VMware Tanzu · Capability

VMware Tanzu Kubernetes Platform Workflow

Workflow capability for platform engineers managing VMware Tanzu Kubernetes infrastructure. Combines Tanzu Service Mesh management (cluster onboarding, global namespaces, resource groups) with Kubernetes cluster lifecycle operations. Targeted at platform ops teams managing multi-cluster Kubernetes environments across clouds and on-premises vSphere.

Run with Naftiko VMware TanzuCloud NativeClustersContainersEnterpriseGlobal NamespacesKubernetesMulti-CloudService MeshvSphere

What You Can Do

GET
List clusters — List clusters onboarded to Tanzu Service Mesh.
/v1/clusters
GET
Get cluster — Get cluster details and status.
/v1/clusters/{cluster_name}
PUT
Onboard cluster — Onboard a cluster to Tanzu Service Mesh.
/v1/clusters/{cluster_name}
DELETE
Remove cluster — Remove a cluster from TSM.
/v1/clusters/{cluster_name}
GET
List global namespaces — List global namespaces.
/v1/global-namespaces
POST
Create global namespace — Create a global namespace spanning clusters.
/v1/global-namespaces
GET
Get global namespace — Get global namespace details.
/v1/global-namespaces/{namespace_id}
DELETE
Delete global namespace — Delete a global namespace.
/v1/global-namespaces/{namespace_id}
GET
List resource groups — List resource groups.
/v1/resource-groups
POST
Create resource group — Create a resource group.
/v1/resource-groups

MCP Tools

list-tanzu-clusters

List all Kubernetes clusters onboarded to Tanzu Service Mesh. Shows cluster state, cloud provider, region, and TSM agent version.

read-only idempotent
get-tanzu-cluster

Get detailed status for a specific Tanzu Service Mesh cluster, including phase, k8s version, and namespace count.

read-only idempotent
onboard-kubernetes-cluster

Onboard a Kubernetes cluster to Tanzu Service Mesh. Installs the TSM agent and enables service mesh management.

idempotent
remove-kubernetes-cluster

Remove a Kubernetes cluster from Tanzu Service Mesh management.

idempotent
list-global-namespaces

List all global namespaces in Tanzu Service Mesh. Global namespaces connect workloads across multiple clusters into a single virtual network.

read-only idempotent
create-global-namespace

Create a global namespace to connect workloads across multiple Kubernetes clusters. Enables consistent traffic routing and mTLS security.

get-global-namespace

Get details for a specific global namespace, including cluster configurations and status.

read-only idempotent
delete-global-namespace

Delete a global namespace from Tanzu Service Mesh.

idempotent
list-resource-groups

List resource groups used for policy enforcement and monitoring across clusters.

read-only idempotent
create-resource-group

Create a resource group to enforce policies across a set of namespaces, services, or pods.

APIs Used

tanzu-tsm

Capability Spec

kubernetes-platform.yaml Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "VMware Tanzu Kubernetes Platform Workflow"
  description: >-
    Workflow capability for platform engineers managing VMware Tanzu Kubernetes
    infrastructure. Combines Tanzu Service Mesh management (cluster onboarding,
    global namespaces, resource groups) with Kubernetes cluster lifecycle
    operations. Targeted at platform ops teams managing multi-cluster
    Kubernetes environments across clouds and on-premises vSphere.
  tags:
    - VMware Tanzu
    - Cloud Native
    - Clusters
    - Containers
    - Enterprise
    - Global Namespaces
    - Kubernetes
    - Multi-Cloud
    - Service Mesh
    - vSphere
  created: "2026-05-03"
  modified: "2026-05-03"

binds:
  - namespace: env
    keys:
      TANZU_CSP_API_TOKEN: TANZU_CSP_API_TOKEN

capability:
  consumes:
    - import: tanzu-tsm
      location: ./shared/tanzu-service-mesh.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: tanzu-platform-api
      description: "Unified REST API for VMware Tanzu Kubernetes platform management."
      resources:
        - path: /v1/clusters
          name: clusters
          description: "Kubernetes cluster management."
          operations:
            - method: GET
              name: list-clusters
              description: "List clusters onboarded to Tanzu Service Mesh."
              call: "tanzu-tsm.list-clusters"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/clusters/{cluster_name}
          name: cluster-detail
          description: "Individual cluster operations."
          operations:
            - method: GET
              name: get-cluster
              description: "Get cluster details and status."
              call: "tanzu-tsm.get-cluster"
              with:
                cluster_name: "rest.cluster_name"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: PUT
              name: onboard-cluster
              description: "Onboard a cluster to Tanzu Service Mesh."
              call: "tanzu-tsm.onboard-cluster"
              with:
                cluster_name: "rest.cluster_name"
                display_name: "rest.display_name"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: DELETE
              name: remove-cluster
              description: "Remove a cluster from TSM."
              call: "tanzu-tsm.remove-cluster"
              with:
                cluster_name: "rest.cluster_name"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/global-namespaces
          name: global-namespaces
          description: "Global namespace management."
          operations:
            - method: GET
              name: list-global-namespaces
              description: "List global namespaces."
              call: "tanzu-tsm.list-global-namespaces"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-global-namespace
              description: "Create a global namespace spanning clusters."
              call: "tanzu-tsm.create-global-namespace"
              with:
                name: "rest.name"
                domain_name: "rest.domain_name"
                mtls_enforced: "rest.mtls_enforced"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/global-namespaces/{namespace_id}
          name: global-namespace-detail
          description: "Individual global namespace."
          operations:
            - method: GET
              name: get-global-namespace
              description: "Get global namespace details."
              call: "tanzu-tsm.get-global-namespace"
              with:
                namespace_id: "rest.namespace_id"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: DELETE
              name: delete-global-namespace
              description: "Delete a global namespace."
              call: "tanzu-tsm.delete-global-namespace"
              with:
                namespace_id: "rest.namespace_id"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/resource-groups
          name: resource-groups
          description: "Resource groups for policy."
          operations:
            - method: GET
              name: list-resource-groups
              description: "List resource groups."
              call: "tanzu-tsm.list-resource-groups"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-resource-group
              description: "Create a resource group."
              call: "tanzu-tsm.create-resource-group"
              with:
                name: "rest.name"
                resource_type: "rest.resource_type"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      port: 9090
      namespace: tanzu-platform-mcp
      transport: http
      description: "MCP server for AI-assisted Tanzu Kubernetes platform operations."
      tools:
        - name: list-tanzu-clusters
          description: "List all Kubernetes clusters onboarded to Tanzu Service Mesh. Shows cluster state, cloud provider, region, and TSM agent version."
          hints:
            readOnly: true
            idempotent: true
          call: "tanzu-tsm.list-clusters"
          outputParameters:
            - type: object
              mapping: "$."

        - name: get-tanzu-cluster
          description: "Get detailed status for a specific Tanzu Service Mesh cluster, including phase, k8s version, and namespace count."
          hints:
            readOnly: true
            idempotent: true
          call: "tanzu-tsm.get-cluster"
          with:
            cluster_name: "tools.cluster_name"
          outputParameters:
            - type: object
              mapping: "$."

        - name: onboard-kubernetes-cluster
          description: "Onboard a Kubernetes cluster to Tanzu Service Mesh. Installs the TSM agent and enables service mesh management."
          hints:
            readOnly: false
            idempotent: true
          call: "tanzu-tsm.onboard-cluster"
          with:
            cluster_name: "tools.cluster_name"
            display_name: "tools.display_name"
            description: "tools.description"
          outputParameters:
            - type: object
              mapping: "$."

        - name: remove-kubernetes-cluster
          description: "Remove a Kubernetes cluster from Tanzu Service Mesh management."
          hints:
            readOnly: false
            destructive: true
            idempotent: true
          call: "tanzu-tsm.remove-cluster"
          with:
            cluster_name: "tools.cluster_name"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-global-namespaces
          description: "List all global namespaces in Tanzu Service Mesh. Global namespaces connect workloads across multiple clusters into a single virtual network."
          hints:
            readOnly: true
            idempotent: true
          call: "tanzu-tsm.list-global-namespaces"
          outputParameters:
            - type: object
              mapping: "$."

        - name: create-global-namespace
          description: "Create a global namespace to connect workloads across multiple Kubernetes clusters. Enables consistent traffic routing and mTLS security."
          hints:
            readOnly: false
            idempotent: false
          call: "tanzu-tsm.create-global-namespace"
          with:
            name: "tools.name"
            domain_name: "tools.domain_name"
            mtls_enforced: "tools.mtls_enforced"
          outputParameters:
            - type: object
              mapping: "$."

        - name: get-global-namespace
          description: "Get details for a specific global namespace, including cluster configurations and status."
          hints:
            readOnly: true
            idempotent: true
          call: "tanzu-tsm.get-global-namespace"
          with:
            namespace_id: "tools.namespace_id"
          outputParameters:
            - type: object
              mapping: "$."

        - name: delete-global-namespace
          description: "Delete a global namespace from Tanzu Service Mesh."
          hints:
            readOnly: false
            destructive: true
            idempotent: true
          call: "tanzu-tsm.delete-global-namespace"
          with:
            namespace_id: "tools.namespace_id"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-resource-groups
          description: "List resource groups used for policy enforcement and monitoring across clusters."
          hints:
            readOnly: true
            idempotent: true
          call: "tanzu-tsm.list-resource-groups"
          outputParameters:
            - type: object
              mapping: "$."

        - name: create-resource-group
          description: "Create a resource group to enforce policies across a set of namespaces, services, or pods."
          hints:
            readOnly: false
            idempotent: false
          call: "tanzu-tsm.create-resource-group"
          with:
            name: "tools.name"
            resource_type: "tools.resource_type"
          outputParameters:
            - type: object
              mapping: "$."