VMware Cloud Director Extension for VMware Tanzu Mission Control 1.0 | 18 JAN 2024 | Build 1.0.0-23084897

Check for additions and updates to these release notes.

About

VMware Cloud Director® Extension for VMware Tanzu Mission Control™ is the first VMware SaaS offering that is purpose-built and designed for highly regulated and sovereign environments without any hyperscaler or SaaS dependencies.

Services Providers who are currently offering Kubernetes infrastructure as a Service to run container workloads in a multi-tenant environment, using VMware Cloud Director® Container Service Extension™, can now centrally manage their Kubernetes clusters, and apply IT policies seamlessly using this new VMware Cloud Director Extension for VMware Tanzu Mission Control offering.

From VMware Cloud Director Container Service Extension 4.2, service providers can allow their tenants to not only run container workloads, but also manage multi-cluster Tanzu Kubernetes Grid environment at scale with a unified and centralized interface. Service providers can build economies of scale with their multi-tenant CaaS infrastructure while their end customers can get benefit from application modernization leveraging container ready infrastructure. VMware Cloud Director Extension for VMware Tanzu Mission Control also provides seamless single sign-on for VMware Cloud Director users to access the VMware Tanzu Mission Control Self-Managed UI.

Compatibility

The following product versions are compatible with VMware Cloud Director Extension for VMware Tanzu Mission Control:

Product

Version

Tanzu Mission Control Self-Managed

1.1

VMware Cloud Director

10.4.3, 10.5.1

VMware Cloud Director Container Service Extension

4.2

Kubernetes Container Clusters UI plugin

4.2

Tanzu Kubernetes Grid

2.1.1, 2.2, 2.3.1, 2.4

Object Storage Extension

2.2.2 and newer versions

Caveats and Limitations

  • VMware Cloud Director Extension for VMware Tanzu Mission Control does not support the use of non-English characters in usernames or full names.

  • The VMware Cloud Director UI may not be used to update or delete the VMware Cloud Director Extension for VMware Tanzu Mission Control if the CLI is used for installation.

    Solution add-ons use an encryption key when transmitting or storing some information. VMware Cloud Director generates and stores this value when the VMware Cloud Director UI is used for installation. The CLI installation method requires the user to provide this encryption key for all operations because VMware Cloud Director does not store it.

  • Existing clusters must be updated to trust Harbor repositories with self-signed certificates

    The cluster used to operate VMware Cloud Director Extension for VMware Tanzu Mission Control, and any tenant cluster attached to VMware Cloud Director Extension for VMware Tanzu Mission Control pulls images and Tanzu package information from the configured Harbor repository. It is necessary to configure those clusters to trust the self-signed certificate used by the Harbor service. To establish that trust, it is necessary to recreate all cluster nodes, and update the kapp-controller configuration to trust the certificates.

    For more information, see Configure VMware Cloud Director Extension for VMware Tanzu Mission Control with self-signed certificates (94799).

Known Issues

  • VMware Cloud Director UI Tasks pane can show multiple GetFullEntity calls for one cluster.

    The VMware Cloud Director UI Tasks pane can show multiple getFullEntity calls for one cluster. In VMware Cloud Director UI Tasks pane, search on the cluster name, and you can see frequent getFullEntity calls. This can happen when a VMware Tanzu Mission Control attach attempt is performed, and it fails for some reason. The VMware Cloud Director Container Service Extension backend, or Projector component, attempts to reconcile or retry the operation for about 90 minutes. Regardless of whether the operation succeeds or not in that duration, you will notice getFullEntity calls being indefinitely made for every minute in the VMware Cloud Director Task pane.

    This is due to a bug in VMware Cloud Director 10.5.1 and 10.4.3. VMware Cloud Director does not clean up successful or expired operations from the operations-to-be-retried set in the Cluster RDE. For more information, see VMware Cloud Director 10.4.3 Release Notes and VMware Cloud Director 10.5.1 Release Notes.

    Workaround

    Identify and remove problematic elements from the RDE.entity.status.projector.retrySet.

    All or any elements with an empty body, partial body or with a missing creationTimeStamp field need to be removed cleanly from RDE.entity.status.projector.retrySet using the VMware Cloud Director workaround detailed in the VMware Cloud Director 10.4.3 Release Notes and VMware Cloud Director 10.5.1 Release Notes.

    Once the RDE.entity.status.projector.retrySet becomes empty, you should not see any further getFullEntity calls on the cluster for every minute.

    API calls

    1. Retrieve the cluster-id from the Cluster Information page in the Kubernetes Container Clusters UI.

    2. In Postman, and perform Get https://vcd/cloudapi/1.0.0/entities/cluster-id; save the ETag from the response headers.

    3. Modify the body to remove all or any problematic elements from RDE.entity.status.projector.retrySet.

    4. In Postman, perform a PUT with the modified body https://vcd/cloudapi/1.0.0/entities/ {cluster-id}.

      1. Use with the same ETag retrieved in Step 2, and insert it as a value for the header with the key If-Match.

      2. Ensure the VMware Cloud Director workaround in Using the VMware Cloud Director API, attempting to delete an item with a secure field from an array in an RDE instance results in the item not being fully deleted is followed here to include or modify the request payload. For more information, see VMware Cloud Director 10.5.1 Release Notes.

    5. If update fails with ETag error, repeat Step 2.

    For more information on using ETags, see VMware Cloud Director Open API.

  • TMC Attachment Status column can display a cluster's status switching from Ready to another value after the cluster has been successfully attached.

    After a cluster is successfully attached in VMware Cloud Director Extension for VMware Tanzu Mission Control, and shows the TMC Attachment Status as Ready, the status value can later change, for example to Unknown. It can happen if there are resource constraints on the cluster, and the cluster intermittently gets disconnected from VMware Cloud Director Extension for VMware Tanzu Mission Control.

    Workaround:

    Ensure that the cluster resources are sufficient for the cluster agent extensions to run successfully. Cluster agent extensions are installed when cluster is attached to VMware Cloud Director Extension for VMware Tanzu Mission Control. For more information, see Memory and CPU Usage by Cluster Agent Extensions.

  • The Kubernetes Container Clusters UI plugin 4.2.0 loads the cluster list and the cluster information page extremely slowly.

    This behavior occurs if the user has access to VMware Tanzu Mission Control, but the service is inaccessible. The cluster list datagrid and cluster information page will display a spinner, and then the UI will eventually render successfully.

    There are two workarounds for this issue:

    • Remove VMware Tanzu Mission Control access from tenant organizations. In this situation, VMware Tanzu Mission Control is inaccessible anyway.

    • Uninstall VMware Tanzu Mission Control from solutions add-ons. For more information, see Remove a Solution Add-On From VMware Cloud Director.

  • The Kubernetes Container Clusters 4.2 UI cannot recognize the VMware Tanzu Mission Control attachment status for manually attached clusters

    Existing clusters that were manually attached to VMware Tanzu Mission Control display a blank status in the TMC Attachment Status column in the Cluster Information page of Kubernetes Container Clusters 4.2 UI.

check-circle-line exclamation-circle-line close-line
Scroll to top icon