Create a Subscribed Content Library

To provision TKG clusters on Supervisor, you can create a subscribed content library and synchronize Tanzu Kubernetes releases. A subscribed content library lets you automate the distribution of TKRs and stay current with the latest releases.

For TKG on Supervisor, VMware publishes Tanzu Kubernetes releases to a content delivery network. You can create a content library that subscribes to these image publications. You choose the synchronization mode: immediate or on demand.

Warning: Immediate synchronization of Tanzu Kubernetes releases on the public content delivery network can take substantial time and disk space.

Prerequisites

The content library functionality is a feature of vCenter Server that TKG on Supervisor relies on. For more information, see "Using Content Libraries" in the vSphere Virtual Machine Administration documentation.

Procedure

Log in to the vCenter Server using the vSphere Client.
Select Menu > Content Libraries.
Click Create.
The New Content Library wizard opens.

Specify the Name and location of the content library and click Next when you are done.

Field	Description
Name	Enter a descriptive name, such as `TKR-sub`.
Notes	Include a description, such as `Subscription library for TKRs for TKG2`
vCenter Server	Select the vCenter Server instance where Workload Management is enabled.

Configure the content library subscription at the Configure content library page and click Next when you are done.

Select the Subscribed content library option.
Enter the Subscription URL address of the publisher.

https://wp-content.vmware.com/v2/latest/lib.json

For the Download content option, select one of the following:

Option	Description
Immediately	The subscription process synchronizes both the library metadata and images. If items are deleted from the published library, their contents remain in the subscribed library storage, and you have to manually delete them.
When needed	The subscription process synchronizes only the library metadata. The Tanzu Kubernetes Grid service downloads the images when published. When you no longer need the item, you can delete the item contents to free storage space. To save storage this option is recommended.

When prompted, accept the SSL certificate thumbprint.
The SSL certificate thumbprint is stored on your system until you delete the subscribed content library from the inventory.
Configure the OVF security policy at the Apply security policy page and click Next when you are done.
1. Select Apply Security Policy.
2. Select OVF default policy.
When you select this option, the system verifies the OVF signing certificate during the synchronization process. An OVF template that does not pass certificate validation is marked with the Verification Failed tag. The template metadata is kept, but the OVF files cannot be synchronized.
Note: Currently the OVF default policy is the only supported security policy.
At the Add storage page, select a datastore as a storage location for the content library contents and click Next.
On the Ready to complete page, review the details and click Finish.
At the Content Libraries page, select the new content library you created.

Confirm or complete the synchronization of the library contents.

Synchronization Option	Description
Immediately	If you chose to download all content immediately, confirm that the library is synchronized. To view the synchronized library contents, select Templates > OVF & OVA Templates.
When needed	If you chose to synchronize the library on demand, you have two options: Use Actions > Synchronize to synchronize the entire library Right-click an item and select Synchronize to synchronize only it. To view the synchronized library contents, select Templates > OVF & OVA Templates.

Synchronization Option

Description

Immediately

If you chose to download all content immediately, confirm that the library is synchronized.

To view the synchronized library contents, select Templates > OVF & OVA Templates.

When needed

If you chose to synchronize the library on demand, you have two options:

Use Actions > Synchronize to synchronize the entire library
Right-click an item and select Synchronize to synchronize only it.

To view the synchronized library contents, select Templates > OVF & OVA Templates.

If you chose the When needed option, download the OVF templates you want to use.

If you chose the When needed option, you see that the image files are not stored locally, only the metadata is stored. To download the template files, select the item, right-click and select Synchronize item.

To update the subscribed content library settings, choose Actions > Edit Settings.

Setting	Value
Subscription URL	`https://wp-content.vmware.com/v2/latest/lib.json`
Authentication	Not enabled
Library content	Download when needed
Security policy	OVF default policy

What to do next

The TKG release content library must be associated with each vSphere Namespace where you provision TKG clusters. See Configuring vSphere Namespaces for Hosting TKG Service Clusters.