As an infrastructure operator in VMware Tanzu Mission Control, you can install the Tanzu Service Mesh extensions on a cluster and connect it to your Tanzu Service Mesh account.

After Tanzu Service Mesh (TSM) has been enabled on your organization, you can then add the clusters that you want to manage with TSM. When you add a cluster to TSM, an extension is installed on the cluster to communicate with the TSM service.

Note: To integrate Tanzu Service Mesh with Tanzu Mission Control, you must be running under a Tanzu Service Mesh Advanced license. Tanzu Mission Control does not support integration with Tanzu Service Mesh Enterprise. Although you can enable the integration, you cannot add clusters to Tanzu Service Mesh Enterprise using Tanzu Mission Control.

Prerequisites

Log in to the Tanzu Mission Control console.

Make sure you have the appropriate permissions.
  • To add your cluster to Tanzu Service Mesh, you must be associated with the cluster.admin role on the cluster.

Make sure your cluster satisfies the requirements for Tanzu Service Mesh, as described in Tanzu Service Mesh Environment Requirements and Supported Platforms in the VMware Tanzu Service Mesh documentation.

Procedure

  1. Navigate to the cluster you want to add in the Tanzu Mission Control console.
  2. On the cluster page, click Add Integration in the Integrations pane and select Tanzu Service Mesh.
  3. In the Add dialog, select the options that you want for handling namespaces.
    Note: System namespaces are always excluded from Tanzu Service Mesh.
    • You can select cluster admin delegation. This option allows a platform administrator to delegate injection decision-making to the cluster operator. When this option is enabled, TSM does not specify an inclusion or exclusion model on the cluster namespaces, which effectively delegates the task of labeling namespaces to the cluster operator. You can choose to define no namespaces for injection during onboarding, and enable this option to delegate the operation entirely. When this option is disabled, you choose the namespaces to exclude when adding the cluster to TSM.
      If cluster admin delegation is selected, then you need to add the following label to the namespaces that you want to include in TSM: 
      Istio-injection=enabled --overwrite
    • You can choose to enable Tanzu Service Mesh on all namespaces in the cluster (excluding system namespaces).
    • To exclude namespaces from service mesh, select Exclude namespaces.
      1. To exclude a specific namespace, choose Is exactly, select the namespace, and then click Add Exclusion.
      2. To exclude namespaces based on a starting pattern, choose Starts with, enter the first few characters of the namespaces you want to exclude, and then click Add Exclusion.
  4. You can optionally choose an alternative certificate authority.
    The dropdown list shows the CAs that have been configured in TSM. If you don't choose an alternative, the cluster uses the default CA defined by TSM.
  5. Click Confirm.

Results

When you click Confirm, Tanzu Mission Control installs an extension on your cluster to enable Tanzu Service Mesh. After the extension is installed, you can access the Tanzu Service Mesh console through the Integrations box on the Overview tab of the cluster details page in the Tanzu Mission Control console.