Standalone Management Cluster Requirements

Before you can deploy Tanzu Kubernetes Grid (TKG) with a standalone management cluster, you must provision resources and permissions on your infrastructure to accommodate the management cluster and the workload clusters that it creates.

• For how to set up a vSphere infrastructure, see Prepare to Deploy Management Clusters to vSphere. If you intend to deploy clusters in an internet-restricted environment, you must also perform the steps in Prepare an Internet-Restricted Environment.
• For how to set up VMware Cloud on AWS and Azure VMware Solution, see Prepare to Deploy Management Clusters to a VMware Cloud Environment.

External Identity Management

For production deployments, VMware recommends enabling external identity management on each management cluster, to control access to it and its workload clusters.

• For how to register TKG with an external identity provider before you deploy a standalone management cluster, see Obtain Your Identity Provider Details in Configure Identity Management.
• For conceptual information about identity management and access control in Tanzu Kubernetes Grid with a standalone management cluster, see About Identity and Access Management.

FIPS-Enabled Version

Tanzu Kubernetes Grid 2.5.x does not have FIPS-enabled OVA. However, you can harden the image using ytt overlay. See STIG and NSA/CISA Hardening.