Tanzu Kubernetes Grid runs on two Management as a Service (MaaS) products that provide a vSphere interface and environment to public cloud infrastructures: VMware Cloud on AWS and Azure VMware Solution.
This topic explains how to prepare these services and their networking infrastructure, and use them to create a bootstrap machine for deploying Tanzu Kubernetes Grid. For both VMware Cloud on AWS and Azure VMware Solution, the bootstrap machine is not a local physical machine, but is instead a cloud VM jumpbox that connects vSphere with its underlying infrastructure.
To run Tanzu Kubernetes Grid on VMware Cloud on AWS, set up a Software-Defined Datacenter (SDDC) and create a bootstrap VM as follows. The bootstrap machine is a VM managed through vCenter:
Log into the VMC Console and create a new SDDC by following the procedure Deploy an SDDC from the VMC Console in the VMware Cloud on AWS documentation.
Once the SDDC is created, open its pane in the VMC Console and click Networking & Security > Network > Segments.
The Segment List shows
sddc-cgw-network-1 with a subnet CIDR of
192.168.1.1/24, giving 256 addresses. If you need more internal IP addresses, you can:
sddc-cgw-network-1and modify its subnet CIDR to something broader, like 192.168.1.1/20.
sddc-cgw-network-1or any other existing segments.
sddc-cgw-network-1 and any other network segments. For each segment, click Edit DHCP Config. A Set DHCP Config pane appears.
In the Set DHCP Config pane:
To enable access to vCenter, add a firewall rule or set up a VPN, following the Connect to vCenter Server instructions in the VMware Cloud on AWS documentation.
To confirm access to vCenter, click OPEN VCENTER at upper-right in the SDDC pane. The vCenter client should appear.
From the vCenter portal, deploy your bootstrap machine and enable access to it following Deploy Workload VMs in the VMware Cloud on AWS documentation.
sshinto the bootstrap machine, in addition to using the web console within vCenter, see Set Up a VMware Cloud Bootstrap Machine for
When installing the Tanzu CLI, deploying management clusters, and performing other operations, follow the instructions for vSphere, not the instructions for Amazon Web Services (AWS).
To set up your bootstrap machine for access via
ssh, follow these procedures in the VMware Cloud for AWS documentation:
Assign a Public IP Address to a VM to request a public IP address for the bootstrap machine.
Create or Modify NAT Rules to create a NAT rule for the bootstrap machine, configured with:
The Procedure in Add or Modify Compute Gateway Firewall Rules to add a compute gateway rule allowing access to the VM.
Optionally, to configure NSX Advanced Load Balancer for VMware Cloud on AWS, do the following in the Avi Controller interface:
Create a network for the custom cloud.
Go to Infrastructure > Networks, select the custom cloud to create the network.
To run Tanzu Kubernetes Grid on Azure VMware Solution (AVS), set up AVS and its Windows 10 jumphost as follows. The jumphost serves as the bootstrap machine for Tanzu Kubernetes Grid:
Log into NSX Manager as
Unless you are intentionally deploying to an airgapped environment, confirm that AVS is configured to allow internet connectivity for AVS-hosted VMs. This is not enabled by default. To configure this, you can either:
Allow internet access via the AVS Express Route connection to the Azure network by logging into the Azure portal, navigating to the AVS Private Cloud object, selecting Manage > Connectivity, flipping the Internet enabled toggle to Enabled, and clicking Save.
Under Networking > Connectivity > Segments, click Add Segment, and configure the new segment with:
192.168.20.10-192.168.20.100. This range must exclude a pool of subnet addresses that DHCP cannot assign, leaving them free to serve as static IP addresses for workload clusters.
Note: After you create the segment, it should be visible in vCenter.
From the IP Management > DHCP pane, click Add Server, and configure the new DHCP server with:
Under Networking > Connectivity > Tier-1 Gateways, open the predefined gateway.
Click the Tier-1 gateway’s IP Address Management setting and associate it with the DHCP server created above.
If your AVS environment was created before July 2021 do the following to configure a DNS forwarder in NSX Manager or the Azure portal:
When installing the Tanzu CLI, deploying management clusters, and performing other operations, follow the instructions for vSphere, not the instructions for Azure. Configure the management cluster with:
Your infrastructure and bootstrap machine are ready for you to deploy the Tanzu CLI. See Install the Tanzu CLI and Other Tools for instructions, and then proceed to Deploy Management Clusters on vSphere.