This topic explains how to install the Tanzu command line interface (CLI) on a bootstrap machine. The bootstrap machine is the laptop, host, or server that you deploy management and workload clusters from and that keeps Tanzu and Kubernetes configuration files for your deployments. The bootstrap machine is typically local, but it can also be a physical machine or VM that you access remotely. For more information about the Tanzu CLI, including a command reference, see the VMware Tanzu CLI v1.3.x documentation.
To deploy Tanzu Kubernetes Grid, you use the Tanzu CLI to create a standalone management cluster. The Tanzu CLI communicates with this management cluster to create and manage workload clusters on your target cloud infrastructure.
NoteThe instructions in this topic are specific to installing the Tanzu CLI in order to deploy standalone management clusters on vSphere without a Supervisor. If you are using the Supervisor and want to use the Tanzu CLI to create workload clusters, see Workflow for Provisioning TKG Clusters Using the Tanzu CLI in the vSphere IaaS control plane docs.
The bootstrap machine on which you install and run the Tanzu CLI for use with Tanzu Kubernetes Grid must meet certain requirements.
To run the Tanzu CLI with Tanzu Kubernetes Grid v2.5, you need a bootstrap machine on which to install and run the Tanzu CLI that has:
If your bootstrap machine runs Windows, VMware recommends installing Windows Subsystem for Linux (WSL) with Ubuntu 22.04.03 LTS, which enables you to run Linux commands on Windows. For more information about WSL, see Install WSL in the Microsoft documentation.
On VMware Cloud on AWS and Azure VMware Solution, the bootstrap machine must be a cloud VM, not a local physical machine. See Prepare to Deploy Management Clusters to a VMware Cloud Environment for setup instructions.
To deploy standalone management clusters, there are additional requirements depending on which operating system the bootstrap machine is running:
kind
container. See
Settings for Docker Desktop in the
kind
documentation.
Docker Desktop or Docker Engine installed and running on your bootstrap machine. Use apt
instead of snap
to install Docker from a package manager. For instructions on installing the Docker client app in an internet-restricted environment, see Prepare an Internet-Restricted Environment.
docker
user group. Create the group if it does not already exist. This lets the Tanzu CLI access the Docker socket, which is owned by the root
user. For more information, see the Manage Docker as a non-root user in the Docker documentation.cgroup
driver default to systemd
if it is currently set to cgroupfs
:
/etc/docker/daemon.json
that sets the Docker Docker cgroup
driver to systemd
: {
"exec-opts": ["native.cgroupdriver=systemd"]
}
sudo systemctl daemon-reload
sudo systemctl restart docker
If your bootstrap machine runs Ubuntu 22.04, ensure that reverse path filtering is deactivated. To deactivate reverse path filtering, add the following override:
# New file /etc/sysctl.d/90-override.conf
ipv4.conf.all.rp_filter = 0
Linux kernel must be v4.6 or above, to support cgroup namespaces.
If your bootstrap machine has a Linux kernel built after the May 2021 Linux security patch, you must enable kind
, which the Tanzu CLI uses to create the local bootstrap cluster, to write to a control file that recent Linux versions made read-only by default.
How you change this file permission depends on your Linux distribution. For example, with a Fedora distribution of Linux 5.11 and 5.12, run:
sudo sysctl net/netfilter/nf_conntrack_max=131072
With a Debian distribution, add nf_conntrack_max=131072
to the sysctl.conf
file and run:
sudo modprobe nf_conntrack
If you are troubleshooting as described in Use an Existing Bootstrap Cluster to Deploy and Delete Management Clusters, you must use kind
v0.11 or later to create the pre-existing and persistent bootstrap cluster.
kind
container. See Settings for Docker Desktop in the kind
documentation.If your bootstrap machine runs Windows Subsystem for Linux and it has a Linux kernel built after the May 2021 Linux security patch, for example, Linux 5.11 and 5.12 with Fedora, run the following:
sudo sysctl net/netfilter/nf_conntrack_max=131072
This lets kind
, which the tanzu
CLI uses to create the local bootstrap cluster, write to a control file that recent Linux versions made read-only by default.
If you are troubleshooting as described in Use an Existing Bootstrap Cluster to Deploy and Delete Management Clusters, you must use kind
v0.11 or later to create the pre-existing and persistent bootstrap cluster.
To install the Tanzu CLI for use with Tanzu Kubernetes Grid v2.5.2, you install a compatible version of the Tanzu Core CLI and the Tanzu CLI plugins for Tanzu Kubernetes Grid v2.5.2. Commands provided by these plugins enable cluster and package operations. For a list of compatible CLI versions, see Product Interoperability Matrix.
To install Tanzu Core CLI, follow the steps below; to see the steps, click the Install using a package manager or Install from a binary release tab.
After you install the Tanzu Core CLI, proceed to Install the Tanzu CLI Plugins for TKG v2.5.
NoteIf you want to retain an existing installation of the Tanzu CLI, move the CLI binary from
/usr/local/bin/tanzu
to a different location before following the steps below.
Choose a compatible version of the Tanzu CLI. For a list of CLI versions that are compatible with this release of Tanzu Kubernetes Grid, see Product Interoperability Matrix.
Follow the instructions for your package manager below.
APT (Debian or Ubuntu):
To install a version of the Tanzu CLI that is compatible with TKG v2.5.2, for example, v1.3.0
, run:
sudo apt update
sudo apt install -y ca-certificates curl gpg
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://packages-prod.broadcom.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub | sudo gpg --dearmor -o /etc/apt/keyrings/tanzu-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/tanzu-archive-keyring.gpg] https://storage.googleapis.com/tanzu-cli-os-packages/apt tanzu-cli-jessie main" | sudo tee /etc/apt/sources.list.d/tanzu.list
sudo apt update
sudo apt install tanzu-cli=1.3.0
Chocolatey (Windows):
To install a version of the Tanzu CLI that is compatible with TKG v2.5.2, for example, v1.3.0
, run:
choco install tanzu-cli --version 1.3.0
Homebrew (MacOS):
To install a version of the Tanzu CLI that is compatible with TKG v2.5.2, for example, v1.3.0
, run:
brew update
brew tap-new local/tap
brew extract --version=1.3.0 vmware-tanzu/tanzu/tanzu-cli local/tap
brew install tanzu-cli@1.3.0
YUM or DNF (RHEL):
To install a version of the Tanzu CLI that is compatible with TKG v2.5.2, for example, v1.3.0
, run:
cat << EOF | sudo tee /etc/yum.repos.d/tanzu-cli.repo
[tanzu-cli]
name=Tanzu CLI
baseurl=https://storage.googleapis.com/tanzu-cli-os-packages/rpm/tanzu-cli
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages-prod.broadcom.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub
EOF
sudo yum install tanzu-cli-1.3.0 # If you are using DNF, run sudo dnf install tanzu-cli-1.3.0.
Check that the correct version of the CLI is properly installed. For example:
tanzu version
version: v1.3.0
...
To download a binary release of the Tanzu CLI from the Broadcom Support Portal and then install it:
Download and unpack the Tanzu CLI binary:
Unpack the Tanzu CLI file for your OS. To unpack the file, use the extraction tool of your choice. For example, on Linux or macOS, you can use the tar
command.
macOS:
tar -xvf tanzu-cli-darwin-amd64.tar.gz
Linux:
tar -xvf tanzu-cli-linux-amd64.tar.gz
Windows:
Use the Windows extractor tool to unzip tanzu-cli-windows-amd64.zip
.
cd
into the unpacked directory, which contains the CLI executable.
Make the CLI available to the system:
macOS:
Install the binary to /usr/local/bin
:
install tanzu-cli-darwin_amd64 /usr/local/bin/tanzu
Linux:
Install the binary to /usr/local/bin
:
sudo install tanzu-cli-linux_amd64 /usr/local/bin/tanzu
Windows:
Program Files\tanzu
folder.tanzu-cli-windows_amd64.exe
file into the new Program Files\tanzu
folder.tanzu-cli-windows_amd64.exe
to tanzu.exe
.tanzu
folder, select Properties > Security, and make sure that your user account has the Full Control permission.env
.Path
row under System variables, and click Edit.tanzu
CLI. The path value must not include the .exe
extension. For example, C:\Program Files\tanzu
.Check that the correct version of the CLI is properly installed. For example:
tanzu version
version: v1.3.0
...
To download and install the Tanzu CLI from a binary release on GitHub, follow the instructions in the From Binary Releases in the GitHub Project section of Installing the Tanzu CLI.
To install the standalone Tanzu CLI plugins for Tanzu Kubernetes Grid v2.5.2:
List the standalone Tanzu CLI plugins for Tanzu Kubernetes Grid v2.5.2:
tanzu plugin group get vmware-tkg/default:v2.5.2
The output looks similar to the following:
Plugins in Group: vmware-tkg/default:v2.5.2
NAME TARGET VERSION
isolated-cluster global v0.32.3
management-cluster kubernetes v0.32.3
package kubernetes v0.32.1
pinniped-auth global v0.32.3
secret kubernetes v0.32.0
telemetry kubernetes v0.32.3
To list all available versions for the vmware-tkg/default
plugin group, run:
tanzu plugin group search -n vmware-tkg/default --show-details
Install the standalone plugins for Tanzu Kubernetes Grid v2.5.2:
tanzu plugin install --group vmware-tkg/default:v2.5.2
Verify that the plugins installed successfully:
tanzu plugin list
Each plugin name and plugin version returned by tanzu plugin group get vmware-tkg/default:v2.5.2
must be included in the output of tanzu plugin list
.
NoteAfter you have installed the Tanzu CLI and standalone plugins for Tanzu Kubernetes Grid but before you have used it to connect to a management cluster, all context-specific CLI command groups, such as
tanzu cluster
andtanzu kubernetes-release
, are unavailable and not included in Tanzu CLI--help
output. The Tanzu CLI installs context-scoped plugins automatically when you connect to a management cluster. For more information about Tanzu CLI plugins and how to install them, see Install Tanzu CLI Plugins.
Download and unpack the Kubernetes CLI, kubectl
, on your bootstrap machine, and then make it available to your system.
ImportantPrevious versions of TKG provided a
kubectl
download that matched the Kubernetes version of the management cluster for that release. From TKG v2.5.2 onwards, TKG supports running Kubernetes versions on workload clusters that are more recent than the version of Kubernetes that is running on management clusters. The Kubernetes version skew policy supports the use of a given minor version ofkubectl
with Kubernetes API Server minor versions N-1, N and N+1. So, for example, if you are usingkubectl
v1.28, this version is officially supported for use with clusters running Kubernetes API Server v1.29, v1.28 and v1.27. Using a version ofkubectl
that is more than N-1 or N+1 minor versions adrift of the Kubernetes API version in a cluster might lead to unpredictable results. From v2.5.2 onwards, TKG provides a version ofkubectl
for each supported Kubernetes version.
Go to the Broadcom Support Portal and log in with your VMware customer credentials.
Visit the Tanzu Kubernetes Grid downloads page and select 2.5.2.
Scroll to the download for your OS, locate an version version of kubectl
, for example kubectl cli v1.28.11 for Mac/Linux/Windows, and click the download button.
(Optional) Verify that your downloaded files are unaltered from the original. VMware provides a SHA-1, a SHA-256, and an MD5 checksum for each download. To obtain these checksums, click Read More under the entry that you want to download. For more information, see Using Cryptographic Hashes.
To unpack the kubectl
binary for your operating system, use the extraction tool of your choice. For example, the gunzip
command.
gunzip kubectl-mac-v1.28.11+vmware.2.gz
gunzip kubectl-linux-v1.28.11+vmware.2.gz
kubectl-windows-v1.28.11+vmware.2.exe.gz
Make the CLI available to the system:
Make the downloaded file executable:
chmod ugo+x kubectl-mac-v1.28.11+vmware.2
Install the binary to /usr/local/bin
:
sudo install kubectl-mac-v1.28.11+vmware.2 /usr/local/bin/kubectl
Run kubectl version
to check that the correct version of kubectl
is installed and executable.
kubectl version
Make the downloaded file executable:
chmod ugo+x kubectl-linux-v1.28.11+vmware.2
Install the binary to /usr/local/bin
:
sudo install kubectl-linux-v1.28.11+vmware.2 /usr/local/bin/kubectl
Run kubectl version
to check that the correct version of kubectl
is installed and executable.
kubectl version
Program Files\kubectl
folder.kubectl-windows-v1.28.11+vmware.2.exe
file into the new Program Files\kubectl
folder.kubectl-windows-v1.28.11+vmware.2.exe
to kubectl.exe
.kubectl
folder, select Properties > Security, and make sure that your user account has the Full Control permission.env
.Path
row under System variables and click Edit.kubectl
CLI.Run kubectl version
to check that the correct version of the CLI is properly installed.
kubectl version
To deploy standalone management clusters to your cloud provider, follow the instructions in Deploying Standalone Management Clusters.