Using Configuration Hardening with VMware Tanzu Kubernetes

By default, the VMware Tanzu Kubernetes environment deploys the master nodes in a private network. Because of this, CloudControl cannot SSH to the nodes in order to run configuration hardening. To work around this, you must run your Tanzu Kubernetes cluster on a VMware Cloud Foundation (VCF) infrastructure using NSX-T, and then add that SDDC Manager into CloudControl. For more information, see Adding SDDC Manager to CloudControl.

CloudControl can then leverage the NSX-T infrastructure to create a temporary network configuration that allows you to perform configuration hardening validation. After the configuration hardening policies have been run, the network configuration is removed.

Note: Configuration hardening policies for VMware Tanzu must be created using the Resource Type Kubernetes.