You can use the SDDC Manager in Cloud Foundation on VxRail to deploy a workload domain that will support Tanzu. Tanzu is a full distribution of the open-source Kubernetes container orchestration software that is packaged, signed, and supported by VMware. SDDC Manager will perform the configuration of the workload domain to support a Kubernetes supervisor cluster, and enable all the underlying services to support namespaces on the workload domain resources.
Under this environment, the supervisor cluster uses the services enabled in vSphere to support Kubernetes, and uses the resources provided by the ESXi hosts as worker nodes instead of Linux hosts.
To prepare for the deployment of a vSphere for Tanzu workload domain using Cloud Foundation on VxRail, ensure that there are enough resources on the planned workload domain to support the planned workload. The Tanzu Kubernetes Grid Service deploys a baseline of virtual appliances on the supervisor cluster to spurt management activities from a vCenter perspective, which include the creation of namespaces for DevOps. It will also deploy a pair of NSX edge appliances to enable connectivity upstream to the NSX tier-0 gateway. In addition, each time a namespace is configured by the vSphere administrator, a set of control plane virtual appliances are deployed to enable management access. The table in Appendix B: Cloud Foundation on VxRail footprints for sizing should be used to reserve resources in the supervisor cluster to support management overhead.
As part of the deployment process, SDDC Manager will configure a workload network to support connectivity to the Tanzu supervisor cluster, deploy NSX load balancers to separate the external and internal networks within the cluster, and deploy an NSX tier-1 gateway for ingress and egress access. NAT rules will also be established in NSX to enforce the separation the public and private networks.
The routable management network connects the management components in the supervisor cluster to vCenter, while the workload network uses NSX to support traffic to the Kubernetes APIs and to the pods created within the namespaces.
A set of IP address ranges must be reserved for usage by the vSphere for Tanzu workload domain.