Onboarding a Kubernetes Cluster to VMware Tanzu Service Mesh (TSM) via REST API

In the blog post, I will help you with the steps to onboard a Kubernetes cluster on the Tanzu Service Mesh using REST API. This will help you to automate cluster onboarding process.

I have an EKS Cluster already created with required capacity to onboard it on TSM. Below are the two nodes I have in a cluster.

$ k get nodes
NAME                                          STATUS   ROLES    AGE   VERSION
ip-172-31-50-219.us-east-2.compute.internal   Ready    <none>   39m   v1.21.5-eks-9017834
ip-172-31-55-244.us-east-2.compute.internal   Ready    <none>   39m   v1.21.5-eks-9017834

Cluster on-boarding Pre-requirement

Authentication with the Tanzu Service Mesh REST API

Generate an API token

  • In the upper-right corner of the VMware Cloud Services Console, click your user name and under User Settings, click My Account
  • On the My Account page, click the API Tokens tab 
  • Click Generate a new API token and fill the required details.
  • Click on Generate
  • You will be prompted to copy the newly generated token for later use
  • Copy the token and click on Continue. Note: You won’t be able to see the token again on the UI, so make sure that you copy it.

Generate an Access Token

  • Set an environment variable for the API token, run the following command

$ export CSP_TOKEN=<put your API token here>

  • To exchange the API token for an access token, submit the following request.

$ curl 'https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize' -H 'authority: console.cloud.vmware.com' -H 'pragma: no-cache' -H 'cache-control: no-cache' -H 'accept: application/json, text/plain, */*' --data-raw 'refresh_token=<put your API token here>' --compressed''

  • After executing the above command, you will get a response in which access_token is present. Copy it to the safe place for later use.
  • We will be using the above access_token in the csp-auth-token header during rest api call.

Note: I am using Postman tool for REST API call, you can either use any other tool/browser plugins for the same.

Cluster Onboarding Steps

To get the URL of the registration YAML file for your cluster, submit the following request

Note: GET call format is GET https://{server_name}/tsm/v1alpha1/clusters/onboard-url

  • Where server_name is the name of TSM server and it can be different for you. So check your TSM URL once and change it accordingly.
  • Add the csp-auth-token header value
  • In a terminal window, to apply the registration YAML to your cluster, run the following kubectl command, including the returned URL in the previous command
  • Now we need to submit the POST request, here is the PUT request URL

PUT https://{server_name}/tsm/v1alpha1/clusters/{cluster_id}?createOnly=true

Add a csp-auth-token in the header and send the PUT request.

In the PUT call, you need to update cluster_id as and TSM server name.

  • For the PUT request body, here is the sample
  "displayName": "string",
  "description": "string",
  "tags": [
  "labels": [
      "key": "string",
      "value": "string"
  "autoInstallServiceMesh": false,
  "enableNamespaceExclusions": true,
  "namespaceExclusions": [
      "type": "string",
      "match": "string"
  • I have used the mandatory values only and here is how my PUT request body looks like.
  "displayName": "eksclusterfromrest",
  "description": "EKS cluster onboarding",
  "tags": [
  "autoInstallServiceMesh": true,
  "enableNamespaceExclusions": false
  • In the response body, you will see the token field. Make a note of it.
  • To establish a secure connection between the cluster and Tanzu Service Mesh and register the cluster with Tanzu Service Mesh, run the following kubectl command

$ kubectl -n vmware-system-tsm create secret generic cluster-token --from-literal=token=<put your token here from previous step>

  • You will see the following output

secret/cluster-token created

  • Since I have used autoInstallServiceMesh to true during PUT request call, So the TSM Data plane component installation will happen in a cluster automatically.
  • Watch the progress of TSM data plane components installation 
  • It will take few mins to complete the installation. Monitor the progress.
  • Finally, Review the status on TSM UI for the newly onboarded cluster. Cluster is visible on the TSM UI.

For more information about TSM API, Refer the VMware Official document.



One thought on “Onboarding a Kubernetes Cluster to VMware Tanzu Service Mesh (TSM) via REST API

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s