TMC – Register TKG 1.3 management cluster and create workload cluster on vSphere from TMC console

Reading Time: 4 mins


Tanzu Mission Control is a centralized management platform for consistently operating and securing your Kubernetes infrastructure and modern applications across multiple teams and clouds, With TMC you can manage entire Kubernetes footprint, regardless of where your clusters reside. In this post, I will take you through the steps to register management cluster in TMC that is already deployed on vSphere and followed by workload cluster creation through TMC console.

  • As shown below, there are no clusters exist and we will create one shortly.

Register Management Cluster:

  • Login to TMC console > select organization (from dropdown of change organization)
  • Optional: Create a cluster group by navigating to > Cluster groups > Create cluster group : provide Name and optional fields Description and Labels > Create

  • In left menu select Administration > management clusters > Register management cluster > Tanzu Kubernetes Grid
  • Fill the details:
        • Name and assign 
          • Name:
          • Default cluster group for managed workload clusters:
          • Description (optional):
          • Labels (optional):
          • Next
        • Proxy (Optional)
        • Register:
          • copy the URL as shown below or expand the yaml to get the code that need to be run on management cluster.

Install TMC agent

Install TMC agents on TKG management cluster
#Ensure current context is set to mgmt cluster
$ kubectl config current-context

# I copied the yaml code into file and executed using kubectl apply:

ubuntu@ubuntu-526:~$ kubectl apply -f tmc.yaml
namespace/vmware-system-tmc created
configmap/stack-config created
secret/tmc-access-secret created created created created created created
serviceaccount/extension-manager created created created
service/extension-manager-service created
deployment.apps/extension-manager created
serviceaccount/extension-updater-serviceaccount created
podsecuritypolicy.policy/vmware-system-tmc-agent-restricted created created created created created
deployment.apps/extension-updater created
serviceaccount/agent-updater created created created
deployment.apps/agent-updater created
cronjob.batch/agentupdater-workload created

# Verify the newly created pods under namespace "vmware-system-tmc"
$ kubectl get pods -n vmware-system-tmc
agent-updater-56ddc68b5f-8dwlp 1/1 Running 0 84s
agentupdater-workload-1638426180-w2h8l 0/1 Completed 0 56s
cluster-health-extension-59f594f47c-wrfgx 1/1 Running 0 30s
extension-manager-6db94c5c54-xtlh2 1/1 Running 0 84s
extension-updater-7dd947968b-5rfrp 1/1 Running 0 84s
intent-agent-76655f5466-rz575 1/1 Running 0 33s
lcm-tkg-extension-cf5d5d6bc-crc2z 1/1 Running 0 25s
lcm-tkg-operator-7fdfd88d75-4mgnc 1/1 Running 0 34s
resource-retriever-7b4c68995b-bwngf 1/1 Running 0 31s
sync-agent-6dfdc5dbf9-rdrbv 1/1 Running 0 29s
tmc-auto-attach-7c9c6b885f-b88fr 1/1 Running 0 30s
  • To verify the registered management clusters: Navigate to Administration > Management clusters >

  • Click on management cluster to check the dashboard, health, policies, workload clusters, access etc ..

Create Workload cluster

Now, let’s go through the steps to create workload cluster from TMC console. Since the management cluster is already registered, workload cluster creation is very easy.

In TMC console, navigate to Clusters > Create cluster > select management cluster > continue to create cluster

Hint: In this case, I would like to select the one we registered earlier. 

  • Provisioner: Default
  • Name and assign: provide a cluster name
  • Configure: appropriate values can be selected from drop down
      • paste the SSH public key and remaining fields are auto filled.
      • Proxy Configuration (optional) : Enable this if you have proxy
      • NEXT
  • Specify resources: auto filled, can be changed if required

  • Select control plane: Single node or Highly available
      • Control plane endpoint: Provide an ip or fqdn 

  • Create Cluster
  • You can see the progress of vm creation in vCenter and it should take few minutes for clusters to be created and turn healthy.

  • Verify the workload nodes created in vCenter

  • Navigate to TMC Console > Clusters
  • Check the health of workload cluster created and status should be Ready

  • Click on workload cluster to check the nodes, workloads, events, namespaces, metrics, health etc ..

# Check the workload cluster 
$ tanzu cluster list
capv-tkg-workload-1 default running 1/1 2/2 v1.20.5+vmware.2 <none> dev

# Get workload cluster credentials

$ tanzu cluster kubeconfig get capv-tkg-workload-1 --admin
Credentials of cluster 'capv-tkg-workload-1' have been saved
You can now access the cluster by running 'kubectl config use-context capv-tkg-workload-1-admin@capv-tkg-workload-1'

# Change the context to newly created workload cluster
$ kubectl config use-context capv-tkg-workload-1-admin@capv-tkg-workload-1
Switched to context "capv-tkg-workload-1-admin@capv-tkg-workload-1".
# List the available contexts and check * is pointing to new cluster.
$ kubectl config get-contexts
capv-tkg-mgmt-vsphere-admin@capv-tkg-mgmt-vsphere capv-tkg-mgmt-vsphere capv-tkg-mgmt-vsphere-admin
* capv-tkg-workload-1-admin@capv-tkg-workload-1 capv-tkg-workload-1 capv-tkg-workload-1-admin
tkg-captainv-demo-admin@tkg-captainv-demo tkg-captainv-demo tkg-captainv-demo-admin
tkg-cluster-1-admin@tkg-cluster-1 tkg-cluster-1 tkg-cluster-1-admin
tkg-mgmt-vsphere-20211117113036-admin@tkg-mgmt-vsphere-20211117113036 tkg-mgmt-vsphere-20211117113036 tkg-mgmt-vsphere-20211117113036-admin

# Check for nodes and see if you are getting desired output.

$ kubectl get nodes
capv-tkg-workload-1-control-plane-zlvw8 Ready control-plane,master 76m v1.20.5+vmware.2
capv-tkg-workload-1-md-0-6d5449f45d-52mg2 Ready <none> 75m v1.20.5+vmware.2
capv-tkg-workload-1-md-0-6d5449f45d-zrp2s Ready <none> 75m v1.20.5+vmware.2


Demo Video: