Introduction

VMware Tanzu Mission Control is a SaaS offering available through VMware Cloud Services and provides:

• A centralized platform to deploy and manage Kubernetes clusters across multiple clouds.
• Attach existing Kubernetes Clusters in the TMC portal for centralized operations and management.
• A Policy Engine that automates Access control and security policies across a fleet of clusters.
• Manage security across multiple clusters.
• Centralize authentication and authorization, with federated identity from multiple sources.

TMC SaaS cannot be used in specific environments because of compliance or data governance requirements. Industries like Banking, Health Care, and the Defence sector are usually running workloads in an air-gapped environment (dark site). Imagine running a large number of Kubernetes clusters without any central pane of glass to manage day-1 & day-2 operations across the clusters. VMware understood this pain and introduced Tanzu Mission Control Self-Managed (TMC-SM) as an installable product that you can deploy in your environment.

TMC Self-Managed can be installed in data centers, sovereign clouds, and service-provider environments. All images and dependencies are bundled together so the solution can be deployed in air-gapped environments without internet connectivity. TMC Self-Managed is available as a Tanzu package and can be installed on both TKGm (TKG multi-cloud) and TKGS (vSphere with Tanzu).

Using TMC Self-Managed, customers in highly regulated industries. Organizations in the healthcare, finance, and government spaces will benefit from centralized Kubernetes management while meeting their compliance and data sovereignty requirements.

Architecture

The TMC Self-Managed installation architecture is depicted in the diagram below, which is taken from VMware’s official product documentation.

Supported Installation Platforms

The latest version (1.0.1) of  TMC Self-Managed (as of this writing) can be installed on the following Kubernetes cluster types:

*Note: There are some known issues in registering the supervisor cluster running on vSphere 8.0U1c in TMC Self-managed. Please use 8.0U1b. I am checking on this with engineering and update the post once I hear back from them.

Resource Requirements

The Kubernetes cluster where you will be deploying TMC Self-Managed must meet the following requirements:

• Kubernetes Version:  1.23.x, 1.24.x, 1.25.x
• Control Plane: Nodes 3, vCPUs: 4, Memory 8 GB, Disk 40 GB
• Worker Node: Nodes 3, vCPUs: 4, Memory 8 GB, Disk 40 GB

Installation Prerequisites

To deploy Tanzu Mission Control Self-managed, your environment should have the following installed/configured.

• An image registry solution with a public project configured to store TKG installation binaries. For instructions on setting up a private image registry, refer to the Harbor Installation and Configuration guide. Alternatively, you can download the harbor ova following the instructions outlined in the Prepare an Internet-Restricted Environment in the TKG product documentation.
• A Tanzu Kubernetes Grid management cluster deployed as per instructions outlined in the Deploy Management Clusters from a Configuration File section in the Tanzu Kubernetes Grid product documentation.
• A Tanzu Kubernetes Grid workload cluster deployed per instructions outlined in the Creating Workload Clusters in the TKG product documentation.
• Package cert-manager deployed in the workload cluster as per instructions outlined in the Add a Package Repository and Install cert-manager in the TKG product documentation.

Installation Workflow

A high-level summary of the workflow you use to install TMC Self-Managed can be found in the stages that follow.:

• Configure a DNS Zone.
• Set up authentication.
• Set up a cluster issuer for TLS certificates.
• Install TMC Self-Managed.

That’s it for this post. In the next post of this series, I will demonstrate the configuration of items listed under the Installation Workflow. Stay tuned!!! 

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing.