Deploy your Tanzu Kubernetes Cluster

Updated on

This section will guide you through the process to create a Tanzu Kubernetes Cluster using Tanzu Mission Control (TMC) and preparing it for app-deployment.

16. Protect a K8s Cluster with VMware

On your VMware Tanzu Desktop, launch the 'Tanzu Mission Control' Chrome Shortcut

17. Login to VMware Cloud Services

You will be redirected to the VMware Cloud Services login page. Use your email address associated  with your VMware ID account, followed by your VMware ID password. You can look at the Credentials section below to find your VMware ID. 

18. Launch VMware Tanzu Mission Control

Once logged in, you should see a My Services page with 'VMware Tanzu  Mission Control' listed as a product in it. Launch the product.

19. Choose Organization

(Optional) If you don't see it, then click on your username on the Cloud Services  page -> Change Organization and make sure you have selected  'Pathfinder Services' as your Organization. After that, you should see  the TMC product.

20. Create Cluster

Now that you're logged in, you should see the 'Clusters' page as your default landing page. We will create a Tanzu Kubernetes Cluster next.

Click on 'Create Cluster'

Select 'Create Tanzu Kubernetes Grid Cluster'

21. Select Management Cluster

On the next screen that comes up, click the radio button next to pathfinder-tanzu and 'Continue to Create Cluster'

22. Select Provisioner

Choose the provisioner as pathfinder-tanzu from the dropdown and click 'NEXT'

23. Name your Cluster

Let's name your cluster. 

Use the format cb-<your-username> for your cluster name. 

Next we must click on Cluster Group, by default you will see "pathfinder-tanzu-demo" Click on the 'X' to delete this entry valueNow click the drop down to select the Cluster Group name that should be auto-populated with the name formatted as <your-username>###. 

Click 'NEXT'


Note: Tanzu will not let you finish creating your cluster in the following steps if you leave the Cluster Group name as the default value of "pathfinder-tanzu-demo" 

24. Select Kubernetes Version

Under the configure section, select the latest available Kubernetes version and click 'NEXT'.

PLEASE NOTE You may want to select 'vsphere-with-tanzu-storage-policy' as your persistent volume storage (Optional).

25. Select Node Type

On the 'Select Control Plane' page, use Single Node with Instance Type as 'best-effort-medium (4vCPU, 4GB RAM)' and click 'NEXT'.

NOTE: Since this is a shared demo environment, we  request all users to follow the guidelines for selecting Instance Type to optimize resource usage.

26. Edit and Add Node Pools

On the 'Edit and Add Node Pools' page, select the Worker Instance Type as 'best-effort-medium (4vCPU, 4GB RAM)' and number of worker nodes = 1 (default) and click on 'CREATE CLUSTER'

NOTE: Since this is a shared demo environment, we  request all users to follow the guidelines for selecting Instance Type to optimize resource usage.

27. Cluster Creation in Progress

You will now see a screen with message 'Your cluster is being created'.  Please allow 5-7 minutes for the Tanzu Kubernetes Cluster status to show as  'Ready'

28. Access your Cluster

Once your cluster is 'Ready' and the health status is 'Healthy', click on 'Actions' at the top right corner and choose 'Access this cluster'

29. Download kubeconfig YAML File

A new dialog box will open. Click on 'DOWNLOAD KUBECONFIG FILE' and Save As 'config.yml'

NOTE: It is important to save the file as config.yml in order for the next set of steps to work.

29-a. Setting environment variables

Launch Windows PowerShell from the Desktop by double clicking on the shortcut. Set the KUBECONFIG environment variable to point to our config.yml file saved in the previous step by copying the below command and pasting it in PowerShell.

$env:KUBECONFIG = "\\vmwdp.com\dscpublic\UEM-REDIRECT\$env:USERNAME\Downloads\config.yml"

30. List K8s pods

Once the environment variable is set successfully, enter the command to list all pods.

kubectl get pods -A

31. Access API Token

You will get a message asking for the API Token which will be available  from TMC. Click on your username -> My Account (under User Settings)  to launch the 'My Account' page.

32. Generate API Token

On this page, navigate to 'API Tokens' tab and click on 'GENERATE TOKEN' to generate a new token. Give it a name (for e.g. <your-username>-tanzu) and select the 'All Roles' checkbox. Click on 'GENERATE'

33. Copy API Token

Your token will be generated. Next, copy the token by highlighting it and using Ctrl + C (Windows) or Command (⌘) + C (macOS). Alternatively use your mouse right click button to Copy.

In the next step you will paste your API Token into the PowerShell CLI window.

We also recommend that you save the API Token in a text file on your VMware Tanzu Horizon Desktop. 

Do not exit this screen until you verify that you've saved your API Token. 

34. Paste API Token

Paste your copied token on your Windows PowerShell window by using Ctrl + V (Windows) or Command (⌘) + V (macOS) and hit 'Enter'. You may be asked to set the login-context name, set a name for it (for e.g. <your-username>-tanzu) and hit 'Enter'.

You will get a 'context successfully created' message along with a list of all pods running on your cluster. Now we're ready to configure CBC Container Security on this cluster.

34-a. Navigate Back to Tanzu Mission Control Console

(Optional) To close the API Token popup screen click on the 'CONTINUE' button to exit this screen. 

To navigate back to the TMC Console screen, click on the App Launcher at the top right of the screen and from the drop down click on "VMware Tanzu Mission Control" 

NOTE: This step is not required, but to show you how to get back to the Tanzu Mission Control Console in case you would like to explore it further or for debugging your cluster. 

Now let's go back to the PowerShell CLI window. 

34-b. Assign permissions to the K8s cluster

To be able to run workloads on this cluster, we have to add a step to run the following kubectl command:

kubectl create clusterrolebinding tkgs-admin-privileged-binding --clusterrole=psp:vmware-system-privileged --group=system:authenticated
Previous Article CBC Cloud Walkthrough
Next Article Deploy CBC Security