This topic describes how to deploy the VMware Tanzu Kubernetes Grid Integrated Edition Management Console (TKGI MC) from an OVA template.
To upgrade an existing TKGI MC installation, see Upgrade Tanzu Kubernetes Grid Integrated Edition Management Console.
To deploy the TKGI Management Console:
Complete the following before deploying the TKGI Management Console:
To deploy the Tanzu Kubernetes Grid Integrated Edition Management Console to vSphere:
Important: If you intend to deploy Tanzu Kubernetes Grid Integrated Edition in a bring your own topology NSX-T Data Center environment, do not use the network on which you deploy the Tanzu Kubernetes Grid Integrated Edition Management Console VM as the network for the management plane when you deploy Tanzu Kubernetes Grid Integrated Edition. Using the same network for the management console VM and the management plane requires additional NSX-T Data Center configuration and is not recommended.
On the Customize template page, expand Appliance Configuration.
Note: If you uncheck the check box, you can permit root login later by editing the settings of the management console VM.
The root password is the only mandatory option. If you want to use auto-generated certificates, DHCP networking, and you do not want to integrate with VMware vRealize Log Insight, click Next to start the OVA deployment. Otherwise, complete the remaining steps in this procedure.
Configure the management console VM certificate, that is used by all of the services that run in the management console VM to authenticate connections.
To use auto-generated, self-signed certificates, leave the Appliance TLS Certificate, Appliance TLS Certificate Key, and Certificate Authority Certificate text boxes blank.
To use a custom certificate:
Paste the contents of the server certificate PEM file in the Appliance TLS Certificate text box.
-----BEGIN CERTIFICATE-----
appliance_certificate_contents
-----END CERTIFICATE-----
Paste the contents of the certificate key in the Appliance TLS Certificate Key text box. The management console VM supports unencrypted PEM encoded formats for TLS private keys.
-----BEGIN PRIVATE KEY-----
appliance_private_key_contents
-----END PRIVATE KEY-----
Paste the contents of the Certificate Authority (CA) file in the Certificate Authority Certificate text box.
-----BEGIN CERTIFICATE-----
root_CA_certificate_contents
-----END CERTIFICATE-----
To use a certificate that uses a chain of intermediate CAs, paste into the Certificate Authority Certificate text box the contents of a certificate chain PEM file. The PEM file must include a chain of the intermediate CAs all the way down to the root CA.
-----BEGIN CERTIFICATE-----
intermediate_CA_certificate_contents
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate_CA_certificate_contents
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
root_CA_certificate_contents
-----END CERTIFICATE-----
Expand Networking Properties and optionally configure the networking for the management console VM.
To use DHCP, leave these properties blank.
If necessary, update Docker Container Network Subnet and Docker Container Network Gateway.
Services in the management console VM are deployed as Docker containers on a Docker bridge network.
Warning: If the default subnet CIDR 172.18.0.0/16 and gateway address 172.18.0.1 for this bridge network conflict with existing networks, you must update these values.
Use the Recent Tasks panel at the bottom of the vSphere Client to check the status of the OVA import and deployment of the management console VM. The management console VM takes a few minutes to deploy.
If the management console VM fails to deploy, see Troubleshooting.
When the OVA deployment has completed successfully, you can access the TKGI Management Console.
To start and access the TKGI Management Console:
root
and the root password that you set when you deployed the OVA template.
You can now use Tanzu Kubernetes Grid Integrated Edition Management Console to deploy or upgrade Tanzu Kubernetes Grid Integrated Edition instances, either by using the configuration wizard or by importing an existing YAML configuration file.