You can use the Tanzu CLI to deploy a management cluster to vSphere, Amazon Elastic Compute Cloud (Amazon EC2), and Microsoft Azure with a configuration that you specify in a YAML configuration file.


Before you can deploy a management cluster, you must make sure that your environment meets the requirements for the target infrastructure provider.

General Prerequisites

vSphere Prerequisites

Amazon EC2 Prerequisites

Microsoft Azure Prerequisites

Create the Cluster Configuration File

Before creating a management cluster using the Tanzu CLI, you must define its configuration in a YAML configuration file that provides the base configuration for the cluster. When you deploy the management cluster from the CLI, you specify this file by using the --file option of the tanzu management-cluster create command.

Running tanzu management-cluster create command for the first time creates the ~/.tanzu/tkg subdirectory that contains the Tanzu Kubernetes Grid configuration files.

If you have previously deployed a management cluster by running tanzu management-cluster create --ui, the ~/.tanzu/tkg/clusterconfigs directory contains management cluster configuration files with settings saved from each invocation of the installer interface. Depending the infrastructure on which you deployed the management cluster, you can use these files as templates for cluster configuration files for new deployments to the same infrastructure. Alternatively, you can create management cluster configuration files from the templates that are provided in this documentation.

VMware recommends using a dedicated configuration file for each management cluster, with configuration settings specific to a single infrastructure.

Run the tanzu management-cluster create Command

After you have created or updated the cluster configuration file, you deploy a management cluster by running the tanzu management-cluster create --file CONFIG-FILE command, where CONFIG-FILE is the name of the configuration file. If your configuration file is the default ~/.tanzu/tkg/cluster-config.yaml, you can omit the --file option.

Warning: The tanzu management-cluster create command takes time to complete. While tanzu management-cluster create is running, do not run additional invocations of tanzu management-cluster create on the same bootstrap machine to deploy multiple management clusters, change context, or edit ~/.kube-tkg/config.

To deploy a management cluster, run the tanzu management-cluster create command. For example:

tanzu management-cluster create --file path/to/cluster-config-file.yaml

Validation Checks

When you run tanzu management-cluster create, the command performs several validation checks before deploying the management cluster. The checks are different depending on the infrastructure to which you are deploying the management cluster.

  • vSphere

    The command verifies that the target vSphere infrastructure meets the following requirements:

    • The vSphere credentials that you provided are valid.
    • Nodes meet the minimum size requirements.
    • Base image template exists in vSphere and is valid for the specified Kubernetes version.
    • Required resources including the resource pool, datastore, and folder exist in vSphere.
  • Amazon EC2

    The command verifies that the target Amazon EC2 infrastructure meets the following requirements:

    • The AWS credentials that you provided are valid.
    • Cloud Formation stack exists.
    • Node Instance type is supported.
    • Region and AZ match.
  • Azure

    The command verifies that the target Azure infrastructure meets the following requirements:

    • The Azure credentials that you provided are valid.
    • The public SSH key is encoded in base64 format.
    • The node instance type is supported.

If any of these conditions are not met, the tanzu management-cluster create command fails.

Monitoring Progress

When you run tanzu management-cluster create, you can follow the progress of the deployment of the management cluster in the terminal. The first run of tanzu management-cluster create takes longer than subsequent runs because it has to pull the required Docker images into the image store on your bootstrap machine. Subsequent runs do not require this step, so are faster.

If tanzu management-cluster create fails before the management cluster deploys, you should clean up artifacts on your bootstrap machine before you re-run tanzu management-cluster create. See the Troubleshooting Tips topic for details. If the machine on which you run tanzu management-cluster create shuts down or restarts before the local operations finish, the deployment will fail.

If the deployment succeeds, you see a confirmation message in the terminal:

Management cluster created! You can now create your first workload cluster by running tanzu cluster create [name] -f [file]

What to Do Next

  • If you enabled identity management on the management cluster, you must perform post-deployment configuration steps to allow users to access the management cluster. For more information, see Configure Identity Management After Management Cluster Deployment.
  • For information about what happened during the deployment of the management cluster, how to connect kubectl to the management cluster, and how to create namespaces see Examine the Management Cluster Deployment.
  • If you need to deploy more than one management cluster, on any or all of vSphere, Azure, and Amazon EC2, see Manage Your Management Clusters. This topic also provides information about how to add existing management clusters to your CLI instance, obtain credentials, scale and delete management clusters, add namespaces, and how to opt in or out of the CEIP.
check-circle-line exclamation-circle-line close-line
Scroll to top icon