Step-by-Step Guide: Deploying Tanzu Kubernetes Grid (TKG) on vSphere/VCF

Ravi ShankarRavi Shankar
3 min read

📝 Introduction

In today’s rapidly evolving cloud-native landscape, organizations are increasingly adopting Kubernetes to modernize their application infrastructure. However, deploying and managing Kubernetes clusters in enterprise environments can be complex — especially when high availability, security, and integration with existing VMware infrastructure are key requirements.

Tanzu Kubernetes Grid (TKG), a core component of the VMware Tanzu portfolio, simplifies this by offering a production-ready, fully supported Kubernetes platform that runs seamlessly on vSphere, VMware Cloud Foundation (VCF), and public clouds. With TKG, you get consistent Kubernetes operations across on-prem and hybrid environments, backed by VMware’s robust ecosystem.

In this blog post, I’ll walk you through the step-by-step deployment of TKG on a vSphere or VCF environment, covering:

  • Infrastructure and software prerequisites

  • Setting up the TKG CLI

  • Deploying a management cluster and workload cluster

  • Accessing and validating your deployment

Whether you're just starting with Tanzu or looking to solidify your hybrid Kubernetes strategy, this guide will give you a solid foundation to build on.

Let’s get started!

Prerequisites

Include all infra/software requirements:

  • vSphere 7+ or VCF 4.5/5.x with Workload Management enabled.

  • Tanzu CLI or TKG CLI installed.

  • Bootstrap machine (Linux/macOS/Windows WSL).

  • DNS + Load Balancer (HAProxy/AVI).

  • Cloud-init enabled base VM template (Photon/Ubuntu).

  • Internet access or local image registry (optional).

  • [Optional] NSX-T setup if using VCF.

Environment Overview (Diagram + Description)

  • Add a visual diagram showing:

    • Bootstrap client

    • Management cluster

    • Workload cluster

    • vCenter, NSX-T, AVI, etc.

You can use diagrams.net or Mermaid to create simple diagrams.

TKG CLI Installation and Setup

  • Download & install Tanzu CLI:
bashCopyEditbrew install vmware-tanzu/tanzu/tanzu-cli
tanzu plugin install --local cli/plugins all
  • Validate plugins:
bashCopyEdittanzu plugin list

Create the Management Cluster

  • Define the config.yaml (or use tanzu init)

  • Sample config:

yamlCopyEditVSPHERE_SERVER: "vcenter.domain.local"
VSPHERE_USERNAME: "administrator@vsphere.local"
VSPHERE_PASSWORD: "yourpassword"
VSPHERE_DATACENTER: "Datacenter"
VSPHERE_DATASTORE: "Datastore"
...
  • Deploy:
bashCopyEdittanzu management-cluster create --ui

or CLI:

bashCopyEdittanzu management-cluster create --file config.yaml --bundles <URL>

Deploy a Workload Cluster

bashCopyEdittanzu cluster create dev-cluster \
  --file dev-cluster-config.yaml \
  --plan dev
  • Verify:
bashCopyEdittanzu cluster list
kubectl get nodes

Accessing the Cluster

bashCopyEdittanzu cluster kubeconfig get dev-cluster --admin
kubectl config use-context dev-cluster-admin@dev-cluster

Day 1 Configuration (Optional but Useful)

  • Install Calico/Antrea CNI if custom

  • Enable monitoring (Prometheus/Grafana)

  • Enable logging (FluentBit to Elasticsearch)

  • Setup Harbor registry if needed

Common Errors & Troubleshooting

  • DNS issues

  • Bootstrap VM timeouts

  • NSX-T misconfigurations (if on VCF)

  • Image pull/auth errors

Conclusion

By following this guide, you've successfully deployed Tanzu Kubernetes Grid (TKG) on your vSphere or VCF environment, laying the foundation for a modern, enterprise-grade Kubernetes platform. You now have:

  • A management cluster responsible for orchestrating lifecycle operations,

  • One or more workload clusters ready to run containerized applications, and

  • A clean, VMware-native Kubernetes environment integrated with your existing infrastructure.

TKG streamlines Kubernetes operations by providing consistency across environments, simplified upgrades, and integration with VMware tools like NSX, vSAN, Aria Automation, and more.

But this is just the beginning.

In upcoming posts, we’ll dive into:

  • Managing clusters with Tanzu Mission Control

  • Performing Day 2 operations (scaling, monitoring, RBAC)

  • Securing your clusters using DevSecOps principles

  • Automating deployments with GitOps and CI/CD pipelines

Stay tuned — the real power of Tanzu lies in how easily it scales and secures modern apps in production!

0
Subscribe to my newsletter

Read articles from Ravi Shankar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

TANZUKubernetes

Written by

Ravi Shankar
Ravi Shankar