So ill go through setting up tanzu on vsphere 8 and deploying a couple of workloads, ill use my windows laptop to access it.

So these are the main guides I used.

Quick guide to getting started with tanzu – https://core.vmware.com/resource/vsphere-tanzu-quick-start-guide-v1a#_Toc53677530

Getting started with tanzu video – https://tanzu.vmware.com/content/videos/how-to-get-started-using-vsphere-with-tanzu-for-tanzu-basic-and-tanzu-standard

High-level steps

  1. Install windows subsystem for linux with ubuntu 20.04.4 LTS
  2. Deploy haproxy for my load balancing and get certificate
  3. Install VMware Tanzu cli and kubectl on my windows box
  4. Create storage policy for tanzu, check drs and HA are enabled, ensure vcls vms exist
  5. Deploy workload management in vSphere 8
  6. Create a namespace
  7. Deploy TKG cluster
  8. Deploy two workloads for testing

What my design looks like

(1)Install windows subsystem for linux with ubuntu 20.04.4 LTS

You need the linux subsystem for windows to run linux commands.

Login to powershell as a administrator and type

wsl --install
wsl --update

(2)Deploy haproxy for my load balancing and get certificate

The haproxy is a front end to your Kubernetes, supervisor cluster and applications running in Kubernetes. You will need two networks one for management and one for workload

Download haproxy ova

https://github.com/haproxytech/vmware-haproxy

when deploying ensure haproxy has DNS and is all lower case and has a number in it.

Right click your cluster or esxi host and click deploy OVF template

Click upload files, browse to the location of your haproxy.ova and click next

Type a name for your virtual machine and click next

Select a compute location and click next

Click next on review details

accept agreement and click next

select default and click next

select your storage location and disk format and click next

Select your management port group and workload port group and leave frontend as default and click next

Type in root creds and scroll down

host name – haproxy01.vmware.local (the picture should be haproxy01.vmware.local I had to deploy it again after this)

DNS – 172.168.1.14

Management IP – 172.168.1.61

Management gw – 172.168.1.254

workload ip – 10.0.0.118/24

workload gateway – 10.0.0.1

scroll down

Load balancer range – 10.0.0.208/28

Leave port as default

username – admin

password – VMware1!

Click next

Confirm settings and click finish

Power on once completed

Get certificate of haproxy

Right click haproxy vm in the vcenter inventory and click edit settings, click the advanced parameters tab, filter and look for ‘cert’

Copy the value

browse to – https://www.base64decode.org/

paste what you copied and click decode > save the decoded output, you will need this later

-----BEGIN CERTIFICATE-----
MIIDnzCCAoegAwIBAgIJAINeGZ/QlXRpMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8x
DzANBgNVBAoMBlZNd2FyZTENMAsGA1UECwwEQ0FQVjEVMBMGA1UEAwwMMTcyLjE2
OC4xLjYxMB4XDTIzMDQxOTA3MzU1MloXDTMzMDQxNjA3MzU1MlowbTELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEP
MA0GA1UECgwGVk13YXJlMQ0wCwYDVQQLDARDQVBWMRUwEwYDVQQDDAwxNzIuMTY4
LjEuNjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUBBigagJqWgPG
NHuPCLb61O8LSh1PKxpyip7OpH58KxnPLif8yVhy+Yy2RZKJMWtXoZoDDiDX7LQJ
MyFv8n+R29tiTHbNHJhPqKd1AmGNiqZrOfgDEL81Np4ZRQ2/vLNEqW0AfJSAb6Bv
mdYgLpPWNwbgQj23mYG/OjOKkZa1d/R5YgbWSqWsCbgXgYYl8UgtivwZaBL2I+En
i1qOm0V/MpRMX90ZCaWCBUKjxOq0jjHcNQR3wEa8WX1cs+dQWbCl3R35EUoppBhr
T+LR6KZUc9a+XYjUgf4KXTsZpks+bXpu4FYyaB2nOvrTMF6av0bvgwYOqt3HHmyF
4mJ7Uw83AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGG
MB0GA1UdDgQWBBTzU+SDpBAJHZNDogd/mDvogyw1WTANBgkqhkiG9w0BAQUFAAOC
AQEAp3GJM93bPO/2wJ5WOgYyKr7kNZCkqcVzXJUvy0qtjuK8qSnhnk45PtCmjpNT
5hrcZGO5bdi5k8TUXm2mBXIruzdGMF3HUPXykAWWZ1XMAiv4eynjO3TkH9/QoZO1
TvJMIG9y0fSul6NSvD2MBqsEpdKHVyz7dQejt6Norw4j9qZJPMkYEwthe7OMS29M
q3V98uWuQCWgvgQiVeup4f4ArGUnPPVDPFl4gTFmUIV1Zt8lk3Y4oCA5OBPIDHwo
Q/u4uZ6b+1C5h4krJEjWMkJzuOZXCEeVn+IPQtZGEeN6iX0Sz2jeIL07y823juDe
wKkyH6ElzU8EMEOg7rOQzYLdvA==
-----END CERTIFICATE-----

(3)Install VMware Tanzu cli and kubectl on my windows box

Download Tanzu cli for windows and kubectl for windows

https://customerconnect.vmware.com/en/downloads/details?downloadGroup=TKG-211&productId=1400&rPId=103050&download=true&fileId=5ea6712eca89c1c037a0b2c53b176679&uuId=1d32d39c-a6a0-4512-b218-cc97c1c02376

Create a tanzu folder in program files

Extract the taznu cli folder and copy the tanzu-core-windows_amd64.exe to the newly created tanzu folder

My Path – C:\Users\username\Downloads\tanzu-cli-bundle-windows-amd64\cli\core\v0.28.1\tanzu-core-windows_amd64.exe

rename to tanzu.exe

Set permission for your user account on the folder

Right-click the tanzu folder, select Properties > Security, and make sure that your user account has the Full Control permission

click your start bar and type in env > click edit system environment

Click advanced tab > click environment variables

Click path and edit

Click new and add c:\program files\tanzu and click ok, click ok

Open powershell as admin and test

Type

tanzu init
tanzu version
tanzu plugin sync
tanzu plugin list

Create a kubectl folder in program files

Set permission for your user account on the folder

Right-click the kubectl folder, select Properties > Security, and make sure that your user account has the Full Control permission

extract kubectl to the kubectl folder you created – I used 7zip

Rename the file in the kubectl folder to kubectl.exe

add the system environment for kubectl as well

Open powershell as admin and test

type

kubectl version

(4)Create storage policy for tanzu, check drs and HA are enabled, ensure vcls vms exist

My storage policy I created

My DRS settings

My HA settings

My vcls vms

(5) Deploy workload management in vSphere 8

Open vcenter, click workload management from the menu

Click get started

Select your vCenter and vds and click next

Type in a supervisor name – tanzu-cl01

Select cluster deployment tab

Select your cluster and click next

Select your storage policy you created and click next

Type in your haproxy details

Name = haproxy01

load balancer type = haproxy

haproxy load balancer controller endpoint = 172.168.1.61:5556

Username name and password = admin, VMware1!

virtual ip ranges = 10.0.0.208-10.0.0.222

paste certificate you gathered from haproxy deployment

Click next

Network mode static

network is vlan-300

starting ip address 172.168.1.103

subnet mask 255.255.255.0

gateway 172.168.1.254

dns servers 172.168.1.14

dns search domain vmware.local

ntp servers 172.168.1.254

Click next

Workload network

network mode static

leave internal network for Kubernetes services as default

port group vlan-10

Leave network name as default

ip address ranges 10.0.0.50-10.0.0.100

subnet mask 255.255.255.0

gateway 10.0.0.1

dns server 172.168.1.14

ntp servers 172.168.1.254

click next

Change to tiny and click finish

Ok deployed, the yellow mark is license (so make sure you have a valid license otherwise you have 60 days)

(6)Create a namespace

Click namespaces and click create namespace

Select the supervisor cluster to create the namespace in

Name – devops

Network – vlan-10

Description

Click create

Click devops

Put in permissions, storage policy, capacity and usage, add vm class and add content library.

For permission add administrator@vsphere.local for now as you will need to deploy a TKG cluster

For vm class i just added guaranteed-xsmall

Now you will need the kubectl vSphere .exe, click the copy link

Click download cli plugin windows

Copy extract kubectl-vsphere.exe to C:\Program Files\kubectl you created earlier

Test logging in works, open powershell as admin

kubectl vsphere login --server=https://10.0.0.209 --vsphere-username administrator@vsphere.local --insecure-skip-tls-verify
kubectl get storageclass
kubectl config use-context devops
kubectl get all

(7) Deploy TKG cluster

You will need to create a yaml file you can use the default one and modify it for your environment

Default yaml can be found below

https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-B2807BCD-0CE1-4C3A-9C0E-2B78F5DA0E90.html#GUID-B2807BCD-0CE1-4C3A-9C0E-2B78F5DA0E90

default yaml file name – tkgs-cluster-1.yaml

apiVersion: run.tanzu.vmware.com/v1alpha2
kind: TanzuKubernetesCluster
metadata:
  name: tkgs-v2-cluster-default
  namespace: tkgs-cluster-ns
spec:
  topology:
    controlPlane:
      replicas: 3
      vmClass: guaranteed-medium
      storageClass: vwt-storage-policy
      tkr:  
        reference:
          name: v1.21.2---vmware.1-tkg.1.ee25d55
    nodePools:
    - name: worker-nodepool-a1
      replicas: 3
      vmClass: guaranteed-large
      storageClass: vwt-storage-policy
      tkr:  
        reference:
          name: v1.21.2---vmware.1-tkg.1.ee25d55

modified yaml file – tkgs-cluster-2.yaml (I have bolded what you need to change)

apiVersion: run.tanzu.vmware.com/v1alpha2
kind: TanzuKubernetesCluster
metadata:
  name: tanzu-cl01
  namespace: devops
spec:
  topology:
    controlPlane:
      replicas: 3
      vmClass: guaranteed-xsmall
      storageClass: tanzu-sp
      tkr:  
        reference:
          name: v1.21.2---vmware.1-tkg.1.ee25d55
    nodePools:
    - name: worker-nodepool-a1
      replicas: 3
      vmClass: guaranteed-xsmall
      storageClass: tanzu-sp
      tkr:  
        reference:
          name: v1.21.2---vmware.1-tkg.1.ee25d55

I saved it on my desktop

Open powershell as admin and go to the desktop path and type

kubectl apply -f tkgs-cluster-2.yaml

Check progress
kubectl get tanzukubernetesclusters

Ready needs to be True

Login to your new tkg cluster

kubectl vsphere login --server=10.0.0.209 --tanzu-kubernetes-cluster-name tanzu-cl01 --tanzu-kubernetes-cluster-namespace devops --vsphere-username administrator@vsphere.local --insecure-skip-tls-verify

kubectl config use-context tanzu-cl01

(8) Deploy two workloads for testing

Deploy busybox and getshell


DON’T RUN IN PROD THIS COMMAND BYPASSES PRIVILEGES


kubectl create clusterrolebinding default-tkg-admin-privileged-binding --clusterrole=psp:vmware-system-privileged --group=system:authenticated

kubectl run -i --tty busybox --image=quay.io/quay/busybox --restart=Never -- sh

ping google.com

exit

kubectl get pods

kubectl delete pod busybox

Deploy nginx and apply to loadbalancer


kubectl create deployment --image nginx my-nginx
kubectl scale deployment --replicas 2 my-nginx
kubectl get pods
kubectl expose deployment my-nginx --port=80 --type=LoadBalancer
kubectl get services

Use ip address to access from browser

Done for now enjoy

List of error messages

https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-DB7F1D90-98D8-49D0-BC6C-CA684309A154.html

By Kader