Taken from the vSphere with Tanzu docs.
"Custom ClusterClass is an experimental Kubernetes feature per the upstream Cluster API documentation. Due to the range of customizations available with custom ClusterClass, VMware cannot test or validate all possible customizations. Customers are responsible for testing, validating, and troubleshooting their custom ClusterClass clusters. Customers can open support tickets regarding their custom ClusterClass clusters, however, VMware support is limited to a best effort basis only and cannot guarantee resolution to every issue opened for custom ClusterClass clusters. Customers should be aware of these risks before deploying custom ClusterClass clusters in production environments."
The procedure is based on the {vSphere docs](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-with-tanzu-tkg/GUID-EFE7DB40-8748-42B5-9694-DBC21F9FB76A.html), which you should always reference to check for changes.
export ns="ns1"
export cc_name="my-cc"
Export the variables to match your environment.
export ns="ns1"
export cc_name="my-cc"
Export the default ClusterClass, strip unnecessary fields and update the name.
kubectl -n $ns get clusterclass tanzukubernetescluster -o yaml > ccc.yaml
sed -i '/creationTimestamp:/d' ccc.yaml && sed -i '/generation:/d' ccc.yaml && \
sed -i '/resourceVersion:/d' ccc.yaml && sed -i '/uid:/d' ccc.yaml && \
sed -i '/resourceVersion:/d' ccc.yaml
sed -i "s/ name: tanzukubernetescluster/ name: ${ccc_name}/g" ccc.yaml
It's recommended to manually edit the file to set policy, but automated step are listed below.
- Open ccc.yaml in your favourity editor.
- Search for
controlPlaneFilesAdmissionConfigurationk8s126
and scroll up to see theAdmissionConfiguration
template. - Modify the yaml to set your policy by updating the section
plugins.0.configuration.defaults
. Scrolling up 30 lines will show the K8s 1.25 policy which does not enforce.
sed -i -E 's/enforce: "restricted"/warn: "restricted"\n warn-version: "latest"/' ccc.yaml
sed -i -E 's/enforce-version: "latest"/audit: "restricted"\n audit-version: "latest"/' ccc.yaml
The ClusterClass to any namespaces where it is needed.
export target_ns="ns2"
sed -i "s/namespace: .*/namespace: ${target_ns}/g" ccc.yaml
kubectl apply -f ccc.yaml
Add the following section to your ClusterClass yamls
spec:
topology:
class: <custom cluster class name>