RSS
 

Examine the Management Cluster Deployment

During the deployment of the management cluster, either from the installer interface or the CLI, Tanzu Kubernetes Grid creates a temporary management cluster using a Kubernetes in Docker, kind, cluster on the bootstrap machine. Then, Tanzu Kubernetes Grid uses it to provision the final management cluster on the platform of your choice, depending on whether you are deploying to vSphere, Amazon Web Services (AWS), or Microsoft Azure. After the deployment of the management cluster finishes successfully, Tanzu Kubernetes Grid deletes the temporary kind cluster.

When Tanzu Kubernetes Grid creates a management cluster for the first time, it also creates a folder ~/.config/tanzu/tkg/providers that contains all of the files required by Cluster API to create the management cluster.

The Tanzu Kubernetes Grid installer interface saves the settings for the management cluster that it creates into a cluster configuration file ~/.config/tanzu/tkg/clusterconfigs/UNIQUE-ID.yaml, where UNIQUE-ID is a generated filename.

Important

By default, unless you set the KUBECONFIG environment variable to save the kubeconfig for a cluster to a specific file, all clusters that you deploy from the Tanzu CLI are added to a shared .kube-tkg/config file. If you delete the shared .kube-tkg/config file, all management clusters become orphaned and thus unusable.

Management Cluster Networking

When you deploy a management cluster, pod-to-pod networking with Antrea is automatically enabled in the management cluster.

Verify the Deployment of the Management Cluster

After the deployment of the management cluster completes successfully, you can obtain information about your management cluster by:

  • Locating the management cluster objects in vSphere, AWS, or Azure
  • Using the Tanzu CLI and kubectl

View Management Cluster Objects in vSphere, AWS, or Azure

The objects deployed depend on whether you deployed the management cluster to vSphere, AWS, or Azure.

vSphere
Go to the resource pool that you designated when you deployed the management cluster. You should see the following VMs or instances:
  • One or three control plane VMs, for development or production control plane, respectively, with names similar to CLUSTER-NAME-control-plane-sx5rp
  • One or three worker node VMs, for development or production, respectively, with names similar to CLUSTER-NAME-md-0-6b8db6b59d-kbnk4
AWS
Go to the Instances view of your Amazon EC2 dashboard. You should see the following VMs or instances:
  • One or three control plane VMs on Amazon EC2, for development or production control plane, respectively, with names similar to CLUSTER-NAME-control-plane-bcpfp
  • One or three worker node VMs, for development or production, respectively, with names similar to CLUSTER-NAME-md-0-dwfnm
  • An EC2 bastion host VM with the name CLUSTER-NAME-bastion
Azure
Go to the resource group that you designated when you deployed the management cluster. You should see the following VMs or instances:
  • One or three control plane VMs, for development or production control plane, respectively, with names similar to CLUSTER-NAME-control-plane-rh7xv
  • One or three worker node VMs, for development or production, respectively, with names similar to CLUSTER-NAME-md-0-rh7xv
  • Disk and Network Interface resources for the control plane and worker node VMs, with names based on the same name patterns

If you did not specify a name for the management cluster, CLUSTER-NAME is something similar to tkg-mgmt-vsphere-20200323121503 or tkg-mgmt-aws-20200323140554.

View Management Cluster Details With Tanzu CLI and kubectl

Tanzu CLI provides commands that facilitate many of the operations that you can perform with your management cluster. However, for certain operations, you still need to use kubectl.

When you deploy a management cluster, the kubectl context is not automatically set to context of the management cluster. Tanzu Kubernetes Grid provides two contexts for every management cluster and workload cluster:

  • The admin context of a cluster gives you full access to that cluster.
    • If you implemented identity management on the cluster, using the admin context allows you to run kubectl operations without requiring authentication with your identity provider (IDP).
    • If you did not implement identity management on the management cluster, you must use the admin context to run kubectl operations.
  • If you implemented identity management on the cluster, using the regular context requires you to authenticate with your IDP before you can run kubectl operations on the cluster.

Before you can run kubectl operations on a management cluster, you must obtain its kubeconfig.

  1. On the bootstrap machine, run the tanzu login command to see the available management clusters and which one is the current login context for the CLI.

    For more information, see List Management Clusters and Change Context.

  2. To see the details of the management cluster, run tanzu mc get.

    For more information, see See Management Cluster Details.

  3. To retrieve a kubeconfig for the management cluster, run the tanzu mc kubeconfig get command as described in Retrieve Management Cluster kubeconfig.

  4. Set the context of kubectl to the management cluster.

    kubectl config use-context my-mgmnt-cluster-admin@my-mgmnt-cluster

  5. Use kubectl commands to examine the resources of the management cluster.

    For example, run kubectl get nodes, kubectl get pods, or kubectl get namespaces to see the nodes, pods, and namespaces running in the management cluster.

Retrieve Management Cluster kubeconfig

The tanzu mc kubeconfig get command retrieves kubeconfig configuration information for the current management cluster, with options as follows:

  • --export-file FILE

    • Without option: Add the retrieved cluster configuration information to the kubectl CLI’s current kubeconfig file, whether it is the default ~/.kube/config or set by the KUBECONFIG environment variable.
    • With option: Write the cluster configuration to a standalone kubeconfig file FILE that you can share with others.

  • --admin

    • Without option: Generate a standard kubeconfig that requires the user to authenticate with an external identity provider, and grants them access to cluster resources based on their assigned roles. To generate a standard, non-admin kubeconfig, identity management and role-based access control (RBAC) must be configured on the cluster.
      • The context name for this kubeconfig includes a tanzu-cli- prefix. For example, tanzu-cli-id-mgmt-test@id-mgmt-test.
    • With option: Generate an admin kubeconfig containing embedded credentials that lets the user access the cluster without logging in to an identity provider, and grants full access to the cluster’s resources. If identity management is not configured on the cluster, you must specify the --admin option.
      • The context name for this kubeconfig includes an -admin suffix. For example, id-mgmt-test-admin@id-mgmt-test.

For example, to generate a standalone kubeconfig file to share with someone to grant them full access to your current management cluster:

tanzu mc kubeconfig get --admin --export-file MC-ADMIN-KUBECONFIG

To retrieve a kubeconfig for a workload cluster, run tanzu cluster kubeconfig get as described in Retrieve Workload Cluster kubeconfig.

What to Do Next

You can now use Tanzu Kubernetes Grid to start deploying workload clusters. For information, see Deploy Workload Clusters.

If you need to deploy more than one management cluster, on any or all of vSphere, Azure, and AWS, see Manage Your Management Clusters. This topic also provides information about how to add existing management clusters to your CLI instance, obtain credentials, scale and delete management clusters, and how to opt in or out of the CEIP.

check-circle-line exclamation-circle-line close-line
Scroll to top icon