On your VMware Tanzu Desktop, launch the 'Tanzu Mission Control' Chrome Shortcut

You will be redirected to the VMware Cloud Services login page. Use your email address associated  with your VMware ID account, followed by your VMware ID password. You can look at the Credentials section below to find your VMware ID. 

Once logged in, you should see a My Services page with 'VMware Tanzu  Mission Control' listed as a product in it. Launch the product.

(Optional) If you don't see it, then click on your username on the Cloud Services  page -> Change Organization and make sure you have selected  'Pathfinder Services' as your Organization. After that, you should see  the TMC product.

Now that you're logged in, you should see the 'Clusters' page as your default landing page. We will create a Tanzu Kubernetes Cluster next.

Click on 'Create Cluster'

Select 'Create Tanzu Kubernetes Grid Cluster'

On the next screen that comes up, click the radio button next to pathfinder-tanzu and 'Continue to Create Cluster'

Choose the provisioner as pathfinder-tanzu from the dropdown and click 'NEXT'

Let's name your cluster. 

Use the format cb-<your-username> for your cluster name. 

Next we must click on Cluster Group, by default you will see "pathfinder-tanzu-demo" Click on the 'X' to delete this entry valueNow click the drop down to select the Cluster Group name that should be auto-populated with the name formatted as <your-username>###. 

Click 'NEXT'

Note: Tanzu will not let you finish creating your cluster in the following steps if you leave the Cluster Group name as the default value of "pathfinder-tanzu-demo" 

Under the configure section, select the latest available Kubernetes version and click 'NEXT'.

PLEASE NOTE You may want to select 'vsphere-with-tanzu-storage-policy' as your persistent volume storage (Optional).

On the 'Select Control Plane' page, use Single Node with Instance Type as 'best-effort-medium (4vCPU, 4GB RAM)' and click 'NEXT'.

NOTE: Since this is a shared demo environment, we  request all users to follow the guidelines for selecting Instance Type to optimize resource usage.

On the 'Edit and Add Node Pools' page, select the Worker Instance Type as 'best-effort-medium (4vCPU, 4GB RAM)' and number of worker nodes = 1 (default) and click on 'CREATE CLUSTER'

NOTE: Since this is a shared demo environment, we  request all users to follow the guidelines for selecting Instance Type to optimize resource usage.

You will now see a screen with message 'Your cluster is being created'.  Please allow 5-7 minutes for the Tanzu Kubernetes Cluster status to show as  'Ready'

Once your cluster is 'Ready' and the health status is 'Healthy', click on 'Actions' at the top right corner and choose 'Access this cluster'

A new dialog box will open. Click on 'DOWNLOAD KUBECONFIG FILE' and Save As 'config.yml'

NOTE: It is important to save the file as config.yml in order for the next set of steps to work.

Launch Windows PowerShell from the Desktop by double clicking on the shortcut. Set the KUBECONFIG environment variable to point to our config.yml file saved in the previous step by copying the below command and pasting it in PowerShell.

$env:KUBECONFIG = "\\vmwdp.com\dscpublic\UEM-REDIRECT\$env:USERNAME\Downloads\config.yml"

Once the environment variable is set successfully, enter the command to list all pods.

kubectl get pods -A

You will get a message asking for the API Token which will be available  from TMC. Click on your username -> My Account (under User Settings)  to launch the 'My Account' page.

On this page, navigate to 'API Tokens' tab and click on 'GENERATE TOKEN' to generate a new token. Give it a name (for e.g. <your-username>-tanzu) and select the 'All Roles' checkbox. Click on 'GENERATE'

Your token will be generated. Next, copy the token by highlighting it and using Ctrl + C (Windows) or Command (⌘) + C (macOS). Alternatively use your mouse right click button to Copy.

In the next step you will paste your API Token into the PowerShell CLI window.

We also recommend that you save the API Token in a text file on your VMware Tanzu Horizon Desktop. 

Do not exit this screen until you verify that you've saved your API Token. 

Paste your copied token on your Windows PowerShell window by using Ctrl + V (Windows) or Command (⌘) + V (macOS) and hit 'Enter'. You may be asked to set the login-context name, set a name for it (for e.g. <your-username>-tanzu) and hit 'Enter'.

You will get a 'context successfully created' message along with a list of all pods running on your cluster. Now we're ready to configure CBC Container Security on this cluster.

(Optional) To close the API Token popup screen click on the 'CONTINUE' button to exit this screen. 

To navigate back to the TMC Console screen, click on the App Launcher at the top right of the screen and from the drop down click on "VMware Tanzu Mission Control" 

NOTE: This step is not required, but to show you how to get back to the Tanzu Mission Control Console in case you would like to explore it further or for debugging your cluster. 

Now let's go back to the PowerShell CLI window. 

To be able to run workloads on this cluster, we have to add a step to run the following kubectl command:

kubectl create clusterrolebinding tkgs-admin-privileged-binding --clusterrole=psp:vmware-system-privileged --group=system:authenticated