Kubernetes is now built into vSphere with Tanzu which allows developers to continue using the same industry-standard tools and interfaces they've been using to create modern applications. vSphere Admins also benefit because they can help manage the Kubernetes infrastructure using the same tools and skills they have developed around vSphere. To help bridge these two worlds, we've introduced a new vSphere construct called Namespaces, allowing vSphere Admins to create a logical set of resources, permissions and policies that enable an application-centric approach.

Here's a quick view of how the TKC deployment looks during creation on vSphere. The TKC Control Plane and Worker nodes are getting created within Cluster Group that we chose, under the pathfinder-tanzu provisioner.

• Launch the 'vCenter Server - Tanzu' shortcut from the desktop. You will be automatically logged in. If for some reason you don't, then the login credentials are also available in the Demo Credentials document on desktop.
• Select the 'pathfinder-tanzu' namespace from under Namespaces. The Summary tab would show up by default.
• In the Summary tab you see the various configuration sections for the vSphere Namespace, including Status, Permissions, Storage, Capacity and Usage, vSphere Pods and Tanzu Kubernetes Status. From this screen an admin can manage any of these settings.

Now let's navigate back to your TMC Tab on the browser. Once your cluster status is 'Ready' and the health status is 'Healthy', click on 'Actions' at the top right corner and choose 'Access this cluster'

[IMPORTANT] A new dialog box will open.

1. Click on 'DOWNLOAD KUBECONFIG FILE', select 'Download kubeconfig for tmc CLI'
2. Save As 'config.yml'. **Please note that the file NEEDS to be saved as config.yml else the next steps won't work.**

Click OK button.

NOTE: It is important to save the file as config.yml in order for the next set of steps to work. 

Launch Windows PowerShell from the Desktop by double clicking on the shortcut. Set the KUBECONFIG environment variable to point to our config.yml file saved in the previous step by copying the below command and pasting it in PowerShell.

$env:KUBECONFIG = "\\vmwdp.com\dscpublic\UEM-REDIRECT\$env:USERNAME\Downloads\config.yml"

• Copy using the copy button next to the command 
• Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or  Command (⌘) + v (macOS) on your keyboard

Once the environment variable is set successfully, enter the command to list all pods.

kubectl get pods -A

• Copy using the copy button next to the command 
• Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or   + v (macOS) on your keyboard.

This is where we will use the API token previously copied on Notepad++. 

• Highlight the token pasted on your Notepad++ window and copy it by using Ctrl + c (Windows) or Command (⌘) + c (macOS)
• Paste your copied token on your Windows PowerShell window by using Ctrl + v (Windows) or Command (⌘) + v (macOS) and hit 'Enter'. If the token doesn't paste, use your mouse right click to paste the token. 
• You may be asked to set the login-context name, set a name for it (for e.g. <your-username>-tanzu) and hit 'Enter'.

You will get a 'context successfully created' message along with a list of all pods running on your cluster.

By default, Pod Security Policies are enabled in this cluster which will prevent any pods from being created. Tanzu Kubernetes clusters include default PodSecurityPolicy (PSP) that you can bind to for privileged and restricted workload deployment.

Run the following command to bind to the default privileged PSP:

kubectl create clusterrolebinding tkgs-admin-privileged-binding --clusterrole=psp:vmware-system-privileged --group=system:authenticated

• Copy using the copy button next to the command
• Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or  Command (⌘) + v (macOS) on your keyboard

Now, let us deploy a sample application to verify the permissions were applied correctly. On the Powershell Window, run the following command to deploy nginx on your k8s cluster

kubectl create deployment nginx --image=nginx

• Copy using CTRL+c (Windows) or Command (⌘) + c (macOS) on your keyboard
• Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or  Command (⌘) + v (macOS) on your keyboard

Run  the  following command to verify the deployment of nginx pods

kubectl get pods

• Copy using the copy button next to the command
• Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or Command (⌘) + v (macOS) on your keyboard