Walk-through of attaching a TKG cluster to TMC

I’d been wanting to spend more time with Tanzu Mission Control as I haven’t used it much in the last few months. I’ve been spending nearly all my time with TKG and TKGI and was really starting to get stale on TMC. I decided to run through the relatively easy process of attaching an existing Kubernetes cluster to TMC.

For this exercise, I used a TKG 1.1.3 cluster with one control plane node and two worker nodes running Kubernetes 1.18.16. The version and configuration shouldn’t matter too much since TMC will attach just about any Kubernetes cluster (one notable exception is the Supervisor cluster in a vSphere 7 with Kubernetes installation). If you’re not familiar with TMC, you can get a high-level overview of it from What is Tanzu Mission Control.

It shouldn’t matter if the cluster in question is deployed on vSphere or on AWS, as long as it has internet access there should be no concerns with getting it attached.

If your cluster is running behind a proxy server you’ll want to reference the instructions at Attach a Cluster That Is Running Behind a Proxy Server as this is a command-line operation using the tmc executable. 

VMware has some excellent documentation around this topic at What Happens When You Attach a Cluster if you want to learn more.

When you first log in to TMC you should be placed on the Clusters page where you can click the Attach Cluster button to get started.

You’ll need to supply some basic information about your cluster before you can really get started. Cluster name can be any descriptive name you’d like to provide and Cluster group can either be left at default or set to your preference (you have to create cluster groups prior to starting the attach process). As of recent versions of TMC, you can move attached/created clusters between cluster groups (see Move a Cluster Between Cluster Groups for more information). The Description and Labels fields are both optional.

Click the Next button.

On the Install agent page you’ll be presented with a kubectl create command that you’ll need to run in your TKG cluster. This will deploy all of the necessary Kubernetes objects to facilitate communication between your TKG cluster and TMC.

As noted, you have two days from the time this command is generated to actually run it. After that time, the included token will expire and you’ll have to start the attach process over. Below is a sample of what you’re being asked to create in your TKG cluster:

Installer YAML
apiVersion: v1
kind: Namespace
metadata:
  labels:
    control-plane: extension-manager
    tmc-extension: "true"
    controller-tools.k8s.io: "1.0"
  name: vmware-system-tmc
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: stack-config
  namespace: vmware-system-tmc
data:
  resource_uid: "c:01EF4GF01KMTGCW62013CJ4RR8"
  org_id: "e6f8b4af-faa2-4b55-8403-97d2d6b19341"
  cluster_name: "cjlittle-vsphere-test"
  agent_rid: "rid:ag:e6f8b4af-faa2-4b55-8403-97d2d6b19341:global:cjlittle-vsphere-test:cjlittle-vsphere-test"
  cluster_rid: "rid:c:e6f8b4af-faa2-4b55-8403-97d2d6b19341:global:cjlittle-vsphere-test"
  cluster_location: global
  tmc_url: https://epsg.tmc.cloud.vmware.com
  tmc_host: epsg.tmc.cloud.vmware.com
  authenticator_url: https://auth.svcs.whitesand.tmc.cloud.vmware.com
  tls.crt: |+
    -----BEGIN CERTIFICATE-----
    MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
    MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
    DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
    PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
    Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
    AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
    rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
    OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
    xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
    7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
    aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
    HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
    SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
    ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
    AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
    R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
    JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
    Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
    -----END CERTIFICATE-----
 
    -----BEGIN CERTIFICATE-----
    MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
    d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
    ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
    MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
    LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
    RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
    +9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
    PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
    xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
    Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
    hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
    EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
    MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
    FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
    nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
    eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
    hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
    Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
    vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
    +OkuE6N36B9K
    -----END CERTIFICATE-----
---
apiVersion: v1
kind: Secret
metadata:
  name: tmc-client-secret
  namespace: vmware-system-tmc
type: Opaque
data:
 client_credentials : ""
---
apiVersion: v1
kind: Secret
metadata:
  name: tmc-access-secret
  namespace: vmware-system-tmc
type: Opaque
data:
 access_token_info : "ZXlKaFkyTmxjM05mZEc5clpXNGlPaUoyTVdGblpXNTBMbTlZUzNoNGMxUjZWRk5wVWtRNFFXTnlRak15UmtOc2RVbzBVazlvV0ZNMmJIZHdXVmRIUVRoTk1sTnZRMDV3TFZGZmRqRm1SMmxHU0ZGbVIwRktkSG9pZlE9PQ=="
---
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  labels:
    controller-tools.k8s.io: "1.0"
    tmc-extension-name: extension-manager
  annotations:
    controller-gen.kubebuilder.io/version: v0.3.1-0.20200617211605-651903477185
    tmc.cloud.vmware.com/orphan-resource: "true"
    tmc.cloud.vmware.com/do-not-delete: "true"
  creationTimestamp: null
  name: agents.clusters.tmc.cloud.vmware.com
spec:
  group: clusters.tmc.cloud.vmware.com
  names:
    kind: Agent
    listKind: AgentList
    plural: agents
    singular: agent
  scope: Namespaced
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      description: Agent is the Schema for the agents API
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: AgentSpec defines the desired state of Agent
          properties:
            extensions:
              items:
                type: string
              type: array
            namespace:
              type: string
          type: object
        status:
          description: AgentStatus defines the observed state of Agent
          properties:
            clusterHealth:
              description: AggregatedClusterHealth defines the observed state of the
                cluster.
              properties:
                controllerManagerHealth:
                  description: ComponentHealth defines the health of a component.
                  properties:
                    health:
                      format: int32
                      type: integer
                    message:
                      type: string
                    name:
                      type: string
                  required:
                  - name
                  type: object
                etcdHealth:
                  items:
                    description: ComponentHealth defines the health of a component.
                    properties:
                      health:
                        format: int32
                        type: integer
                      message:
                        type: string
                      name:
                        type: string
                    required:
                    - name
                    type: object
                  type: array
                message:
                  type: string
                schedulerHealth:
                  description: ComponentHealth defines the health of a component.
                  properties:
                    health:
                      format: int32
                      type: integer
                    message:
                      type: string
                    name:
                      type: string
                  required:
                  - name
                  type: object
                timestamp:
                  description: "A Timestamp represents a point in time independent
                    of any time zone or calendar, represented as seconds and fractions
                    of seconds at nanosecond resolution in UTC Epoch time. It is encoded
                    using the Proleptic Gregorian Calendar which extends the Gregorian
                    calendar backwards to year one. It is encoded assuming all minutes
                    are 60 seconds long, i.e. leap seconds are \"smeared\" so that
                    no leap second table is needed for interpretation. Range is from
                    0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting
                    to that range, we ensure that we can convert to and from  RFC
                    3339 date strings. See [https://www.ietf.org/rfc/rfc3339.txt](https://www.ietf.org/rfc/rfc3339.txt).
                    \n # Examples \n Example 1: Compute Timestamp from POSIX `time()`.
                    \n     Timestamp timestamp;     timestamp.set_seconds(time(NULL));
                    \    timestamp.set_nanos(0); \n Example 2: Compute Timestamp from
                    POSIX `gettimeofday()`. \n     struct timeval tv;     gettimeofday(&tv,
                    NULL); \n     Timestamp timestamp;     timestamp.set_seconds(tv.tv_sec);
                    \    timestamp.set_nanos(tv.tv_usec * 1000); \n Example 3: Compute
                    Timestamp from Win32 `GetSystemTimeAsFileTime()`. \n     FILETIME
                    ft;     GetSystemTimeAsFileTime(&ft);     UINT64 ticks = (((UINT64)ft.dwHighDateTime)
                    << 32) | ft.dwLowDateTime; \n     // A Windows tick is 100 nanoseconds.
                    Windows epoch 1601-01-01T00:00:00Z     // is 11644473600 seconds
                    before Unix epoch 1970-01-01T00:00:00Z.     Timestamp timestamp;
                    \    timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
                    \    timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
                    \n Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.
                    \n     long millis = System.currentTimeMillis(); \n     Timestamp
                    timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)         .setNanos((int)
                    ((millis % 1000) * 1000000)).build(); \n Example 5: Compute Timestamp
                    from current time in Python. \n     timestamp = Timestamp()     timestamp.GetCurrentTime()
                    \n # JSON Mapping \n In JSON format, the Timestamp type is encoded
                    as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
                    format. That is, the format is \"{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z\"
                    where {year} is always expressed using four digits while {month},
                    {day}, {hour}, {min}, and {sec} are zero-padded to two digits
                    each. The fractional seconds, which can go up to 9 digits (i.e.
                    up to 1 nanosecond resolution), are optional. The \"Z\" suffix
                    indicates the timezone (\"UTC\"); the timezone is required. A
                    proto3 JSON serializer should always use UTC (as indicated by
                    \"Z\") when printing the Timestamp type and a proto3 JSON parser
                    should be able to accept both UTC and other timezones (as indicated
                    by an offset). \n For example, \"2017-01-15T01:30:15.01Z\" encodes
                    15.01 seconds past 01:30 UTC on January 15, 2017. \n In JavaScript,
                    one can convert a Date object to this format using the standard
                    [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString]
                    method. In Python, a standard `datetime.datetime` object can be
                    converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime)
                    with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in
                    Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](
                    http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime--
                    ) to obtain a formatter capable of generating timestamps in this
                    format."
                  properties:
                    nanos:
                      description: Non-negative fractions of a second at nanosecond
                        resolution. Negative second values with fractions must still
                        have non-negative nanos values that count forward in time.
                        Must be from 0 to 999,999,999 inclusive.
                      format: int32
                      type: integer
                    seconds:
                      description: Represents seconds of UTC time since Unix epoch
                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
                        9999-12-31T23:59:59Z inclusive.
                      format: int64
                      type: integer
                  type: object
              type: object
            deploymentLink:
              type: string
            extensions:
              items:
                type: string
              type: array
            health:
              format: int32
              type: integer
            metadata:
              properties:
                cloudProvider:
                  format: int32
                  type: integer
                clusterCPU:
                  description: ResourceAllocation defines the resource utilisation
                    and availability.
                  properties:
                    allocatable:
                      anyOf:
                      - type: integer
                      - type: string
                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                      x-kubernetes-int-or-string: true
                    allocatedPercentage:
                      anyOf:
                      - type: integer
                      - type: string
                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                      x-kubernetes-int-or-string: true
                    requests:
                      anyOf:
                      - type: integer
                      - type: string
                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                      x-kubernetes-int-or-string: true
                    units:
                      type: string
                  required:
                  - allocatable
                  - allocatedPercentage
                  - requests
                  - units
                  type: object
                clusterMemory:
                  description: ResourceAllocation defines the resource utilisation
                    and availability.
                  properties:
                    allocatable:
                      anyOf:
                      - type: integer
                      - type: string
                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                      x-kubernetes-int-or-string: true
                    allocatedPercentage:
                      anyOf:
                      - type: integer
                      - type: string
                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                      x-kubernetes-int-or-string: true
                    requests:
                      anyOf:
                      - type: integer
                      - type: string
                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                      x-kubernetes-int-or-string: true
                    units:
                      type: string
                  required:
                  - allocatable
                  - allocatedPercentage
                  - requests
                  - units
                  type: object
                kubeServerVersion:
                  type: string
                lastUpdate:
                  description: "A Timestamp represents a point in time independent
                    of any time zone or calendar, represented as seconds and fractions
                    of seconds at nanosecond resolution in UTC Epoch time. It is encoded
                    using the Proleptic Gregorian Calendar which extends the Gregorian
                    calendar backwards to year one. It is encoded assuming all minutes
                    are 60 seconds long, i.e. leap seconds are \"smeared\" so that
                    no leap second table is needed for interpretation. Range is from
                    0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting
                    to that range, we ensure that we can convert to and from  RFC
                    3339 date strings. See [https://www.ietf.org/rfc/rfc3339.txt](https://www.ietf.org/rfc/rfc3339.txt).
                    \n # Examples \n Example 1: Compute Timestamp from POSIX `time()`.
                    \n     Timestamp timestamp;     timestamp.set_seconds(time(NULL));
                    \    timestamp.set_nanos(0); \n Example 2: Compute Timestamp from
                    POSIX `gettimeofday()`. \n     struct timeval tv;     gettimeofday(&tv,
                    NULL); \n     Timestamp timestamp;     timestamp.set_seconds(tv.tv_sec);
                    \    timestamp.set_nanos(tv.tv_usec * 1000); \n Example 3: Compute
                    Timestamp from Win32 `GetSystemTimeAsFileTime()`. \n     FILETIME
                    ft;     GetSystemTimeAsFileTime(&ft);     UINT64 ticks = (((UINT64)ft.dwHighDateTime)
                    << 32) | ft.dwLowDateTime; \n     // A Windows tick is 100 nanoseconds.
                    Windows epoch 1601-01-01T00:00:00Z     // is 11644473600 seconds
                    before Unix epoch 1970-01-01T00:00:00Z.     Timestamp timestamp;
                    \    timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
                    \    timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
                    \n Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.
                    \n     long millis = System.currentTimeMillis(); \n     Timestamp
                    timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)         .setNanos((int)
                    ((millis % 1000) * 1000000)).build(); \n Example 5: Compute Timestamp
                    from current time in Python. \n     timestamp = Timestamp()     timestamp.GetCurrentTime()
                    \n # JSON Mapping \n In JSON format, the Timestamp type is encoded
                    as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
                    format. That is, the format is \"{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z\"
                    where {year} is always expressed using four digits while {month},
                    {day}, {hour}, {min}, and {sec} are zero-padded to two digits
                    each. The fractional seconds, which can go up to 9 digits (i.e.
                    up to 1 nanosecond resolution), are optional. The \"Z\" suffix
                    indicates the timezone (\"UTC\"); the timezone is required. A
                    proto3 JSON serializer should always use UTC (as indicated by
                    \"Z\") when printing the Timestamp type and a proto3 JSON parser
                    should be able to accept both UTC and other timezones (as indicated
                    by an offset). \n For example, \"2017-01-15T01:30:15.01Z\" encodes
                    15.01 seconds past 01:30 UTC on January 15, 2017. \n In JavaScript,
                    one can convert a Date object to this format using the standard
                    [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString]
                    method. In Python, a standard `datetime.datetime` object can be
                    converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime)
                    with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in
                    Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](
                    http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime--
                    ) to obtain a formatter capable of generating timestamps in this
                    format."
                  properties:
                    nanos:
                      description: Non-negative fractions of a second at nanosecond
                        resolution. Negative second values with fractions must still
                        have non-negative nanos values that count forward in time.
                        Must be from 0 to 999,999,999 inclusive.
                      format: int32
                      type: integer
                    seconds:
                      description: Represents seconds of UTC time since Unix epoch
                        1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
                        9999-12-31T23:59:59Z inclusive.
                      format: int64
                      type: integer
                  type: object
                masterNodeCount:
                  format: int64
                  type: integer
                namespacesCount:
                  format: int64
                  type: integer
                physicalMemory:
                  format: int64
                  type: integer
                podCount:
                  format: int64
                  type: integer
                region:
                  type: string
                vcpuCount:
                  format: int64
                  type: integer
                workerNodeCount:
                  format: int64
                  type: integer
              type: object
            status:
              format: int32
              type: integer
          type: object
      type: object
  version: v1alpha1
  versions:
  - name: v1alpha1
    served: true
    storage: true
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  creationTimestamp: null
  labels:
    controller-tools.k8s.io: "1.0"
    tmc-extension-name: extension-manager
  name: extensions.clusters.tmc.cloud.vmware.com
  annotations:
    controller-gen.kubebuilder.io/version: v0.3.1-0.20200617211605-651903477185
    tmc.cloud.vmware.com/orphan-resource: "true"
    tmc.cloud.vmware.com/do-not-delete: "true"
spec:
  group: clusters.tmc.cloud.vmware.com
  names:
    kind: Extension
    listKind: ExtensionList
    plural: extensions
    singular: extension
  scope: Namespaced
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      description: Extension is the Schema for the extensions API
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: ExtensionSpec defines the desired state of Extension
          properties:
            deploymentStrategy:
              description: Deployment strategy of an extension.
              properties:
                extensionLifecycleOwner:
                  description: Component Owning Deployment Strategy of the Extension.
                    In case this field is empty it is assumed that Owner of Deployment
                    Strategy is Extension Manager
                  type: string
                overlapTimePeriod:
                  description: Time-Period within which an extension maybe rolled-back
                    to previous version in case the extension becomes unhealthy after
                    the new version is updated successfully. After this time-period
                    elapses, Extensions will not be rolled back to previous versions
                    if they become unhealthy. If the value is zero this field will
                    not be used during Extension Lifecycle Management.
                  format: int64
                  type: integer
                processingTimeout:
                  description: Timeout Value for Processing(Creating/Updating/Deleting/RollingBack)
                    an Extension.
                  format: int64
                  type: integer
                type:
                  description: Type of deployment for extension resource.
                  type: string
              required:
              - type
              type: object
            description:
              type: string
            name:
              type: string
            objects:
              description: Raw JSON/YAML of extension  equivalent to kubernetes 'Unstructured'
                type.
              type: string
            version:
              type: string
          required:
          - deploymentStrategy
          - name
          - objects
          - version
          type: object
        status:
          description: ExtensionStatus defines the observed state of Extension
          properties:
            health:
              format: int32
              type: integer
            previousVersion:
              type: string
            state:
              format: int32
              type: integer
            status:
              format: int32
              type: integer
            version:
              type: string
          type: object
      type: object
  version: v1alpha1
  versions:
  - name: v1alpha1
    served: true
    storage: true
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  labels:
    tmc-extension-name: extension-manager
  annotations:
    controller-gen.kubebuilder.io/version: v0.3.1-0.20200617211605-651903477185
    tmc.cloud.vmware.com/orphan-resource: "true"
    tmc.cloud.vmware.com/do-not-delete: "true"
  creationTimestamp: null
  name: extensionresourceowners.clusters.tmc.cloud.vmware.com
spec:
  group: clusters.tmc.cloud.vmware.com
  names:
    kind: ExtensionResourceOwner
    listKind: ExtensionResourceOwnerList
    plural: extensionresourceowners
    singular: extensionresourceowner
  scope: Cluster
  validation:
    openAPIV3Schema:
      description: ExtensionResourceOwner is the Schema for the extensionresourceowners
        API
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: ExtensionResourceOwnerSpec defines the desired state of ExtensionResourceOwner
          type: object
        status:
          description: ExtensionResourceOwnerStatus defines the observed state of
            ExtensionResourceOwner
          type: object
      type: object
  version: v1alpha1
  versions:
  - name: v1alpha1
    served: true
    storage: true
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  creationTimestamp: null
  labels:
    controller-tools.k8s.io: "1.0"
  name: extensionconfigs.intents.tmc.cloud.vmware.com
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
    tmc.cloud.vmware.com/do-not-delete: "true"
spec:
  group: intents.tmc.cloud.vmware.com
  names:
    kind: ExtensionConfig
    plural: extensionconfigs
  scope: Namespaced
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          properties:
            configMaps:
              description: ConfigMaps are the configMaps of the extension
              items:
                type: object
              type: array
          type: object
        status:
          properties:
            state:
              description: State indicates the state of the ExtensionConfig
              type: string
          type: object
  version: v1alpha1
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: extension-manager
    tmc-extension-name: extension-manager
  name: extension-manager
  namespace: vmware-system-tmc
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app: extension-manager
    tmc-extension-name: extension-manager
  creationTimestamp: null
  name: extension-manager-role
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]
- nonResourceURLs: ['*']
  verbs: ['*']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app: extension-manager
    tmc-extension-name: extension-manager
  creationTimestamp: null
  name: extension-manager-rolebinding
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: extension-manager-role
subjects:
- kind: ServiceAccount
  name: extension-manager
  namespace: vmware-system-tmc
---
apiVersion: v1
kind: Service
metadata:
  name: extension-manager-service
  namespace: vmware-system-tmc
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
  labels:
    app: extension-manager
    control-plane: extension-manager
    tmc-extension: "true"
    controller-tools.k8s.io: "1.0"
    tmc-extension-name: extension-manager
spec:
  selector:
    control-plane: extension-manager
    tmc-extension: "true"
    controller-tools.k8s.io: "1.0"
  ports:
  - port: 443
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: extension-manager
  namespace: vmware-system-tmc
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
  labels:
    app: extension-manager
    control-plane: extension-manager
    tmc-extension: "true"
    controller-tools.k8s.io: "1.0"
    tmc-extension-name: extension-manager
spec:
  progressDeadlineSeconds: 600
  minReadySeconds: 30
  replicas: 1
  selector:
    matchLabels:
      control-plane: extension-manager
      tmc-extension: "true"
      controller-tools.k8s.io: "1.0"
  strategy:
    rollingUpdate:
      maxSurge: 100%
  template:
    metadata:
      labels:
        control-plane: extension-manager
        tmc-extension: "true"
        controller-tools.k8s.io: "1.0"
        tmc-extension-name: extension-manager
    spec:
      tolerations:
        - operator: "Exists"
      serviceAccountName: extension-manager
      containers:
      - command:
        - /usr/local/bin/manager
        image: vmware-docker-olympus-extensions.bintray.io/extension-manager/extension-manager@sha256:49855700572067758c02ad53b7bf1e7488144c1f9c7e358c4b74b0c434823883
        imagePullPolicy: Always
        securityContext:
          runAsUser: 10000
          runAsGroup: 1000
        name: extension-manager
        env:
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        resources:
          limits:
            cpu: 100m
            memory: 4096Mi
          requests:
            cpu: 100m
            memory: 128Mi
        ports:
        - containerPort: 9876
          name: webhook-server
          protocol: TCP
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: extension-updater
    tmc-extension-name: extension-updater
  name: extension-updater-serviceaccount
  namespace: vmware-system-tmc
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  labels:
    app: extension-updater
    tmc-extension-name: extension-updater
  name: extension-updater-clusterrole
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
rules:
- apiGroups: ["security.openshift.io"]
  resources:
  - securitycontextconstraints
  verbs:
  - use
  resourceNames:
  - nonroot
- apiGroups: ["clusters.tmc.cloud.vmware.com"]
  resources:
  - '*'
  verbs:
  - '*'
- apiGroups: [""]
  verbs: ["create", "get", "list", "watch", "update"]
  resources:
  - "configmaps"
- apiGroups: [""]
  verbs: ["get", "list", "watch"]
  resources:
  - "nodes"
  - "pods"
- apiGroups: [""]
  verbs: ["create", "get", "list", "watch", "delete"]
  resources:
  - "namespaces"
- apiGroups: [""]
  verbs: ["create", "get", "list", "update", "watch"]
  resources:
  - "secrets"
- apiGroups: [""]
  verbs: ["create", "patch", "update"]
  resources:
  - "events"
- apiGroups: ["batch"]
  resources:
  - "cronjobs"
  - "jobs"
  verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
  resources:
  - "deployments"
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  labels:
    app: extension-updater
    tmc-extension-name: extension-updater
  name: extension-updater-clusterrolebinding
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: extension-updater-clusterrole
subjects:
- kind: ServiceAccount
  name: extension-updater-serviceaccount
  namespace: vmware-system-tmc
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: extension-updater
    tmc-extension-name: extension-updater
  name: extension-updater
  namespace: vmware-system-tmc
spec:
  selector:
    app: extension-updater
    component: extension-updater
  ports:
    - protocol: TCP
      port: 9988
      targetPort: 9988
      name: validate-grpc
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: vmware-system-tmc-agent-restricted
  labels:
    app: extension-updater
    tmc-extension-name: extension-updater
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
    seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
spec:
  privileged: false
  allowPrivilegeEscalation: false
  requiredDropCapabilities:
  - ALL
  volumes:
  - configMap
  - emptyDir
  - projected
  - secret
  - downwardAPI
  - persistentVolumeClaim
  hostNetwork: false
  hostIPC: false
  hostPID: false
  runAsUser:
    rule: MustRunAsNonRoot
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: MustRunAs
    ranges:
    - min: 1
      max: 65535
  fsGroup:
    rule: MustRunAs
    ranges:
    - min: 1
      max: 65535
  readOnlyRootFilesystem: false
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app: extension-updater
    tmc-extension-name: extension-updater
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
  name: vmware-system-tmc-psp-agent-restricted
rules:
- apiGroups: ['policy']
  resources: ['podsecuritypolicies']
  resourceNames: ['vmware-system-tmc-agent-restricted']
  verbs:     ['use']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app: extension-updater
    tmc-extension-name: extension-updater
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
  name: vmware-system-tmc-psp-agent-restricted
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: vmware-system-tmc-psp-agent-restricted
subjects:
  - kind: Group
    apiGroup: rbac.authorization.k8s.io
    name: system:serviceaccounts:vmware-system-tmc
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: extension-updater
    tmc-extension-name: extension-updater
  name: extension-updater
  namespace: vmware-system-tmc
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
spec:
  progressDeadlineSeconds: 600
  minReadySeconds: 30
  replicas: 1
  selector:
    matchLabels:
      app: extension-updater
      component: extension-updater
  strategy:
    rollingUpdate:
      maxSurge: 100%
  template:
    metadata:
      labels:
        app: extension-updater
        component: extension-updater
        tmc-extension-name: extension-updater
    spec:
      tolerations:
      - operator: "Exists"
      serviceAccountName: extension-updater-serviceaccount
      containers:
      - args:
        - "--server=$(TMC_HOST):443"
        - "--server-name=$(TMC_HOST)"
        - "--client-credentials=/etc/tmc/client-credentials/client_credentials"
        - "--tmc-ca=/etc/tmc/ca.crt"
        - "--auth-server=$(AUTHENTICATOR_URL)"
        - --cluster-id=$(CLUSTER_RESOURCE_ID)
        - --agent-id=$(AGENT_RESOURCE_ID)
        - "--cluster-name=$(CLUSTER_NAME)"
        - "--unsafe-disable-authentication=false"
        - "--connect-timeout=100s"
        - "--poll-interval=5m"
        - "--poll-jitter=0.3"
        - "--agent-heart-beat-interval=90s"
        - "--validation-grpc-port=9988"
        env:
        - name: POD_NAMESPACE
          valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        - name: TMC_HOST
          valueFrom:
            configMapKeyRef:
              name: stack-config
              key: tmc_host
        - name: AUTHENTICATOR_URL
          valueFrom:
            configMapKeyRef:
              name: stack-config
              key: authenticator_url
        - name: CLUSTER_RESOURCE_ID
          valueFrom:
            configMapKeyRef:
              name: stack-config
              key: cluster_rid
        - name: AGENT_RESOURCE_ID
          valueFrom:
            configMapKeyRef:
              name: stack-config
              key: agent_rid
        - name: CLUSTER_NAME
          valueFrom:
            configMapKeyRef:
              name: stack-config
              key: cluster_name
        resources:
          limits:
            cpu: 100m
            memory: 4096Mi
          requests:
            cpu: 50m
            memory: 128Mi
        image:  vmware-docker-olympus-extensions.bintray.io/extension-updater/extension-updater@sha256:94f188f6e0d229338086ecd74d400760127ee2464ec2b1131846747f001a59c8
        imagePullPolicy: Always
        name: extension-updater
        securityContext:
          runAsUser: 10000
          runAsGroup: 1000
        volumeMounts:
        - name: tmc-root-ca
          mountPath: "/etc/tmc"
          readOnly: true
        - name: client-credentials
          mountPath: "/etc/tmc/client-credentials"
          readOnly: true
      volumes:
      - name: tmc-root-ca
        configMap:
          name: stack-config
          items:
          - key: tls.crt
            path: ca.crt
      - name: client-credentials
        secret:
          secretName: tmc-client-secret
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: agent-updater
    tmc-extension-name: agent-updater
  name: agent-updater
  namespace: vmware-system-tmc
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app: agent-updater
    tmc-extension-name: agent-updater
  creationTimestamp: null
  name: agent-updater-role
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]
- nonResourceURLs: ['*']
  verbs: ['*']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app: agent-updater
    tmc-extension-name: agent-updater
  creationTimestamp: null
  name: agent-updater-rolebinding
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: agent-updater-role
subjects:
- kind: ServiceAccount
  name: agent-updater
  namespace: vmware-system-tmc
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: agent-updater
  namespace: vmware-system-tmc
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
  labels:
    app: agent-updater
    tmc-extension: "true"
    tmc-extension-name: agent-updater
    component: agent-updater
spec:
  progressDeadlineSeconds: 600
  minReadySeconds: 30
  replicas: 1
  selector:
    matchLabels:
      tmc-extension: "true"
      tmc-extension-name: agent-updater
      component: agent-updater
  strategy:
    rollingUpdate:
      maxSurge: 100%
  template:
    metadata:
      labels:
        app: agent-updater
        tmc-extension: "true"
        tmc-extension-name: agent-updater
        component: agent-updater
    spec:
      tolerations:
        - operator: "Exists"
      serviceAccountName: agent-updater
      containers:
      - command:
        - /usr/local/bin/manager
        image: vmware-docker-olympus-extensions.bintray.io/agent-updater/agent-updater@sha256:fc5b384d851f5a08262a924aea8a4e6244f8c31f8160d415dc5eadc86b12aa63
        imagePullPolicy: Always
        securityContext:
          runAsUser: 10000
          runAsGroup: 1000
        name: agent-updater
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        resources:
          limits:
            cpu: 100m
            memory: 150Mi
          requests:
            cpu: 100m
            memory: 100Mi
        ports:
        - containerPort: 9876
          name: webhook-server
          protocol: TCP
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: agentupdater-workload
  namespace: vmware-system-tmc
  labels:
    app: agent-updater
    tmc-extension: "true"
    tmc-extension-name: agent-updater
    component: agentupdater-workload
  annotations:
    tmc.cloud.vmware.com/orphan-resource: "true"
spec:
  schedule: "*/1 * * * *"
  startingDeadlineSeconds: 180
  concurrencyPolicy: Forbid
  jobTemplate:
    metadata:
      labels:
        tmc-extension-name: agent-updater
        component: agentupdater-workload
    spec:
      template:
        metadata:
          labels:
            tmc-extension-name: agent-updater
        spec:
          tolerations:
            - operator: "Exists"
          serviceAccountName: agent-updater
          restartPolicy: Never
          containers:
          - command:
            - /usr/local/bin/agentupdaterworkload
            image: vmware-docker-olympus-extensions.bintray.io/agent-updater/agentupdater-workload@sha256:5daa40769379b6e87ac741d6f5f2a714e0fdb18d3af1f4ce71aeb4496079e1c9
            imagePullPolicy: IfNotPresent
            securityContext:
              runAsUser: 10000
              runAsGroup: 1000
            name: agentupdater-workload
            env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            resources:
              limits:
                cpu: 100m
                memory: 256Mi
              requests:
                cpu: 100m
                memory: 128Mi
            ports:
            - containerPort: 9876
              name: webhook-server
              protocol: TCP
---

You'll see a number of objects get created when you run the kubectl create command:

kubectl create -f https://epsg.tmc.cloud.vmware.com/installer?6b0797d843f9c828
namespace/vmware-system-tmc created
configmap/stack-config created
secret/tmc-client-secret created
secret/tmc-access-secret created
customresourcedefinition.apiextensions.k8s.io/agents.clusters.tmc.cloud.vmware.com created
customresourcedefinition.apiextensions.k8s.io/extensions.clusters.tmc.cloud.vmware.com created
customresourcedefinition.apiextensions.k8s.io/extensionresourceowners.clusters.tmc.cloud.vmware.com created
customresourcedefinition.apiextensions.k8s.io/extensionconfigs.intents.tmc.cloud.vmware.com created
serviceaccount/extension-manager created
clusterrole.rbac.authorization.k8s.io/extension-manager-role created
clusterrolebinding.rbac.authorization.k8s.io/extension-manager-rolebinding created
service/extension-manager-service created
deployment.apps/extension-manager created
serviceaccount/extension-updater-serviceaccount created
clusterrole.rbac.authorization.k8s.io/extension-updater-clusterrole created
clusterrolebinding.rbac.authorization.k8s.io/extension-updater-clusterrolebinding created
service/extension-updater created
podsecuritypolicy.policy/vmware-system-tmc-agent-restricted created
clusterrole.rbac.authorization.k8s.io/vmware-system-tmc-psp-agent-restricted created
clusterrolebinding.rbac.authorization.k8s.io/vmware-system-tmc-psp-agent-restricted created
deployment.apps/extension-updater created
serviceaccount/agent-updater created
clusterrole.rbac.authorization.k8s.io/agent-updater-role created
clusterrolebinding.rbac.authorization.k8s.io/agent-updater-rolebinding created
deployment.apps/agent-updater created
cronjob.batch/agentupdater-workload created

These are mostly created in the vmware-system-tmc namespace (itself also created via this command). You can watch the status of these objects as they are created and proceed when everything looks to be up and running.

kubectl -n vmware-system-tmc get all
NAME                                                            READY   STATUS      RESTARTS   AGE
pod/agent-updater-55f69bd7c6-jrnlc                              1/1     Running     0          13m
pod/agentupdater-workload-1596809700-7fd8h                      0/1     Completed   0          11s
pod/cluster-health-extension-6f784fbc65-d7hzs                   1/1     Running     0          11m
pod/extension-manager-76f7997d79-fx5vh                          1/1     Running     0          13m
pod/extension-updater-5d77c47747-dhjwz                          1/1     Running     2          13m
pod/gatekeeper-operator-manager-d9ffd7669-sb7dl                 1/1     Running     0          11m
pod/inspection-extension-94748969d-7nfwl                        1/1     Running     0          11m
pod/intent-agent-58d9768d47-nqmcl                               1/1     Running     0          11m
pod/logs-collector-gatekeeper-operator-20200807140636-vmgbj     0/1     Completed   0          8m36s
pod/logs-collector-policy-sync-extension-20200807140634-b95cg   0/1     Completed   0          8m39s
pod/logs-collector-tmc-observer-20200807140640-2rdbl            0/1     Completed   0          8m33s
pod/policy-sync-extension-5c4d47bc6d-wmcht                      1/1     Running     0          11m
pod/policy-webhook-5c78555bc4-6rjl5                             1/1     Running     0          11m
pod/policy-webhook-5c78555bc4-b9q4b                             1/1     Running     0          11m
pod/sync-agent-65d9b6d94-pxqxn                                  1/1     Running     0          11m
pod/tmc-observer-d447d56d-6p9z9                                 1/1     Running     0          10m

NAME                                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/extension-manager-service     ClusterIP   100.67.9.226     <none>        443/TCP    13m
service/extension-updater             ClusterIP   100.68.163.232   <none>        9988/TCP   13m
service/gatekeeper-operator-service   ClusterIP   100.66.217.175   <none>        443/TCP    11m
service/inspection-extension          ClusterIP   100.64.143.103   <none>        443/TCP    11m
service/policy-sync-extension         ClusterIP   100.70.71.100    <none>        443/TCP    11m
service/policy-webhook-service        ClusterIP   100.69.168.26    <none>        443/TCP    11m

NAME                                          READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/agent-updater                 1/1     1            1           13m
deployment.apps/cluster-health-extension      1/1     1            1           11m
deployment.apps/extension-manager             1/1     1            1           13m
deployment.apps/extension-updater             1/1     1            1           13m
deployment.apps/gatekeeper-operator-manager   1/1     1            1           11m
deployment.apps/inspection-extension          1/1     1            1           11m
deployment.apps/intent-agent                  1/1     1            1           11m
deployment.apps/policy-sync-extension         1/1     1            1           11m
deployment.apps/policy-webhook                2/2     2            2           11m
deployment.apps/sync-agent                    1/1     1            1           11m
deployment.apps/tmc-observer                  1/1     1            1           10m

NAME                                                    DESIRED   CURRENT   READY   AGE
replicaset.apps/agent-updater-55f69bd7c6                1         1         1       13m
replicaset.apps/cluster-health-extension-6f784fbc65     1         1         1       11m
replicaset.apps/extension-manager-76f7997d79            1         1         1       13m
replicaset.apps/extension-updater-5d77c47747            1         1         1       13m
replicaset.apps/gatekeeper-operator-manager-d9ffd7669   1         1         1       11m
replicaset.apps/inspection-extension-94748969d          1         1         1       11m
replicaset.apps/intent-agent-58d9768d47                 1         1         1       11m
replicaset.apps/policy-sync-extension-5c4d47bc6d        1         1         1       11m
replicaset.apps/policy-webhook-5c78555bc4               2         2         2       11m
replicaset.apps/sync-agent-65d9b6d94                    1         1         1       11m
replicaset.apps/tmc-observer-d447d56d                   1         1         1       10m

NAME                                                            COMPLETIONS   DURATION   AGE
job.batch/agentupdater-workload-1596809700                      1/1           11s        11s
job.batch/logs-collector-gatekeeper-operator-20200807140636     1/1           49s        8m37s
job.batch/logs-collector-policy-sync-extension-20200807140634   1/1           3m59s      8m39s
job.batch/logs-collector-tmc-observer-20200807140640            1/1           47s        8m33s

NAME                                                SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
cronjob.batch/agentupdater-workload                 */1 * * * *   False     1        13s             13m
cronjob.batch/policy-webhook-cert-manager-cronjob   0 0 1 * *     False     0        <none>          11m

Note: This is by no means an exhaustive list of the items created by the TMC installer but if this list shows everything as healthy you should be fine to move on to the next step.

Back in the TMC UI, you can now click on the Verify Connection button to ensure that everything is working as expected. 

Click on the View Your Cluster button.

Oh no! My cluster is unhealthy! I was a little worried but quickly realized that everything was fine. The fact that the cluster is marked as unhealthy (controller-manager and scheduler healthz endpoints can't be reached) is a known issue between TMC and TKG 1.1.3....this will be fixed in a future version.

You can see right away some of the incredible visibility that TMC brings to the table by looking at the different visualizations of your cluster that TMC provides.

Nodes:

Namespaces:

Workloads:

Note: This is a truncated list since there are about 40 "workloads" present. These include deployments and replicasets. You can use the filter toggles at the top to hide system and Tanzu related workloads.

And with the Tanzu and system workloads filtered you can see just the MetalLB and WordPress applications that I've deployed to my cluster.

Leave a Comment

Your email address will not be published. Required fields are marked *