During the deployment of the management cluster, either from the installer interface or the CLI, Tanzu Kubernetes Grid creates a temporary management cluster using a Kubernetes in Docker,
kind, cluster on the bootstrap machine. Then, Tanzu Kubernetes Grid uses it to provision the final management cluster on the platform of your choice, depending on whether you are deploying to vSphere, Amazon Web Services (AWS), or Microsoft Azure. After the deployment of the management cluster finishes successfully, Tanzu Kubernetes Grid deletes the temporary
When Tanzu Kubernetes Grid creates a management cluster for the first time, it also creates a folder
~/.config/tanzu/tkg/providers that contains all of the files required by Cluster API to create the management cluster.
The Tanzu Kubernetes Grid installer interface saves the settings for the management cluster that it creates into a cluster configuration file
UNIQUE-ID is a generated filename.
By default, unless you set the
KUBECONFIGenvironment variable to save the
kubeconfigfor a cluster to a specific file, all clusters that you deploy from the Tanzu CLI are added to a shared
.kube-tkg/configfile. If you delete the shared
.kube-tkg/configfile, all management clusters become orphaned and thus unusable.
When you deploy a management cluster, pod-to-pod networking with Antrea is automatically enabled in the management cluster.
After the deployment of the management cluster completes successfully, you can obtain information about your management cluster by:
The objects deployed depend on whether you deployed the management cluster to vSphere, AWS, or Azure.
If you did not specify a name for the management cluster,
CLUSTER-NAME is something similar to
Tanzu CLI provides commands that facilitate many of the operations that you can perform with your management cluster. However, for certain operations, you still need to use
When you deploy a management cluster, the
kubectl context is not automatically set to context of the management cluster. Tanzu Kubernetes Grid provides two contexts for every management cluster and workload cluster:
admincontext of a cluster gives you full access to that cluster.
admincontext allows you to run
kubectloperations without requiring authentication with your identity provider (IDP).
admincontext to run
kubectloperations on the cluster.
Before you can run
kubectl operations on a management cluster, you must obtain its
On the bootstrap machine, run the
tanzu login command to see the available management clusters and which one is the current login context for the CLI.
For more information, see List Management Clusters and Change Context.
To see the details of the management cluster, run
tanzu mc get.
For more information, see See Management Cluster Details.
To retrieve a
kubeconfig for the management cluster, run the
tanzu mc kubeconfig get command as described in Retrieve Management Cluster
Set the context of
kubectl to the management cluster.
kubectl config use-context my-mgmnt-cluster-admin@my-mgmnt-cluster
kubectl commands to examine the resources of the management cluster.
For example, run
kubectl get nodes,
kubectl get pods, or
kubectl get namespaces to see the nodes, pods, and namespaces running in the management cluster.
tanzu mc kubeconfig get command retrieves
kubeconfig configuration information for the current management cluster, with options as follows:
kubeconfigfile, whether it is the default
~/.kube/configor set by the
FILEthat you can share with others.
kubeconfigthat requires the user to authenticate with an external identity provider, and grants them access to cluster resources based on their assigned roles. To generate a standard, non-admin
kubeconfig, identity management and role-based access control (RBAC) must be configured on the cluster.
tanzu-cli-prefix. For example,
kubeconfigcontaining embedded credentials that lets the user access the cluster without logging in to an identity provider, and grants full access to the cluster’s resources. If identity management is not configured on the cluster, you must specify the
-adminsuffix. For example,
For example, to generate a standalone
kubeconfig file to share with someone to grant them full access to your current management cluster:
tanzu mc kubeconfig get --admin --export-file MC-ADMIN-KUBECONFIG
To retrieve a
kubeconfig for a workload cluster, run
tanzu cluster kubeconfig get as described in Retrieve Workload Cluster
You can now use Tanzu Kubernetes Grid to start deploying workload clusters. For information, see Deploy Workload Clusters.
If you need to deploy more than one management cluster, on any or all of vSphere, Azure, and AWS, see Manage Your Management Clusters. This topic also provides information about how to add existing management clusters to your CLI instance, obtain credentials, scale and delete management clusters, and how to opt in or out of the CEIP.