Skip to content

Part 6 - Installing Tanzu Mission Control Self-Managed

Let's do a quick recap. So far to get ready for the TMC Self-Managed installation we went through the following steps at a high-level. The installation process itself is just a few commands but configuring these pre-requisites correctly will exponentially increase the chances of a successful installation.

Download and stage the installation images

Download the installer from the Customer Connect Download Site. This contains the CLI, packages and images that will be used for TMC Self-Managed installation.

Staging Installation Images

Make sure you have added Harbor CA to jumpbox for the successful upload of artifacts. To push the images you can run the command below. In this example I have extracted the bundle downloaded in the previous step to a folder named tmc

tmc/tmc-sm push-images harbor --project --username admin --password 'Admin!23'

Once the upload finishes you should get a message with the next steps.

Image Staging Complete. Next Steps:
Setup Kubeconfig (if not already done) to point to cluster:

Create 'tmc-local' namespace: kubectl create namespace tmc-local

Download Tanzu CLI from Customer Connect (If not already installed)

Update TMC Self Managed Package Repository:
Run: tanzu package repository add tanzu-mission-control-packages --url "" --namespace tmc-local

Create a values based on the TMC Self Managed Package Schema:
View the Values Schema: tanzu package available get "" --namespace tmc-local --values-schema
Create a Values file named values.yaml matching the schema

Install the TMC Self Managed Package:
Run: tanzu package install tanzu-mission-control -p --version "1.0.0" --values-file values.yaml --namespace tmc-local

Installing TMC Self-Managed

Create tmc-local namespace

kubectl create namespace tmc-local

Add TMC Self-Managed Package Repository

tanzu package repository add tanzu-mission-control-packages --url "" --namespace tmc-local

Verify Package Repository Reconciliation

tanzu package repository list -n tmc-local

  NAME                            SOURCE                                                             STATUS
  tanzu-mission-control-packages  (imgpkg)  Reconcile succeeded

Self-Signed CAs

We will need the CA for Harbor and the self-signed ClusterIssuer for configuring TMC. We are going to merge these both in a single file for ease of configuration.

kubectl get secret -n cert-manager tmcsm-issuer -o=jsonpath="{\.crt}" | base64 -d > $HOME/trusted-ca.pem
cat harbor-ca.crt >> $HOME/trusted-ca.pem

Create values.yaml file

  • You can generate default values.yaml file using
tanzu package available get "" --namespace tmc-local --default-values-file-output default.yaml
  • To get the definition and details about each of the parameters below you can use
tanzu package available get "" --namespace tmc-local --values-schema

Create a template file

cat <<EOF > $HOME/tmcsm-values-template.yaml
clusterIssuer: "tmcsm-issuer"
  serviceType: "LoadBalancer"
  serviceAnnotations: ""
dnsZone: ""
harborProject: ""
  password: "Admin!23"
  username: "root"
    clientID: "11111111111111"
    clientSecret: "222222323211sw1awe12sa12s3se"
    issuerType: "pinniped"
    issuerURL: ""
  userPassword: "Admin!23"
  maxConnections: 300
  ceipAgreement: false
  ceipOptIn: false
  eanNumber: ""
yq eval '.trustedCAs.trusted-ca = "'"$(< $HOME/trusted-ca.pem)"'"' \
$HOME/tmcsm-values-template.yaml > $HOME/tmcsm-values.yaml

Update Okta Redirect URI

In the Okta portal navigate to your Application, Edit the General Settings and update the Sign-In Redirect URI to https://pinniped-supervisor.<yourdnszone>/provider/pinniped/callback if not already done so

Install the TMC Self-Managed Package

tanzu package install tanzu-mission-control \
-p --version "1.0.0" \
--values-file tmcsm-values.yaml --namespace tmc-local

Verify Installation

tanzu package installed list -n tmc-local

  NAME                          PACKAGE-NAME                                       PACKAGE-VERSION  STATUS
  contour                                             12.1.0           Reconcile succeeded
  kafka                                                 22.1.3           Reconcile succeeded
  kafka-topic-controller        0.0.21           Reconcile succeeded
  minio                                                 12.6.4           Reconcile succeeded
  pinniped                                           1.2.1            Reconcile succeeded
  postgres                        0.0.46           Reconcile succeeded
  postgres-endpoint-controller  0.1.43           Reconcile succeeded
  s3-access-operator              0.1.22           Reconcile succeeded
  tanzu-mission-control                               1.0.0            Reconcile succeeded
  tmc-local-monitoring                    0.0.13           Reconcile succeeded
  tmc-local-stack                    0.0.17161        Reconcile succeeded
  tmc-local-stack-secrets       0.0.17161        Reconcile succeeded
  tmc-local-support                0.0.17161        Reconcile succeeded

Access TMC Self-Managed UI

  • After Sign In you will be redirected to the Okta UI. Here you will use the user created under the section Creating Admin User
  • Make sure for the first time login you use the user which is part of tmc:admin group


After successful login, you will see the Launchpad page in TMC. This marks the successful installation of TMC Self-Managed.