VMware Tanzu Mission Control 1.0 | 23 AUG 2023

Check for additions and updates to these release notes.

Welcome to the Release Notes for VMware Tanzu Mission Control Self-Managed. Here you find posts about new features, patches, and bug fixes for the platform.

Tanzu Mission Control Self-Managed is a comprehensive API-driven cluster management platform, provided through a packaged deployment model, that allows you to monitor and manage your fleet of Kubernetes clusters from a single point of control. Tanzu Mission Control Self-Managed builds on the success of the SaaS deployment model for Tanzu Mission Control by enabling you to deploy the cluster management stack atop your own infrastructure.

.

What's new in 1.0.1

Tanzu Mission Control Self-Managed now supports deployment to and lifecycle management of the following Tanzu Kubernetes Grid clusters:

Cluster type

Environment

TKG 2.2.x (Kubernetes 1.25.x)

vSphere 8.0 and vSphere 7.0

TKG 2.1.x (Kubernetes 1.24.x)

vSphere 8.0 and vSphere 7.0

TKG 1.6.x (Kubernetes 1.23.x)

vSphere 7.0

Tanzu Kubernetes Grid Service clusters running in vSphere with Tanzu (Kubernetes 1.24.x and 1.23.x)

vSphere 8.0 Update 0 or Update 2

vSphere 7.0 latest update

New Features and Improvements

  • Added lifecycle management support for vSphere 8

    You can now manage Tanzu Kubernetes Grid Service clusters running in vSphere with Tanzu 8u1b. Tanzu Mission Control Self-Managed allows you to register your vSphere with Tanzu Supervisor to perform lifecycle management operations on your Tanzu Kubernetes Grid service clusters.

  • Added Terraform provider support for Tanzu Mission Control Self-Managed

    Tanzu Mission Control Self-Managed can now be managed and automated using Hashicorp Terraform platform.

    The Tanzu Mission Control provider v1.2.1 in Terraform implements support for managing your fleet of Kubernetes clusters by connecting with Tanzu Mission Control Self-Managed.

    You can use the Tanzu Mission Control provider for Terraform to:

    • Connect to Tanzu Mission Control Self-Managed.

    • Attach conformant Kubernetes clusters.

    • Manage the lifecycle of workload clusters.

    • Manage cluster security using policies - access, image registry, security, network, custom, namespace quota.

    Supported resources and operations using the Terraform provider is reflective of features and differences with the self-managed version of Tanzu Mission Control. For more information, see Using Tanzu Mission Control Self-Managed in Installing and Running Tanzu Mission Control Self-Managed.

    For more information about using the Tanzu Mission Control provider for Terraform with Tanzu Mission Control Self-Managed, see:

Issues Resolved in 1.0.1

Issues Resolved in version 1.0.1

  • Resolved package deployment issue on vSphere with Tanzu v8

    Resolved an issue with kapp-controller being unable to reconcile packages on Tanzu Kubernetes Grid Service clusters running in vSphere with Tanzu on vSphere 8.

  • Resolved Tanzu Mission Control console refresh issue

    Resolved an issue with the auto refresh of the OIDC credentials in the Tanzu Mission Control console, that caused a refresh every five minutes.

Component upgrades

Component

Version in 1.0

Version in 1.0.1

bitnami/alertmanager

0.24.0

0.25.0

bitnami/configmap-reload

0.7.1

0.11.1

bitnami/prometheus

2.38.0

2.46.0

docker.io/bitnami/bitnami-shell

11-debian-11-r120

11-debian-11-r34

docker.io/bitnami/contour

1.25.0-debian-11-r3

1.25.2-debian-11-r17

docker.io/bitnami/envoy

1.26.1-debian-11-r7

1.26.4-debian-11-r20

docker.io/bitnami/kafka-exporter

1.6.0-debian-11-r89

1.7.0-debian-11-r61

docker.io/bitnami/kafka

3.4.0-debian-11-r33

3.5.1-debian-11-r1

docker.io/bitnami/minio

2023.5.18-debian-11-r2

2023.7.18-debian-11-r0

docker.io/bitnami/postgres-exporter

0.12.0-debian-11-r91

0.13.2-debian-11-r15

docker.io/bitnami/postgresql

15.3.0-debian-11-r7

15.4.0-debian-11-r0

build-integrations-images/kapp-controller

v0-45-0

v0-46-1

CVEs addressed in 1.0.1

The component upgrades listed above address the following CVEs:

CVE-2016-3709

CVE-2021-22923

CVE-2021-43565

CVE-2021-46848

CVE-2022-21698

CVE-2022-27191

CVE-2022-27664

CVE-2022-28948

CVE-2022-29458

CVE-2022-29526

CVE-2022-32149

CVE-2022-36320

CVE-2022-41721

CVE-2022-42898

CVE-2022-48281

CVE-2022-48303

CVE-2023-0361

CVE-2023-0798

CVE-2023-0799

CVE-2023-0800

CVE-2023-0801

CVE-2023-0802

CVE-2023-0803

CVE-2023-0804

CVE-2023-1299

CVE-2023-1782

CVE-2023-1916

CVE-2023-2253

CVE-2023-26965

CVE-2023-27535

CVE-2023-27536

CVE-2023-28319

CVE-2023-28322

CVE-2023-28840

CVE-2023-3079

CVE-2023-34455

Known Issues in 1.0.1

Known Issues in version 1.0.1

  • Failure to register Supervisor running in vSphere with Tanzu on vSphere 8.0.1c

    When attempting to register a Tanzu Kubernetes Grid Service Supervisor running in vSphere with Tanzu on vSphere 8.0.1c with Tanzu Mission Control Self-Managed, registration fails.

    Workaround: Use vSphere 8.0.1b.

What's New v1.0

Introducing VMware Tanzu Mission Control Self-Managed, which provides a packaged, self-managed deployment model for Tanzu Mission Control. For users who cannot consume the SaaS deployment model for Tanzu Mission Control, this solution gives you the ability to deploy and manage the Tanzu Mission Control in your own infrastructure.

  • Cluster management for air-gapped and network-restricted environments

    • Lifecycle management of Tanzu Kubernetes Grid clusters

    • Centralized policy management

    • Data protection

    • Conformance inspection services

    • Identity and access management (RBAC)

    • Integration with Tanzu Standard package repository

  • Compatibility and System Requirements

    For compatibility and system requirements information, see Preparing your cluster to host Tanzu Mission Control Self-Managed in Installing and Running VMware Tanzu Mission Control Self-Managed.

Known Issues v1.0

Known Issues in version 1.0

  • Kubernetes service account identity not available from the Tanzu Mission Control console

    When adding a role binding to an access policy using the Tanzu Mission Control console, the dropdown for the Identities type only contains user and group. and does not contain the Kubernetes service account option.

    Workaround: Use the CLI or the API to add role bindings with Kubernetes service account identity to your access policies.

  • Known CVEs that impact Tanzu Mission Control Self-Managed

    Be aware of the following security vulnerabilities in Tanzu Mission Control Self-Managed 1.0:

    • The docker.io/bitnami/envoy:1.26.1-debian-11-r7 image deployed as part of the contour-envoy daemonset in Tanzu Mission Control Self-Managed 1.0 is vulnerable to CVE-2019-9512

      Workaround: To mitigate this vulnerability, create network policies to restrict ICMP traffic directed to the pods managed by the contour-envoy daemonset.

    • The docker.io/bitnami/kafka:3.4.0-debian-11-r33 image deployed as part of the kafka statefulset in Tanzu Mission Control Self-Managed 1.0 is vulnerable to CVE-2018-25032 which is a vulnerability in the zlib compression library.

      Workaround:  To mitigate this vulnerability, do not modify Tanzu Mission Control deployment to opt for the zlib compression. By default, Kafka does not perform any compression. 

  • cert-manager version no longer supported

    The cert-manager open source project no longer supports version 1.10.

    Workaround: VMware will continue to provide support for cert-manager v1.10 as a component of Tanu Mission Control Self-Managed.

  • kapp-controller cannot reconcile Tanzu Standard package repository and packages for workload clusters running in vSphere with Tanzu in vSphere version 8

    Deployment of packages from the Tanzu Standard package repository through the catalog in Tanzu Mission Control fails because:

    • kapp-controller cannot reconcile the Tanzu Standard package repository or packages because the required secret is not created on the workload clusters.

    This means users are not able to deploy packages from the Tanzu Standard package repository onto managed workload clusters through Tanzu Mission Control.

    This issue impacts only workload clusters running in vSphere with Tanzu in vSphere version 8.

    Workaround: Use the script provided in Provision a Cluster in vSphere with Tanzu using a Cluster Class in Using VMware Tanzu Mission Control.

  • TKG 2.1+ cluster creation not supported in the tmc CLI

    Cluster creation in TKG versions 2.1 and 2.2 is not currently supported by the tmc CLI. As a result, class-based clusters can only be created via the UI or the API.

    Workaround: Create TKG 2.1+ clusters using the Tanzu Mission Control console or the API. 

  • Tanzu Mission Control console refresh issue

    There is an issue with the auto refresh of the OIDC credentials in the Tanzu Mission Control console, which causes the user to have to refresh the page every 5 minutes on certain pages. This causes the user to re-fill any incomplete forms they were working on before the token timed out.

check-circle-line exclamation-circle-line close-line
Scroll to top icon