You can create Tanzu Kubernetes clusters by using the Kubernetes Container Clusters plug-in.
For more information about the different Kubernetes runtime options for the cluster creation, see Using Kubernetes with VMware Cloud Director.
You can manage Kubernetes clusters also by using the Container Service Extension CLI. See the Container Service Extension documentation.
VMware Cloud Director provisions Tanzu Kubernetes clusters with the PodSecurityPolicy Admission Controller enabled. You must create a pod security policy to deploy workloads. For information about implementing the use of pod security policies in Kubernetes, see the Using Pod Security Policies with Tanzu Kubernetes Clusters topic in the vSphere with Kubernetes Configuration and Management guide.
- Publish the Kubernetes Container Clusters plug-in to any organizations that you want to manage Tanzu Kubernetes clusters.
- Verify that you have at least one organization VDC Kubernetes policy in your organization VDC. To add an organization VDC Kubernetes policy, see Add an Organization VDC Kubernetes Policy.
- You must publish the vmware:tkgcluster Entitlement rights bundle to any organizations that you want to work with clusters. After sharing the rights bundle, you must add the Edit: Tanzu Kubernetes Guest Cluster right to the roles you want to create and modify Tanzu Kubernetes clusters. If you want the users also to delete clusters, you must add the Full Control: Tanzu Kubernetes Guest Cluster right to the roles. In addition, you can assign the administrator rights to users that you want to view all Tanzu Kubernetes clusters in an organization or users that you want to manage clusters across sites. For information about the rights and access levels for Runtime Defined Entities (RDEs), see Managing Defined Entities.
- Grant access to tenants or system administrators by creating Access Control List (ACL) entries. For more information on sharing Runtime Defined Entities (RDEs), see Sharing Defined Entities.
- From the top navigation bar, select .
- (Optional) If the organization VDC is enabled for TKGI cluster creation, on the Kubernetes Container Clusters page, select the vSphere with Tanzu & Native tab.
- Click New.
- Select the vSphere with Tanzu runtime option and click Next.
- Enter a name for the new Kubernetes cluster and click Next.
- Select the organization VDC to which you want to deploy a Tanzu Kubernetes cluster and click Next.
- Select an organization VDC Kubernetes policy and a Kubernetes version, and click Next.
VMware Cloud Director displays a default set of Kubernetes versions that are not tied to any organization VDC or Kubernetes policy. These versions are a global setting. To change the list of available versions, use the cell management tool to run the
./cell-management-tool manage-config --name wcp.supported.kubernetes.versions -v version_numberscommand with comma-separated version numbers.
- Select the number of control plane and worker nodes in the new cluster.
- Select machine classes for the control plane and worker nodes, and click Next.
- Select a Kubernetes policy storage class for the control plane and worker nodes, and click Next.
- (Optional) For VMware Cloud Director 10.2.2 and later, specify a range of IP addresses for Kubernetes services and a range for Kubernetes pods, and click Next.
Classless Inter-Domain Routing (CIDR) is a method for IP routing and IP address allocation.
Option Description Pods CIDR Specifies a range of IP addresses to use for Kubernetes pods. The default value is 192.168.0.0/16. The pods subnet size must be equal to or larger than /24. This value must not overlap with the Supervisor Cluster settings. You can enter one IP range. Services CIDR Specifies a range of IP addresses to use for Kubernetes services. The default value is 10.96.0.0/12. This value must not overlap with the Supervisor Cluster settings. You can enter one IP range.
- Review the cluster settings and click Finish.
What to do next
- Resize the Kubernetes cluster if you want to change the number of worker nodes.
- Download the kubeconfig file. The kubectl command-line tool uses kubeconfig files to obtain information about clusters, users, namespaces, and authentication mechanisms.
- Delete a Kubernetes cluster.