You provision Tanzu Kubernetes clusters by invoking the Tanzu Kubernetes Grid Service declarative API using kubectl and a cluster specification defined using YAML. After you provision a cluster, you operate it and deploy workloads to it using kubectl.

The workflow provides an end-to-end procedure for the cluster provisioning process. Each of the steps has links for more information about the specific task.


Complete the following prerequisites:


  1. Download and install the Kubernetes CLI Tools for vSphere. See Download and Install the Kubernetes CLI Tools for vSphere.
  2. Using the vSphere Plugin for kubectl, authenticate with the Supervisor Cluster. See Connect to the Supervisor Cluster as a vCenter Single Sign-On User.
    kubectl vsphere login --server=IP-ADDRESS --vsphere-username USERNAME
  3. Using kubectl, switch context to the vSphere Namespace where you plan to provision the Tanzu Kubernetes cluster.
    kubectl config get-contexts
    kubectl config use-context SUPERVISOR-NAMESPACE
    For example:
    kubectl config use-context tkgs-cluster-ns
  4. List the available virtual machine class bindings. See Virtual Machine Classes for Tanzu Kubernetes Clusters.
    Use the following command to list all VM class bindings that are available in the vSphere Namespace where you deploy the cluster.
    kubectl get virtualmachineclassbindings
    Note: The command kubectl get virtualmachineclasses lists all the VM classes present on the Supervisor Cluster. Because you must associate VM classes with the vSphere Namespace, you can only use those VM classes that are bound to the target namespace.
  5. Get the available persistent volume storage classes.
    kubectl describe storageclasses
  6. List the available Tanzu Kubernetes releases.
    kubectl get tanzukubernetesreleases
    Or, using the shortcut:
    kubectl get tkr
    Note: The minimum Tanzu Kubernetes release that supports the v1alpah2 API is v1.21.2---vmware.1-tkg.1.13da849. See Verify Tanzu Kubernetes Cluster Compatibility for Update.
  7. Construct the YAML file for provisioning a Tanzu Kubernetes cluster.
    1. Start with one of the example YAML files.
    2. Use the information you gleaned from the output of the preceding commands to populate the cluster YAML, including the following:
      • Target vSphere Namespace
      • Storage class for control plane and worker nodes, and Kubernetes workloads
      • Virtual machine classes
      • TKR NAME
    3. Customize the cluster as needed by referring to the full list of cluster configuration parameters.
    4. Save the file as tkgs-cluster-1.yaml, or similar.
  8. Provision the cluster by running the following kubectl command.
    kubectl apply -f CLUSTER-NAME.yaml
    For example:
    kubectl apply -f tkgs-cluster-1.yaml
    Expected result: created
  9. Monitor the deployment of cluster nodes using kubectl. See Monitor Tanzu Kubernetes Cluster Status Using kubectl.
    kubectl get tanzukubernetesclusters
    Sample result:
    tkgs-cluster   tkgs-cluster-1    3               3        v1.21.2---vmware.1-tkg.1.13da849   38h    True    True             [1.21.2+vmware.1-tkg.1.13da849]
  10. Monitor the deployment of cluster nodes using the vSphere Client. See Monitor Tanzu Kubernetes Cluster Status Using the vSphere Client.
    For example, in the vSphere inventory you should see the virtual machine nodes being deployed in the namespace.
  11. Run additional commands to verify cluster provisioning. See Use Tanzu Kubernetes Cluster Operational Commands.
    For example:
    kubectl get tanzukubernetescluster,cluster-api,virtualmachinesetresourcepolicy,virtualmachineservice,virtualmachine
    Note: For additional troubleshooting, see Troubleshooting Tanzu Kubernetes Clusters.
  12. Using the vSphere Plugin for kubectl, log in to the cluster. See Connect to a Tanzu Kubernetes Cluster as a vCenter Single Sign-On User.
    kubectl vsphere login --server=IP-ADDRESS --vsphere-username USERNAME \
    --tanzu-kubernetes-cluster-name CLUSTER-NAME --tanzu-kubernetes-cluster-namespace NAMESPACE-NAME
  13. Verify cluster provisioning using the following kubectl commands.
    kubectl cluster-info
    kubectl get nodes
    kubectl get namespaces
    kubectl api-resources
  14. Deploy an example workload and verify cluster creation. See Deploy Workloads on Tanzu Kubernetes Clusters.
    Note: Tanzu Kubernetes clusters have pod security policy enabled. Depending on the workload and user, you might need to create an appropriate RoleBinding or custom PodSecurityPolicy. See Using Pod Security Policies with Tanzu Kubernetes Clusters.
  15. Operationalize the cluster by deploying TKG Extensions. See Deploy TKG Extensions on Tanzu Kubernetes Clusters.