Today, there are growing pressures on operations and development teams to deploy software faster and into more environments, such as development, staging, or production. Organizations need self-service tools and operational efficiency, and VMware is meeting the challenge with solutions to help modernize operations and unburden their teams.
VMware Tanzu Mission Control unifies cluster management to a single control plane and groups resources as a resource hierarchy. This can help an operator easily manage policies, data protection, or packages for their Kubernetes clusters regardless of cloud infrastructure. The Tanzu Mission Control CLI and API allow further integration and extension with automation pipelines.
VMware Tanzu Kubernetes Grid is a tool that allows the complete lifecycle management of Kubernetes clusters on multiple cloud infrastructures. With it, teams can deploy, manage, and scale Kubernetes clusters across vSphere, AWS, and Azure with Tanzu Mission Control and Tanzu Kubernetes Grid combined. This consistent experience provides immeasurable time and cost savings.
This guide will help new users get started using Tanzu Mission Control to deploy Tanzu Kubernetes clusters and show how to begin organizing cluster groups to enforce consistent policies on future clusters.
This guide is intended to get anyone started quickly and will show how to do the following:
-
Create a cluster group
-
Register a Tanzu Kubernetes Grid management cluster with Tanzu Mission Control
-
Deploy a Tanzu Kubernetes cluster
-
Create an access policy for Platform Operators
Cluster prerequisites:
-
Tanzu Kubernetes Grid 1.4.1 or greater management cluster
-
Namespace created on management cluster
-
Users or Groups already added to VMware Cloud Services organization
Cluster network connectivity:
-
Outbound internet connectivity from supervisor and workload cluster nodes – Mission Control Requirements
Create a cluster group
Cluster groups are needed to logically group clusters for organizational purposes and policy application. It is a recommended practice to use cluster groups to avoid mistakes with manual cluster configurations because cluster groups provide the ability to easily apply cluster policies and settings at scale.
Begin by accessing the Tanzu Mission Control console via the URL provided after purchase or trial sign-up. This usually comes in the form of: <orgname>.tmc.cloud.vmware.com.
Click Cluster groups on the left menu, then click Create cluster group and enter a name for the cluster group. The cluster group can be named anything that resonates, such as test, prod, alpha, beta, etc.
Creating a cluster group in Tanzu Mission Control
Register a management cluster
The next phase will be registering the Tanzu Kubernetes Grid management cluster as a Tanzu Mission Control management cluster. This provides Tanzu Mission Control the capability to provision and deploy Kubernetes clusters directly from the Mission Control interface without using the Tanzu CLI.
*If you do not have a management cluster to register, you can create one for free with VMware Tanzu Community Edition here. If you are a licensed Tanzu user, you can download the Tanzu Kubernetes Grid installer here.
Create the registration link in Tanzu Mission Control
Create the registration link for the management cluster so that VMware Tanzu Kubernetes Grid clusters can be lifecycle managed and deployed through Tanzu Mission Control.
Click Administration in the left menu bar, then Management clusters.
Creating a registration link for a management cluster in Tanzu Mission Control
Next, click on the Register management cluster dropdown and click Tanzu Kubernetes Grid. When registering Tanzu Community Edition clusters, select Tanzu Kubernetes Grid.
Registering a management cluster in Tanzu Mission Control
In the first step of the registration wizard, be sure to select the cluster group created in earlier steps for the Default cluster group for managed workload clusters.
Selecting a cluster group in Tanzu Mission Control
Copy the registration URL that is generated in step 3, as it will be needed in the following step.
Finding the registration URL for a management cluster in Tanzu Mission Control
Registering a Tanzu Kubernetes Grid management cluster
Continuing from the registration wizard, open a terminal and log in to the Tanzu Kubernetes Grid management cluster. If you are unsure how, follow these steps. Next, apply the Tanzu Mission Control configuration YAML to the cluster:
kubectl apply -f “<Insert registration URL here>”
After waiting about 30–60 seconds, switch back to the Tanzu Mission Control console, click View management cluster, then Verify connection can be clicked to check if the Tanzu Mission Control agent has finished installation on the cluster. Once the agents begin installing, you will begin to see their health icons begin to update:
Registering a cluster in Tanzu Mission Control
Once registration has been completed, verify that the cluster is appearing in Tanzu Mission Control. Open Tanzu Mission Control and click Administration, then Management clusters, and verify that your cluster shows in the list.
Verifying that your management cluster appears in Tanzu Mission Control
Create a Tanzu Kubernetes Grid workload cluster
To begin utilizing workloads on Tanzu Kubernetes Grid, a Tanzu Kubernetes cluster needs to be created.
This next step assumes that a namespace has already been created on the management cluster; if you have not created one already, the steps to create a namespace can be followed here. The namespace you create will be referred to as a provisioner from within Tanzu Mission Control.
In Tanzu Mission Control, click Clusters on the left, then in the top-right corner, click Create cluster.
Select the management cluster that was registered to Tanzu Mission Control and click Continue to create cluster.
Selecting a management cluster in Tanzu Mission Control
In the next step, select the provisioner and click Next. Provide a cluster name and select the default cluster group that was created at the beginning.
In step 3, select the Kubernetes version and network settings.
Click Next and select the deployment plan that fits your needs.
Selecting a deployment plan in Tanzu Mission Control
Click Next and select the desired node pool settings, such as worker count, and click Create cluster.
You will be taken to the status of the cluster where you can observe baseline health statistics once creation has completed.
Create an access policy for platform operators
As part of the core Tanzu Mission Control functionality, access policies offer the flexibility to align access permissions with existing security groups or create a completely independent access structure. In this section, we are going to create an access policy for the Platform Operator role.
In most cases, this role would have full administrative access at the organization level. In organizations where responsibilities are delegated to team-level access instead of the organization-wide access, we can also create a more granular role binding for platform operators at the cluster group level. The steps for each scenario will be covered next.
In the left menu, click Access. Click the desired organization or cluster group and expand Direct access policies in the right side of the console view.
Selecting an organization or cluster group
If you selected a cluster group, skip the next section and refer to "Creating an access policy for a cluster group."
Creating an access policy for the organization
If you would like to create an access policy for a cluster group, proceed to the next section.
Under Direct access policies, click Edit on the Organization.admin role and change the identities drop-down to reflect whether you are adding a user or group, enter the desired identity, click Add, then click Save. In this example, I am using a group named PlatformOps.
Editing the organization.admin role at the organization level
You can confirm the group was successfully added by checking Direct access policies again to see if your group appears under the desired role.
Confirming that a group was added to an organization.admin role
Creating an access policy for a cluster group
On the right, under Direct access policies, click Create role binding.
Click Create role binding
Change the Identities drop-down to reflect whether you are adding a user or group, enter the desired identity, click Add, then Save. In this example I am using a group named PlatformOps.
Creating role binding
You can confirm the group was successfully added by checking Direct access policies again to see if your group appears under the desired role.
Verifying the group was added
Platform operators can now access the Tanzu Mission Control console to begin managing clusters.
Conclusion
This quick-start guide has shown how to create a cluster group, register a Tanzu Kubernetes Grid management cluster with Tanzu Mission Control, create a Tanzu Kubernetes cluster through Mission Control, and create your first access policy.
With these foundational steps completed, you can begin taking advantage of the Tanzu Mission Control resource hierarchy with policies and provide platform operators access to manage and deploy clusters.
To learn more about Tanzu Mission Control, check out these additional resources:
