VMware Tanzu Mission Control is a platform for modern application management that provides a single control point for teams to more easily manage Kubernetes and operate modern containerized applications across multiple clouds and clusters.

As an API-driven service, Tanzu Mission Control enables you to declaratively manage all your clusters through its API, the CLI, or the web-based console.

From the Tanzu Mission Control console, you can see your clusters and namespaces, and organize them into logical groups for easier management of resources, apps, users, and security. Some of the cluster management capabilities of Tanzu Mission Control include:
  • Cluster Lifecycle Management

    Using Tanzu Mission Control, you can connect to your own cloud provider account to create new clusters, resize and upgrade them, and delete clusters that are no longer needed. For more information, see Cluster Lifecycle Management.

  • Cluster Observability and Diagnostics

    See the health and resource usage for each of your clusters from a single console. View cluster details, namespaces, nodes, and workloads directly from the Tanzu Mission Control console. For more information, see Observation and Analysis of Cluster Health and Resources.

  • Cluster Inspections

    Run preconfigured inspections against your clusters using Sonobuoy to ensure consistency over your fleet of clusters. For more information, see Cluster Inspections.

  • Data Protection

    Back up and restore the data resources in your clusters using Velero to ensure the protection of the valuable data resources in your clusters. For more information, see Data Protection.

  • Access Control

    Tanzu Mission Control starts with a secure by default service, and allows you to use federated identity management and apply granular role-based access control to fine tune your security requirements. For more information, see Access Control.

  • Policy Management

    Rather than manually dealing with the many aspects of managing your Kubernetes resources and the apps that use them, you can create policies to consistently manage your clusters, namespaces, and workloads. For more information, see Policy-Driven Cluster Management.

Organizing Clusters and Namespaces

Tanzu Mission Control provides a hierarchy of objects to help you manage your resources. At the top of the structure is the organization, which typically correlates to a business or possibly a line of business within a large enterprise.

Under the organization are grouping objects that allow you separate the concerns of the people that use your resources.

Through the Tanzu Mission Control console you can organize and view your Kubernetes resources in two different ways, enabling operations administrators to maintain control over clusters and infrastructure while allowing application teams self-serve access to namespaces.

  • Cluster groups provide an infrastructure view.

    Cluster groups allow you to organize your Kubernetes clusters into logical groupings, for example to align with business units. To get you started, Tanzu Mission Control provides a default cluster group, but you should create cluster groups to fit your business needs.

  • Workspaces provide an application view

    Workspaces allow you to organize your managed namespaces into logical groups across clusters, perhaps to align with development projects. To get you started, Tanzu Mission Control provides a default workspace, but you should create workspaces to fit your business needs.

By combining your resources into groups, you can simplify management by applying policies at the group level. For example, you can apply an access policy to an entire cluster group rather than creating separate policies for each individual cluster.

Also in the Tanzu Mission Control hierarchy, within the organization, is the credential object. A credential correlates to the role you use to connect to a particular cloud provider account for cluster lifecycle management. The credential object is not directly associated with any cluster group or workspace, so you can create clusters for multiple cluster groups through a single credential.

Attached and Provisioned Clusters

Using Tanzu Mission Control, you can attach existing Kubernetes clusters from various cloud providers, organize them into logical groups, observe their health, and manage their security posture and configuration. For more information, see What Happens When You Attach a Cluster.

You can also provision clusters directly through Tanzu Mission Control, provisioned in your own cloud provider account using Cluster API, to leverage the built-in cluster lifecycle management best practices. For more information, see Cluster Lifecycle Management.

Clusters must belong to a cluster group. When you attach or provision a cluster in Tanzu Mission Control, you specify the cluster group to which the cluster belongs.

Managed and Unmanaged Namespaces

In both attached and provisioned clusters, you can create namespaces that you can manage through Tanzu Mission Control using policies. When you create a namespace through Tanzu Mission Control, you specify the workspace to which the namespace belongs.

Your clusters can also have unmanaged namespaces that were created externally and don't need to be managed through Tanzu Mission Control. However, if you have unmanaged namespaces that you want to manage, you can attach them to your organization using Tanzu Mission Control to better monitor and secure them.