On your VMware Tanzu Desktop, launch the 'Tanzu Mission Control' Chrome Shortcut

You will be redirected to the VMware Cloud Services login page. Use your email address associated  with your VMware ID account, followed by your VMware ID password. You can look at the Credentials section below to find your VMware ID. 

Once logged in, you should see a My Services page with 'VMware Tanzu  Mission Control' listed as a product in it. Launch the product.

(Optional) If you don't see it, then click on your username on the Cloud Services  page -> Change Organization and make sure you have selected  'Pathfinder Services' as your Organization. After that, you should see  the TMC product.

Now that you're logged in, you should see the 'Clusters' page as your default landing page. We will create a Tanzu Kubernetes Cluster next. Click on 'Add Cluster -> Create Tanzu Kubernetes Grid Cluster'

On the next screen that comes up, click the radio button next to pathfinder-tanzu and 'Continue to Create Cluster'

Choose the provisioner as pathfinder-tanzu from the dropdown and click 'NEXT'

Let's name your cluster. We will do three things on this step before clicking NEXT.

1. For your Cluster name, use the format cb-<your-username>.
2. [IMPORTANT] Next we must click on Cluster group, by default you will see "pathfinder-tanzu-demo". Click on the 'X' to delete this entry value. Now click the drop down to select the Cluster Group name that should be auto-populated with the name formatted as <your-username>###.
3. For the Cluster class, select the default available entry tanzukubernetescluster.
4. Click 'NEXT'.

NOTE: Tanzu will not let you finish creating your cluster in the following steps if you leave the Cluster Group name as the default value of "pathfinder-tanzu-demo"

Leave the optional Proxy Configuration as it is (OFF) and click NEXT.

Under the Configure network setting section, select the following objects:

1. Allowed storage classes as 'vsphere-with-tanzu-storage-policy'
2. Default storage class as 'vsphere-with-tanzu-storage-policy'
3. Click on 'NEXT'

[IMPORTANT] NOTE: You MUST select 'vsphere-with-tanzu-storage-policy' as your persistent volume storage even though it's marked as optional.

On the Control plane page, use the default configuration i.e. 

• Kubernetes version: Leave it as latest default
• OS version: ubuntu 20.04 amd64
• Instance Type: Single Node with Instance Type as 'best-effort-medium (4vCPU, 4GB RAM)'
• Click 'NEXT'.

NOTE: Since this is a shared demo environment, we request all users to follow the guidelines for selecting Instance Type to optimize resource usage.

We will leave this configuration unchanged and click 'NEXT'.

On the Configure node pool page, set the following configuration values:

1. Worker Count = 1
2. Instance Type = best-effort-medium (4vCPU, 4GB RAM)
3. Storage class = vsphere-with-tanzu-storage-policy
4. OS version = ubuntu 20.04 amd64
5. Click 'NEXT'

NOTE: Since this is a shared demo environment, we  request all users to follow the guidelines for selecting Instance Type to optimize resource usage. Please do not create more than 1 worker node.

On this page, we will leave everything as it is (optional configuration) and proceed to 'CREATE CLUSTER'. Here's what your configuration summary should look like.

You will now see a screen with message 'Your cluster is being created'.  Please allow 8-10 minutes for the Tanzu Kubernetes Cluster health to show as 'Healthy' and Cluster status as 'Ready'

NOTE: You might see a temporary message of 'This cluster status is unknown'. This message will go if you refresh the page. Continue to refresh the screen.

You will get a message asking for the API Token which will be available  from TMC. Click on your username -> My Account (under User Settings)  to launch the 'My Account' page.

On this page, navigate to 'API Tokens' tab and click on 'GENERATE TOKEN' to generate a new token. Give it a name (for e.g. <your-username>-tanzu) and select the 'All Roles' checkbox. Click on 'GENERATE'

Your token will be generated. Next, copy the token by clicking on the COPY button or highlighting it and using Ctrl + C (Windows) or Command (⌘) + C (macOS).

Next, open Notepad++ from your desktop and paste the API Token. It is recommended to save this file under your 'My Documents' folder or store the Token on your local machine if you want to try this experience again and save some effort.

[IMPORTANT] Do not exit this screen until you verify that you've saved your API Token. Also, please DO NOT save your token on the Demo Credentials text file.

To close the API Token popup screen click on the 'CONTINUE' or 'X' button to exit this screen. 

To navigate back to the TMC Console screen, click on the App Launcher at the top right of the screen and from the drop down click on "VMware Tanzu Mission Control"

Now let's navigate back to your TMC Tab on the browser. Once your cluster status is 'Ready' and the health status is 'Healthy', click on 'Actions' at the top right corner and choose 'Access this cluster'

[IMPORTANT] A new dialog box will open.

1. Click on 'DOWNLOAD KUBECONFIG FILE', select 'Download kubeconfig for tmc CLI'
2. Save As 'config.yml'. **Please note that the file NEEDS to be saved as config.yml else the next steps won't work.**

Click OK button.

NOTE: It is important to save the file as config.yml in order for the next set of steps to work. 

Launch Windows PowerShell from the Desktop by double clicking on the shortcut. Set the KUBECONFIG environment variable to point to our config.yml file saved in the previous step by copying the below command and pasting it in PowerShell.

$env:KUBECONFIG = "\\vmwdp.com\dscpublic\UEM-REDIRECT\$env:USERNAME\Downloads\config.yml"

• Copy using the copy button next to the command 
• Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or  Command (⌘) + v (macOS) on your keyboard

Once the environment variable is set successfully, enter the command to list all pods.

kubectl get pods -A

• Copy using the copy button next to the command 
• Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or   + v (macOS) on your keyboard.

This is where we will use the API token previously copied on Notepad++. 

• Highlight the token pasted on your Notepad++ window and copy it by using Ctrl + c (Windows) or Command (⌘) + c (macOS)
• Paste your copied token on your Windows PowerShell window by using Ctrl + v (Windows) or Command (⌘) + v (macOS) and hit 'Enter'. If the token doesn't paste, use your mouse right click to paste the token. 
• You may be asked to set the login-context name, set a name for it (for e.g. <your-username>-tanzu) and hit 'Enter'.

You will get a 'context successfully created' message along with a list of all pods running on your cluster.

By default, Pod Security Policies are enabled in this cluster which will prevent any pods from being created. Tanzu Kubernetes clusters include default PodSecurityPolicy (PSP) that you can bind to for privileged and restricted workload deployment.

Run the following command to bind to the default privileged PSP:

kubectl create clusterrolebinding tkgs-admin-privileged-binding --clusterrole=psp:vmware-system-privileged --group=system:authenticated

• Copy using the copy button next to the command
• Paste it on the Horizon username field by clicking on it, followed by pressing CTRL+v (Windows) or  Command (⌘) + v (macOS) on your keyboard