This section will guide you through the process to create a Tanzu Kubernetes Cluster using Tanzu Mission Control (TMC) and preparing it for app-deployment.
16. Protect a K8s Cluster with VMware
On your VMware Tanzu Desktop, launch the 'Tanzu Mission Control' Chrome Shortcut
17. Login to VMware Cloud Services
You will be redirected to the VMware Cloud Services login page. Use your email address associated with your VMware ID account, followed by your VMware ID password. You can look at the Credentials section below to find your VMware ID.
18. Launch VMware Tanzu Mission Control
Once logged in, you should see a My Services page with 'VMware Tanzu Mission Control' listed as a product in it. Launch the product.
19. Choose Organization

(Optional) If you don't see it, then click on your username on the Cloud Services page -> Change Organization and make sure you have selected 'Pathfinder Services' as your Organization. After that, you should see the TMC product.
20. Create Cluster
Now that you're logged in, you should see the 'Clusters' page as your default landing page. We will create a Tanzu Kubernetes Cluster next.
Click on 'Create Cluster'
Select 'Create Tanzu Kubernetes Grid Cluster'
21. Select Management Cluster
On the next screen that comes up, click the radio button next to pathfinder-tanzu and 'Continue to Create Cluster'
22. Select Provisioner
Choose the provisioner as pathfinder-tanzu from the dropdown and click 'NEXT'
23. Name your Cluster
Let's name your cluster.
Use the format cb-<your-username> for your cluster name.
Next we must click on Cluster Group, by default you will see "pathfinder-tanzu-demo" Click on the 'X' to delete this entry valueNow click the drop down to select the Cluster Group name that should be auto-populated with the name formatted as <your-username>###.
Click 'NEXT'
Note: Tanzu will not let you finish creating your cluster in the following steps if you leave the Cluster Group name as the default value of "pathfinder-tanzu-demo"
24. Select Kubernetes Version
Under the configure section, select the latest available Kubernetes version and click 'NEXT'.
PLEASE NOTE You may want to select 'vsphere-with-tanzu-storage-policy' as your persistent volume storage (Optional).
25. Select Node Type
On the 'Select Control Plane' page, use Single Node with Instance Type as 'best-effort-medium (4vCPU, 4GB RAM)' and click 'NEXT'.
NOTE: Since this is a shared demo environment, we request all users to follow the guidelines for selecting Instance Type to optimize resource usage.
26. Edit and Add Node Pools
On the 'Edit and Add Node Pools' page, select the Worker Instance Type as 'best-effort-medium (4vCPU, 4GB RAM)' and number of worker nodes = 1 (default) and click on 'CREATE CLUSTER'
NOTE: Since this is a shared demo environment, we request all users to follow the guidelines for selecting Instance Type to optimize resource usage.
27. Cluster Creation in Progress
You will now see a screen with message 'Your cluster is being created'. Please allow 5-7 minutes for the Tanzu Kubernetes Cluster status to show as 'Ready'
28. Access your Cluster
Once your cluster is 'Ready' and the health status is 'Healthy', click on 'Actions' at the top right corner and choose 'Access this cluster'
29. Download kubeconfig YAML File
A new dialog box will open. Click on 'DOWNLOAD KUBECONFIG FILE' and Save As 'config.yml'
NOTE: It is important to save the file as config.yml in order for the next set of steps to work.
29-a. Setting environment variables
Launch Windows PowerShell from the Desktop by double clicking on the shortcut. Set the KUBECONFIG environment variable to point to our config.yml file saved in the previous step by copying the below command and pasting it in PowerShell.
$env:KUBECONFIG = "\\vmwdp.com\dscpublic\UEM-REDIRECT\$env:USERNAME\Downloads\config.yml"
30. List K8s pods
Once the environment variable is set successfully, enter the command to list all pods.
kubectl get pods -A
31. Access API Token

You will get a message asking for the API Token which will be available from TMC. Click on your username -> My Account (under User Settings) to launch the 'My Account' page.
32. Generate API Token
On this page, navigate to 'API Tokens' tab and click on 'GENERATE TOKEN' to generate a new token. Give it a name (for e.g. <your-username>-tanzu) and select the 'All Roles' checkbox. Click on 'GENERATE'
33. Copy API Token
Your token will be generated. Next, copy the token by highlighting it and using Ctrl + C (Windows) or Command (⌘) + C (macOS). Alternatively use your mouse right click button to Copy.
In the next step you will paste your API Token into the PowerShell CLI window.
We also recommend that you save the API Token in a text file on your VMware Tanzu Horizon Desktop.
Do not exit this screen until you verify that you've saved your API Token.
34. Paste API Token
Paste your copied token on your Windows PowerShell window by using Ctrl + V (Windows) or Command (⌘) + V (macOS) and hit 'Enter'. You may be asked to set the login-context name, set a name for it (for e.g. <your-username>-tanzu) and hit 'Enter'.
You will get a 'context successfully created' message along with a list of all pods running on your cluster. Now we're ready to configure CBC Container Security on this cluster.
34-a. Navigate Back to Tanzu Mission Control Console
(Optional) To close the API Token popup screen click on the 'CONTINUE' button to exit this screen.
To navigate back to the TMC Console screen, click on the App Launcher at the top right of the screen and from the drop down click on "VMware Tanzu Mission Control"
NOTE: This step is not required, but to show you how to get back to the Tanzu Mission Control Console in case you would like to explore it further or for debugging your cluster.
Now let's go back to the PowerShell CLI window.