During the deployment of the management cluster, either from the installer interface or the CLI, Tanzu Kubernetes Grid creates a temporary management cluster using a Kubernetes in Docker,
kind, cluster on the bootstrap machine. Then, Tanzu Kubernetes Grid uses it to provision the final management cluster on the platform of your choice, depending on whether you are deploying to vSphere, Amazon EC2, or Microsoft Azure. After the deployment of the management cluster finishes successfully, Tanzu Kubernetes Grid deletes the temporary
When Tanzu Kubernetes Grid creates a management cluster for the first time, it also creates a folder
~/.tanzu/tkg/providers that contains all of the files required by Cluster API to create the management cluster.
The Tanzu Kubernetes Grid installer interface saves the settings for the management cluster that it creates into a cluster configuration file
UNIQUE-ID is a generated filename.
IMPORTANT: By default, unless you set the
KUBECONFIG environment variable to save the
kubeconfig for a cluster to a specific file, all clusters that you deploy from the Tanzu CLI are added to a shared
.kube-tkg/config file. If you delete the shared
.kube-tkg/config file, all management clusters become orphaned and thus unusable.
When you deploy a management cluster, pod-to-pod networking with Antrea is automatically enabled in the management cluster.
After you deploy a cluster to vSphere, each control plane node requires a static IP address. This includes both management and Tanzu Kubernetes clusters. These static IP addresses are required in addition to the static IP address that you assigned to Kube-VIP when you deploy a management cluster.
To make the IP addresses that your DHCP server assigned to the control plane nodes static, you can configure a DHCP reservation for each control plane node in the cluster. For instructions on how to configure DHCP reservations, see your DHCP server documentation.
After the deployment of the management cluster completes successfully, you can obtain information about your management cluster by:
To view the management cluster objects in vSphere, Amazon EC2, or Azure, do the following:
You should see the following VMs or instances.
If you did not specify a name for the management cluster,
CLUSTER-NAME is something similar to
Tanzu CLI provides commands that facilitate many of the operations that you can perform with your management cluster. However, for certain operations, you still need to use
When you deploy a management cluster, the
kubectl context is not automatically set to context of the management cluster. Tanzu Kubernetes Grid provides two contexts for every management cluster and Tanzu Kubernetes cluster:
admincontext of a cluster gives you full access to that cluster.
admincontext allows you to run
kubectloperations without requiring authentication with your identity provider (IDP).
admincontext to run
kubectloperations on the cluster.
Before you can run
kubectl operations on a management cluster, you must obtain its
On the bootstrap machine, run the
tanzu login command to see the available management clusters and which one is the current login context for the CLI.
For more information, see List Management Clusters and Change Context.
To see the details of the management cluster, run
tanzu management-cluster get.
For more information, see See Management Cluster Details.
To retrieve a
kubeconfig for the management cluster, run the
tanzu management-cluster kubeconfig get command as described in Retrieve Management Cluster
Set the context of
kubectl to the management cluster.
kubectl config use-context my-mgmnt-cluster-admin@my-mgmnt-cluster
kubectl commands to examine the resources of the management cluster.
For example, run
kubectl get nodes,
kubectl get pods, or
kubectl get namespaces to see the nodes, pods, and namespaces running in the management cluster.
tanzu management-cluster kubeconfig get command retrieves
kubeconfig configuration information for the current management cluster, with options as follows:
kubeconfigfile, whether it is the default
~/.kube/configor set by the
FILEthat you can share with others.
kubeconfigthat requires the user to authenticate with an external identity provider, and grants them access to cluster resources based on their assigned roles. To generate a regular
kubeconfig, identity management must be configured on the cluster.
tanzu-cli-prefix. For example,
kubeconfigcontaining embedded credentials that lets the user access the cluster without logging in to an identity provider, and grants full access to the cluster's resources. If identity management is not configured on the cluster, you must specify the
-adminsuffix. For example,
For example, to generate a standalone
kubeconfig file to share with someone to grant them full access to your current management cluster:
tanzu management-cluster kubeconfig get --admin --export-file MC-ADMIN-KUBECONFIG
To retrieve a
kubeconfig for a workload cluster, run
tanzu cluster kubeconfig get as described in Retrieve Tanzu Kubernetes Cluster
You can now use Tanzu Kubernetes Grid to start deploying Tanzu Kubernetes clusters. For information, see Deploying Tanzu Kubernetes Clusters.
If you need to deploy more than one management cluster, on any or all of vSphere, Azure, and Amazon EC2, see Manage Your Management Clusters. This topic also provides information about how to add existing management clusters to your CLI instance, obtain credentials, scale and delete management clusters, and how to opt in or out of the CEIP.