Use VMware Tanzu Mission Control to create a new Tanzu Kubernetes cluster using a cluster class.

Starting in version 2.1 of Tanzu Kubernetes Grid, you can leverage the power of ClusterClass to use a predefined baseline configuration to create workload clusters with a consistent size and shape.

For more information about ClusterClass in the Cluster API, see Introducing ClusterClass and Managed Topologies in Cluster API in the Kubernetes Blog.

Note: The data protection features of Tanzu Mission Control are not compatible with clusters created using the Tanzu Kubernetes release v1.23.8---vmware.2-tkg.1-zshippable. If you rely on Tanzu Mission Control for data protection, use a different Tanzu Kubernetes release when creating your clusters.


Before you can create new clusters using Tanzu Mission Control, you must first establish a connection with your management cluster.
  1. Register your Tanzu Kubernetes Grid management cluster with Tanzu Mission Control, as described in Register a Management Cluster with Tanzu Mission Control.
  2. Create a provisioner into which you will provision the cluster, as described in Create a Provisioner in Your Tanzu Kubernetes Grid Management Cluster
Make sure you have the appropriate permissions to create a Tanzu Kubernetes cluster.
  • To provision a cluster, you must be associated with the clustergroup.edit role on the cluster group in which you want to put the new cluster.
  • To see and use a cloud provider account connection for creating a cluster, you must be associated with the organization.credential.view role.
  • You must also have admin privileges on the management cluster to provision resources within it.
Log in to the Tanzu Mission Control console, as described in Log In to the Tanzu Mission Control Console.


  1. In the left navigation pane of the Tanzu Mission Control console, click Clusters.
  2. On the Clusters page, click Create Cluster, and choose Create Tanzu Kubernetes Grid cluster.
  3. Click to select the management cluster in which to create the new workload cluster, and then click Continue to Create Cluster.
    If the management cluster that you selected is running in version 2.1 (or later) of Tanzu Kubernetes Grid, you enter the workflow to create a cluster using a cluster class.
  4. On the Create cluster page, select the provisioner in which you want to create the cluster, and then click Next.
  5. Enter the name, group, class, and other details for the cluster.
    1. Enter a name for the cluster.
      Cluster names must be unique within a management cluster.
    2. Select the cluster group to which you want to attach your cluster.
    3. Select the cluster class that you want to use as the template for this cluster.
      The list of cluster classes that you can choose from is taken from the provisioner namespace in your management cluster.
    4. You can optionally enter a description and apply labels.
    5. Click Next.
  6. Configure your cluster class variables.
    The cluster variables are retrieved from the management cluster, and are specific to the platform in which you are deploying the workload cluster. The required variables for each platform are listed below.
    • Required cluster class variables for vSphere
      • vcenter
      • identityRef
      • user (sshAuthorizedKeys)
      • vipNetworkInterface
      • cni
      • worker
    • Required cluster class variables for AWS
      • region
      • identityRef
      • sshKeyName
      • cni
      • worker
    • Required cluster variables for Azure
      • subscriptionID
      • location
      • sshPublicKey
      • network
      • clusterRole
      • worker
    For more information about the cluster class variables, see Configuration File Variable Reference in the VMware Tanzu Kubernetes Grid Product Documentation.
  7. Click Next.
  8. Configure your network settings.
    The network settings cannot be changed after the cluster is created.
    1. You can optionally define an alternative CIDR for the pod and service.
    2. You can optionally specify a proxy configuration to use for this cluster.
      Note: This proxy setting enables communication between your cluster and Tanzu Mission Control after the cluster is created. The proxy used during the provisioning process is defined in the imageRepository variable in your cluster class.

      When provisioning a cluster that needs a proxy, make sure the proxy configuration object includes the non-proxied addresses in the No proxy list, as described in Create a Proxy Configuration Object.

    3. Configure your platform-specific network settings.
    4. Click Next.
  9. Configure your control plane.
    1. Select the Kubernetes version and operating system to use for the cluster's control plane.
      The latest supported version is preselected for you.
    2. Select the type of cluster you want to create.
      The primary difference between the two is that the highly available cluster is deployed with multiple control plane nodes.
    3. Specify the network resources for your control plane, based on the selected platform.
      • Network resource settings for vSphere
        1. You can optionally change the control plane specifications for machine.diskGiB, machine.memoryMiB, and machine.numCPUs.
        2. You can optionally add nameservers, search domains, and node labels for the control plane.
        3. You can optionally add labels and annotations for the control plane.
      • Network resource settings for AWS
        1. Select a VPC (virtual private cloud) to contain the cluster. For highly available clusters, select a VPC with at least three subnets in different availability zones.
        2. You can optionally provide securityGroupOverrides. For more information, see Advanced Options During Cluster Creation.
      • Network resource settings for Azure
        1. Select or create control plane resources the cluster.
        2. You can optionally add node labels.
    4. You can optionally modify the instance type and storage volume size for the control plane, and add labels and annotations for the control plane.
    5. Click Next.
  10. You can optionally define the default node pool and create additional node pools for your cluster.
    The node pool settings for your cluster are defined in the worker variable in your cluster class. You can override those settings here.
    1. Specify the number of worker nodes to provision.
    2. Select the class and operating system for worker nodes.
    3. You can optionally specify a failure domain for the node pool.
    4. To configure metadata labels for your node pool, click Add Node Pool Label.
    5. To configure metadata annotation for your node pool, click Add Node Pool Annotation.
    6. If you want to create another node pool, click Add Node Pool.
    7. Click Next.
    For more information about node pools, see Create a Node Pool
  11. You can optionally click Add a Variable to provide values for additional variables to customize your cluster.
  12. When you ready to provision the new cluster, click Create Cluster.


When you click Create Cluster, you are directed the cluster detail page where you can see its status is Unknown while it is being created. Tanzu Mission Control provisions the resources necessary for the new workload cluster in your management cluster. It then creates the workload cluster and attaches it to your organization in the cluster group that you specified. This process takes a few minutes.