VMware Cloud on Dell EMC automates the deployment and configuration of Tanzu. After you enable Tanzu on VMware Cloud on Dell EMC, the supervisor control plane VMs are automatically deployed based on the parameters, such as Workload Control Plane, Namespace Segments, and Tier-1 Gateways.
Tanzu Administration in VMware Cloud on Dell EMC
Tanzu Kubernetes Grid in your VMware Cloud on Dell EMC SDDC is similar to TKG on-premises with NSX-T network. However, some vSphere and Tanzu components are managed by VMware and therefore, a few of the on-premises administrative workflows aren't required for Tanzu in VMware Cloud on Dell EMC.
- VMware Cloud on Dell EMC users don't have physical access to access ESXi host hardware and cannot log in to the ESXi host operating system. Procedures that require this kind of access are performed by VMware staff.
- Global Permissions are not replicated from your on-premises vCenter Server and the vCenter Server in your SDDC. Global permissions do not apply to objects that VMware manages for you, like SDDC hosts and datastores.
- VMware Cloud on Dell EMC users don’t have access to the supervisor clusters that are deployed in the management cluster after activating Tanzu.
- In VMware Cloud on Dell EMC, the Tanzu workload control plane can be activated only through the VMware Cloud on Dell EMC console.
In addition to the high-level differences we've noted, many topics in the VMware Tanzu Documentation are written specifically for on-premises users, and don't include some of the information you need when using Tanzu Kubernetes Grid in VMware Cloud on Dell EMC.
Table 1. Topic Content Differences Between On-Premises and SDDC Tanzu Topic Content Highlights Tanzu Kubernetes Grid for VMware Cloud on Dell EMC is pre-provisioned with a VMC-specific content library that you cannot modify. vSphere with Tanzu User Roles and Workflows The vCenter Server in your SDDC includes a predefined CloudAdmin role that is not present in your on-premises vCenter. This role has privileges required to create and manage workloads on your SDDC, but does not allow access to SDDC management components that are supported and managed by VMware, such as hosts, clusters, and management virtual machines. Deploying Workloads to vSphere Pods Tanzu Kubernetes Grid for VMware Cloud on Dell EMC does not support vSphere Pods. vSphere namespaces for Kubernetes releases are configured automatically during Tanzu Kubernetes Grid activation. Workflow for Provisioning Tanzu Kubernetes Clusters Step 10 of this procedure, "Monitor the deployment of cluster nodes using the vSphere Client", does not apply to Tanzu Kubernetes Grid for VMware Cloud on Dell EMC. Virtual Machine Classes for Tanzu Kubernetes Clusters In Tanzu Kubernetes Grid for VMware Cloud on Dell EMC, the VM Service allows probe definitions only for port 6443.
The Workload Control Plane, Namespace Segments, and Tier-1 Gateways
Each Tanzu namespace requires an SDDC network segment. To preserve isolation between namespaces, the workload control plane creates a Tier 1 router in your SDDC network for each Tanzu namespace you create. These routers, which are listed in the Tier-1 Gateways page of the SDDC Networking & Security tab handle east-west traffic between containers connected to the namespace segment, and route north-south traffic through namespace egress and ingress points. They function much like the Compute Gateway (CGW) in your SDDC, but unlike the CGW, which is created as part of the SDDC and persists for the life of the SDDC, these per-namespace tier-1 gateways are created and destroyed along with the Tanzu namespaces they support.
How Tanzu Activation Affects an SDDC Network
When you activate Tanzu Kubernetes Grid in a VMware Cloud on Dell EMC SDDC, the system creates several additional Tier 1 routers for use by the Workload Control Plane. After activation, vSphere creates additional Tier 1 routers for each Tanzu namespace you create.