You can use the Tanzu CLI to deploy a management cluster to vSphere, Amazon Elastic Compute Cloud (Amazon EC2), and Microsoft Azure with a configuration that you specify in a YAML configuration file.
Before you can deploy a management cluster, you must make sure that your environment meets the requirements for the target infrastructure provider.
t3.large
or t3.xlarge
, see Amazon EC2 Instance Types.Before you deploy a management cluster to Amazon EC2 for the first time, you must create a CloudFormation stack for Tanzu Kubernetes Grid, tkg-cloud-vmware-com
, in your AWS account. This CloudFormation stack includes the identity and access management (IAM) resources that Tanzu Kubernetes Grid needs to create and run clusters on Amazon EC2. For more information, see Permissions Set by Tanzu Kubernetes Grid in Prepare to Deploy Management Clusters to Amazon EC2.
If you have already created the CloudFormation stack for Tanzu Kubernetes Grid in your AWS account, skip the rest of this procedure.
If you have not already created the CloudFormation stack for Tanzu Kubernetes Grid in your AWS account, ensure that AWS authentication variables are set either in the local environment or in your AWS default credential provider chain. For instructions, see Configure AWS Account Credentials and SSH Key.
If you have configured AWS credentials in multiple places, the credential settings used to create the CloudFormation stack are applied in the following order of precedence:
AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
, AWS_SESSION_TOKEN
and AWS_REGION
are applied first.AWS_SHARED_CREDENTIAL_FILE
. If this environment variable in not defined, the default location of $HOME/.aws/credentials
is used. If you use credential profiles, the command uses the profile name specified in the AWS_PROFILE
local environment configuration variable. If you do not specify a value for this variable, the profile named default
is used.For an example of how the default AWS credential provider chain is interpreted for Java apps, see Working with AWS Credentials in the AWS documentation.
Run the following command:
tanzu management-cluster permissions aws set
For more information about this command, run tanzu management-cluster permissions aws set --help
.
IMPORTANT: The tanzu management-cluster permissions aws set
command replaces the clusterawsadm
command line utility that existed in Tanzu Kubernetes Grid v1.1.x and earlier. For existing management and Tanzu Kubernetes clusters initially deployed with v1.1.x or earlier, continue to use the CloudFormation stack that was created by running the clusterawsadm alpha bootstrap create-stack
command. For Tanzu Kubernetes Grid v1.2 and later clusters, use the tkg-cloud-vmware-com
stack.
Standard_D2s_v3
or Standard_D4s_v3
, see Sizes for virtual machines in Azure.Before creating a management cluster using the Tanzu CLI, you must define its configuration in a YAML configuration file that provides the base configuration for the cluster. When you deploy the management cluster from the CLI, you specify this file by using the --file
option of the tanzu management-cluster create
command.
Running tanzu management-cluster create
command for the first time creates the ~/.tanzu/tkg
subdirectory that contains the Tanzu Kubernetes Grid configuration files.
If you have previously deployed a management cluster by running tanzu management-cluster create --ui
, the ~/.tanzu/tkg/clusterconfigs
directory contains management cluster configuration files with settings saved from each invocation of the installer interface. Depending the infrastructure on which you deployed the management cluster, you can use these files as templates for cluster configuration files for new deployments to the same infrastructure. Alternatively, you can create management cluster configuration files from the templates that are provided in this documentation.
VMware recommends using a dedicated configuration file for each management cluster, with configuration settings specific to a single infrastructure.
TKG_BOM_CUSTOM_IMAGE_TAG
Before you can deploy a management cluster, you must specify the correct BOM file to use as a local environment variable. In the event of a patch release to Tanzu Kubernetes Grid, the BOM file may require an update to coincide with updated base image files.
Note For more information about recent security patch updates to VMware Tanzu Kubernetes Grid v1.3, see the VMware Tanzu Kubernetes Grid v1.3.1 Release Notes and this Knowledgebase Article.
On the machine where you run the Tanzu CLI, perform the following steps:
Remove any existing BOM data.
rm -rf ~/.tanzu/tkg/bom
Specify the updated BOM to use by setting the following variable.
export TKG_BOM_CUSTOM_IMAGE_TAG="v1.3.1-patch1"
Run tanzu management-cluster create
command with no additional parameters.
tanzu management-cluster create
This command produces an error but results in the BOM files being downloaded to ~/.tanzu/tkg/bom
.
tanzu management-cluster create
CommandAfter you have created or updated the cluster configuration file and downloaded the most recent BOM, you can deploy a management cluster by running the tanzu management-cluster create --file CONFIG-FILE
command, where CONFIG-FILE
is the name of the configuration file. If your configuration file is the default ~/.tanzu/tkg/cluster-config.yaml
, you can omit the --file
option.
Warning: The tanzu management-cluster create
command takes time to complete. While tanzu management-cluster create
is running, do not run additional invocations of tanzu management-cluster create
on the same bootstrap machine to deploy multiple management clusters, change context, or edit ~/.kube-tkg/config
.
To deploy a management cluster, run the tanzu management-cluster create
command. For example:
tanzu management-cluster create --file path/to/cluster-config-file.yaml
When you run tanzu management-cluster create
, the command performs several validation checks before deploying the management cluster. The checks are different depending on the infrastructure to which you are deploying the management cluster.
vSphere
The command verifies that the target vSphere infrastructure meets the following requirements:
Amazon EC2
The command verifies that the target Amazon EC2 infrastructure meets the following requirements:
Azure
The command verifies that the target Azure infrastructure meets the following requirements:
If any of these conditions are not met, the tanzu management-cluster create
command fails.
When you run tanzu management-cluster create
, you can follow the progress of the deployment of the management cluster in the terminal. The first run of tanzu management-cluster create
takes longer than subsequent runs because it has to pull the required Docker images into the image store on your bootstrap machine. Subsequent runs do not require this step, so are faster.
If tanzu management-cluster create
fails before the management cluster deploys, you should clean up artifacts on your bootstrap machine before you re-run tanzu management-cluster create
. See the Troubleshooting Tips topic for details. If the machine on which you run tanzu management-cluster create
shuts down or restarts before the local operations finish, the deployment will fail.
If the deployment succeeds, you see a confirmation message in the terminal:
Management cluster created! You can now create your first workload cluster by running tanzu cluster create [name] -f [file]
kubectl
to the management cluster, and how to create namespaces see Examine the Management Cluster Deployment.