You can use provider VDC and organization VDC Kubernetes policies to create vSphere with VMware Tanzu clusters.

vSphere with VMware Tanzu in VMware Cloud Director

When enabled on a vSphere cluster, vSphere with VMware Tanzu provides the capability to run Kubernetes workloads directly on ESXi hosts and to create upstream Kubernetes clusters in dedicated resource pools. For more information, see the vSphere with Kubernetes Configuration and Management guide in the vSphere documentation.

You can use vSphere with VMware Tanzu in VMware Cloud Director to create provider virtual data centers (VDCs) backed by Supervisor Clusters. A host cluster with enabled vSphere with VMware Tanzu is called a Supervisor Cluster. You can set restrictions on the uses of the resources and limit the available resources, including number of Kubernetes clusters per organization, user, or group. For more information, see Manage Quotas on the Resource Consumption of an Organization.

To use vSphere with VMware Tanzu in VMware Cloud Director, first, you must enable the vSphere with VMware Tanzu functionality on a vSphere 7.0 or later cluster, and configure that cluster as a Supervisor Cluster. See the vSphere with Kubernetes Configuration and Management guide in the vSphere documentation. The vCenter Server instance that you want to use can have both host clusters and Supervisor Clusters.

Tenants can create Tanzu Kubernetes clusters by applying one of the organization VDC Kubernetes policies. System administrators can edit and delete organization VDC Kubernetes policies by using the Service Provider Admin Portal or the VMware Cloud Director Tenant Portal. Native and TKGI clusters do not use the provider and organization VDC Kubernetes policies.

VMware Cloud Director provisions Tanzu Kubernetes clusters with the PodSecurityPolicy Admission Controller enabled. You must create a pod security policy to deploy workloads. For information about implementing the use of pod security policies in Kubernetes, see the Using Pod Security Policies with Tanzu Kubernetes Clusters topic in the vSphere with Kubernetes Configuration and Management guide.

Workflow

  1. Add a vCenter Server 7.0 or later instance with an enabled vSphere with VMware Tanzu functionality to VMware Cloud Director. See Attach a vCenter Server Instance Alone or Together with an NSX Manager Instance.
  2. Create a provider VDC backed by a Supervisor Cluster. See Create a Provider Virtual Data Center.

    Alternatively, you can add a Supervisor Cluster to an existing provider VDC. If you have a vSphere 6.7 or earlier environment, you can also upgrade the environment to version 7.0 and enable vSphere with VMware Tanzu on an existing cluster.

    Provider VDCs backed by a Supervisor Cluster appear with a Kubernetes icon next to their name in the grid that lists all provider VDCs.

  3. (Optional) VMware Cloud Director generates automatically a default provider VDC Kubernetes policy for provider VDCs backed by a Supervisor Cluster. You can create additional provider VDC Kubernetes policies for Tanzu Kubernetes clusters. See Create a Provider VDC Kubernetes Policy.
  4. Publish a Provider VDC Kubernetes Policy to an Organization VDC from the Provider VDCs tab or Add an Organization VDC Kubernetes Policy from the Organization VDCs tab.
  5. Publish the Kubernetes Container Clusters plug-in to service providers. See Publish or Unpublish a Plug-in from an Organization. If you want to enable tenants to create Kubernetes clusters, you must publish the Kubernetes Container Clusters plug-in to those organizations. For more information about managing VMware Cloud Director plug-ins, see Managing Plug-Ins.
  6. Publish the vmware:tkgcluster Entitlement rights bundle to any organizations that you want to work with Tanzu Kubernetes clusters.
  7. Add the Edit: Tanzu Kubernetes Guest Cluster right to the roles that you want to create Tanzu Kubernetes clusters. If you want the users also to delete clusters, you must add the Full Control: Tanzu Kubernetes Guest Cluster right to the roles. In addition, you can assign the administrator rights to users that you want to view all Tanzu Kubernetes clusters in an organization or users that you want to manage clusters across sites. For information about the rights and access levels for Runtime Defined Entities (RDEs), see Managing Defined Entities.
  8. Grant access to tenants or system administrators by creating Access Control List (ACL) entries. For more information on sharing Runtime Defined Entities (RDEs), see Sharing Defined Entities.
  9. Create a Tanzu Kubernetes Cluster