Intiate an inspection to verify the conformance of a cluster.
Cluster inspections in VMware Tanzu Mission Control are precofigured inspections that allow you to test the conformance of your clusters using Sonobuoy. For more information, see Cluster Inspections in VMware Tanzu Mission Control Concepts.
Prerequisites
This procedure assumes that you already have a cluster (either provisioned or attached) that you want to inspect for conformance.
Before you can perform cluster inspections through Tanzu Mission Control Self-Managed using the Conformance and Lite inspection types, you must first make the inspection images available to your self-managed deployment. For more information, see Copying Tanzu Standard and Inspection Images in Installing and Running VMware Tanzu Mission Control Self-Managed.
- To run a cluster inspection, you must be associated with the
cluster.edit
role in the cluster.
Log in to the Tanzu Mission Control console.
Procedure
Results
When you click Run Inspection, the inspection starts and you are directed back to the cluster detail page that shows your inspection is running. When the inspection is complete, the result of the inspection is displayed in the Inspection box.
What to do next
- After the inspection starts, retrieve the name of the
image-pull-####
namespace that was created by the inspection.kubectl get ns | grep "image-pull"
- Apply the PSA label to the namespace.
kubectl label ns image-pull-#### pod-security.kubernetes.io/enforce: privileged