Configure Tanzu Data Hub Infrastructure

This topic explains how SRE users can configure Tanzu Data Hub control plane infrastructure after the control plane has already been installed.

Cloud Provider Accounts

To create and manage cloud provider accounts, log in to Tanzu Data Hub as an SRE, and navigate to Infrastructure > Cloud Provider Accounts

Create a Cloud Provider Account

• To add a new cloud provider account, click Add Cloud Provider Account at top right and fill in the form:

  • Provider is TKGS or OPENSHIFT or TKGM or TAS.
  • Hosting Type configures all data plane clusters in the account as Shared or Dedicated as described in Hosting Types: Shared and Dedicated.
  • Credentials are configured as a JSON structure which can be copied from the same text box. To know the list of permissions required on Kubernetes cluster, see Permissions for RBAC on Kubernetes:

Update a Cloud Provider Account

• To edit a cloud provider account, click the menu icon () on the left of its listing, and select Edit from the small pop-up menu.
  • only editable fields are Credentials and Labels

Delete a Cloud Provider Account

• To delete a cloud provider account, click the menu icon () on the left of its listing, and select Delete from the small pop-up menu.

Certificates

To configure certificates, log in to Tanzu Data Hub as an SRE, and navigate to Infrastructure > Certificates:

• To add a new certificate, click Add Certificate at top right and fill in the form:

  • Provider is TKGS or OPENSHIFT or TKGM or TAS.
  • Name Enter a name for the certificate.
  • Domain Enter a wildcard domain for the certificate.
  • Certificate CA Enter Certificate CA in .pem format.
  • Certificate Enter valid Certificate in .pem format.
  • Certificate Key Enter valid Certificate Key in .pem format.
• Note that as of now for one provider, only one certificate can be added.

DNS

Tanzu Data Hub manages its DNS servers. In high availability environment, secondary DNS servers are provisioned for read only DNS queries.

To see its DNS configurations, navigate to Infrastructure > DNS:

Data Planes

See Create and Manage Data Planes for how to create a new data plane and how to change settings and delete existing ones.

SMTP

SMTP used for inviting users to organizations, reset passwords, and other identity operations in Tanzu Data Hub.

To configure SMTP Details, log in to Tanzu Data Hub as an SRE, and navigate to Infrastructure > SMTP Details

Update SMTP Details

• To Update SMTP Details, click on EDIT button and update the fields.

Email Templates

To edit the templates used to create email messages that Tanzu Data Hub sends to invite users to organizations, reset passwords, and other identity operations, log in to Tanzu Data Hub as an SRE, and navigate to Infrastructure > Email Templates:

For each type of email message, you can read the template and click Edit to change the text, preserving the personalized $(STRING) references.

Federation

Tanzu Data Hub allows adding federated users who can use their ldap credentials to access Tanzu Data Hub. Adding a federation creates a new organization in Tanzu Data Hub. Once a federation is created, the org admin can then invite users which are present in ldap to Tanzu Data Hub.

To configure identity federations that add Tanzu Data Hub identities from external identity providers via LDAP, log in to Tanzu Data Hub as an SRE, and navigate to Infrastructure > Federation:

• To federate with a new identity provider, click Add Federation at top right and fill in the configuration wizard.

• In the vendor select “other” in case you want to use any OpenLdap or compatible identity provider.

  

• Enter the connection URL, TLS parameters as well as the authentication type
• Enter the BindDN and password. TDH uses these credentials to connect to the federation provider
• Press Test connection to check the credentials. The wizard does not proceed until the connection test has passed.
• Enter the Users DN, RDN, UUID and user object class attributes.
• Users DN is the DN where the ldap users are stored.
• You can also specify a ldap filter in case you need to allow only a subset of users.
• Provide an email address of the first admin user of the federated organization. Please note that this user needs to be present in the federation.
• Provide an organization name for the federated organization.
• A new federation is created and listed in the federation listing page.
• The admin user can now login with his ldap credentials on Tanzu Data Hub and invite users as needed.
• To delete or edit an identity provider federation, click the menu icon () on the left of its listing, and select Delete or Edit from the small pop-up menu.

Object Storage

Object Storage is used for storing backups of Tanzu Data Hub services on AWS S3. As an SRE you can configure S3 bucket which can be used by services to store backups. To Configure Object Storage on Tanzu Data Hub, log in to Tanzu Data Hub as an SRE, and navigate to Infrastructure > Object Storage:

• To add new Object Storage, click ADD OBJECT STORAGE at top right and fill in the configuration wizard.
• The Bucket name refers to the s3 bucket used to store backups when this object store is selected while creating any cluster. Tanzu Data Hub stores data in the /tdh folder in this bucket.
• Upon submitting, Tanzu Data Hub verifies the provided details by creating, reading and deleting a test file in the bucket. In case of any errors, please verify the details and access policies for the key.

• To delete an object storage, click the menu icon () on the left of its listing, and select Delete from the small pop-up menu.