I’d been wanting to spend more time with Tanzu Mission Control as I haven’t used it much in the last few months. I’ve been spending nearly all my time with TKG and TKGI and was really starting to get stale on TMC. I decided to run through the relatively easy process of attaching an existing Kubernetes cluster to TMC.
For this exercise, I used a TKG 1.1.3 cluster with one control plane node and two worker nodes running Kubernetes 1.18.16. The version and configuration shouldn’t matter too much since TMC will attach just about any Kubernetes cluster (one notable exception is the Supervisor cluster in a vSphere 7 with Kubernetes installation). If you’re not familiar with TMC, you can get a high-level overview of it from What is Tanzu Mission Control.
It shouldn’t matter if the cluster in question is deployed on vSphere or on AWS, as long as it has internet access there should be no concerns with getting it attached.
If your cluster is running behind a proxy server you’ll want to reference the instructions at Attach a Cluster That Is Running Behind a Proxy Server as this is a command-line operation using the tmc
executable.
VMware has some excellent documentation around this topic at What Happens When You Attach a Cluster if you want to learn more.
When you first log in to TMC you should be placed on the Clusters page where you can click the Attach Cluster button to get started.
You’ll need to supply some basic information about your cluster before you can really get started. Cluster name can be any descriptive name you’d like to provide and Cluster group can either be left at default or set to your preference (you have to create cluster groups prior to starting the attach process). As of recent versions of TMC, you can move attached/created clusters between cluster groups (see Move a Cluster Between Cluster Groups for more information). The Description and Labels fields are both optional.
Click the Next button.
On the Install agent page you’ll be presented with a kubectl create command that you’ll need to run in your TKG cluster. This will deploy all of the necessary Kubernetes objects to facilitate communication between your TKG cluster and TMC.
As noted, you have two days from the time this command is generated to actually run it. After that time, the included token will expire and you’ll have to start the attach process over. Below is a sample of what you’re being asked to create in your TKG cluster:
Installer YAMLapiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: extension-manager
tmc-extension: "true"
controller-tools.k8s.io: "1.0"
name: vmware-system-tmc
---
apiVersion: v1
kind: ConfigMap
metadata:
name: stack-config
namespace: vmware-system-tmc
data:
resource_uid: "c:01EF4GF01KMTGCW62013CJ4RR8"
org_id: "e6f8b4af-faa2-4b55-8403-97d2d6b19341"
cluster_name: "cjlittle-vsphere-test"
agent_rid: "rid:ag:e6f8b4af-faa2-4b55-8403-97d2d6b19341:global:cjlittle-vsphere-test:cjlittle-vsphere-test"
cluster_rid: "rid:c:e6f8b4af-faa2-4b55-8403-97d2d6b19341:global:cjlittle-vsphere-test"
cluster_location: global
tmc_url: https://epsg.tmc.cloud.vmware.com
tmc_host: epsg.tmc.cloud.vmware.com
authenticator_url: https://auth.svcs.whitesand.tmc.cloud.vmware.com
tls.crt: |+
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----
---
apiVersion: v1
kind: Secret
metadata:
name: tmc-client-secret
namespace: vmware-system-tmc
type: Opaque
data:
client_credentials : ""
---
apiVersion: v1
kind: Secret
metadata:
name: tmc-access-secret
namespace: vmware-system-tmc
type: Opaque
data:
access_token_info : "ZXlKaFkyTmxjM05mZEc5clpXNGlPaUoyTVdGblpXNTBMbTlZUzNoNGMxUjZWRk5wVWtRNFFXTnlRak15UmtOc2RVbzBVazlvV0ZNMmJIZHdXVmRIUVRoTk1sTnZRMDV3TFZGZmRqRm1SMmxHU0ZGbVIwRktkSG9pZlE9PQ=="
---
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
controller-tools.k8s.io: "1.0"
tmc-extension-name: extension-manager
annotations:
controller-gen.kubebuilder.io/version: v0.3.1-0.20200617211605-651903477185
tmc.cloud.vmware.com/orphan-resource: "true"
tmc.cloud.vmware.com/do-not-delete: "true"
creationTimestamp: null
name: agents.clusters.tmc.cloud.vmware.com
spec:
group: clusters.tmc.cloud.vmware.com
names:
kind: Agent
listKind: AgentList
plural: agents
singular: agent
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Agent is the Schema for the agents API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AgentSpec defines the desired state of Agent
properties:
extensions:
items:
type: string
type: array
namespace:
type: string
type: object
status:
description: AgentStatus defines the observed state of Agent
properties:
clusterHealth:
description: AggregatedClusterHealth defines the observed state of the
cluster.
properties:
controllerManagerHealth:
description: ComponentHealth defines the health of a component.
properties:
health:
format: int32
type: integer
message:
type: string
name:
type: string
required:
- name
type: object
etcdHealth:
items:
description: ComponentHealth defines the health of a component.
properties:
health:
format: int32
type: integer
message:
type: string
name:
type: string
required:
- name
type: object
type: array
message:
type: string
schedulerHealth:
description: ComponentHealth defines the health of a component.
properties:
health:
format: int32
type: integer
message:
type: string
name:
type: string
required:
- name
type: object
timestamp:
description: "A Timestamp represents a point in time independent
of any time zone or calendar, represented as seconds and fractions
of seconds at nanosecond resolution in UTC Epoch time. It is encoded
using the Proleptic Gregorian Calendar which extends the Gregorian
calendar backwards to year one. It is encoded assuming all minutes
are 60 seconds long, i.e. leap seconds are \"smeared\" so that
no leap second table is needed for interpretation. Range is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting
to that range, we ensure that we can convert to and from RFC
3339 date strings. See [https://www.ietf.org/rfc/rfc3339.txt](https://www.ietf.org/rfc/rfc3339.txt).
\n # Examples \n Example 1: Compute Timestamp from POSIX `time()`.
\n Timestamp timestamp; timestamp.set_seconds(time(NULL));
\ timestamp.set_nanos(0); \n Example 2: Compute Timestamp from
POSIX `gettimeofday()`. \n struct timeval tv; gettimeofday(&tv,
NULL); \n Timestamp timestamp; timestamp.set_seconds(tv.tv_sec);
\ timestamp.set_nanos(tv.tv_usec * 1000); \n Example 3: Compute
Timestamp from Win32 `GetSystemTimeAsFileTime()`. \n FILETIME
ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime)
<< 32) | ft.dwLowDateTime; \n // A Windows tick is 100 nanoseconds.
Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds
before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp;
\ timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
\ timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
\n Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.
\n long millis = System.currentTimeMillis(); \n Timestamp
timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int)
((millis % 1000) * 1000000)).build(); \n Example 5: Compute Timestamp
from current time in Python. \n timestamp = Timestamp() timestamp.GetCurrentTime()
\n # JSON Mapping \n In JSON format, the Timestamp type is encoded
as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
format. That is, the format is \"{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z\"
where {year} is always expressed using four digits while {month},
{day}, {hour}, {min}, and {sec} are zero-padded to two digits
each. The fractional seconds, which can go up to 9 digits (i.e.
up to 1 nanosecond resolution), are optional. The \"Z\" suffix
indicates the timezone (\"UTC\"); the timezone is required. A
proto3 JSON serializer should always use UTC (as indicated by
\"Z\") when printing the Timestamp type and a proto3 JSON parser
should be able to accept both UTC and other timezones (as indicated
by an offset). \n For example, \"2017-01-15T01:30:15.01Z\" encodes
15.01 seconds past 01:30 UTC on January 15, 2017. \n In JavaScript,
one can convert a Date object to this format using the standard
[toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString]
method. In Python, a standard `datetime.datetime` object can be
converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime)
with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in
Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](
http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime--
) to obtain a formatter capable of generating timestamps in this
format."
properties:
nanos:
description: Non-negative fractions of a second at nanosecond
resolution. Negative second values with fractions must still
have non-negative nanos values that count forward in time.
Must be from 0 to 999,999,999 inclusive.
format: int32
type: integer
seconds:
description: Represents seconds of UTC time since Unix epoch
1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
9999-12-31T23:59:59Z inclusive.
format: int64
type: integer
type: object
type: object
deploymentLink:
type: string
extensions:
items:
type: string
type: array
health:
format: int32
type: integer
metadata:
properties:
cloudProvider:
format: int32
type: integer
clusterCPU:
description: ResourceAllocation defines the resource utilisation
and availability.
properties:
allocatable:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
allocatedPercentage:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
requests:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
units:
type: string
required:
- allocatable
- allocatedPercentage
- requests
- units
type: object
clusterMemory:
description: ResourceAllocation defines the resource utilisation
and availability.
properties:
allocatable:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
allocatedPercentage:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
requests:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
units:
type: string
required:
- allocatable
- allocatedPercentage
- requests
- units
type: object
kubeServerVersion:
type: string
lastUpdate:
description: "A Timestamp represents a point in time independent
of any time zone or calendar, represented as seconds and fractions
of seconds at nanosecond resolution in UTC Epoch time. It is encoded
using the Proleptic Gregorian Calendar which extends the Gregorian
calendar backwards to year one. It is encoded assuming all minutes
are 60 seconds long, i.e. leap seconds are \"smeared\" so that
no leap second table is needed for interpretation. Range is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting
to that range, we ensure that we can convert to and from RFC
3339 date strings. See [https://www.ietf.org/rfc/rfc3339.txt](https://www.ietf.org/rfc/rfc3339.txt).
\n # Examples \n Example 1: Compute Timestamp from POSIX `time()`.
\n Timestamp timestamp; timestamp.set_seconds(time(NULL));
\ timestamp.set_nanos(0); \n Example 2: Compute Timestamp from
POSIX `gettimeofday()`. \n struct timeval tv; gettimeofday(&tv,
NULL); \n Timestamp timestamp; timestamp.set_seconds(tv.tv_sec);
\ timestamp.set_nanos(tv.tv_usec * 1000); \n Example 3: Compute
Timestamp from Win32 `GetSystemTimeAsFileTime()`. \n FILETIME
ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime)
<< 32) | ft.dwLowDateTime; \n // A Windows tick is 100 nanoseconds.
Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds
before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp;
\ timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
\ timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
\n Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.
\n long millis = System.currentTimeMillis(); \n Timestamp
timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int)
((millis % 1000) * 1000000)).build(); \n Example 5: Compute Timestamp
from current time in Python. \n timestamp = Timestamp() timestamp.GetCurrentTime()
\n # JSON Mapping \n In JSON format, the Timestamp type is encoded
as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt)
format. That is, the format is \"{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z\"
where {year} is always expressed using four digits while {month},
{day}, {hour}, {min}, and {sec} are zero-padded to two digits
each. The fractional seconds, which can go up to 9 digits (i.e.
up to 1 nanosecond resolution), are optional. The \"Z\" suffix
indicates the timezone (\"UTC\"); the timezone is required. A
proto3 JSON serializer should always use UTC (as indicated by
\"Z\") when printing the Timestamp type and a proto3 JSON parser
should be able to accept both UTC and other timezones (as indicated
by an offset). \n For example, \"2017-01-15T01:30:15.01Z\" encodes
15.01 seconds past 01:30 UTC on January 15, 2017. \n In JavaScript,
one can convert a Date object to this format using the standard
[toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString]
method. In Python, a standard `datetime.datetime` object can be
converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime)
with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in
Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](
http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime--
) to obtain a formatter capable of generating timestamps in this
format."
properties:
nanos:
description: Non-negative fractions of a second at nanosecond
resolution. Negative second values with fractions must still
have non-negative nanos values that count forward in time.
Must be from 0 to 999,999,999 inclusive.
format: int32
type: integer
seconds:
description: Represents seconds of UTC time since Unix epoch
1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
9999-12-31T23:59:59Z inclusive.
format: int64
type: integer
type: object
masterNodeCount:
format: int64
type: integer
namespacesCount:
format: int64
type: integer
physicalMemory:
format: int64
type: integer
podCount:
format: int64
type: integer
region:
type: string
vcpuCount:
format: int64
type: integer
workerNodeCount:
format: int64
type: integer
type: object
status:
format: int32
type: integer
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
tmc-extension-name: extension-manager
name: extensions.clusters.tmc.cloud.vmware.com
annotations:
controller-gen.kubebuilder.io/version: v0.3.1-0.20200617211605-651903477185
tmc.cloud.vmware.com/orphan-resource: "true"
tmc.cloud.vmware.com/do-not-delete: "true"
spec:
group: clusters.tmc.cloud.vmware.com
names:
kind: Extension
listKind: ExtensionList
plural: extensions
singular: extension
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: Extension is the Schema for the extensions API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ExtensionSpec defines the desired state of Extension
properties:
deploymentStrategy:
description: Deployment strategy of an extension.
properties:
extensionLifecycleOwner:
description: Component Owning Deployment Strategy of the Extension.
In case this field is empty it is assumed that Owner of Deployment
Strategy is Extension Manager
type: string
overlapTimePeriod:
description: Time-Period within which an extension maybe rolled-back
to previous version in case the extension becomes unhealthy after
the new version is updated successfully. After this time-period
elapses, Extensions will not be rolled back to previous versions
if they become unhealthy. If the value is zero this field will
not be used during Extension Lifecycle Management.
format: int64
type: integer
processingTimeout:
description: Timeout Value for Processing(Creating/Updating/Deleting/RollingBack)
an Extension.
format: int64
type: integer
type:
description: Type of deployment for extension resource.
type: string
required:
- type
type: object
description:
type: string
name:
type: string
objects:
description: Raw JSON/YAML of extension equivalent to kubernetes 'Unstructured'
type.
type: string
version:
type: string
required:
- deploymentStrategy
- name
- objects
- version
type: object
status:
description: ExtensionStatus defines the observed state of Extension
properties:
health:
format: int32
type: integer
previousVersion:
type: string
state:
format: int32
type: integer
status:
format: int32
type: integer
version:
type: string
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
tmc-extension-name: extension-manager
annotations:
controller-gen.kubebuilder.io/version: v0.3.1-0.20200617211605-651903477185
tmc.cloud.vmware.com/orphan-resource: "true"
tmc.cloud.vmware.com/do-not-delete: "true"
creationTimestamp: null
name: extensionresourceowners.clusters.tmc.cloud.vmware.com
spec:
group: clusters.tmc.cloud.vmware.com
names:
kind: ExtensionResourceOwner
listKind: ExtensionResourceOwnerList
plural: extensionresourceowners
singular: extensionresourceowner
scope: Cluster
validation:
openAPIV3Schema:
description: ExtensionResourceOwner is the Schema for the extensionresourceowners
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ExtensionResourceOwnerSpec defines the desired state of ExtensionResourceOwner
type: object
status:
description: ExtensionResourceOwnerStatus defines the observed state of
ExtensionResourceOwner
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: extensionconfigs.intents.tmc.cloud.vmware.com
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
tmc.cloud.vmware.com/do-not-delete: "true"
spec:
group: intents.tmc.cloud.vmware.com
names:
kind: ExtensionConfig
plural: extensionconfigs
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
configMaps:
description: ConfigMaps are the configMaps of the extension
items:
type: object
type: array
type: object
status:
properties:
state:
description: State indicates the state of the ExtensionConfig
type: string
type: object
version: v1alpha1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: extension-manager
tmc-extension-name: extension-manager
name: extension-manager
namespace: vmware-system-tmc
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: extension-manager
tmc-extension-name: extension-manager
creationTimestamp: null
name: extension-manager-role
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
- nonResourceURLs: ['*']
verbs: ['*']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: extension-manager
tmc-extension-name: extension-manager
creationTimestamp: null
name: extension-manager-rolebinding
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: extension-manager-role
subjects:
- kind: ServiceAccount
name: extension-manager
namespace: vmware-system-tmc
---
apiVersion: v1
kind: Service
metadata:
name: extension-manager-service
namespace: vmware-system-tmc
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-manager
control-plane: extension-manager
tmc-extension: "true"
controller-tools.k8s.io: "1.0"
tmc-extension-name: extension-manager
spec:
selector:
control-plane: extension-manager
tmc-extension: "true"
controller-tools.k8s.io: "1.0"
ports:
- port: 443
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: extension-manager
namespace: vmware-system-tmc
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: extension-manager
control-plane: extension-manager
tmc-extension: "true"
controller-tools.k8s.io: "1.0"
tmc-extension-name: extension-manager
spec:
progressDeadlineSeconds: 600
minReadySeconds: 30
replicas: 1
selector:
matchLabels:
control-plane: extension-manager
tmc-extension: "true"
controller-tools.k8s.io: "1.0"
strategy:
rollingUpdate:
maxSurge: 100%
template:
metadata:
labels:
control-plane: extension-manager
tmc-extension: "true"
controller-tools.k8s.io: "1.0"
tmc-extension-name: extension-manager
spec:
tolerations:
- operator: "Exists"
serviceAccountName: extension-manager
containers:
- command:
- /usr/local/bin/manager
image: vmware-docker-olympus-extensions.bintray.io/extension-manager/extension-manager@sha256:49855700572067758c02ad53b7bf1e7488144c1f9c7e358c4b74b0c434823883
imagePullPolicy: Always
securityContext:
runAsUser: 10000
runAsGroup: 1000
name: extension-manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
limits:
cpu: 100m
memory: 4096Mi
requests:
cpu: 100m
memory: 128Mi
ports:
- containerPort: 9876
name: webhook-server
protocol: TCP
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: extension-updater
tmc-extension-name: extension-updater
name: extension-updater-serviceaccount
namespace: vmware-system-tmc
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: extension-updater
tmc-extension-name: extension-updater
name: extension-updater-clusterrole
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
rules:
- apiGroups: ["security.openshift.io"]
resources:
- securitycontextconstraints
verbs:
- use
resourceNames:
- nonroot
- apiGroups: ["clusters.tmc.cloud.vmware.com"]
resources:
- '*'
verbs:
- '*'
- apiGroups: [""]
verbs: ["create", "get", "list", "watch", "update"]
resources:
- "configmaps"
- apiGroups: [""]
verbs: ["get", "list", "watch"]
resources:
- "nodes"
- "pods"
- apiGroups: [""]
verbs: ["create", "get", "list", "watch", "delete"]
resources:
- "namespaces"
- apiGroups: [""]
verbs: ["create", "get", "list", "update", "watch"]
resources:
- "secrets"
- apiGroups: [""]
verbs: ["create", "patch", "update"]
resources:
- "events"
- apiGroups: ["batch"]
resources:
- "cronjobs"
- "jobs"
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources:
- "deployments"
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: extension-updater
tmc-extension-name: extension-updater
name: extension-updater-clusterrolebinding
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: extension-updater-clusterrole
subjects:
- kind: ServiceAccount
name: extension-updater-serviceaccount
namespace: vmware-system-tmc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: extension-updater
tmc-extension-name: extension-updater
name: extension-updater
namespace: vmware-system-tmc
spec:
selector:
app: extension-updater
component: extension-updater
ports:
- protocol: TCP
port: 9988
targetPort: 9988
name: validate-grpc
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: vmware-system-tmc-agent-restricted
labels:
app: extension-updater
tmc-extension-name: extension-updater
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- configMap
- emptyDir
- projected
- secret
- downwardAPI
- persistentVolumeClaim
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: MustRunAsNonRoot
seLinux:
rule: RunAsAny
supplementalGroups:
rule: MustRunAs
ranges:
- min: 1
max: 65535
fsGroup:
rule: MustRunAs
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: false
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: extension-updater
tmc-extension-name: extension-updater
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
name: vmware-system-tmc-psp-agent-restricted
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
resourceNames: ['vmware-system-tmc-agent-restricted']
verbs: ['use']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: extension-updater
tmc-extension-name: extension-updater
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
name: vmware-system-tmc-psp-agent-restricted
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vmware-system-tmc-psp-agent-restricted
subjects:
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: system:serviceaccounts:vmware-system-tmc
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: extension-updater
tmc-extension-name: extension-updater
name: extension-updater
namespace: vmware-system-tmc
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
spec:
progressDeadlineSeconds: 600
minReadySeconds: 30
replicas: 1
selector:
matchLabels:
app: extension-updater
component: extension-updater
strategy:
rollingUpdate:
maxSurge: 100%
template:
metadata:
labels:
app: extension-updater
component: extension-updater
tmc-extension-name: extension-updater
spec:
tolerations:
- operator: "Exists"
serviceAccountName: extension-updater-serviceaccount
containers:
- args:
- "--server=$(TMC_HOST):443"
- "--server-name=$(TMC_HOST)"
- "--client-credentials=/etc/tmc/client-credentials/client_credentials"
- "--tmc-ca=/etc/tmc/ca.crt"
- "--auth-server=$(AUTHENTICATOR_URL)"
- --cluster-id=$(CLUSTER_RESOURCE_ID)
- --agent-id=$(AGENT_RESOURCE_ID)
- "--cluster-name=$(CLUSTER_NAME)"
- "--unsafe-disable-authentication=false"
- "--connect-timeout=100s"
- "--poll-interval=5m"
- "--poll-jitter=0.3"
- "--agent-heart-beat-interval=90s"
- "--validation-grpc-port=9988"
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: TMC_HOST
valueFrom:
configMapKeyRef:
name: stack-config
key: tmc_host
- name: AUTHENTICATOR_URL
valueFrom:
configMapKeyRef:
name: stack-config
key: authenticator_url
- name: CLUSTER_RESOURCE_ID
valueFrom:
configMapKeyRef:
name: stack-config
key: cluster_rid
- name: AGENT_RESOURCE_ID
valueFrom:
configMapKeyRef:
name: stack-config
key: agent_rid
- name: CLUSTER_NAME
valueFrom:
configMapKeyRef:
name: stack-config
key: cluster_name
resources:
limits:
cpu: 100m
memory: 4096Mi
requests:
cpu: 50m
memory: 128Mi
image: vmware-docker-olympus-extensions.bintray.io/extension-updater/extension-updater@sha256:94f188f6e0d229338086ecd74d400760127ee2464ec2b1131846747f001a59c8
imagePullPolicy: Always
name: extension-updater
securityContext:
runAsUser: 10000
runAsGroup: 1000
volumeMounts:
- name: tmc-root-ca
mountPath: "/etc/tmc"
readOnly: true
- name: client-credentials
mountPath: "/etc/tmc/client-credentials"
readOnly: true
volumes:
- name: tmc-root-ca
configMap:
name: stack-config
items:
- key: tls.crt
path: ca.crt
- name: client-credentials
secret:
secretName: tmc-client-secret
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: agent-updater
tmc-extension-name: agent-updater
name: agent-updater
namespace: vmware-system-tmc
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: agent-updater
tmc-extension-name: agent-updater
creationTimestamp: null
name: agent-updater-role
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
- nonResourceURLs: ['*']
verbs: ['*']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: agent-updater
tmc-extension-name: agent-updater
creationTimestamp: null
name: agent-updater-rolebinding
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: agent-updater-role
subjects:
- kind: ServiceAccount
name: agent-updater
namespace: vmware-system-tmc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: agent-updater
namespace: vmware-system-tmc
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
labels:
app: agent-updater
tmc-extension: "true"
tmc-extension-name: agent-updater
component: agent-updater
spec:
progressDeadlineSeconds: 600
minReadySeconds: 30
replicas: 1
selector:
matchLabels:
tmc-extension: "true"
tmc-extension-name: agent-updater
component: agent-updater
strategy:
rollingUpdate:
maxSurge: 100%
template:
metadata:
labels:
app: agent-updater
tmc-extension: "true"
tmc-extension-name: agent-updater
component: agent-updater
spec:
tolerations:
- operator: "Exists"
serviceAccountName: agent-updater
containers:
- command:
- /usr/local/bin/manager
image: vmware-docker-olympus-extensions.bintray.io/agent-updater/agent-updater@sha256:fc5b384d851f5a08262a924aea8a4e6244f8c31f8160d415dc5eadc86b12aa63
imagePullPolicy: Always
securityContext:
runAsUser: 10000
runAsGroup: 1000
name: agent-updater
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
limits:
cpu: 100m
memory: 150Mi
requests:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 9876
name: webhook-server
protocol: TCP
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: agentupdater-workload
namespace: vmware-system-tmc
labels:
app: agent-updater
tmc-extension: "true"
tmc-extension-name: agent-updater
component: agentupdater-workload
annotations:
tmc.cloud.vmware.com/orphan-resource: "true"
spec:
schedule: "*/1 * * * *"
startingDeadlineSeconds: 180
concurrencyPolicy: Forbid
jobTemplate:
metadata:
labels:
tmc-extension-name: agent-updater
component: agentupdater-workload
spec:
template:
metadata:
labels:
tmc-extension-name: agent-updater
spec:
tolerations:
- operator: "Exists"
serviceAccountName: agent-updater
restartPolicy: Never
containers:
- command:
- /usr/local/bin/agentupdaterworkload
image: vmware-docker-olympus-extensions.bintray.io/agent-updater/agentupdater-workload@sha256:5daa40769379b6e87ac741d6f5f2a714e0fdb18d3af1f4ce71aeb4496079e1c9
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 10000
runAsGroup: 1000
name: agentupdater-workload
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
ports:
- containerPort: 9876
name: webhook-server
protocol: TCP
---
You'll see a number of objects get created when you run the kubectl create
command:
kubectl create -f https://epsg.tmc.cloud.vmware.com/installer?6b0797d843f9c828
namespace/vmware-system-tmc created
configmap/stack-config created
secret/tmc-client-secret created
secret/tmc-access-secret created
customresourcedefinition.apiextensions.k8s.io/agents.clusters.tmc.cloud.vmware.com created
customresourcedefinition.apiextensions.k8s.io/extensions.clusters.tmc.cloud.vmware.com created
customresourcedefinition.apiextensions.k8s.io/extensionresourceowners.clusters.tmc.cloud.vmware.com created
customresourcedefinition.apiextensions.k8s.io/extensionconfigs.intents.tmc.cloud.vmware.com created
serviceaccount/extension-manager created
clusterrole.rbac.authorization.k8s.io/extension-manager-role created
clusterrolebinding.rbac.authorization.k8s.io/extension-manager-rolebinding created
service/extension-manager-service created
deployment.apps/extension-manager created
serviceaccount/extension-updater-serviceaccount created
clusterrole.rbac.authorization.k8s.io/extension-updater-clusterrole created
clusterrolebinding.rbac.authorization.k8s.io/extension-updater-clusterrolebinding created
service/extension-updater created
podsecuritypolicy.policy/vmware-system-tmc-agent-restricted created
clusterrole.rbac.authorization.k8s.io/vmware-system-tmc-psp-agent-restricted created
clusterrolebinding.rbac.authorization.k8s.io/vmware-system-tmc-psp-agent-restricted created
deployment.apps/extension-updater created
serviceaccount/agent-updater created
clusterrole.rbac.authorization.k8s.io/agent-updater-role created
clusterrolebinding.rbac.authorization.k8s.io/agent-updater-rolebinding created
deployment.apps/agent-updater created
cronjob.batch/agentupdater-workload created
These are mostly created in the vmware-system-tmc namespace (itself also created via this command). You can watch the status of these objects as they are created and proceed when everything looks to be up and running.
kubectl -n vmware-system-tmc get all
NAME READY STATUS RESTARTS AGE
pod/agent-updater-55f69bd7c6-jrnlc 1/1 Running 0 13m
pod/agentupdater-workload-1596809700-7fd8h 0/1 Completed 0 11s
pod/cluster-health-extension-6f784fbc65-d7hzs 1/1 Running 0 11m
pod/extension-manager-76f7997d79-fx5vh 1/1 Running 0 13m
pod/extension-updater-5d77c47747-dhjwz 1/1 Running 2 13m
pod/gatekeeper-operator-manager-d9ffd7669-sb7dl 1/1 Running 0 11m
pod/inspection-extension-94748969d-7nfwl 1/1 Running 0 11m
pod/intent-agent-58d9768d47-nqmcl 1/1 Running 0 11m
pod/logs-collector-gatekeeper-operator-20200807140636-vmgbj 0/1 Completed 0 8m36s
pod/logs-collector-policy-sync-extension-20200807140634-b95cg 0/1 Completed 0 8m39s
pod/logs-collector-tmc-observer-20200807140640-2rdbl 0/1 Completed 0 8m33s
pod/policy-sync-extension-5c4d47bc6d-wmcht 1/1 Running 0 11m
pod/policy-webhook-5c78555bc4-6rjl5 1/1 Running 0 11m
pod/policy-webhook-5c78555bc4-b9q4b 1/1 Running 0 11m
pod/sync-agent-65d9b6d94-pxqxn 1/1 Running 0 11m
pod/tmc-observer-d447d56d-6p9z9 1/1 Running 0 10m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/extension-manager-service ClusterIP 100.67.9.226 <none> 443/TCP 13m
service/extension-updater ClusterIP 100.68.163.232 <none> 9988/TCP 13m
service/gatekeeper-operator-service ClusterIP 100.66.217.175 <none> 443/TCP 11m
service/inspection-extension ClusterIP 100.64.143.103 <none> 443/TCP 11m
service/policy-sync-extension ClusterIP 100.70.71.100 <none> 443/TCP 11m
service/policy-webhook-service ClusterIP 100.69.168.26 <none> 443/TCP 11m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/agent-updater 1/1 1 1 13m
deployment.apps/cluster-health-extension 1/1 1 1 11m
deployment.apps/extension-manager 1/1 1 1 13m
deployment.apps/extension-updater 1/1 1 1 13m
deployment.apps/gatekeeper-operator-manager 1/1 1 1 11m
deployment.apps/inspection-extension 1/1 1 1 11m
deployment.apps/intent-agent 1/1 1 1 11m
deployment.apps/policy-sync-extension 1/1 1 1 11m
deployment.apps/policy-webhook 2/2 2 2 11m
deployment.apps/sync-agent 1/1 1 1 11m
deployment.apps/tmc-observer 1/1 1 1 10m
NAME DESIRED CURRENT READY AGE
replicaset.apps/agent-updater-55f69bd7c6 1 1 1 13m
replicaset.apps/cluster-health-extension-6f784fbc65 1 1 1 11m
replicaset.apps/extension-manager-76f7997d79 1 1 1 13m
replicaset.apps/extension-updater-5d77c47747 1 1 1 13m
replicaset.apps/gatekeeper-operator-manager-d9ffd7669 1 1 1 11m
replicaset.apps/inspection-extension-94748969d 1 1 1 11m
replicaset.apps/intent-agent-58d9768d47 1 1 1 11m
replicaset.apps/policy-sync-extension-5c4d47bc6d 1 1 1 11m
replicaset.apps/policy-webhook-5c78555bc4 2 2 2 11m
replicaset.apps/sync-agent-65d9b6d94 1 1 1 11m
replicaset.apps/tmc-observer-d447d56d 1 1 1 10m
NAME COMPLETIONS DURATION AGE
job.batch/agentupdater-workload-1596809700 1/1 11s 11s
job.batch/logs-collector-gatekeeper-operator-20200807140636 1/1 49s 8m37s
job.batch/logs-collector-policy-sync-extension-20200807140634 1/1 3m59s 8m39s
job.batch/logs-collector-tmc-observer-20200807140640 1/1 47s 8m33s
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
cronjob.batch/agentupdater-workload */1 * * * * False 1 13s 13m
cronjob.batch/policy-webhook-cert-manager-cronjob 0 0 1 * * False 0 <none> 11m
Note: This is by no means an exhaustive list of the items created by the TMC installer but if this list shows everything as healthy you should be fine to move on to the next step.
Back in the TMC UI, you can now click on the Verify Connection button to ensure that everything is working as expected.
Click on the View Your Cluster button.
Oh no! My cluster is unhealthy! I was a little worried but quickly realized that everything was fine. The fact that the cluster is marked as unhealthy (controller-manager and scheduler healthz endpoints can't be reached) is a known issue between TMC and TKG 1.1.3....this will be fixed in a future version.
You can see right away some of the incredible visibility that TMC brings to the table by looking at the different visualizations of your cluster that TMC provides.
Nodes:
Namespaces:
Workloads:
Note: This is a truncated list since there are about 40 "workloads" present. These include deployments and replicasets. You can use the filter toggles at the top to hide system and Tanzu related workloads.
And with the Tanzu and system workloads filtered you can see just the MetalLB and WordPress applications that I've deployed to my cluster.
