Onboarding a Kubernetes Cluster to VMware Tanzu Service Mesh (TSM) via REST API

In the blog post, I will help you with the steps to onboard a Kubernetes cluster on the Tanzu Service Mesh using REST API. This will help you to automate cluster onboarding process.

I have an EKS Cluster already created with required capacity to onboard it on TSM. Below are the two nodes I have in a cluster.

$ k get nodes
NAME                                          STATUS   ROLES    AGE   VERSION
ip-172-31-50-219.us-east-2.compute.internal   Ready    <none>   39m   v1.21.5-eks-9017834
ip-172-31-55-244.us-east-2.compute.internal   Ready    <none>   39m   v1.21.5-eks-9017834

Cluster on-boarding Pre-requirement

Authentication with the Tanzu Service Mesh REST API

Generate an API token

  • In the upper-right corner of the VMware Cloud Services Console, click your user name and under User Settings, click My Account
  • On the My Account page, click the API Tokens tab 
  • Click Generate a new API token and fill the required details.
  • Click on Generate
  • You will be prompted to copy the newly generated token for later use
  • Copy the token and click on Continue. Note: You won’t be able to see the token again on the UI, so make sure that you copy it.

Generate an Access Token

  • Set an environment variable for the API token, run the following command

$ export CSP_TOKEN=<put your API token here>

  • To exchange the API token for an access token, submit the following request.

$ curl 'https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize' -H 'authority: console.cloud.vmware.com' -H 'pragma: no-cache' -H 'cache-control: no-cache' -H 'accept: application/json, text/plain, */*' --data-raw 'refresh_token=<put your API token here>' --compressed''

  • After executing the above command, you will get a response in which access_token is present. Copy it to the safe place for later use.
  • We will be using the above access_token in the csp-auth-token header during rest api call.

Note: I am using Postman tool for REST API call, you can either use any other tool/browser plugins for the same.

Cluster Onboarding Steps

To get the URL of the registration YAML file for your cluster, submit the following request

Note: GET call format is GET https://{server_name}/tsm/v1alpha1/clusters/onboard-url

  • Where server_name is the name of TSM server and it can be different for you. So check your TSM URL once and change it accordingly.
  • Add the csp-auth-token header value
  • In a terminal window, to apply the registration YAML to your cluster, run the following kubectl command, including the returned URL in the previous command
  • Now we need to submit the POST request, here is the PUT request URL

PUT https://{server_name}/tsm/v1alpha1/clusters/{cluster_id}?createOnly=true

Add a csp-auth-token in the header and send the PUT request.

In the PUT call, you need to update cluster_id as and TSM server name.

  • For the PUT request body, here is the sample
{
  "displayName": "string",
  "description": "string",
  "tags": [
    "string"
  ],
  "labels": [
    {
      "key": "string",
      "value": "string"
    }
  ],
  "autoInstallServiceMesh": false,
  "enableNamespaceExclusions": true,
  "namespaceExclusions": [
    {
      "type": "string",
      "match": "string"
    }
  ]
}
  • I have used the mandatory values only and here is how my PUT request body looks like.
{
  "displayName": "eksclusterfromrest",
  "description": "EKS cluster onboarding",
  "tags": [
    "demoeks"
  ],
  "autoInstallServiceMesh": true,
  "enableNamespaceExclusions": false
}
  • In the response body, you will see the token field. Make a note of it.
  • To establish a secure connection between the cluster and Tanzu Service Mesh and register the cluster with Tanzu Service Mesh, run the following kubectl command

$ kubectl -n vmware-system-tsm create secret generic cluster-token --from-literal=token=<put your token here from previous step>

  • You will see the following output

secret/cluster-token created

  • Since I have used autoInstallServiceMesh to true during PUT request call, So the TSM Data plane component installation will happen in a cluster automatically.
  • Watch the progress of TSM data plane components installation 
  • It will take few mins to complete the installation. Monitor the progress.
  • Finally, Review the status on TSM UI for the newly onboarded cluster. Cluster is visible on the TSM UI.

For more information about TSM API, Refer the VMware Official document.

https://docs.vmware.com/en/VMware-Tanzu-Service-Mesh/services/api-programming-guide/GUID-CC5A0A46-0A4B-45D6-9D1B-DA8C8174AD84.html

One thought on “Onboarding a Kubernetes Cluster to VMware Tanzu Service Mesh (TSM) via REST API

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s