As a platform operator or infrastructure operator, use the cluster inspection features of VMware Tanzu Mission Control to ensure that your Kubernetes clusters conform to a standard.
Through Tanzu Mission Control, you can run preconfigured cluster inspections using Sonobuoy to make sure your clusters conform to community standards.
Before you can perform cluster inspections through Tanzu Mission Control Self-Managed using the Conformance and Lite inspection types, you must first make the inspection images available to your self-managed deployment. For more information, see Copying Tanzu Standard and Inspection Images in Installing and Running VMware Tanzu Mission Control Self-Managed.
For more information about testing for cluster conformance, see Cluster Inspections in VMware Tanzu Mission Control Concepts.
About Conformance Inspections and Sonobuoy Permission Requirements
To run a Conformance inspection, Sonobuoy requires particular privileged permissions. When these permissions are restricted through native pod security policies or through a security policy implemented in Tanzu Mission Control, some tests in the Conformance inspection fail.
This behavior is seen in Tanzu Kubernetes clusters running in vSphere with Tanzu.
To prevent this kind of failure for the Conformance inspection, you can create a security policy on the cluster through Tanzu Mission Control that uses the Strict template and disables native pod security policies.
For more information about creating security policies in Tanzu Mission Control, see Create a Security Policy.
For more information about pod security policies in Tanzu Kubernetes clusters running in vSphere with Tanzu, see Using Pod Security Policies with Tanzu Kubernetes Clusters and Example Role Bindings for Pod Security Policy in vSphere with Tanzu Configuration and Management.
