As an alternative to creating a new VPC (virtual private cloud) to provision a cluster in an attached cloud provider account in VMware Tanzu Mission Control, you can use an existing VPC if it is configured properly.

Required Elements for an Existing VPC

To use an existing VPC to create an attached cloud provider account credential for lifecycle management in Tanzu Mission Control, the VPC must contain the following elements:
  • an internet gateway
  • a network address translation (NAT) gateway
For each availability zone in which you want to deploy control planes, your VPC must also have the following elements:
  • a public subnet
  • a public route table, associated with the public subnet

    The public route table must have a quad-zero route (0.0.0.0/0) for all networks, and be targeted to the internet gateway.

  • a private subnet
  • a private route table, associated with the private subnet

    The private route table must have a quad-zero route (0.0.0.0/0) for all networks, and be targeted to the NAT gateway.

A development cluster runs in a single availability zone, while a production cluster runs in three availability zones.