To meter the product consumption data of Tanzu Kubernetes Grid, you must add the Tanzu Kubernetes Grid management cluster for metering.

Prerequisites

  • Verify that the vCenter Server instance associated with the Tanzu Kubernetes Grid management cluster is part of the vCloud Usage Meter list of vCenter Server instances.
  • Obtain a bearer token by setting up a service account metering user with Tanzu Kubernetes Grid. For information, see Obtain a Bearer Token for a Tanzu Kubernetes Grid Management Cluster.

Procedure

  1. In the main menu bar of the vCloud Usage Meter Web interface, click Products.
  2. In the left pane, navigate to Cloud > Tanzu Kubernetes Grid Multi-cloud.
  3. Click Add.
    The Add a Tanzu Kubernetes Grid Multi-cloud (TKGm) wizard opens.
  4. From the vCenter Enpoint drop-down menu, select the IP address of the vCenter Server instance associated with the Tanzu Kubernetes Grid management cluster.
  5. In the Endpoint text box, enter the host name or the IP address of a control plane virtual machine that is part of the management cluster.
    Consider the following factors:
    • A load balancer IP rotates the certificates depending on the destination node. If you enter a load balancer IP, you must accept the product certificate every time vCloud Usage Meter collects product consumption data.
    • Ensure that the control plane virtual machine will not be deleted during a scale down of the cluster.
  6. In the Bearer token text box, enter the bearer token you obtain from the Tanzu Kubernetes Grid management cluster.
  7. From the Edition drop-down menu, select the Tanzu Kubernetes Grid edition.
    • Basic
    • Standard
    • Advanced
  8. From the Metric drop-down menu, select wheter vCloud Usage Meter must meter based on vRAM or CPU cores.

Results

Tanzu Kubernetes Grid is now part of the management clusters vCloud Usage Meter meters. If an error occurs, an error message appears in the Status column in the Tanzu Kubernetes Grid list of management clusters.

Obtain a Bearer Token for a Tanzu Kubernetes Grid Management Cluster

To add a Tanzu Kubernetes Grid management cluster for metering, you must obtain a bearer token.

To obtain a bearer token for a Tanzu Kubernetes Grid management cluster, you must set up a service metering user with a cluster role. You must create two separate YAML files for the user and the cluster role.

Prerequisites

Obtain the credentials of the Tanzu Kubernetes Grid management cluster. For information, see Retrieve Tanzu Kubernetes Cluster kubeconfig in VMware Tanzu Kubernetes Grid 1.5 Documentation.

Procedure

  1. Create a YAML file and enter the user metadata.
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: user
      namespace: tkg-system
  2. To update the resources of the Tanzu Kubernetes Grid management cluster with the created user, run the command.
    kubectl apply -f user-filename.yaml
  3. To grant a cluster role to the user, create a YAML file.
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: user
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
      - kind: ServiceAccount
        name: user
        namespace: tkg-system
  4. To update the resources of the Tanzu Kubernetes Grid management cluster with the granted cluster role to the user, run the command.
    kubectl apply -f user-role-filename.yaml
  5. List all the secrets in the tkg-system namespace.
    kubectl get secret -n tkg-system
    You can see the list of all the secrets in the tkg-system namespace. The created bearer token has the following name pattern user-token-Kubernetes-generated-string and type kubernetes.io/service-account-token, where user is the entered name for the user and Kubernetes-generated-string is a Kubernetes-system generated string that uniquely identifies the bearer token.
  6. To get the bearer token, run the command.
    kubectl get secret user-token-Kubernetes-generated-string -o yaml -n tkg-system
  7. Decode the bearer token.
    echo bearer-token | base64 --decode