Automate Kubernetes Platform Operations with Tanzu

This article will explore ways to automate your Kubernetes platform operations with Tanzu. We will use Terraform Provider for Tanzu Mission Control to create clusters and add integrations. We will use the Tanzu Mission Control CLI to retrieve kubeconfigs for our clusters. We will use the Tanzu Service Mesh API to create a global namespace and onboard our clusters. Let's dive in!

Before we begin, this article assumes you have configured the following:

• Tanzu Mission Control CLI
• Terraform for your environment
• Your VMware Cloud Services API token

Terraform Provider for Tanzu Mission Control

Create Clusters

Terraform lets us treat infrastructure as code. You can find the Terraform Provider for Tanzu Mission Control documentation here: https://registry.terraform.io/providers/vmware/tanzu-mission-control/latest/docs

In this example, we will create clusters with Tanzu Mission Control. The docs provide an example .tf file to get started.

You will need to replace the values with ones that match your environment. Here is mine, with variables for credentials and other values that might change.

…

Notice that several values such as class and storage-class are particular for my environment and will be different for your environment.

Now we can use "terraform apply" to create the clusters. This example uses two files for variables, one for the environment and one for credentials.

The file "terraform.tvars" contains variables that might change between environments:

Running the above command should result in something like this:

A "yes" response will result in Terraform creating the resources; in this example, we have specified three clusters (from the "terraform.tvars" file).

In my case, the command finished in about four minutes.

Even though the "terraform apply" was complete, the clusters took about ten minutes to become ready. We can see this in the Tanzu Mission Control console:

After about ten minutes we can see the clusters are ready.

Add Tanzu Service Mesh

Assuming Tanzu Service Mesh service is enabled for your organization, we can also use the Terraform Provider to add Tanzu Service Mesh to our clusters. Below is my "*.tf" file. Notice I use the same files for variables. This JSON will add Tanzu Service Mesh to our clusters which we will configure later with the Tanzu Service Mesh API.

The "terraform apply" command will take a few minutes to complete, which we can verify in Tanzu Mission Control.

Tanzu Mission Control CLI

Retrieve kubeconfig

Now we need to retrieve the kubeconfigs for our clusters. We can use the Tanzu Mission Control UI, but I prefer the CLI. Before we retrieve the kubeconfig, let's list all the clusters like so:

Now we can retrieve the kubeconfig like so:

This will return the config like so:

In my case I scripted the process with a file “getconfigs.sh” like so:

Note: The file “clusters.txt” is a list of my cluster names.

Notice in “getconfigs.sh” I also use the Tanzu Mission Control CLI to create the namespace “tko-demo” to which I will deploy services.

After retrieving the kubeconfigs, we use "kubectl" to create one kubeconfig like so:

And then we can copy the new file to the default location and begin using it!

Tanzu Service Mesh API

Now that we have created our clusters, added Tanzu Service Mesh and retrieved our kubeconfig, we can create a global namespace and onboard our clusters and specific namespaces. To do this, we will use the Tanzu Service Mesh API.

Exchange VMware Cloud Services API token

I used Python to access the Tanzu Service Mesh API. Using the API requires that you exchange your VMware Cloud Services API token for an access token. I used the following Python:

This script reads your VMware CSP API token from the file “keyfile” and stores the access token in the file “tokenfile”

Create global namespace and onboard clusters and namespaces

This is the JSON we will send to the API to create our cluster and onboard our clusters. The GNS is named “tko-demo” and we will onboard clusters that start with “tkg-tko-tsm” and “edge-tko-tsm”. In those clusters we onboard services in the the namespace “tko-demo” (GNS and namespaces do not have to match).

I stored the above JSON in a file called “tsm-gns-example.json”.

You can use the tool of your choice (such as Postman) to access the Tanzu Service Mesh API). I used the following Python script:

Successful execution of a POST with the above payload will return a 200 and the details that were passed in along with the generated name of the GNS.

Now we can view the created GNS in the Tanzu Service Mesh console.

View in Tanzu Service Mesh Console

We can view the services we deployed in the clusters we onboarded to the GNS (I did not show deploying the services in this example).

Tanzu Mission Control Console

Policy Management

Another way we can automate the management of our Kubernetes Platform is to ensure policies are consistent across clusters. With VMware Tanzu Mission Control you can create policies to manage the               operation and security posture of your Kubernetes clusters. The policies can be applied to clusters regardless of where they reside.

In this case we are applying a policy to not allow root in the contains.

And we apply it in test mode:

We can then view the policy insights like so:

And now we know where we need to remediate to meet our policies.

Terraform Provider for Tanzu Mission Control

Delete Clusters

Automation would not be complete without removing or deleting resources. We can use “terraform destroy” to remove our clusters like so:

The above command will produce the following:

Answering “yes” will allow Tanzu Mission Control to delete our clusters:

We can view the progress in the Tanzu Mission Control console:

And now they are gone!

Review

• Terraform Provider for Tanzu Mission Control
  
  • Demonstrated how creating clusters, adding integrations such as Tanzu Service Mesh and subsequently deleting clusters. There is much more functionality in the provider to help you automate the management of  your Kubernetes clusters.

• Tanzu Mission Control CLI
  
  • Previewed how to list clusters and retrieve kubeconfigs. There is much more you can automate with the Tanzu Mission Control CLI.

• Tanzu Mission Control Console
  
  • The console lets you visually manage your clusters. We showed you how to manage policies across your clusters, regardless of where the cluster resides. This is another way you can automate the management of your clusters.

• Tanzu Service Mesh API
  
  • Created a global namespace and on-boarded our clusters and namespaces. This demonstrates yet another way you can automate your cluster management.

Resources

• Github: https://github.com/scrogatl/supreme-doodle - contains the source from the article above
• Tanzu Service Mesh API Docs
• Terraform Provider for Tanzu Mission Control Documentation

Thank You

I hope this article gives you some ideas of how Taznu can help you automate management of your Kubernetes platform!