Set up a cloud provider account connection (or credential), to enable you to create Tanzu Kubernetes clusters in your aws-hosted management cluster and manage their entire lifecyle through VMware Tanzu Mission Control.
Tanzu Mission Control hosts a Tanzu Kubernetes Gridmanagement cluster on AWS that you can use to provision workload clusters into your AWS account. No action is required by you to register this management cluster, it is registered with Tanzu Mission Control for your organization.
To create new clusters using Tanzu Mission Control in the aws-hosted management cluster, you must first connect an AWS account by creating a lifecycle credential in a provisioner on the cluster. This topic explains how to create a lifecycle credential. For information about creating a provisioner in your aws-hosted management cluster, see (((xref to 'create a provisioner'))). For more conceptual content, see Cluster Lifecycle Management in VMware Tanzu Mission Control Concepts.
- Log in to the AWS console.
- Use the EC2 service to create an SSH key pair for each region that you plan to use with Tanzu Mission Control.
- To create a cloud provider account connection, you must be associated with the organization.credential.admin role.
- In the Tanzu Mission Control console, click Administration in the left navigation pane.
- On the Administration a page, click the Management clusters tab, and then click aws-hosted in the list of management clusters.
- On the management cluster detail page, click the Accounts tab, and then click Create Account Credential.
- On the Create credential page, select the provisioner to use, and provide a name for the credential.
The name that you enter is the name that appears in the list of connected accounts on the Accounts tab of the management cluster detail page.
- Click Generate template, and then click Next.
When you click Generate template, Tanzu Mission Control generates the template and then downloads it.Note: Do not reuse a template from a previously created stack. Each time you create a cloud provider account connection, you must download the template and create a new stack, even if you use the same AWS account.
- In the AWS console, create a CloudFormation stack using the downloaded template, and when it completes retrieve the ARN.
For more information, see Create a Stack for Your Cloud Provider Account Connection.
- In the Tanzu Mission Control console, still on the Create credential page, click Next and then paste the role ARN that you copied from the AWS console.
- Click Create Credential to create the connection to your cloud provider account.
After you complete this procedure, you have a credential that you can use to create Tanzu Kubernetes clusters and manage their lifecycle with Tanzu Mission Control. You can see your new credential listed on the Accounts tab of the aws-hosted management cluster detail page in the Tanzu Mission Control console.