Tanzu Kubernetes Grid runs on two Management as a Service (MaaS) products that provide a vSphere interface and environment to public cloud infrastructures: VMware Cloud on AWS and Azure VMware Solution.

This topic explains how to prepare these services and use them to create a bootstrap machine for deploying Tanzu Kubernetes Grid. For both VMware Cloud on AWS and Azure VMware Solution, the bootstrap machine is not a local physical machine, but is instead a cloud VM jumpbox that connects vSphere with its underlying infrastructure.

Preparing VMware Cloud on AWS

To run Tanzu Kubernetes Grid on VMware Cloud on AWS, set up a Software-Defined Datacenter (SDDC) and create a bootstrap VM as follows. The bootstrap machine is a VM managed through vCenter:

  1. Log into the VMC Console and create a new SDDC by following the procedure Deploy an SDDC from the VMC Console in the VMware Cloud on AWS documentation.

    • After you click Deploy SDDC, the SDDC creation process typically takes 2-3 hours.
  2. Once the SDDC is created, open its pane in the VMC Console and click Networking & Security > Network > Segments.

  3. The Segment List shows sddc-cgw-network-1 with a subnet CIDR of 192.168.1.1/24, giving 256 addresses. If you need more internal IP addresses, you can:

    • Open sddc-cgw-network-1 and modify its subnet CIDR to something broader, like 192.168.1.1/20.
    • Click Add Segment and create another network segment with a different subnet. Make sure then new subnet CIDR does not overlap with sddc-cgw-network-1 or any other existing segments.
  4. Open sddc-cgw-network-1 and any other network segments. For each segment, click Edit DHCP Config. A Set DHCP Config pane appears.

  5. In the Set DHCP Config pane:

    • Set DHCP Config to Enabled.
    • Set DHCP Ranges to an IP address range or CIDR within the segment's subnet, but that leaves a pool of addresses free to serve as static IP addresses for Tanzu Kubernetes clusters. Each management cluster and workload cluster that Tanzu Kubernetes Grid creates will require a unique static IP address from this pool.
  6. To enable access to vCenter, add a firewall rule or set up a VPN, following the Connect to vCenter Server instructions in the VMware Cloud on AWS documentation.

  7. To confirm access to vCenter, click OPEN VCENTER at upper-right in the SDDC pane. The vCenter client should appear.

  8. From the vCenter portal, deploy your bootstrap machine and enable access to it following Deploy Workload VMs in the VMware Cloud on AWS documentation.

    • You can log into the bootstrap machine by clicking Launch Web Console on its vCenter summary pane.
    • (Optional) If you want to ssh into the bootstrap machine, in addition to using the web console within vCenter, see Set Up a VMware Cloud Bootstrap Machine for ssh, below.
  9. When installing the Tanzu Kubernetes Grid CLI, deploying management clusters, and performing other operations, follow the instructions for vSphere, not the instructions for Amazon EC2.

Set Up a VMware Cloud Bootstrap Machine for ssh

To set up your bootstrap machine for access via ssh, follow these procedures in the VMware Cloud for AWS documentation:

  1. Assign a Public IP Address to a VM to request a public IP address for the bootstrap machine.

  2. Create or Modify NAT Rules to create a NAT rule for the bootstrap machine, configured with:

    • Public IP: The public IP address requested above.
    • Internal IP: The IP address of the bootstrap machine. Can be either a static or DHCP IP.
  3. The Procedure in Add or Modify Compute Gateway Firewall Rules to add a compute gateway rule allowing access to the VM.

Preparing Azure VMware Solution on Microsoft Azure

To run Tanzu Kubernetes Grid on Azure VMware Solution (AVS), set up AVS and its Windows 10 jumphost as follows. The jumphost serves as the bootstrap machine for Tanzu Kubernetes Grid:

  1. Log into NSX-T Manager as admin.

  2. Under Networking > Connectivity > Segments, click Add Segment, and configure the new segment with:

    • Segment Name: An identifiable name, like avs_tkg
    • Connected Gateway: The Tier-1 gateway that was predefined as part of your AVS account
    • Subnets: A subnet such as 192.168.20.1/24
    • DHCP Config > DHCP Range: An address range or CIDR within the subnet, for example 192.168.20.10-192.168.20.100. This range must exclude a pool of subnet addresses that DHCP cannot assign, leaving them free to serve as static IP addresses for Tanzu Kubernetes clusters.
      Each management cluster and workload cluster that Tanzu Kubernetes Grid creates will require a unique static IP address from the pool outside of this DHCP range.

    Note: After you create the segment, it should be visible in vCenter.

  3. Under Networking > IP Management > DHCP, click

  4. From the IP Management > DHCP pane, click Add Server, and configure the new DHCP server with:

    • Server Name: An identifiable name, like avs_tkg_dhcp
    • Server IP Address: A range that does not overlap with the subnet of the segment created above, for example 192.168.30.1/24.
    • Lease Time: 5400 seconds; shorter than the default interval, to release IP addresses sooner
  5. Under Networking > Connectivity > Tier-1 Gateways, open the predefined gateway.

  6. Click the Tier-1 gateway's IP Address Management setting and associate it with the DHCP server created above.

  7. When installing the Tanzu Kubernetes Grid CLI, deploying management clusters, and performing other operations, follow the instructions for vSphere, not the instructions for Azure. Configure the management cluster with:

    • Kubernetes Network Settings > Network Name: The name of the new segment.
    • Management Cluster Settings > Virtual IP Address The IP address range of the new segment.

What to Do Next

Your infrastructure and bootstrap machine are ready for you to deploy the Tanzu Kubernetes Grid CLI. See Install the Tanzu Kubernetes Grid CLI for instructions, and then proceed to Deploy Management Clusters on vSphere.

check-circle-line exclamation-circle-line close-line
Scroll to top icon