In this blog post we will cover the following topics
- Tanzu Mission Control - - Cluster Inspections Overview - - What Inspections are available - - Performing Inspections - - Viewing Inspections
The follow up blog posts are;
- Getting Started Tanzu Mission Control - - TMC Resource Hierarchy - - Creating a Cluster Group - - Attaching a cluster to Tanzu Mission Control - - Viewing your Cluster Objects - Workspaces and Policies - - Creating a workspace - - - Creating a managed Namespace - - - Viewing a managed Namespace - - Policy Driven Cluster Management - - - Creating an Image Registry Policy - - - Creating a Network Policy - - Data Protection - - - Data Protection Overview - - - Create a AWS Data Protection Credential - - - Enable Data Protection on a Cluster - - - Running a backup manually or via an automatic schedule - - - Restoring your data
Cluster Inspections Overview
This for me is one of the best features of Tanzu Mission Control, and an area which I expected will be developed further in the future.
Cluster inspections provide a point-in-time report of the condition of the cluster, you might want to run them periodically (to avoid drifting out of conformance) and any time you make significant alterations, such as after you patch or upgrade a cluster.
This capability is achieved by using Sonobuoy, an open source community standard, which provides diagnostics of your Kubernetes environments through conformance testing and additional plugins.
What Inspections are available?
The following cluster inspections are available from the Overview and Inspection tabs of the cluster detail page in the Tanzu Mission Control console.
- Conformance inspection;
Validates the binaries running on your cluster and ensures that your cluster is properly installed, configured, and working. You can view the generated report from within Tanzu Mission Control to assess and address any issues that arise. For more information, see the Kubernetes Conformance documentation at https://github.com/cncf/k8s-conformance/tree/master/docs.
- CIS benchmark inspection;
Evaluates your cluster against the CIS Benchmark for Kubernetes published by the Center for Internet Security.
- Lite inspection;
Is a node conformance test that validates whether nodes meet requirements for Kubernetes. For more information, see Validate node setup in the Kubernetes documentation.
To perform an inspection, there are two ways; from the inspections tab when view a cluster object (as in the above screenshot).
Or you can do this from the Inspections navigation page, as below.