TMC Self-Managed now accepts sAMAccountName as a valid configuration value for connecting Active Directory users to TMC Self-Managed deployments. This capability allows you to authenticate users that use "power user" accounts, without the email address attribute set, to incorporate those accounts with a TMC deployment.

You can now update configuration values for your TMC Self-Managed deployment without doing a complete reinstall. You can modify your values.yaml file with updated configuration and then an update command to apply your changes. This capability enables you, for example, to update the TMC Self-Managed stack size from small to medium to increase management scale capabilities without a complete reinstall. For more information, see Dynamically update the stack size of your TMC Self-Managed deployment in Installing and Running VMware TMC Self-Managed.

The version of FluxCD used by the continuous delivery (CD) and Helm package management features of Tanzu Mission Control (TMC) is updated to 2.1.x. When you enable CD or Helm on clusters managed through TMC Self-Managed, it installs FluxCD v2.1.x.

This update applies to individual clusters on which you enable CD or Helm, as well as clusters that are part of a cluster group on which you enable CD or Helm.

In addition to File System Backup (FSB), you can now use Container Storage Interface (CSI) snapshot support for backing up and restoring Kubernetes volumes in TMC Self-Managed. You can choose FSB as well as CSI snapshot method during backup and restore operations. For more details on FSB and CSI snapshot usage, see Data Protection in VMware Tanzu Mission Control Concepts.

For information about using the FSB and CSI during backup operation in Tanzu Mission Control Self-Managed, see in Back Up the Data Resources in Your Cluster in Using VMware Tanzu Mission Control. 

TMC Self-Managed now allows you to enable data protection for a cluster group. This capability allows you to configure recurring backups for all the clusters in a group, or clusters based on names, or clusters based on Tanzu Mission Control labels. New clusters added to the cluster group inherit the configured schedule for the group. Restore operations are supported only at the individual cluster level; restore operations are not available at the cluster group level.

For more information, see Enable Data Protection on a Cluster Group in Using VMware Tanzu Mission Control.

The version of Velero used by the data protection features of Tanzu Mission Control is updated to 1.12.3. This Velero update includes bug fixes in CSI snapshot, data mover, and volume restore. Refer to the changelog for details.

TMC Self-Managed now allows you to edit a schedule of recurring backups for your clusters, created at the cluster level and cluster group level. While editing backup schedule, you can change the advanced options for Kubernetes resources, volume backup options, target location, backup recurrence, and retention period. However, you cannot change the scope of the backup of Kubernetes resources between full cluster, selected namespace, and label selector.

TMC Self-Managed now allows you force the deletion of the backup of a cluster. When the configured target location is no longer accessible from the cluster, the backup delete operation cannot complete and keeps running. You now have the option to "force delete" the backup, which removes the backup entry from TMC, and allows you to delete the backup from the target location manually.

For TKG Service workload clusters with Kubernetes version 1.26 or later, running in vSphere with Tanzu, the Pod Security Admission is set to "enforce" by default. As a result, inspections are unable to run until you add the required label (pod-security.kubernetes.io/enforce: privileged) to the namespace (image-pull-xxxx) created during the inspection run.

Workaround: To allow the inspection to run, you need to start the inspection and then add the label to the namespace created by the inspection, as described in Start a Cluster Inspection inUsing VMware Tanzu Mission Control.

After a successful installation of TMC Self-Managed, users are unable to login/access the TMC user interface. This is often a result of previous failed installs leaving behind stale secrets. 

Workaround:  To enable access to TMC Self-Managed in this situation, follow the process documented in Unable to log in to the TMC console after installation in the troubleshooting section of Installing and Running Tanzu Mission Control Self-Managed to delete stale components, such as secrets and dynamic OIDC client.