Before you can deploy Tanzu Kubernetes Grid (TKG) with a standalone management cluster, you must provision resources and permissions on your infrastructure to accommodate the management cluster and the workload clusters that it creates.
For production deployments, VMware recommends enabling external identity management on each management cluster, to control access to it and its workload clusters.
You can deploy a FIPS-enabled versions of Tanzu Kubernetes Grid v2.3.1 to your vSphere, AWS, or Azure environment. The Bill of Materials (BoM) for FIPS only lists components that are compiled with and use FIPS-enabled cryptography modules.
For vSphere, the FIPS-enabled OVAs are listed on the Tanzu Kubernetes Grid downloads page. The FIPS-enabled AMI and Azure images are available in AWS and Azure respectively.
For how to use FIPS-enabled OVAs to deploy FIPS-enabled versions of TKG on vSphere, see FIPS-Enabled Versions in VMware Tanzu Compliance.
For how to deploy a standalone management cluster in a proxied or airgapped environment, see Prepare an Internet-Restricted Environment.
To deploy Tanzu Kubernetes Grid to VMware Cloud on AWS or to Azure VMware Solution, see Prepare to Deploy Management Clusters to a VMware Cloud Environment.