To provision a Tanzu Kubernetes cluster in an internet restricted ("air-gapped") environment, create a local content library and manually import each Tanzu Kubernetes release.

Creating a local content library involves configuring the library, downloading the OVA files, and importing them to the local content library.

Prerequisites

Review About Tanzu Kubernetes release Distributions.

The following privileges are required to create a subscribed content library:
  • Content library.Create local library or Content library.Create subscribed library on the vCenter Server instance where you want to create the library.
  • Datastore.Allocate space on the destination datastore.

Procedure

  1. Log in to the vCenter Server using the vSphere Client.
  2. Click Menu.
  3. Click Content Library.
  4. Click Create.
    The system displays the New Content Library wizard.
  5. Specify the Name and location of the content library and click Next when you are done.
    Field Description
    Name Enter a descriptive name, such as TanzuKubernetesRelease-local.
    Notes Include a description, such as Local library for Tanzu Kubernetes releases
    vCenter Server Select the vCenter Server instance where vSphere with Tanzu is enabled.
  6. At the Configure content library page, select the Local content library option and click Next.
    As described below, for local content libraries you manually import the OVF templates you want to use.
    Note: To use a Subscribed Content Library, see Create, Secure, and Synchronize a Subscribed Content Library for Tanzu Kubernetes releases.
  7. Configure the OVF security policy at the Apply security policy page and click Next when you are done.
    1. Select Apply Security Policy
    2. Select OVF default policy
    When you select this option, the system verifies the OVF signing certificate during the synchronization process. An OVF template that does not pass certificate validation is marked with the Verification Failed tag. The the template metadata is kept, but the OVF files cannot be synchronized.
    Note: Currently the OVF default policy is the only supported security policy.
  8. At the Add storage page, select a datastore as a storage location for the content library contents and click Next.
  9. On the Ready to complete page, review the details and click Finish.
  10. At the Content Libraries page, select the new content library you created.
  11. Download the OVA files for each Tanzu Kubernetes release you want import to the local content library.
    1. Using a browser, navigate to the following URL:

      https://wp-content.vmware.com/v2/latest/

    2. Click the directory for the image you want. Typically this directory is the latest or most recent version of the Kubernetes distribution.
      For example: 
      ob-18186591-photon-3-k8s-v1.20.7---vmware.1-tkg.1.7fb9067
      Note: The distribution name is needed to import the files to the local content library, so you might want to copy it to a file or keep the browser open until you complete the procedure.
    3. For each of the following files, right-click and select Save link as.
      • photon-ova-disk1.vmdk
      • photon-ova.cert
      • photon-ova.mf
      • photon-ova.ovf
      The list of files that you must download.
    4. Verify that each file successfully downloads to your local file system.
    Note: If the certificate and manifest file are not available in the source directory during the import process, the imported library item will not be usable. This means that for a local content library configured with a security policy, all four required files must be in the local directory from where the ovf and vmdk are imported. In addition to the ovf and vmdk files, you also need to download the cert and manifest files and put all four files in the same source directory.
  12. Import the OVA files to the local content library.
    1. Select Menu > Content Libraries > .
    2. From the list of Content Libraries, click the link for the name of the local content library you created.
    3. Click Actions.
    4. Select Import Item.
    5. In the Import Library Item window, select Local File.
    6. Click Upload Files.
    7. Select both files photon-ova.ovf and photon-ova-disk1.vmdk.
      You see the message 2 files ready to import. Each file is listed with a green check mark beside its name.
    8. Change the Destination Item name to be the Photon image version plus the Kubernetes version from the directory where you downloaded the files.
      For example: 
      photon-3-k8s-v1.20.7---vmware.1-tkg.1.7fb9067
    9. Click Import.

      The Import Library Item window with the options you selected.

  13. Verify that the local content library is populated with the Tanzu Kubernetes release.
    1. Reveal the Recent Tasks pane at the bottom of the page.
    2. Monitor the task Fetch Content of a Library Item and verify that it is successfully Completed.
    3. In the local content library, select Templates > OVF & OVA Templates.
    4. Verify that the Tanzu Kubernetes release metadata is listed and its content is stored locally.

      The OVF & OVA Templates tab of the local content library lists the Tanzu Kubernetes release metadata.

What to do next

Configure each vSphere Namespace where you will provision Tanzu Kubernetes clusters by associating the content library and virtual machine classes with the namespace. See Configure a vSphere Namespace for Tanzu Kubernetes releases.