We are thrilled to introduce Tanzu Mission Control Self-Managed(TMC Self-Managed), a new offering specially designed for VMware Cloud Providers and Sovereign Cloud Providers. This initiative aims to offer unprecedented control and flexibility, allowing you to self-host the Tanzu Mission Control infrastructure within your own environment. It extends the existing capabilities of Tanzu Mission Control by providing an enhanced, in-house operational experience for Kubernetes orchestration and management. In the following sections we will look at Cloud Providers features and experience.
TMC Self-Managed empowers cloud providers to host Tanzu Mission Control on VMware Cloud Director, enhancing data sovereignty and compliance. TMC Self-Managed installation happens on Container Service Extension’s Provider managed Tanzu Kubernetes Cluster. VMware Cloud director’s Solution Add-On framework is used to manage TMC Self-Managed as an extension as shown in the screenshots below.
This TMC Self-Managed Solution honors VMware Cloud Director’s Multi-tenancy model. Customer Organization can use their choice of identity provider and create user roles and RBAC. With TMC Self-Managed, customers can utilize their established IAM, fine grained permission control or RBAC to Tanzu Kubernetes Clusters within their organization. Please refer to IAM features and know-hows in official documentation here.
TMC Self-Managed offers Backup and Restore services through the customer portal. Providers can leverage Object Storage Extension to offer Kubernetes Clusters backup and restore services. The TMC administrator can configure TMC Self-Managed to backup and restore attached clusters on OSE using TMC Self-managed portal. The backup and restore features of OSE are documented at official documentation link here. For more information on OSE backup and restore services, please refer to the blog post here.
Advanced Policy Management:
Customers can implement granular policies with ease to ensure governance and security protocols are consistently maintained for all Tanzu Kubernetes clusters deployed in their organization. Customers can review all TMC Self-Managed features on official documentation at this link here.
Cloud Provider Experience for TMC Self-Managed Phase one release:
Cloud Providers must use cert-manager to acquire certificates. The CSP admins have two options, first and recommended method is to use externally signed certificates. Alternatively, If Providers choose to use self-signed certificate, they must share CA root certificate with their customers. Please refer to this kb article for detailed information on using self-signed certificates. Customers must use this certificate provided by their provider, to create Tanzu Kubernetes Clusters.
The KB shows how to store the root CA so all new clusters are configured correctly. Customers must trust the certificate in order to access the TMC Self Managed UI/API protected by a self-signed certificate.
Customer Onboarding and branding of TMC Self-Managed:
Once Cloud Provider completes enabling the TMC Self-managed solution add on, the cloud providers can provide the TMC Self-Managed URL to the customers. The cloud providers can configure this URL to follow theme using branding page for solution add on as shown in below screenshot:
To summarize, we reviewed how cloud providers get autonomy to host Kubernetes Management infrastructure within their DataCenters using VMware Cloud director and TMC Self-Managed. We reviewed that customers can use TMC Self-Managed to manage their Kubernetes Clusters, secure the apps within cluster using policy management and use Object Storage Extension to backup and restore the Kubernetes clusters and workloads. Please checkout related content as below.