check-circle-line exclamation-circle-line close-line

<

Before you can use the Tanzu Kubernetes Grid CLI or installer interface to deploy a management cluster, you must prepare your vSphere environment. You must make sure that vSphere meets the general requirements, and import the base OS templates from which Tanzu Kubernetes Grid creates node VMs.

General Requirements

  • Perform the steps described in Download and Install the Tanzu Kubernetes Grid CLI.
  • You have a vSphere 6.7u3 with an Enterprise Plus license.

    If you have vSphere 7.0, see Deploying Management Clusters on vSphere 7.0 below.

  • Your vSphere instance has the following objects in place:

    • Either a standalone host or a vSphere cluster with at least two hosts
    • If you are deploying to a cluster, ideally vSphere DRS is enabled
    • Optionally, a resource pool in which to deploy the Tanzu Kubernetes Grid Instance
    • A VM folder in which to collect the Tanzu Kubernetes Grid VMs
    • A datastore with sufficient capacity for the control plane and worker node VM files
    • A network with a DHCP server to which to connect the cluster node VMs that Tanzu Kubernetes Grid deploys. The node VMs must be able to connect to vSphere.

      NOTE: If you intend to deploy multiple Tanzu Kubernetes Grid instances to this vSphere instance, create a dedicated resource pool, VM folder, and network for each instance that you deploy.

  • Traffic to vCenter Server is allowed from the network on which clusters will run
  • The Network Time Protocol (NTP) service is running on all hosts, and the hosts are running on UTC. To check the time settings on hosts, perform the following steps:
    • Use SSH to log in to the ESXi host.
    • Run the date command to see the timezone settings.
    • If the timezone is incorrect, run esxcli system time set.
  • You have a vSphere account that has at least the permissions described in Required Permissions for the vSphere Account.

Deploying Management Clusters on vSphere 7.0

If you have vSphere 7.0 and the vSphere with Kubernetes feature is enabled, the built-in Supervisor Cluster that vSphere with Kubernetes provides performs the same role as the Tanzu Kubernetes Grid management cluster. You do not need to deploy a management cluster in this case, and the Tanzu Kubernetes Grid installer prevents you from doing so. You can use the Tanzu Kubernetes Grid CLI to connect to the Supervisor Cluster and deploy and manage Tanzu Kubernetes clusters in vSphere 7.0. This allows you to use the same Tanzu Kubernetes Grid CLI instance to manage clusters across Amazon EC2, vSphere 6.7u3, and vSphere with Kubernetes instances. For more information, see Deploying Tanzu Kubernetes Clusters on vSphere 7.0 below.

If the vSphere with Kubernetes feature is not enabled, you can deploy a Tanzu Kubernetes Grid management cluster to vSphere 7.0. However, for the best experience of Kubernetes on vSphere 7.0, you should enable the vSphere with Kubernetes feature and use the built-in Supervisor Cluster, rather than a Tanzu Kubernetes Grid management cluster. For information about the vSphere with Kubernetes feature in vSphere 7.0, see vSphere with Kubernetes Configuration and Management in the vSphere 7.0 documentation.

Deploying Tanzu Kubernetes Clusters on vSphere 7.0

You do not need to deploy Tanzu Kubernetes Grid management clusters to vSphere 7.0 when the vSphere with Kubernetes feature is enabled, because you can connect the Tanzu Kubernetes Grid CLI to a vSphere with Kubernetes Supervisor Cluster. You can then use the Tanzu Kubernetes Grid CLI to deploy Tanzu Kubernetes clusters to vSphere with Kubernetes. For information about how to deploy Tanzu Kubernetes clusters to vSphere 7.0, see Use the Tanzu Kubernetes Grid CLI with a vSphere with Kubernetes Supervisor Cluster.

If you have vSphere 7.0 and the vSphere with Kubernetes feature is not enabled, it is possible to deploy a management cluster to vSphere 7.0 and use the Tanzu Kubernetes Grid CLI to deploy Tanzu Kubernetes clusters, in the same way as for vSphere 6.7u3.

Required Permissions for the vSphere Account

The vCenter Single Sign On account that you provide to Tanzu Kubernetes Grid when you deploy a management cluster must have at the correct permissions in order to perform the required operations in vSphere.

It is not recommended to provide a vSphere administrator account to Tanzu Kubernetes Grid, because this provides Tanzu Kubernetes Grid with far greater permissions than it needs. The best way to assign permissions to Tanzu Kubernetes Grid is to create a role and a user account, and then to grant that user account that role on vSphere objects.

NOTE: If you are deploying Tanzu Kubernetes clusters to vSphere 7 with Kubernetes, you must set additional permissions to those required by vSphere 6.7u3.

  1. In the vSphere Client, go to Administration > Access Control > Roles, and create a new role, for example TKG, with the following permissions.


    vSphere Object Required Permission
    Datastore Allocate space
    Datastore consumer
    Global Cloud Admin (vSphere 7 with Kubernetes only)
    Network Assign network
    Resource Assign virtual machine to resource pool
    Sessions Message
    Validate session
    vApp Import
    Virtual machine Configuration > Add new disk
    Configuration > Add existing disk
    Configuration > Advanced configuration
    Configuration > Change CPU count
    Configuration > Change Memory
    Configuration > Change Settings
    Configuration > Configure Raw device
    Interaction > Power On
    Interaction > Power Off
    Inventory > Create from existing
    Inventory > Remove
    Provisioning > Deploy template

  2. In Administration > Single Sign On > Users and Groups, create a new user account in the appropriate domain, for example tkg-user.
  3. In the Hosts and Clusters view, right-click the objects that your Tanzu Kubernetes Grid deployment will use, select Add Permission, and assign the tkg-user to those objects with the TKG role.

    • Datacenters or datacenter folders
    • Datastores or datastore folders
    • Hosts, clusters, or resource pools
    • Networks to which clusters will be assigned
    • VM and Template folders

Create an SSH Key Pair

In order for Tanzu Kubernetes Grid VMs to run tasks in vSphere, you must provide the public key part of an SSH key pair to Tanzu Kubernetes Grid when you deploy the management cluster. You can use a tool such as ssh-keygen to generate a key pair.

  1. On the machine on which you will run the Tanzu Kubernetes Grid CLI, run the following ssh-keygen command.

    ssh-keygen -t rsa -b 4096 -C "email@example.com"

  2. At the prompt Enter file in which to save the key (/root/.ssh/id_rsa): press Enter to accept the default.
  3. Enter and repeat a password for the key pair.
  4. Add the private key to the SSH agent running on your machine, and enter the password you created in the previous step.

    ssh-add ~/.ssh/id_rsa
    
  5. Open the file .ssh/id_rsa.pub in a text editor so that you can easily copy and paste it when you deploy a management cluster.

Import the Base OS Image Template into vSphere

Before you can deploy a Tanzu Kubernetes Grid management cluster or Tanzu Kubernetes clusters to vSphere, you must provide a base OS image template to vSphere. Tanzu Kubernetes Grid creates the management cluster and Tanzu Kubernetes cluster node VMs from this template. Tanzu Kubernetes Grid provides a base OS image template in OVA format for you to import into vSphere. After importing the OVA, you must convert the resulting VM into a VM template. The base OS image template includes the version of Kubernetes that Tanzu Kubernetes Grid uses to create clusters.

NOTE: Tanzu Kubernetes Grid 1.1.3 adds support for Kubernetes v1.18.6 and v1.17.9. You can also use Tanzu Kubernetes Grid 1.1.3 to deploy clusters that run Kubernetes versions that were supported in previous releases of Tanzu Kubernetes Grid. If you want to deploy clusters with older versions of Kubernetes, either install or retain in your vSphere inventory the versions of the base OS image templates from the previous Tanzu Kubernetes Grid releases, alongside the new Kubernetes templates for this release. For information about the versions of Kubernetes that each Tanzu Kubernetes Grid release supports, see the release notes for that release.

  1. Go to https://www.vmware.com/go/get-tkg and log in with your My VMware credentials.
  2. Download the Tanzu Kubernetes Grid OVAs for node VMs.

    • Kubernetes 1.18.6: Photon v3 Kubernetes 1.18.6 OVA
    • Kubernetes 1.17.9: Photon v3 Kubernetes 1.17.9 OVA

    If you want to use Tanzu Kubernetes Grid 1.1.3 to deploy Kubernetes clusters with older versions as well as Kubernetes v1.18.6 and v1.17.9 clusters, after downloading the OVAs above, select version 1.1.2, 1.1.0, or 1.0.0 in the downloads page, and download the Photon v3 Kubernetes OVAs for those releases.

  3. In the vSphere Client, right-click an object in the vCenter Server inventory, select Deploy OVF template.
  4. Select Local file, click the button to upload files, and navigate to the downloaded OVA file on your local machine.
  5. Follow the installer prompts to deploy a VM from the OVA temaplate.

    • Accept or modify the appliance name
    • Select the destination datacenter or folder
    • Select the destination host, cluster, or resource pool
    • Accept the end user license agreements (EULA)
    • Select the disk format and destination datastore
    • Select the network for the VM to connect to

    NOTE: If you select thick provisioning as the disk format, when Tanzu Kubernetes Grid creates cluster node VMs from the template, the full size of each node's disk will be reserved. This can rapidly consume storage if you deploy many clusters or clusters with many nodes. However, if you select thin provisioning, as you deploy clusters this can give a false impression of the amount of storage that is available. If you select thin provisioning, there might be enough storage available at the time that you deploy clusters, but storage might run out as the clusters run and accumulate data.

  6. Click Finish to deploy the VM.
  7. When the OVA deployment finishes, right-click the VM and select Template > Convert to Template.

    NOTE: Do not power on the VM before you convert it to a template.

  8. In the VMs and Templates view, right-click the new template, select Add Permission, and assign the tkg-user to the template with the TKG role.

    For information about how to create the user and role for Tanzu Kubernetes Grid, see Required Permissions for the vSphere Account above.

Repeat the procedure for each of the Kubernetes versions for which you downloaded the OVA file.

Import the API Server Load Balancer into vSphere

You must also provide an API server load balancer to vSphere as a VM template. The API server load balancer is provided as an OVA file, Photon v3 capv haproxy v1.2.4 OVA. Tanzu Kubernetes Grid versions 1.1.0, 1.1.2, and 1.1.3 use the same version of the API server load balancer OVA.

The procedure to upload the API server load balancer OVA to vSphere is identical to that for base OS image OVA files. Import the photon-3-haproxy-v1.2.4-vmware.1.ova file into vSphere, convert the resulting VM to a VM template, and assign the tkg-user account to the template with the TKG role.

What to Do Next

If you are using Tanzu Kubernetes Grid in an environment with an external internet connection, you are now ready to deploy Tanzu Kubernetes Grid management clusters to vSphere.