To manage the microservices in your application with Tanzu Service Mesh, you must onboard the clusters where the microservices are deployed. Onboarding involves registering the cluster with Tanzu Service Mesh and installing the necessary components on the cluster.

During the onboarding, you must apply a YAML file to the cluster. The YAML file contains the Kubernetes configuration required for the registration of the cluster with Tanzu Service Mesh.

You also generate a security token during the onboarding. This security token is used to establish and maintain a secure connection between Tanzu Service Mesh and your cluster while it is being registered.

You must also provide the name that you want the cluster to have in the Tanzu Service Mesh Console user interface after the cluster is onboarded. This cluster name can be different from the name of the cluster in your environment.

Prerequisites

Verify that the following prerequisites are met:

Procedure

  1. In a terminal window, run the following kubectl command to apply the registration YAML to your cluster.
    kubectl --context $CLUSTER_NAME apply -f https://$SERVER_NAME/cluster-registration/k8s/v1.2.16/k8s-registration.yaml
    Note:

    You can get the URL with k8s-registration.yaml by making a call to GET https://$SERVER_NAME/v0/cluster-registration/k8s/url.

  2. To have the API generate a security token for the cluster, submit the following request.

    PUT https://{server_name}/tsm/v1alpha1/clusters/{cluster_id}/token

    Replace {cluster_id} with the name that you want your cluster to have in the Tanzu Service Mesh Console user interface. The cluster name cannot contain special characters, such as a number sign (#), at sign (@), apostrophe ('), and underscore (_), and uppercase letters.

    The response from the API contains a security token.

  3. To establish a secure connection between the cluster and Tanzu Service Mesh and register the cluster with Tanzu Service Mesh, run the following kubectl command.
    kubectl -n vmware-system-tsm create secret generic cluster-token --from-literal=token=$TOKEN

    Replace $TOKEN with the security token returned by the API in step 2.

  4. To check the status of the connection between the cluster and Tanzu Service Mesh, submit the following request.
    GET https://{server_name}/tsm/v1alpha1/clusters/{cluster_id}

    Where {cluster_id} is the cluster name you provided in step 2.

    The response includes the following information.

    {
       "name": string,
       "status":{
          "state": string
       }
    }

    If the connection is established, the state is Connected. The state can be Connecting if the connection is still being established. Wait a few minutes and resend the request. For information about all the possible states that the API returns, see the schema for the GET v1alpha1/clusters/{cluster_id} endpoint in the API Explorer. For information about how to access the API Explorer, see the "API Reference" section in Overview of the Tanzu Service Mesh REST API.

  5. To install Tanzu Service Mesh on the cluster, submit the following request.
    POST https://{server_name}/tsm/v1alpha1/clusters/{cluster_name}/apps 

    Use the following properties in the request body.

    {
       "name":"Istio",
       "version":"Default"
    }
    Important:

    Do not change the values of the name and version properties in the request.

    The response contains the identifier of the installation job.

  6. To check the status of the installation on the cluster, submit the following request.
    GET https://{server_name}/tsm/v1alpha1/clusters/{cluster_id}

    The API returns the following response.

    {
       "name": string,
       "status":{
          "state": string
       }
    }

    If the state is Ready, Tanzu Service Mesh has been successfully installed on the cluster. The state can be Installing. This state means that the installation is still in progress. Wait a few minutes and rerun the command.

  7. To label the namespace in your cluster where you want Tanzu Service Mesh to be enabled, run the following kubectl command.
    kubectl --context $CLUSTER_NAME label ns $NAMESPACE_NAME istio-injection=enabled
    Note:

    You can run the following command to get a list of the namespaces in the cluster.

    kubectl --context $CLUSTER_NAME get namespaces

    Tanzu Service Mesh inserts a sidecar proxy next to each service running in the namespace to monitor the service.

  8. To onboard additional clusters, repeat steps 1–7.

Results

The cluster is onboarded. Tanzu Service Mesh also starts monitoring the services in the cluster and collecting infrastructure and service metrics (such as number of nodes and services, requests per second, latency, and CPU usage). You can view summary information about the cluster's infrastructure, a topology graph of the services in the cluster, and key metrics on the Home page of the Tanzu Service Mesh Console user interface. For more information, see View the Summary Infrastructure and Service Information in Getting Started with Tanzu Service Mesh.