To get started with Kubernetes on VMware vSphere, admins had to use VMware Cloud Foundation (VCF), which has vSphere, NSX, vRealize Suite, etc. VMware has now announced vSphere with Tanzu. It is the latest release of VMware vSphere 7 U1, which will be capable of running Tanzu without being part of VCF.

This will allow you to set up and run Tanzu Kubernetes Grid (TKG) very fast within an existing infrastructure that does not use NSX and is not part of VCF. In fact, not many vSphere installations do have an NSX within their environment for the networking part. It seems that VMware has had many requests to enable Tanzu with vSphere since the original release of vSphere 7 back in March 2020.

The new release of VMware vSphere 7 U1 will have integrated Tanzu and Kubernetes out of the box. It will not require going through vSphere Cloud Foundation (VCF), as was the case with the initial release of vSphere 7.

vSphere 7 U1 will be the simplest implementation of Kubernetes for admins that need to run modern apps and containers.

vSphere 7 U1 also includes new features and new Virtual Hardware 18 (vMX 18), where we see some scalability improvements for large VMs, the ability to run more VMs per host/cluster, and the creation of even larger vSphere clusters with up to 96 hosts (previously only 64 were possible).

vSphere Lifecycle Manager (vLCM) also enables managing the installation, upgrade, and uninstallation of NSX components, as well as adding/removing ESXi hosts to/from a cluster. I'll write a separate detailed post about those vSphere 7 U1 features.

vSphere with Tanzu architecture

vSphere with Tanzu architecture - Image credit VMware

Admins will be able to leverage virtual distributed switches (vDS) to have networking capabilities for Tanzu, as vDS can be configured according to Tanzu's needs, providing some NSX capabilities.

With vSphere vDS, you will be able to configure the Management network, Workload network, and Frontend networks.

The Management network is used by the control plane to communicate with vCenter and to update load balancer configuration in the High Availability (HA) proxy.

The Workload network is where the Tanzu Kubernetes clusters are placed. Each supervisor namespace can be assigned to its own network and be completely isolated from other development teams.

The Frontend network is the network used by the applications.

The deployment wizard uses the HA proxy as a load balancer. It is deployed as a virtual appliance by using an OVF file via a wizard. So, once you have the HA proxy deployed and configured, Tanzu Kubernetes deployment can start; it also uses a wizard-driven workflow.

The Kubernetes supervisor cluster runs with the Kubernetes (K8s) Control plane, which can connect to the Management network, the Workload network, and the HA proxy.


With vSphere 7 U1 with Tanzu, there is a new concept called Services. These services run at the supervisor cluster level and are available to the vSphere admin.

The services are:

  • Tanzu with Kubernetes grid—The TKG service enables the admin to deploy Tanzu Kubernetes clusters onto vSphere.
  • vSphere Pods—Objects in your vCenter Server. vSphere Pods run directly on ESXi, leveraging the Container Runtime for ESXi (CRX).
  • Networks—Networks configured for Kubernetes.
  • Volumes—Storage volumes consumed by Kubernetes.
  • Registry—This service enables private image registry on the Supervisor cluster.

You can allow your development teams to run TKG clusters that are visible in a vSphere client such that as the vSphere admin, you'll have control of the assigned resources and usage.

vSphere with Tanzu can be dropped into the existing infrastructure

vSphere with Tanzu can be dropped into the existing infrastructure

vSphere with Tanzu can be deployed in about one hour. vSphere 7 U1 will be available on October 30th, 2020, Q3.

Final words

This release supports the idea I had about the initial vSphere 7 release, which was already able to run Kubernetes as long as it was tightened to the VMware VCF. With vSphere 7 U1, admins will be able to configure their virtual networking without the need to completely rebuild their networks and use NSX.

This release of vSphere will allow admins to deal with what they've dealt with many times in the past—a shadow IT. Now the admins will be able to use namespaces and assign policies that define how developers consume resources via self-service. They will also control who has access to which resource and organize the management of the development teams directly in vSphere by using its integrated groups and user management.

vSphere 7 U1 will also feature new virtual hardware 18 (vMX 18), allowing you to configure virtual machines (VMs) with up to 768 vCPUS and with 24 Tb of RAM. A really monster VM-capable release.

Subscribe to 4sysops newsletter!

VMware vSAN also has a new release, which includes some significant performance, management, and resiliency improvements and adds capabilities to vSAN, such as the ability to configure SMB v3.0, Kerberos for NFS, or Active Directory for SMB.

  1. Krzysztof Ciepłucha 2 years ago

    One thing needs to be clarified – according to the blog post (link below) by Cormac Hogan, the vPODs and Harbor requires NSX-T, so if the customer wants just to use vDS and Antera/Calico for CNI these features will not be available.

  2. Author

    Yeah, good post from Cormac. In fact, we haven't had all those information during the NDA briefing. And now, the product is still not released, just announced. So yes, thanks for pointing this out Krzysztof -:). Good point.



Leave a reply

Please enclose code in pre tags

Your email address will not be published.


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account