Installa Tanzu Community Edition (EN)

Integrate Tanzu Community Edition (TCE) on your infrastructure

Last updated 16th November 2022


VMware Tanzu Community Edition (TCE) is a full-featured, easy-to-manage Kubernetes platform. You can deploy the product on an OVHcloud infrastructure to leverage its functionality and scalability.

Tanzu Community Edition is coming to an end of life at the end of 2022 and will no longer be available. VMware has decided to offer free download of VMware Tanzu Kubernetes Grid. You can use our introduction to Tanzu Kubernetes Grid guide to deploy it.

This guide offers a step by step example of TCE installation




As stated in the Requirements (with links to full docs), an NSX Edge Services Gateway is used in our study case for Firewall and DHCP purposes.
Other Network components can be used as alternative, such as pfSense.

To set up your Network, you will need to define a public IP for external access and an internal network with DHCP service activated for your TCE infrastructure.
Your Datacenter comes with a set of public IPs usable for your different needs. They are visible in the Datacenter Configure tab, in the Network section. You will also see the mask and gateway settings on the page.
Check out our Adding an IP block documentation if you are out of usable public IPs.


Public IPs marked as "Reserved" are used for Datacenter functions and cannot be used for other services.

For our study case, the NSX Edge Services Gateway is set up with two interfaces as follows:

  • an external interface (Uplink) with a primary and secondary public IPs ( and
  • an internal interface (Internal) with private IP on VLAN13
    internal interface
  • DHCP service distributing VLAN13 address scope through
  • a SNAT rule to translate adress range into secondary public IP for external access
    SNAT rule

In the OVHcloud Control Panel, go to the Security tab of your Hosted Private Cloud and add the public IPs to the allowed adresses to connect.
The addresses should appear as "Authorised and set up".


Node Template

The TCE clusters require a template to build the nodes. Those can be dowloaded from the VMware Customer Connect website. If you do not own an account, you can create one for free.

Select the latest version of the OVA you need to use and download it locally.

OVA download

In vSphere, right-click a host or a cluster and select Deploy OVF Template.

Deploy OVF template

Browse for the OVA file you downloaded and deploy it.

Deploy OVA

Once done, right-click the VM and, in the Template section, select Convert to Template.

Convert to template

Bootstrap VM

Once the Network and template are ready, a Bootstrap VM is needed.
It will hold the necessary software components (Docker and Kubectl) and pilot the installation of TCE.
We'll use an Ubuntu VM but any OS allowing the install of the necessary items would work.
VM prerequisites for TCE is 2 CPUs and 6 GB Ram.
You can deploy a VM from an ISO or from an OVF template.

Make sure the VM is set on the VLAN that will be used for the TCE clusters (VLAN13 in our case).


In a terminal window, start with update commands:

sudo apt update


sudo apt-get install build-essential

Install NTP

sudo apt-get install ntp

Install Homebrew

Start with git:

sudo apt install git -y

Run the Homebrew install script:

/bin/bash -c "$(curl -fsSL"

Add Homebrew to your path:

eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"

Install gcc:

brew install gcc

Install Docker Engine

Start with getting the necessary packages:

sudo apt-get install \
ca-certificates \
curl \
gnupg \

Add Docker’s official GPG key:

curl -fsSL | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

set up the stable repository:

echo \ 
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \ 
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Set up the engine:

sudo apt-get install docker-ce docker-ce-cli

Post install, add the current user to the docker group to allow it to run it without rights elevation:

sudo usermod -aG docker $USER

Install Kubectl

Download the lastest package:

curl -LO "$(curl -L -s"

Run the installer:

sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

SSH Key Pair

Run the creation command:

ssh-keygen -t rsa -b 4096 -C ""

Press Enter to save the key in default path (/root/.ssh/id_rsa).
Enter and confirm a password for the key.
Add the private key to the SSH agent running on your machine, and enter the password you created in the previous step.

ssh-add ~/.ssh/id_rsa

Keep the .ssh/ file handy as it holds the public key you will need to input later for TCE configuration.

Tanzu Management Cluster

The VM is now ready for TCE deployment.

Tanzu CLI

In a terminal window, run the CLI install commmand:

brew install vmware-tanzu/tanzu/tanzu-community-edition

Note the output install folder and run the post install script:


Tanzu CLI


Launch the installer with this command:

tanzu management-cluster create --ui

In the opening browser window, select the vSphere option.

vSphere option

Enter the Hosted Private cloud FQDN and fill in administrative credentials before clicking Connect.


Click Continue to verify the SSL thumbprint.

SSL thumbprint

Select your datacenter and fill in the SSH public key created earlier (.ssh/
Click Next.


Choose a type of cluster (Development or Production) and a node size.

instance type

Fill in the name of your custer, choose a control plane endpoint provider and IP (same subnet but outside of DHCP scope).
Click Next.


NSX Advanced Load Balancer and Metadata sections are optional and we will not edit them.
Click Next on both of them.

NSX - Metadata

Choose your resource locations.
Click Next.


Enter the Kubernetes Network settings.
Click Next.


Disable Identity Management.
Click Next.


Select the node template to be used.
Click Next.

node template

Click Review Configuration.


When ready, click Deploy Management Cluster.

Deploying cluster

Upon completion, verify you get a creation message and the nodes are visible in vSphere.

Creation message

Visible nodes

Get the cluster admin credentials for future interactions:

tanzu cluster kubeconfig get "clustername" --admin

Tanzu Workload Cluster

To deploy a workload cluster, we'll duplicate and modify the configuration file for the management cluster.
Start a terminal window in the bootstrap VM and go to the config file folder.

cd .config/tanzu/tkg/clusterconfigs

Use ls to find the yaml configuration file name and copy it into a new one.

cp existing.yaml new.yaml

configuration file name

Use a text editor to modify the key fields:

  • CLUSTER_NAME : choose a name for your new cluster
  • VSPHERE_CONTROL_PLANE_ENDPOINT : choose an unused IP in the same subnet but not in the DHCP scope
  • VSPHERE_FOLDER : this is not mandatory but you can define a different folder for ease of management

Save and close the file.

Back in the terminal, run the deploy command calling your new yaml file.

tanzu cluster create --file .config/tanzu/tkg/clusterconfigs/new.yaml

Upon completion, verify you get a creation message and the nodes are visible in vSphere.

Creation message

Visible nodes

Get the cluster admin credentials for future interactions:

tanzu cluster kubeconfig get "clustername" --admin

TCE is now ready for application install.

Go further

Join our community of users on

Questa documentazione ti è stata utile?

Prima di inviare la valutazione, proponici dei suggerimenti per migliorare la documentazione.

Immagini, contenuti, struttura... Spiegaci perché, così possiamo migliorarla insieme!

Le richieste di assistenza non sono gestite con questo form. Se ti serve supporto, utilizza il form "Crea un ticket" .

Grazie per averci inviato il tuo feedback.

Potrebbero interessarti anche...

OVHcloud Community

Accedi al tuo spazio nella Community Fai domande, cerca informazioni, pubblica contenuti e interagisci con gli altri membri della Community OVHcloud

Discuss with the OVHcloud community

Conformemente alla Direttiva 2006/112/CE e successive modifiche, a partire dal 01/01/2015 i prezzi IVA inclusa possono variare in base al Paese di residenza del cliente
(i prezzi IVA inclusa pubblicati includono di default l'aliquota IVA attualmente in vigore in Italia).