Workflow for Provisioning Tanzu Kubernetes Clusters

You provision Tanzu Kubernetes clusters by invoking the Tanzu Kubernetes Grid Service declarative API. Once a cluster is provisioned, you manage it and deploy workloads to it using kubectl.

The workflow provides a high-level overview of the provisioning process. Each of the steps has links for more information about the specific task.

Prerequisites

Verify with your vSphere administrator that the following prerequisites tasks are completed:

vSphere with Tanzu (Workload Management) is enabled for your data center. See Configuring and Managing a Supervisor Cluster.
A Supervisor Namespace is created and configured. See Create and Configure a vSphere Namespace. The following items are required:
- Edit permissions are added for one or more DevOps engineers to access the Supervisor Cluster using vCenter Single Sign-On credentials.
- A tag-based storage policy is defined and associated with the Supervisor Namespace. See Using Storage in vSphere with Tanzu.
- Capacity and usage quotas are verified and adjusted, as necessary.
A Content Library is created on a shared datastore. See Creating and Managing Content Libraries.

Procedure

Download and install the Kubernetes CLI Tools for vSphere. See Download and Install the Kubernetes CLI Tools for vSphere.
Using the vSphere Plugin for kubectl, authenticate with the Supervisor Cluster. See Connect to the Supervisor Cluster as a vCenter Single Sign-On User.
```
kubectl vsphere login --server=IP-ADDRESS --vsphere-username USERNAME
```
Using kubectl, switch context to the Supervisor Namespace where you plan to provision the Tanzu Kubernetes cluster.
```
kubectl config get-contexts
```
```
kubectl config use-context SUPERVISOR-NAMESPACE
```
For example:
```
kubectl config use-context tkgs-ns-1
```
List and describe the available virtual machine classes. See Virtual Machine Class Types for Tanzu Kubernetes Clusters.
```
kubectl get virtualmachineclasses
```
```
kubectl describe virtualmachineclasses
```
Get the available default storage class by describing the namespace.
```
kubectl describe namespace SUPERVISOR-NAMESPACE
```
List the available Tanzu Kubernetes software versions by running either of the following commands.
```
kubectl get tanzukubernetesreleases
```
```
kubectl get virtualmachineimages
```
Note: Refer to the list of Tanzu Kubernetes Releases for compatibility. See Supported Update Path.

Construct the YAML file for provisioning a Tanzu Kubernetes cluster.

Start with one of the example cluster YAML files. See Minimal YAML for Provisioning a Tanzu Kubernetes Cluster.
Use the information you gleaned from the output of the preceding commands to populate the YAML.
Refer to the full list of cluster configuration parameters as needed. See Configuration Parameters for Tanzu Kubernetes Clusters.
Save the file as tkgs-cluster-1.yaml, or similar.

For example, the following YAML file provisions a minimal Tanzu Kubernetes cluster using all available cluster defaults:

apiVersion: run.tanzu.vmware.com/v1alpha1      
kind: TanzuKubernetesCluster                   
metadata:
  name: tkgs-cluster-1                          
  namespace: tkgs-ns-1                       
spec:
  distribution:
    version: v1.19.7  
  topology:
    controlPlane:
      count: 1                                 
      class: best-effort-medium                 
      storageClass: vwt-storage-policy         
    workers:
      count: 3                                 
      class: best-effort-medium                 
      storageClass: vwt-storage-policy

Provision the cluster by running the following kubectl command. See Provision a Tanzu Kubernetes Cluster.

kubectl apply -f CLUSTER-NAME.yaml

For example:

kubectl apply -f tkgs-cluster-1.yaml
tanzukubernetescluster.run.tanzu.vmware.com/tkgs-cluster-1 created

Monitor the deployment of cluster nodes using kubectl. See Monitor Tanzu Kubernetes Cluster Status Using kubectl.

kubectl get tanzukubernetesclusters
NAME             CONTROL PLANE   WORKER   DISTRIBUTION                     AGE     PHASE
tkgs-cluster-2   1               3        v1.18.5+vmware.1-tkg.1.c40d30d   7m59s   running

Monitor the deployment of cluster nodes using the vSphere Client. See Monitor Tanzu Kubernetes Cluster Status Using the vSphere Client.

Using the vSphere Plugin for kubectl, log in to the cluster. See Connect to a Tanzu Kubernetes Cluster as a vCenter Single Sign-On User.

kubectl vsphere login --server=IP-ADDRESS --vsphere-username USERNAME 
--tanzu-kubernetes-cluster-name CLUSTER-NAME --tanzu-kubernetes-cluster-namespace NAMESPACE-NAME

Verify cluster provisioning using the following kubectl commands.

kubectl cluster-info

kubectl get nodes

kubectl get namespaces

kubectl api-resources

Deploy an example workload and verify cluster creation. See Deploying Workloads to Tanzu Kubernetes Clusters.

Note: Tanzu Kubernetes clusters have pod security policy enabled. Depending on the workload and user, you might need to create an appropriate RoleBinding or custom PodSecurityPolicy. See Using Pod Security Policies with Tanzu Kubernetes Clusters.