Management Clusters: Supervisors and Standalone

Tanzu Kubernetes Grid users log in to the management cluster with the Tanzu CLI and the Kubernetes CLI (kubectl) and issue commands like tanzu cluster create to create a workload cluster, or tanzu package install to install a packaged service to the cluster for hosted apps to consume.

The management cluster runs Cluster API, Carvel tools, and other software to process these commands.

The management cluster is purpose-built for managing workload clusters and packaged services, and for running container networking and other system-level agents.

Management Cluster Deployment Options

The management cluster has two deployment options that run on different infrastructures using different sets of components:

  • Supervisor is a management cluster that runs directly on existing ESXi hosts, as part of the vSphere IaaS control plane (formerly known as vSphere with Tanzu) solution. Supervisor provides a platform for natively hosting various types of Kubernetes workloads on vSphere, including vSphere Pods, VM Service VMs, Supervisor Services, and TKG clusters. If a vSphere IaaS control plane Supervisor is available in your vSphere 7 or 8 instance, you do not need to deploy a standalone management cluster.
  • Standalone management cluster is a management cluster that runs as dedicated VMs, to support TKG on multiple cloud infrastructures. With this option, “Deploying TKG” means deploying a management cluster to an infrastructure such as vSphere (all TKG versions), or on AWS and Azure (TKG versions up to and including v2.4 only). This Tanzu Kubernetes Grid documentation describes how to use a standalone management cluster.

In both cases, the management cluster publishes an API that wraps and adds higher-level functionality to Cluster API. On the client side, the Tanzu CLI wraps and adds higher-level functionality to kubectl and clusterctl, the Kubernetes and Cluster API CLIs.

When to Use a vSphere IaaS control plane Supervisor

Running Tanzu Kubernetes Grid with a Supervisor lets you create and operate workload clusters natively in vSphere. Using a vSphere Iaas control plane Supervisor allows you to leverage many vSphere features, including vCenter SSO, vSphere networking, vSphere storage, vSphere security, and the Content Library.

For TKG deployments to vSphere 7 or 8, VMware recommends that you use the vSphere IaaS control plane Supervisor. The vSphere IaaS control plane Supervisor is closely integrated with vSphere, so offers a more streamlined user experience than using a standalone management cluster. Using TKG with a standalone management cluster is only recommended for the use cases listed in When to Use a Standalone Management Cluster below.

In particular, the Supervisor:

  • Provides a fully integrated experience for VI Admins with application-centric management in vSphere 7 and vSphere 8
  • Allows delegation of access to vSphere Namespaces directly from vCenter Server
  • Includes quotas for resources consumed by a vSphere Namespace, as guardrails for self-service consumption
  • Displays vSphere Namespaces, Tanzu Kubernetes clusters, and Tanzu Kubernetes cluster nodes as a part of the vSphere Client
  • Connects Tanzu Kubernetes clusters to infrastructure without exposing infrastructure credentials to cluster administrators
  • Separates Tanzu Kubernetes clusters from the vSphere management network
  • Integrates with Content Library for automatic replication of VM images for new versions of Kubernetes
  • Allows you to manage traditional VMs and Kubernetes clusters through a common API and the vSphere Client

How to use the vSphere IaaS control plane Supervisor is not described in the TKG documentation. See the vSphere IaaS control plane (formerly known as vSphere with Tanzu) docs.

When to Use a Standalone Management Cluster

Important

If you are already using TKG with a standalone management cluster and you do not require any of the functionality listed in this section, see Reference Design for Migration from TKGm to TKGs (vSphere with Tanzu) for information about how to migrate from a standalone management cluster to the vSphere Iaas control plane (formerly vSphere with Tanzu) Supervisor.

Using a standalone management cluster on vSphere offers more configuration and customization options than a Supervisor. On vSphere 7 and 8, consider using TKG with a standalone management cluster rather than Supervisor only if you need the following features that Supervisor does yet not provide:

  • Windows containers
  • IPv6 networking
  • IPv4/IPv6 dual-stack networking
  • The ability to create workload clusters in a remote (Edge) location from a centralized vCenter Server instance
Note

On Azure VMware Solution, you cannot create a Supervisor, so you need to deploy a management cluster.

This TKG documentation describes how to use TKG with a standalone management cluster.

You must also use a standalone management cluster in the following legacy circumstances:

  • For deployments to vSphere 6.7. vSphere IaaS control plane is available from vSphere 7 onwards.

    Important

    From v2.5.1 onwards, Tanzu Kubernetes Grid does not support creating workload clusters on vSphere 6.7. For more information, see End of Support for TKG Management and Workload Clusters on vSphere 6.7.

  • For existing deployments on AWS and Azure (TKG versions up to and including v2.4 only).

    Important

    VMware recommends that you use Tanzu Mission Control to create native AWS EKS and Azure AKS clusters instead of deploying new TKG clusters on AWS and Azure. For information about how to create native AWS EKS and Azure AKS clusters with Tanzu Mission Control, see Managing the Lifecycle of AWS EKS Clusters and Managing the Lifecycle of Azure AKS Clusters in the Tanzu Mission Control documentation.

check-circle-line exclamation-circle-line close-line
Scroll to top icon