-zpd2f 1/1 Running 0 12m
You can now manage the TKG workload cluster from TMC and deploy containerized applications directly from the TMC portal.