This topic describes how to use the Tanzu Kubernetes Grid installer interface to deploy a management cluster to Amazon Elastic Compute Cloud (Amazon EC2). The Tanzu Kubernetes Grid installer interface guides you through the deployment of the management cluster, and provides different configurations for you to choose. If this is the first time that you are deploying a management cluster, it is recommended to use the installer interface.
t3.xlarge, see Amazon EC2 Instance Types.
The values that you set as environment variables in Deploy Management Clusters to Amazon EC2 are prepopulated in the relevant fields of the installer interface.
tkg init command takes time to complete. While
tkg init is running, do not run additional invocations of
tkg init on the same bootstrap machine to deploy multiple management clusters, run
tkg set management-cluster to change context, or edit
On the machine on which you downloaded and installed the Tanzu Kubernetes Grid CLI, run the
tkg init command with the
tkg init --ui
The installer interface launches in a browser and takes you through steps to configure the management cluster.
tkg init --uiwith the
–-browser noneoption described in Installer Interface Options below.
tkg init command uses and modifies settings in a cluster configuration file, which defaults to
$HOME/.tkg/config.yaml. The command may overwrite values from previous invocations of
tkg init unless you specify a file with a different name or location by using the
--config option. For more information, see Management Clusters and
config.yaml in the Manage Your Management Clusters topic.
tkg init --ui --config /path/my-config.yaml
By default Tanzu Kubernetes Grid saves the
kubeconfig for all management clusters in the
$HOME/.kube-tkg/config.yaml file. If you want to keep the
kubeconfig file for a management cluster separate from the
kubeconfig file for other management clusters, for example so that you can share it, specify the
tkg init --ui --kubeconfig /path/my-kubeconfig.yaml
--kubeconfig flag does not modify the location of the
kubeconfig file of the bootstrap cluster created by
kind. The default location of the
kubeconfig file for the temporary cluster is a uniquely generated filename under
$HOME/.kube-tkg/tmp/. If you want to use an existing bootstrap cluster to create a management cluster, see Use an Existing Boostrap Cluster.
When you run the
tkg init --ui command, it validates that your system meets the prerequisites:
tkg initand on the hypervisor.
tkg init --ui opens the installer interface locally, at http://127.0.0.1:8080 in your default browser. The Installer Interface Options section below explains how you can change where the installer interface runs, including running it on a different machine from the
Click the Deploy button for AWS EC2.
If this is the first time that you are deploying a management cluster using Tanzu Kubernetes Grid v1.2, select the Automate creation of AWS CloudFormation Stack checkbox and click Connect.
This CloudFormation stack provides the identity and access management (IAM) resources that Tanzu Kubernetes Grid needs to create management clusters and Tanzu Kubernetes clusters in Amazon EC2. The IAM resources are added to the control plane and node roles when they are created during cluster deployment.
You need to create only one CloudFormation stack per AWS account. The IAM resources that the CloudFormation stack provides are global, meaning they are not specific to any region. For more information about CloudFormation stacks, see Working with Stacks in the AWS documentation.
IMPORTANT: In Tanzu Kubernetes Grid v1.2 and later, the Automate creation of AWS CloudFormation Stack checkbox and the
tkg config permissions aws command replace the
clusterawsadm command line utility. For existing management and Tanzu Kubernetes clusters, initially deployed with v1.1.x or earlier, continue to use the CloudFormation stack that you created by running the
clusterawsadm alpha bootstrap create-stack command. If you want to use the same AWS account for your existing clusters and Tanzu Kubernetes Grid v1.2 and later, both stacks must be present in the account. For more information, see Prepare to Upgrade Clusters on Amazon EC2.
In the VPC for AWS section, do one of the following:
To create a new VPC, select Create new VPC on AWS, check that the pre-filled CIDR block is available, and click Next. If the recommended CIDR block is not available, enter a new IP range in CIDR format for the management cluster to use. The recommended CIDR block for VPC CIDR is 10.0.0.0/16.
To use an existing VPC, select Select an existing VPC and select the VPC ID from the drop-down menu. The VPC CIDR block is filled in automatically when you select the VPC.
In the Management Cluster Settings section, select the Development or Production tile.
In either of the Development or Production tiles, use the Instance type drop-down menu to select the configuration for the control plane node VM or VMs.
Select the size of instance to use for the control plane node VMs, depending on the expected workloads that you will run in the cluster. The drop-down menu lists choices alphabetically, not by size. For information about the configuration of the different sizes of instances, see Amazon EC2 Instance Types.
Optionally, enter a name for your management cluster.
If you do not specify a name, Tanzu Kubernetes Grid generates one automatically. If you do specify a name, that name must be compliant with DNS hostname requirements as outlined in RFC 952 and amended in RFC 1123.
Use the Worker Node Instance Type drop-down menu to select the VM instance type for the worker nodes for the management cluster.
Select an instance size for the worker nodes depending on the expected CPU, memory, and storage consumption of the workloads that the cluster will run. The drop-down menu lists choices alphabetically, not by size.
Optionally, disable the Bastion Host checkbox if a bastion host already exists in the availability zone(s) in which you are deploying the management cluster.
If you leave this option enabled, Tanzu Kubernetes Grid creates a bastion host for you.
Deselect the Machine Health Checks checkbox if you want to disable
MachineHealthCheck provides node health monitoring and node auto-repair on the clusters that you deploy with this management cluster. You can enable or disable
MachineHealthCheck on clusters after deployment by using the CLI. For instructions, see Configure Machine Health Checks for Tanzu Kubernetes Clusters.
From the Availability Zone 1 drop-down menu, select an availability zone for the management cluster. You can select only one availability zone in the Development tile. See the image below.
If you selected the Production tile above, use the Availability Zone 1, Availability Zone 2, and Availability Zone 3 drop-down menus to select three unique availability zones for the management cluster. When Tanzu Kubernetes Grid deploys the management cluster, which includes three control plane nodes, it distributes the control plane nodes across these availability zones.
To complete the configuration of the Management Cluster Settings section, do one of the following:
In the Metadata section, optionally provide descriptive information about this management cluster.
Any metadata that you specify here applies to the management cluster and to the Tanzu Kubernetes clusters that it manages, and can be accessed by using the cluster management tool of your choice.
release : beta,
environment : staging, or
environment : production. For more information, see Labels and Selectors in the Kubernetes documentation.
In the Kubernetes Network section, review the Cluster Service CIDR and Cluster Pod CIDR ranges. If the recommended CIDR ranges of
100.96.0.0/11 are unavailable, update the values under Cluster Service CIDR and Cluster Pod CIDR.
In the CEIP Participation section, optionally deselect the check box to opt out of the VMware Customer Experience Improvement Program.
You can also opt in or out of the program after the deployment of the management cluster. For information about the CEIP, see Opt in or Out of the VMware CEIP and https://www.vmware.com/solutions/trustvmware/ceip.html.
Click Review Configuration to see the details of the management cluster that you have configured.
When you click Review Configuration, Tanzu Kubernetes Grid populates the cluster configuration file,
.tkg/config.yaml by default, with the settings that you specified in the interface. You can optionally copy the cluster configuration file without completing the deployment. You can copy the cluster configuration file to another bootstrap machine and deploy the management cluster from that machine. For example, you might do this so that you can deploy the management cluster from a bootstrap machine that does not have a Web browser. In earlier versions of Tanzu Kubernetes Grid, the
.tkg/config.yaml file is populated when you deploy the management cluster.
(Optional) Under CLI Command Equivalent, click the Copy button to copy the CLI command for the configuration that you specified.
Copying the CLI command allows you to reuse the command at the command line to deploy management clusters with the configuration that you specified in the interface. This can be useful if you want to automate management cluster deployment.
Click Deploy Management Cluster and follow the progress of the deployment of the management cluster in the installer interface.
Deployment of the management cluster can take several minutes. The first run of
tkg init takes longer than subsequent runs because it has to pull the required Docker images into the image store on your bootstrap machine. Subsequent runs do not require this step, so are faster. You can follow the progress of the deployment of the management cluster in the installer interface or in the terminal in which you ran
tkg init --ui. If the machine on which you run
tkg init shuts down or restarts before the local operations finish, the deployment will fail. If you inadvertently close the browser or browser tab in which the deployment is running before it finishes, the deployment continues in the terminal.
tkg init --ui opens the installer interface locally, at http://127.0.0.1:8080 in your default browser. You can use the
--bind options to control where the installer interface runs:
--browserspecifies the local browser to open the interface in.
--bindto run the interface on a different machine, as described below.
--bindspecifies the IP address and port to serve the interface from.
Warning: Serving the installer interface from a non-default IP address and port could expose the
tkg CLI to a potential security risk while the interface is running. VMware recommends passing in to the
--bind option an IP and port on a secure network.
Use cases for
--bindto serve the interface from a different local port.
tkgCLI and create management clusters on a remote machine, and run the installer interface locally or elsewhere:
tkg init --uiwith the following options and values:
--bind: an IP address and port for the remote machine
tkg init --ui --bind 192.168.1.87:5555 --browser none
kubectlto the management cluster, and how to create namespaces see Examine the Management Cluster Deployment.