To provision TKG clusters on Supervisor, you can create a local content library and import Tanzu Kubernetes releases. The typical use case for a local content library is internet-restricted environments (air-gapped).

Creating a local content library involves configuring the library, downloading the OVA files, and importing them to the local content library.

Prerequisites

The content library functionality is a feature of vCenter Server that TKG on Supervisor relies on. For more information, see Using Content Libraries.

Procedure

  1. Log in to the vCenter Server using the vSphere Client.
  2. Click Menu.
  3. Click Content Library.
  4. Click Create.
    The system displays the New Content Library wizard.
  5. Specify the Name and location of the content library and click Next when you are done.
    Field Description
    Name Enter a descriptive name, such as TKr-local.
    Notes Include a description, such as Local library for TKrs for TKG
    vCenter Server Select the vCenter Server instance where vSphere IaaS control plane is enabled.
  6. At the Configure content library page, select the Local content library option and click Next.
    For local content libraries you manually import the OVF templates you want to use.
  7. Configure the OVF security policy at the Apply security policy page and click Next when you are done.
    1. Select Apply Security Policy.
    2. Select OVF default policy.
    When you select this option, the system verifies the OVF signing certificate during the synchronization process. An OVF template that does not pass certificate validation is marked with the Verification Failed tag. The template metadata is kept, but the OVF files cannot be synchronized.
    Note: Currently the OVF default policy is the only supported security policy.
  8. At the Add storage page, select a datastore as a storage location for the content library contents and click Next.
  9. On the Ready to complete page, review the details and click Finish.
  10. At the Content Libraries page, select the new content library you created.
  11. Download the OVA files for each Tanzu Kubernetes release you want import to the local content library.
    1. Using a browser, navigate to the following URL:

      https://wp-content.vmware.com/v2/latest/

    2. Click the directory for the image you want. Typically this directory is the latest or most recent version of the Kubernetes distribution.
      For example: 
      ob-18186591-photon-3-k8s-v1.20.7---vmware.1-tkg.1.7fb9067
      Important: You will need to use the distribution name to import the files to the local content library. You should copy the destination name to a file or keep the browser open until you complete the procedure. The required portion of the name string that you will need based on the above example is photon-3-k8s-v1.20.7---vmware.1-tkg.1.7fb9067.
    3. For each of the following files, right-click and select Save link as.
      • photon-ova-disk1.vmdk
      • photon-ova.cert
      • photon-ova.mf
      • photon-ova.ovf
      The list of files that you must download.
    4. Verify that each file successfully downloads to your local file system.
    Note: The files you import are the OVF and VMDK files. However, if a security policy is applied, all four files, including the certificate ( *.cert) and manifest ( *.mf), must be present in the source directory during import. If the certificate and manifest files are not available during import, the imported TKG release is not usable.
  12. Import the OVA and VMDK files to the local content library.
    1. Select Menu > Content Libraries > .
    2. From the list of Content Libraries, click the link for the name of the local content library you created.
    3. Click Actions.
    4. Select Import Item.
    5. In the Import Library Item window, select Local File.
    6. Click Upload Files.
    7. Select both files photon-ova.ovf and photon-ova-disk1.vmdk.
      You see the message 2 files ready to import. Each file is listed with a green check mark beside its name.
    8. Change the Destination Item name to be the OS image version plus the Kubernetes version from the directory where you downloaded the files.
      For example: 
      photon-3-k8s-v1.20.7---vmware.1-tkg.1.7fb9067
      Warning: The content library Destination Item name must match exactly the folder name string for the desired TKG release. If the names do not match, Supervisor cannot resolve the image to a valid TKG release.
    9. Click Import.

      The Import Library Item window with the options you selected.

  13. Verify that the local content library is populated with the Tanzu Kubernetes release.
    1. Reveal the Recent Tasks pane at the bottom of the page.
    2. Monitor the task Fetch Content of a Library Item and verify that it is successfully Completed.
    3. In the local content library, select Templates > OVF & OVA Templates.
    4. Verify that the Tanzu Kubernetes release metadata is listed and its content is stored locally.

      The OVF & OVA Templates tab of the local content library lists the Tanzu Kubernetes release metadata.

What to do next

The Tanzu Kubernetes release content library must be associated with each vSphere Namespace where you provision TKG clusters. See Configuring vSphere Namespaces for Hosting TKG Service Clusters.