Deploy your Tanzu Kubernetes Cluster

Updated on

This section will guide you through the process to create a Tanzu Kubernetes Cluster using Tanzu Mission Control (TMC) and preparing it for app-deployment.

14. Protect a K8s Cluster with VMware

On your VMware Tanzu Desktop, launch the 'Tanzu Mission Control' Chrome Shortcut

15. Login to VMware Cloud Services

You will be redirected to the VMware Cloud Services login page. Use your email address associated  with your VMware ID account, followed by your VMware ID password. You can look at the Credentials section below to find your VMware ID. 

16. Launch VMware Tanzu Mission Control

Once logged in, you should see a My Services page with 'VMware Tanzu  Mission Control' listed as a product in it. Launch the product.

17. Choose Organization

(Optional) If you don't see it, then click on your username on the Cloud Services  page -> Change Organization and make sure you have selected  'Pathfinder Services' as your Organization. After that, you should see  the TMC product.

18. Create Cluster

Now that you're logged in, you should see the 'Clusters' page as your default landing page. We will create a Tanzu Kubernetes Cluster next. Click on 'Add Cluster -> Create Tanzu Kubernetes Grid Cluster'

19. Select Management Cluster

On the next screen that comes up, click the radio button next to pathfinder-tanzu and 'Continue to Create Cluster'

20. Select Provisioner

Choose the provisioner as pathfinder-tanzu from the dropdown and click 'NEXT'

21. Name your Cluster

Let's name your cluster. We will do three things on this step before clicking NEXT.

  1. For your Cluster name, use the format cb-<your-username>.
  2. [IMPORTANT] Next we must click on Cluster group, by default you will see "pathfinder-tanzu-demo". Click on the 'X' to delete this entry value. Now click the drop down to select the Cluster Group name that should be auto-populated with the name formatted as <your-username>###.
  3. For the Cluster class, select the default available entry tanzukubernetescluster.
  4. Click 'NEXT'.

NOTE: Tanzu will not let you finish creating your cluster in the following steps if you leave the Cluster Group name as the default value of "pathfinder-tanzu-demo"

22. Ignore Proxy Configuration

Leave the optional Proxy Configuration as it is (OFF) and click NEXT.

23. Configure Network Settings

Under the Configure network setting section, select the following objects:

  1. Allowed storage classes as 'vsphere-with-tanzu-storage-policy'
  2. Default storage class as 'vsphere-with-tanzu-storage-policy'
  3. Click on 'NEXT'

[IMPORTANT] NOTE: You MUST select 'vsphere-with-tanzu-storage-policy' as your persistent volume storage even though it's marked as optional.

24. Configure Control plane

On the Control plane page, use the default configuration i.e. 

  • Kubernetes version: Leave it as latest default
  • OS version: ubuntu 20.04 amd64
  • Instance Type: Single Node with Instance Type as 'best-effort-medium (4vCPU, 4GB RAM)'
  • Click 'NEXT'.


NOTE: Since this is a shared demo environment, we request all users to follow the guidelines for selecting Instance Type to optimize resource usage.

25 Configure default volumes

We will leave this configuration unchanged and click 'NEXT'.

26. Configure node pool

On the Configure node pool page, set the following configuration values:

  1. Worker Count = 1
  2. Instance Type = best-effort-medium (4vCPU, 4GB RAM)
  3. Storage class = vsphere-with-tanzu-storage-policy
  4. OS version = ubuntu 20.04 amd64
  5. Click 'NEXT'


NOTE: Since this is a shared demo environment, we  request all users to follow the guidelines for selecting Instance Type to optimize resource usage. Please do not create more than 1 worker node.

26.1 Additional cluster configuration (optional)

On this page, we will leave everything as it is (optional configuration) and proceed to 'CREATE CLUSTER'. Here's what your configuration summary should look like.

27. Cluster Creation in Progress

You will now see a screen with message 'Your cluster is being created'.  Please allow 8-10 minutes for the Tanzu Kubernetes Cluster health to show as 'Healthy' and Cluster status as 'Ready'

NOTE: You might see a temporary message of 'This cluster status is unknown'. This message will go if you refresh the page. Continue to refresh the screen.

28. Access API Token

You will get a message asking for the API Token which will be available  from TMC. Click on your username -> My Account (under User Settings)  to launch the 'My Account' page.

29. Generate API Token

On this page, navigate to 'API Tokens' tab and click on 'GENERATE TOKEN' to generate a new token. Give it a name (for e.g. <your-username>-tanzu) and select the 'All Roles' checkbox. Click on 'GENERATE'

30. Copy API Token

Your token will be generated. Next, copy the token by clicking on the COPY button or highlighting it and using Ctrl + C (Windows) or Command (⌘) + C (macOS).

Next, open Notepad++ from your desktop and paste the API Token. It is recommended to save this file under your 'My Documents' folder or store the Token on your local machine if you want to try this experience again and save some effort.

[IMPORTANT] Do not exit this screen until you verify that you've saved your API Token. Also, please DO NOT save your token on the Demo Credentials text file.

31. Navigate Back to Tanzu Mission Control Console

To close the API Token popup screen click on the 'CONTINUE' or 'X' button to exit this screen. 

To navigate back to the TMC Console screen, click on the App Launcher at the top right of the screen and from the drop down click on "VMware Tanzu Mission Control"

32.1. Access your Cluster

Now let's navigate back to your TMC Tab on the browser. Once your cluster status is 'Ready' and the health status is 'Healthy', click on 'Actions' at the top right corner and choose 'Access this cluster'

32.2. Download kubeconfig YAML File

[IMPORTANT] A new dialog box will open.

  1. Click on 'DOWNLOAD KUBECONFIG FILE', select 'Download kubeconfig for tmc CLI'
  2. Save As 'config.yml'. **Please note that the file NEEDS to be saved as config.yml else the next steps won't work.**

Click OK button.

NOTE: It is important to save the file as config.yml in order for the next set of steps to work. 

33.1. Setting environment variables

Launch Windows PowerShell from the Desktop by double clicking on the shortcut. Set the KUBECONFIG environment variable to point to our config.yml file saved in the previous step by copying the below command and pasting it in PowerShell.

$env:KUBECONFIG = "\\vmwdp.com\dscpublic\UEM-REDIRECT\$env:USERNAME\Downloads\config.yml"
  • Copy using the copy button next to the command 
  • Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or  Command (⌘) + v (macOS) on your keyboard

33.2. List K8s pods

Once the environment variable is set successfully, enter the command to list all pods.

kubectl get pods -A
  • Copy using the copy button next to the command 
  • Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or   + v (macOS) on your keyboard.

34.1. Paste API Token

This is where we will use the API token previously copied on Notepad++. 

  • Highlight the token pasted on your Notepad++ window and copy it by using Ctrl + c (Windows) or Command (⌘) + c (macOS)
  • Paste your copied token on your Windows PowerShell window by using Ctrl + v (Windows) or Command (⌘) + v (macOS) and hit 'Enter'. If the token doesn't paste, use your mouse right click to paste the token. 
  • You may be asked to set the login-context name, set a name for it (for e.g. <your-username>-tanzu) and hit 'Enter'.

You will get a 'context successfully created' message along with a list of all pods running on your cluster.

34.2. Bind to default PSP

By default, Pod Security Policies are enabled in this cluster which will prevent any pods from being created. Tanzu Kubernetes clusters include default PodSecurityPolicy (PSP) that you can bind to for privileged and restricted workload deployment.

Run the following command to bind to the default privileged PSP:

kubectl create clusterrolebinding tkgs-admin-privileged-binding --clusterrole=psp:vmware-system-privileged --group=system:authenticated
  • Copy using the copy button next to the command
  • Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or  Command (⌘) + v (macOS) on your keyboard