Activating Tanzu Kubernetes Grid in a cluster in your SDDC configures cluster storage and compute resources and SDDC networking for use with Tanzu services.

You can start from the Inventory view or the Launchpad, or from any cluster card in the details view of an SDDC.


You must be logged in to the VMware Cloud Console at as a user with a VMware Cloud Services Service Role of Administrator or Administrator (Delete Restricted).

You can activate Tanzu Kubernetes Grid in any SDDC at version 1.16 and later. Activation is a per-cluster workflow that you can initiate in any conventional cluster that was created at SDDC version 1.16 or later, has at least 112 GB of available memory, and has sufficient free resources to support 16 vCPUs. In a medium SDDC configuration, a cluster requires a minimum of three hosts to qualify for activation. In a large configuration, this minimum rises to four hosts. Stretched clusters are not supported.

If you want to enable Tanzu Kubernetes Grid on additional clusters, remember that three-host clusters must have the default core count (16) to ensure adequate failover capacity. Clusters with four or more hosts can have a reduced core count. See Add a Cluster.


Transient activities that affect cluster resource consumption can cause the cluster eligibility test to fail. The best practice is to avoid activating Tanzu Kubernetes Grid on any cluster that is the source or destination of a VMware HCX migration.

Before you can use Tanzu Kubernetes Grid in your SDDC, you must be able to open the SDDC vCenter (see Connect to vCenter Server in the VMware Cloud on AWS Getting Started guide. Many common Tanzu Kubernetes Grid workflows require connectivity between your on-premises data center and your SDDC, as detailed in Configure SDDC Networking and Security.

To activate Tanzu Kubernetes Grid, you must define several CIDR blocks for the Tanzu workload control plane. Those CIDR blocks cannot overlap existing ones assigned to the SDDC Management or Compute networks or your on-premises networks, and cannot be changed after activation, so you'll need to have a list of those CIDR blocks handy during this procedure.


  1. Log in to the VMware Cloud Console at
  2. Select one or more SDDCs for Tanzu Kubernetes Grid activation.
    To start from the Launchpad:
    From the Launchpad, click Kubernetes in the Solutions column, then click Learn More and Get Started to open the Get started with Tanzu Kubernetes Grid view displaying a list of all SDDCs in your organization that are eligible for Tanzu Kubernetes Grid activation. Select one or more SDDCs in this list and click NEXT.
    To start from the Inventory view:
    From the Inventory page, click SDDCs, then select an SDDC and click VIEW DETAILS.
  3. Activate Tanzu Kubernetes Grid for a cluster.
    On the cluster card, click ACTIONS and select Activate Tanzu Kubernetes Grid. VMware Cloud on AWS checks cluster resources to be sure that they meet requirements for activating Tanzu Kubernetes Grid, then prompts you to configure workload management networking.
  4. Configure the Workload Management Network.
    See The Workload Control Plane, Namespace Segments, and Tier-1 Gateways for more about how Tanzu Kubernetes Grid configures and uses SDDC networks.
    1. Specify workload network CIDR blocks for this cluster.
      CIDR blocks of size 16, 20, 23, or 26 are supported, and must be in one of the "private address space" blocks defined by RFC 1918 (,, or For each CIDR block, specify a range of IP addresses that does not overlap with:
      • the SDDC Management or Compute networks
      • your on-premises network
      • any CIDR block you specify in this cluster
      • any CIDR block you specify in another cluster in this SDDC
      For a complete list of IPv4 addresses reserved by VMware Cloud on AWS, see Reserved Network Addresses in the VMware Cloud on AWS Networking and Security guide. These CIDR blocks cannot be changed after you activate Tanzu Kubernetes Grid.
      Service CIDR
      This block of addresses is allocated to Tanzu supervisor services for the cluster. You can use the default CIDR block ( or pick another one, but a span of at least /24 is required.
      Namespace Network CIDR
      This block of addresses is allocated to namespace segments. It should have a span of at least /23 to provide adequate capacity for Tanzu Kubernetes Grid workloads in the cluster. Consider a span of /16 or /12.
      Ingress CIDR
      This block of addresses is allocated to receive inbound traffic through load-balancers to containers. The system allocates a destination NAT (DNAT) address from this pool for each namespace in the cluster, so a span of /23 or /26 should be adequate.
      Egress CIDR
      This block of addresses is allocated to outbound traffic from containers and guest clusters. The system allocates a source NAT (SNAT) IP address from this pool for each namespace in the cluster, so a span of /23 or /26 should be adequate.
    2. Click VALIDATE AND PROCEED to validate the CIDR blocks you have specified.

      You can't change workload network CIDR blocks after activation is complete for a cluster, so the system must validate the ranges you've specified before activation can proceed. Network range validation can take up to 15 seconds.

  5. Review and activate.
    Upon successful Network range validation, the system displays cluster and workload management network details. Click ACTIVATE TANZU KUBERNETES GRID to create these clusters and allocate the CIDR blocks. The SDDC Summary page shows that Tanzu Kubernetes Grid is Activating. The system displays a status message showing the cluster names and the time that activation started. When activation completes, the SDDC Summary page shows that Tanzu Kubernetes Grid is Activated.

What to do next

After activation completes, open the Workload Management page of the vSphere Client. The new Tanzu Kubernetes Grid cluster is listed in the Clusters tab. The Namespaces tab lists the next steps you can take. One of the first steps you should consider is to register this cluster with Tanzu Mission Control. For help configuring and using a newly-activated Tanzu Kubernetes Grid cluster, start with these pages from Installing and Configuring vSphere with Tanzu: