Registering a Kubernetes Cluster
You must register your Kubernetes namespace as a data plane before you start using the different capabilities provided by TIBCO® Control Plane. Use the following steps to register your existing Kubernetes cluster as a data plane.
- If you have not already set up Kubernetes cluster infrastructure, see Setting up Kubernetes Infrastructure.
- If you have an existing Kubernetes cluster, see Preparing a Kubernetes Cluster for TIBCO Control Plane Deployment.
- Helm is installed and configured.
- You must have Data plane Manager permission. For more information, see Permissions.
- To use custom helm repository, ensure that the latest Helm charts from TIBCO GitHub repository are available in your custom repository.
- Procedure
- In the TIBCO Control Plane, click the Data Planes menu from the sidebar.
- Click Register a Data Plane.
- On the Existing Kubernetes Cluster card, click Start.
-
On the Basics screen, provide the following information about your Kubernetes cluster:
-
You must select the EUA checkbox before proceeding.
-
On the Namespace & Service account page, specify the following details:
Field Description Namespace Namespace in which you want to deploy TIBCO Control Plane infrastructure components and capabilities. If the namespace is not already created, you can create it by running the command on the last screen of the wizard. Service Account Specify the Kubernetes Service account name. The service account is used when deploying TIBCO Control Plane infrastructure components and capabilities. If the service account is not already created, you can create it by running the command on the last screen of the wizard. Enable or disable the cluster scoped permissions for RBAC By default, the service account has cluster-scope permissions. If you do not want service account to have cluster-scope permissions, disable the Allow cluster scoped permissions option.
If cluster-scoped permissions are disabled, cluster-scoped RoleBindings are not created. It creates namespace scoped Role and RoleBindings, which only apply to resources in every namespace. For more information, see Data Plane RBACs.
-
On the Configuration page, the following configurations are available:
Field Description Logs Processing Deployment of fluentbit sidecar for Services logs (Optional) By default, Fluentbit log processing is enabled. If you disable this option, the logs from the data plane are not captured and forwarded to the log processor configured in the observability resource. If your organization's current infrastructure already captures logs from all workloads, then you can disable this feature to reduce resource consumption. After registering a data plane, you cannot edit this configuration.
This option is available from UI for TIBCO Operated Control Plane. For self-hosted TIBCO Control Plane, you must set this option in the
platform-bootstrap
chart.Proxy (Optional) You can use a proxy server to route your outbound requests through the proxy server. By default the proxy configuration is disabled.
Specify values for either HTTP PROXY or HTTPS PROXY.
HTTP Proxy A proxy URL to use for creating HTTP connections outside the data plane.
The format for the HTTP proxy is:
http://http_proxy:port
Example:
http://proxy.example.com:8080
HTTPS Proxy A proxy URL to use for creating HTTPS connections outside the data plane.
The format for the HTTPS proxy is:
https://https_proxy:port
Example:
http://proxy.example.com:8084
No Proxy NO_PROXY value defines a list of destination URLs to exclude from using the proxy.
The format of NO_PROXY is:
https://no_proxy1:port,https://no_proxy2:port
Container Registry (Optional) By default, TIBCO Control Plane uses JFrog registry for all component Docker images. This section is to provide the custom container registry details from where to pull the docker images. You must ensure to download the images from TIBCO default registry and push them to your custom registry. For the list of images need to be pushed to your custom registry, see Pushing Images to Custom Container Registry. Registry URL The URL of the container registry.
Example:
registry.acme.io
Repository The name of the repository Username The username to access the container registry. Password The password to access the container registry. Helm Chart Repository (Optional) Global Repository The default Helm chart repository configured at the global level is used by default for the data plane. Custom Helm Chart Repository To configure a new Helm chart repository at the data plane level, click Add Helm Chart Repository to this data plane. Specify the details for the repository. For more information of the fields, see Configuring a Custom Helm Chart Repository. Link other / alternative Global Repository To use a different Helm chart repository than the default one, click Link other / alternative Global Repository. Select the repository from the list. Custom Certificate (Optional) Custom certificates refer to certificates not issued by a well-known Certificate Authorities (CAs). They are either self-signed or issued by some custom CA.
The custom certificate is being used by TIBCO Control Plane. The data plane communicates to TIBCO Control Plane using tunnel. The data plane needs to trust configured certificates. This configuration is for data plane what certificates to trusts.
You have full control of what certificates to trust. In this case, data plane no longer trust any well-known certificates but rather only the ones configured to trust.
For more information about how to generate and use the custom certificate, see Using Custom Certificate.
This feature is applicable to self-hosted TIBCO Control Plane only. Custom certificate can be configured for new data planes created starting from TIBCO Control Plane 1.4.0.
Custom Certificate Secret Name Specify the name of the Kubernetes secret holding the value of TIBCO Control Plane certificate that data plane needs to trust. -
Preview the configuration. You can modify the configuration done. There is Enabled or Disabled toggle on the Preview tab.
-
On the Register a Data Plane page, the helm commands for Helm repository configuration, namespace creation, service account creation, and cluster registration are displayed. Run the helm commands in your Kubernetes cluster in the sequence specified on the screen. It is mandatory to run all four commands whether you have an existing namespace and service account or you want to create a new one. If you are using an existing namespace, you can skip the namespace creation step and instead apply label to
platform.tibco.com/dataPlane-id:<data plane id>
to the existing namespace.Cluster Registration command deploys TIBCO Control Plane Infrastructure components in your Kubernetes cluster. These commands are required to manage and monitor the data plane by using TIBCO Control Plane.
Optionally, to enable the creation of default network policies, see Data Plane Network Policies.
Note: The Helm commands are unique for each data plane. Copy or download the commands before clicking Done. Because after you close this screen, you cannot access the Helm commands, and you need to follow the previous steps again.
For Helm repository configuration command, if you have the existing repository then you must remove the existing repository and then again add the helm repository and update the repository to fetch the latest charts.
Remove the existing repository:
helm repo remove <existing helm repo>
After removing the repository, add and update the latest repository again:
helm repo add <repo alias > <repo url> && helm repo update <repo alias>
Alternatively, overwrite the existing repository by using the following command:
helm repo add <repo alias > <repo url> --force-update