Prerequisites for Configuring vSphere IaaS Control Plane on vSphere Clusters

Verify prerequisites for enabling vSphere IaaS control plane in your vSphere environment. To run container-based workloads natively on vSphere, as a vSphere administrator you enable vSphere clusters as Supervisors. A Supervisor has a Kubernetes layer that allows you to run Kubernetes workloads on vSphere by deploying vSphere Pods, provision Tanzu Kubernetes clusters, and VMs.

Create and Configure vSphere Clusters

A Supervisor can run on either one or three vSphere clusters associated with vSphere Zones. Each vSphere Zone maps to one vSphere cluster, and you can deploy a Supervisor on either one or three zones. A three-zone Supervisor provides greater amount of resources for running your Kubernetes workloads and has high-availability at a vSphere cluster level that protects your workloads against cluster failure. A one-zone Supervisor has host-level high availably provided by vSphere HA and utilizes the resources of only one cluster for running your Kubernetes workloads.

Note: Once you deploy a Supervisor on one vSphere Zone, you cannot expand the Supervisor to a three-zone deployment.

Each vSphere cluster where you intend to deploy a Supervisor must meet the following requirements:

Create and configure a vSphere cluster with at least two ESXi hosts. If you are using vSAN, the cluster must have at least three hosts or four for optimal performance. See Creating and Configuring Clusters.
Configure the cluster with shared storage such as vSAN. Shared storage is required for vSphere HA, DRS, and for storing persistent container volumes. See Creating a vSAN Cluster.
Enable the cluster with vSphere HA. See Creating and Using vSphere HA Clusters.
Enable the cluster with vSphere DRS in fully-automated mode. See Creating a DRS Cluster.
Verify that your user account has the Modify cluster-wide configuration on the vSphere cluster so that you can deploy the Supervisor.
To deploy a three-zone Supervisor, create three vSphere Zones, see Create vSphere Zones for a Multi-Zone Supervisor Deployment.
If you want to use vSphere Lifecycle Manager images with the Supervisor, switch the vSphere clusters where you want to activate Workload Management to use vSphere Lifecycle Manager images before activating Workload Management. You can manage the lifecycle of a Supervisor with either vSphere Lifecycle Manager baselines or vSphere Lifecycle Manager images. However, you cannot convert a Supervisor that uses vSphere Lifecycle Manager baselines to a Supervisor that uses vSphere Lifecycle Manager images. Therefore, switching the vSphere clusters to using vSphere Lifecycle Manager images before you activate Workload Management is required.

Create Storage Policies

Before deploying a Supervisor, you must create storage policies that determine the datastore placement of the Supervisor control plane VMs. If the Supervisor supports vSphere Pods, you also need storage policies for containers and images. You can create storage policies associated with different levels of storage services.

See Create Storage Policies for vSphere IaaS Control Plane.

Choose and Configure the Networking Stack

To deploy a Supervisor, you must configure the networking stack to use with it. You have two options: NSX or vSphere Distributed Switch (vDS) networking with a load balancer. You can configure the NSX Advanced Load Balancer or the HAProxy load balancer.

To use NSX networking for the Supervisor:

Review the system requirements and topologies for NSX networking. See Requirements for Enabling a Three-Zone Supervisor with NSX and Requirements for Setting Up a Single-Cluster Supervisor with NSX in vSphere IaaS Control Plane Concepts and Planning.
Install and configure NSX for vSphere IaaS control plane. See Install and Configure NSX for vSphere IaaS Control Plane.

To use vDS networking with the NSX Advanced Load Balancer for the Supervisor:

Review the NSX Advanced Load Balancer requirements. See Requirements for a Three-Zone Supervisor with NSX Advanced Load Balancer and Requirements for Enabling a Single Cluster Supervisor with NSX Advanced Load Balancer in vSphere IaaS Control Plane Concepts and Planning.
Create a vSphere Distributed Switch (vDS) and add all ESXi hosts from the cluster to the vDS and create port groups for Workload Networks. See Create a vSphere Distributed Switch for a Supervisor for Use with NSX Advanced Load Balancer.
Deploy and configure the NSX Advanced Load Balancer. See Deploy the NSX Advanced Load Balancer Controller.

Note: vSphere IaaS control plane supports the NSX Advanced Load Balancer with vSphere 7 U2 and later.

To use vDS networking with HAProxy load balancing for the Supervisor:

Review the system requirements and network topologies for vSphere networking with HAProxy load balancer. See Requirements for Enabling a Three-Zone Supervisor with HA Proxy Load Balancer and Requirements for Enabling a Single-Cluster Supervisor with VDS Networking and HAProxy Load Balancer vSphere IaaS Control Plane Concepts and Planning.
Create a vSphere Distributed Switch (VDS) and add all ESXi hosts from the cluster to the vDS and create port groups for Workload Networks. See Create a vSphere Distributed Switch for a Supervisor for Use with HAProxy Load Balancer.
Install and configure the HAProxy load balancer instance that is routable to the vDS that is connected to the hosts from the vSphere clusters where you deploy the Supervisor. The HAProxy load balancer supports the network connectivity to workloads from client networks and to load balance traffic between Tanzu Kubernetes clusters. See Install and Configure the HAProxy Load Balancer.

Note: vSphere IaaS control plane supports the HAProxy load balancer with vSphere 7 U1 and later.