Transition VMware Tanzu Cloud Services to VMware Tanzu Platform Console
search cancel

Transition VMware Tanzu Cloud Services to VMware Tanzu Platform Console

book

Article ID: 374361

calendar_today

Updated On:

Products

VMware Tanzu Platform Tanzu Mission Control VMware Tanzu Application Catalog VMware Tanzu Service Mesh VMware Tanzu Guardrails

Issue/Introduction

On September 11, 2024, cloud services in the VMware Tanzu portfolio will transition away from VMware Cloud Service to the VMware Tanzu Platform, and customers will access VMware Tanzu cloud services at https://console.tanzu.broadcom.com going forward. The cloud services impacted by this change include:

  • VMware Tanzu Application Catalog
  • VMware Tanzu CloudHealth (limited to select customers who currently access the service from VMware Cloud Service Console)\
  • VMware Tanzu Guardrails
  • VMware Tanzu Service Mesh
  • VMware Tanzu Mission Control
  • VMware Tanzu Platform (previously named VMware Tanzu Hub)

 

As part of this transition, data in your VMware Cloud Services Organization will be transferred to VMware Tanzu Platform, and the following capabilities and configurations will be retained in your VMware Tanzu Platform Organization:

  • Organization ID and name
  • Project ID and name
  • Users, Roles and Permissions
  • Subscriptions and entitlement to VMware Tanzu cloud services
  • Federated Identity / Single-Sign-On (SSO), if your Identity Provider administrator has previously completed configuration changes to your Identity Provider system to work with Broadcom systems.

 

Identity Provider Configuration for SSO to VMware Tanzu Platform Console

Customers with VMware Cloud Services Organizations configured for Federated Identity to allow users to authenticate using SSO should complete the necessary configuration changes in your Identity Provider system to work with Broadcom systems in context of the previous VMware Cloud Services Organization. These changes are applicable to VMware Tanzu Platform Console after Transition Date, and users can authenticate access to VMware Tanzu Platform Console using SSO after Transition Date without any further action.

However, If your Identity Provider administrators have not completed the necessary configuration changes to your Identity Provider system to work with Broadcom systems, you may not be able access VMware Tanzu cloud services after the Transition Date. Please inform your Identity Provider administrator to refer to an email from Broadcom titled “[Action required] SSO IDP change required as a part of VMware migration” for instructions on how to configure your VMware Cloud Services and VMware Tanzu Platform Organization to restore access.

Resolution

Table of Contents

 

If you currently access VMware Tanzu cloud services using VMware Cloud Services Console

Starting from the Transition Date, please visit https://console.tanzu.broadcom.com/ to access VMware Tanzu cloud services, and login using the same credentials as you were using in VMware Cloud Services Console. After successfully logging in to VMware Tanzu Platform Console, you should be able to access the same VMware Tanzu cloud service that you were previously accessing from VMware Cloud Services Console.

Starting from the Transition Date, if you log into VMware Cloud Services Console, VMware Tanzu cloud services may not be displayed in the console, so please visit https://console.tanzu.broadcom.com/ instead to get access to these services.

If you currently access VMware Tanzu cloud services using CLI

Starting from the Transition Date, the minimum version required for CLI is version 1.4.0, and if you are currently using an earlier version, please upgrade to CLI 1.4.0 or above prior to Transition Date to prepare for the transition.

On the Transition Date, CLI 1.4.0 or above will be updated to reference VMware Tanzu Platform Console as the issuer of tokens and CLI context. This configuration change is performed by Broadcom and does not require customers to modify your configuration.

  • If you created CLI context using API Token, CLI would refresh the token using the same API Token that was created prior to the transition with VMware Tanzu Platform Console as the new issuer.
  • If you created CLI context using interactive login (Oauth 2.0 PKCE authentication flow), CLI would invalidate the current access token and refresh token, so that CLI would trigger the interactive login for VMware Tanzu Platform Platform to generate the new refresh token and access token.
  • NOTE: The configuration changes may take up to 24 hours (Sept 12, 8pm UTC) to be updated to the CLI. To trigger an immediate update instead, use the following steps:
    • Run “tanzu plugin source init” command
    • (Run any command) e.g. "tanzu context current"

If you currently access VMware Tanzu cloud services using OAuth Applications

Starting from the Transition Date, your OAuth Applications that depend on VMware Tanzu cloud services will need to be modified to refer to VMware Tanzu Platform Console.

  • Replace the following as the Fully Qualified Domain Name (FQDN) for generating tokens to access VMware Tanzu cloud services and calling VMware Tanzu Platform Console APIs:

    • Before: console.cloud.vmware.com
    • After: console.tanzu.broadcom.com

  • Existing VMware Cloud Services Console APIs are available in VMware Tanzu Platform Console, and the API path segments after the FQDN remain unchanged.
  • The JWKS public endpoint for validating access tokens will change:

    • Before: https://console.cloud.vmware.com/csp/gateway/am/api/auth/token-public-key?format=jwks
    • After: https://console.tanzu.broadcom.com/csp/gateway/am/api/auth/token-public-key?format=jwks

  • The OIDC Configuration endpoint will change:

    • Before: https://console.cloud.vmware.com/csp/gateway/am/api/auth/.well-known/openid-configuration
    • After: https://console.tanzu.broadcom.vmware.com/csp/gateway/am/api/auth/.well-known/openid-configuration

  • To access VMware Tanzu Platform Console, you can continue to use the same client credentials used for accessing VMware Cloud Services Console.

If you are using a Kubernetes collector

To avoid interruption to Kubernetes data collection, please reconfigure your Kubernetes collectors on the Transition Date with the following steps:

  1. Log in to the Kubernetes cluster running the Kubernetes collector.
  2. Run the command to open the collector configuration in edit mode.

    kubectl edit deployments -n aria-k8s aria-k8s-collector

  3. Change the CSP_HOST_NAME value from this:

    https://console.cloud.vmware.com

    to this:

    https://console.tanzu.broadcom.com

  4. Change the LEMANS_GATEWAY_BASE_URL value from this:

    https://data.mgmt.cloud.vmware.com

    to this:

    https://data.platform.tanzu.broadcom.com

  5. Save and exit.

 

If you are using a Terraform provider

  • 1) In the Terraform provider configuration, the customer needs to add a new field: vmw_cloud_endpoint = "console.tanzu.broadcom.com”
  • 2) In the same configuration, the customer needs to update the value of vmw_cloud_api_token with a new token generated from console.tanzu.broadcom.com UI

 

Powered by Wolken Software