Attach a cluster running on a network that is protected by a proxy server.

To attach a cluster that is running behind a proxy server, you must use the Tanzu Mission Control CLI. The tmc cluster attach command in this procedure generates a YAML manifest that you can run on your cluster to attach it to your Tanzu Mission Control organization.

This procedure is only necessary if your cluster is running behind a proxy server. If your cluster is not behind a proxy server, you can attach it as described in Attach a Cluster.

Prerequisites

You need to gather the following information before starting the attach procedure:
  • Tanzu Mission Control URLs to add to the allowlist on your cluster's HTTP proxy server, as described in What Happens When You Attach a Cluster.
  • the URL of your cluster's HTTP proxy server
  • the user name and password for your cluster's HTTP proxy server
You also need to perform the following tasks:
  • Log in to the Tanzu Mission Control console console.
  • Download and install the Tanzu Mission Control CLI, as described in Log In with the Tanzu Mission Control CLI.
  • Make sure you have already created the cluster group in which you want to attach the cluster.
  • Open a command window and connect to your cluster with kubectl.
  • Make sure you have the appropriate permissions on the cluster and in your Tanzu Mission Control organization.
    • On the cluster, you must have admin permissions to install and run the cluster agent extensions.
    • In Tanzu Mission Control, you must be associated with the clustergroup.edit role on the cluster group in which you want to attach the cluster.

Procedure

  1. Add Tanzu Mission Control URLs to the allowlist on your proxy server.
  2. Set environment variables for your cluster's environment.
    Make sure that the proxy-related environment variables ( HTTP_PROXY, HTTPS_PROXY, and NO_PROXY) are defined for the cluster's environment.
  3. Log in to the Tanzu Mission Control CLI, as described in Log In with the Tanzu Mission Control CLI.
  4. Run the tmc cluster attach command with the following flags to register the cluster and generate the YAML.
    • --name <cluster name as you want it to appear in the console>
    • --group <name of the cluster group in which you want to attach the cluster>
    • --http-proxy-url=<URL of the HTTP proxy server>
    • --http-proxy-username=<user name for basic authentication to the HTTP proxy server>
    • --http-proxy-password=<password for basic authentication to the HTTP proxy server>
    tmc cluster attach --name myclustername --group myclustergroup --http-proxy-url=http://10.0.0.26:3128 --http-proxy-username=myusername --http-proxy-password=myproxypassword
    When you run the command, Tanzu Mission Control registers the cluster with the cluster agent using the cluster name and cluster group that you provided. The cluster is not attached until you run the YAML manifest in your cluster.

    When you provide a user name, password, and the URL of the proxy at the command line, the resulting YAML manifest (k8s-attach-manifest.yaml) contains a proxy secret with encoded versions of the values you provided, which enables the cluster to communicate with Tanzu Mission Control through the proxy.

  5. Run the YAML manifest in your cluster to attach the cluster through your proxy.
    kubectl apply -f k8s-attach-manifest.yaml