Standalone Management Cluster Requirements

Before you can deploy Tanzu Kubernetes Grid (TKG) with a standalone management cluster, you must provision resources and permissions on your infrastructure to accommodate the management cluster and the workload clusters that it creates.

• For how to set up a vSphere infrastructure, see Prepare to Deploy Management Clusters to vSphere.
• For how to set up an AWS infrastructure, see Prepare to Deploy Management Clusters to AWS.
• For how to set up a Microsoft Azure infrastructure, see Prepare to Deploy Management Clusters to Microsoft Azure.

External Identity Management

For production deployments, VMware recommends enabling external identity management on each management cluster, to control access to it and its workload clusters.

• For how to register TKG with an external identity provider before you deploy a standalone management cluster, see Obtain Your Identity Provider Details in Configure Identity Management.
• For conceptual information about identity management and access control in Tanzu Kubernetes Grid with a standalone management cluster, see About Identity and Access Management.

FIPS-Enabled Version

Tanzu Kubernetes Grid 2.4.x does not have FIPS-enabled OVA. However, you can harden the image using ytt overlay. See STIG and NSA/CISA Hardening.

Internet-Restricted Environments

For how to deploy a standalone management cluster in a proxied or airgapped environment, see Prepare an Internet-Restricted Environment.

VMware Cloud on AWS and Azure VMware Solution

To deploy Tanzu Kubernetes Grid to VMware Cloud on AWS or to Azure VMware Solution, see Prepare to Deploy Management Clusters to a VMware Cloud Environment.