You provision Tanzu Kubernetes clusters by invoking the Tanzu Kubernetes Grid Service declarative API. Once a cluster is provisioned, you manage it and deploy workloads to it using kubectl.

The workflow provides a high-level overview of the provisioning process. Each of the steps has links for more information about the specific task.


Verify with your vSphere administrator that the following prerequisites tasks are completed:


  1. Download and install the Kubernetes CLI Tools for vSphere. See Download and Install the Kubernetes CLI Tools for vSphere.
  2. Using the vSphere Plugin for kubectl, authenticate with the Supervisor Cluster. See Connect to the Supervisor Cluster as a vCenter Single Sign-On User.
    kubectl vsphere login --server=IP-ADDRESS --vsphere-username USERNAME
  3. Using kubectl, switch context to the Supervisor Namespace where you plan to provision the Tanzu Kubernetes cluster.
    kubectl config get-contexts
    kubectl config use-context SUPERVISOR-NAMESPACE
    For example:
    kubectl config use-context tkgs-ns-1
  4. List and describe the available virtual machine classes. See Virtual Machine Class Types for Tanzu Kubernetes Clusters.
    kubectl get virtualmachineclasses
    kubectl describe virtualmachineclasses
  5. Get the available default storage class by describing the namespace.
    kubectl describe namespace SUPERVISOR-NAMESPACE
  6. List the available Tanzu Kubernetes software versions by running either of the following commands.
    kubectl get tanzukubernetesreleases
    kubectl get virtualmachineimages
    Note: Refer to the list of Tanzu Kubernetes Releases for compatibility. See Supported Update Path.
  7. Construct the YAML file for provisioning a Tanzu Kubernetes cluster.
    1. Start with one of the example cluster YAML files. See Minimal YAML for Provisioning a Tanzu Kubernetes Cluster.
    2. Use the information you gleaned from the output of the preceding commands to populate the YAML.
    3. Refer to the full list of cluster configuration parameters as needed. See Configuration Parameters for Tanzu Kubernetes Clusters.
    4. Save the file as tkgs-cluster-1.yaml, or similar.
    For example, the following YAML file provisions a minimal Tanzu Kubernetes cluster using all available cluster defaults:
    kind: TanzuKubernetesCluster                   
      name: tkgs-cluster-1                          
      namespace: tkgs-ns-1                       
        version: v1.19.7  
          count: 1                                 
          class: best-effort-medium                 
          storageClass: vwt-storage-policy         
          count: 3                                 
          class: best-effort-medium                 
          storageClass: vwt-storage-policy
  8. Provision the cluster by running the following kubectl command. See Provision a Tanzu Kubernetes Cluster.
    kubectl apply -f CLUSTER-NAME.yaml
    For example:
    kubectl apply -f tkgs-cluster-1.yaml created
  9. Monitor the deployment of cluster nodes using kubectl. See Monitor Tanzu Kubernetes Cluster Status Using kubectl.
    kubectl get tanzukubernetesclusters
    NAME             CONTROL PLANE   WORKER   DISTRIBUTION                     AGE     PHASE
    tkgs-cluster-2   1               3        v1.18.5+vmware.1-tkg.1.c40d30d   7m59s   running
  10. Monitor the deployment of cluster nodes using the vSphere Client. See Monitor Tanzu Kubernetes Cluster Status Using the vSphere Client.
  11. Using the vSphere Plugin for kubectl, log in to the cluster. See Connect to a Tanzu Kubernetes Cluster as a vCenter Single Sign-On User.
    kubectl vsphere login --server=IP-ADDRESS --vsphere-username USERNAME 
    --tanzu-kubernetes-cluster-name CLUSTER-NAME --tanzu-kubernetes-cluster-namespace NAMESPACE-NAME
  12. Verify cluster provisioning using the following kubectl commands.
    kubectl cluster-info
    kubectl get nodes
    kubectl get namespaces
    kubectl api-resources
  13. Deploy an example workload and verify cluster creation. See Deploying Workloads to Tanzu Kubernetes Clusters.
    Note: Tanzu Kubernetes clusters have pod security policy enabled. Depending on the workload and user, you might need to create an appropriate RoleBinding or custom PodSecurityPolicy. See Using Pod Security Policies with Tanzu Kubernetes Clusters.