Use VMware Tanzu Mission Control to provision the necessary resources and create a new Tanzu Kubernetes cluster in Azure.

Note: Version 2.5 of Tanzu Kubernetes Grid does not support deployment of clusters to Azure. To manage the lifecycle of clusters on this platform using Tanzu Mission Control, you can create a credential to connect to your account/subscription, and then deploy and manage native AKS clusters.

Prerequisites

Before you can create new clusters using Tanzu Mission Control, you must first establish a connection with your management cluster.
  1. Register your Tanzu Kubernetes Grid management cluster with Tanzu Mission Control, as described in Register a Management Cluster with Tanzu Mission Control.
  2. Create a provisioner into which you will provision the cluster, as described in Create a Provisioner in Your Tanzu Kubernetes Grid Management Cluster.
Make sure you have the appropriate permissions to create a Tanzu Kubernetes cluster.
  • To provision a cluster, you must be associated with the clustergroup.edit role on the cluster group in which you want to put the new cluster.
  • You must also have admin privileges on the management cluster to provision resources within it.
If you have a proxy server that manages outbound traffic for your clusters, you need to enable the cluster to communicate with Tanzu Mission Control through the proxy.
  • You can create a proxy configuration object in Tanzu Mission Control and use it when registering, provisioning, or attaching the cluster. For more information, see Connecting Through a Proxy.
  • You can enable all outbound traffic to Tanzu Mission Control for the proxy server by adding some URLs to the proxy server's allowlist, as described in What Happens When You Attach a Cluster in VMware Tanzu Mission Control Concepts.

Log in to the Tanzu Mission Control console, as described in Log In to the Tanzu Mission Control Console.

Procedure

  1. In the left navigation pane of the Tanzu Mission Control console, click Clusters.
  2. On the Clusters page, click Add Cluster, and then choose Create Tanzu Kubernetes Grid cluster from the dropdown.
  3. Click to select the management cluster in which to create the new workload cluster, and then click Continue to Create Cluster.
  4. On the Create cluster page, select the provisioner and subscription in which you want to create the cluster, and then click Next.
    A provisioner is a namespace in your management cluster. A subscription is a logical container in your Azure account that holds your resources.
  5. Specify the name, group, and other details for the cluster.
    1. Enter a name for the cluster.
      Cluster names must be unique within an organization.
    2. Select the cluster group to which you want to attach your cluster.
    3. You can optionally enter a description and apply labels.
      Labels that you add here are used as cloud labels to tag resources in Azure.
    4. Click Next.
  6. Select your configuration options.
    1. Select the region and enter a name for the new resource group in which to create the workload cluster.
    2. Select the Kubernetes version and operating system to use for the cluster.
      The latest supported version is preselected for you.

      Selecting a non-default operating system for your cluster is supported for management clusters running in Tanzu Kubernetes Grid version 1.5 or later. For more information about the available operating systems, see Tanzu Kubernetes Releases in the VMware Tanzu Kubernetes Grid Documentation.

    3. Enter the contents of your SSH public key.
    4. You can optionally click the Private toggle to provision a private cluster in Azure.
      If you choose to create a private workload cluster, you must choose an existing VNET in the next step. The VNET must be either your management cluster VNET or a VNET peered with your management cluster VNET. If you specify an API server private IP address, it must be within the CIDR range of the control plane subnet.
    5. Select or create a VNET (Azure virtual network) to use as the Kubernetes service network.
      If you select an existing VNET, make sure it already has the following resources:
      • 1 control plane subnet - that uses a network security group (NSG) that allows inbound connection on port 6443 which is used by kubeadm to bootstrap the control planes
      • 1 node subnet - that has a default NSG attached
      • a route table - that is associated with the node subnet
    6. You can optionally define an alternative CIDR for the pod and service.
      The Pod CIDR and Service CIDR cannot be change after the cluster is created.
    7. You can optionally specify a proxy configuration to use for this cluster.
      If you are creating a private cluster, make sure .capz.io is in the NoProxyList for your proxy.
    8. Click Next.
  7. Select the type of cluster you want to create, and the control plane instance type.
    The primary difference between the two is that the highly available cluster is deployed with three control plane nodes.
  8. You can optionally specify an alternative port number for the API server.
  9. You can optionally define the default node pool for your cluster.
    1. Select the instance type for workload clusters.
    2. Specify the number of worker nodes to provision.
    Highly available Tanzu Kubernetes clusters in Azure are created with three node pools with one worker node each by default. If you want more node pools for your cluster, you can add them later. For more information about node pools, see Create a Node Pool.
  10. When you ready to provision the new cluster, click Create Cluster.

Results

When you click Create Cluster, you are directed the cluster detail page where you can see its status is Unknown while it is being created. Tanzu Mission Control provisions the resources necessary for your cluster in your management cluster. It then creates the workload cluster and attaches it to your organization in the cluster group that you specified. This process takes a few minutes.