TKG 2 - What's New with TKRs
vSphere 8 introduces an upgrade to the Tanzu Kubernetes Grid (TKG 2). One of the areas of change is in the Tanzu Kubernetes Release (TKR). Both the format and capability of TKRs have changed and it is important to select appropriate images for your environment. A TKR is a VM base image - packaged as an OVA file - providing a Kubernetes software distribution signed and supported by VMware for use in Kubernetes clusters provisioned by TKG. The naming is aligned with Kubernetes upstream versions, so it it easy to deploy clusters with your preferred version of Kubernetes.
As with vSphere 7, the TKRs are available on a public Content Delivery Network (CDN). You simply create a Content Library in vCenter that is subscribed to that CDN.
852x555
The TKRs automatically sync to the Supervisor cluster. You can see them by executing: kubectl get tkr
/home/ubuntu: kubectl get tkr
NAME VERSION READY COMPATIBLE CREATED
v1.16.12---vmware.1-tkg.1.da7afe7 v1.16.12+vmware.1-tkg.1.da7afe7 False False 4d1h
v1.16.14---vmware.1-tkg.1.ada4837 v1.16.14+vmware.1-tkg.1.ada4837 False False 4d1h
v1.16.8---vmware.1-tkg.3.60d2ffd v1.16.8+vmware.1-tkg.3.60d2ffd False False 4d1h
v1.17.11---vmware.1-tkg.1.15f1e18 v1.17.11+vmware.1-tkg.1.15f1e18 False False 4d1h
v1.17.11---vmware.1-tkg.2.ad3d374 v1.17.11+vmware.1-tkg.2.ad3d374 False False 4d1h
v1.17.13---vmware.1-tkg.2.2c133ed v1.17.13+vmware.1-tkg.2.2c133ed False False 4d1h
v1.17.17---vmware.1-tkg.1.d44d45a v1.17.17+vmware.1-tkg.1.d44d45a False False 4d1h
v1.17.7---vmware.1-tkg.1.154236c v1.17.7+vmware.1-tkg.1.154236c False False 4d1h
v1.17.8---vmware.1-tkg.1.5417466 v1.17.8+vmware.1-tkg.1.5417466 False False 4d1h
v1.18.10---vmware.1-tkg.1.3a6cd48 v1.18.10+vmware.1-tkg.1.3a6cd48 False False 4d1h
v1.18.15---vmware.1-tkg.1.600e412 v1.18.15+vmware.1-tkg.1.600e412 False False 4d1h
v1.18.15---vmware.1-tkg.2.ebf6117 v1.18.15+vmware.1-tkg.2.ebf6117 False False 4d1h
v1.18.19---vmware.1-tkg.1.17af790 v1.18.19+vmware.1-tkg.1.17af790 False False 4d1h
v1.18.5---vmware.1-tkg.1.c40d30d v1.18.5+vmware.1-tkg.1.c40d30d False False 4d1h
v1.19.11---vmware.1-tkg.1.9d9b236 v1.19.11+vmware.1-tkg.1.9d9b236 False False 4d1h
v1.19.14---vmware.1-tkg.1.8753786 v1.19.14+vmware.1-tkg.1.8753786 False False 4d1h
v1.19.16---vmware.1-tkg.1.df910e2 v1.19.16+vmware.1-tkg.1.df910e2 False False 4d1h
v1.19.7---vmware.1-tkg.1.fc82c41 v1.19.7+vmware.1-tkg.1.fc82c41 False False 4d1h
v1.19.7---vmware.1-tkg.2.f52f85a v1.19.7+vmware.1-tkg.2.f52f85a False False 4d1h
v1.20.12---vmware.1-tkg.1.b9a42f3 v1.20.12+vmware.1-tkg.1.b9a42f3 False False 4d1h
v1.20.2---vmware.1-tkg.1.1d4f79a v1.20.2+vmware.1-tkg.1.1d4f79a False False 4d1h
v1.20.2---vmware.1-tkg.2.3e10706 v1.20.2+vmware.1-tkg.2.3e10706 False False 4d1h
v1.20.7---vmware.1-tkg.1.7fb9067 v1.20.7+vmware.1-tkg.1.7fb9067 False False 4d1h
v1.20.8---vmware.1-tkg.2 v1.20.8+vmware.1-tkg.2 False False 4d1h
v1.20.9---vmware.1-tkg.1.a4cee5b v1.20.9+vmware.1-tkg.1.a4cee5b False False 4d1h
v1.21.2---vmware.1-tkg.1.ee25d55 v1.21.2+vmware.1-tkg.1.ee25d55 True True 4d1h
v1.21.6---vmware.1-tkg.1 v1.21.6+vmware.1-tkg.1 True True 4d1h
v1.21.6---vmware.1-tkg.1.b3d708a v1.21.6+vmware.1-tkg.1.b3d708a True True 4d1h
v1.22.9---vmware.1-tkg.1.cc71bc8 v1.22.9+vmware.1-tkg.1.cc71bc8 True True 4d1h
v1.23.8---vmware.2-tkg.2-zshippable v1.23.8+vmware.2-tkg.2-zshippable True True 4d1h
There are a few things to note in this output. The name is consistent with the Kubernetes version that will run in clusters created with this TKR. The "Compatible" column shows images that can be used with vSphere 8. If you are upgrading the Supervisor from vSphere 7, you MUST update your existing Tanzu Kubernetes Clusters (TKC) to one of the compatible TKRs prior to upgrading your Supervisor cluster. If you try to upgrade your Supervisor with Tanzu Kubernetes Clusters (TKCs) running incompatible images, you will see an incompatible infrastructure error.
Not all "Compatible" images contain the new TKR format and capability. We have updated several vSphere 7 TKRs to run in vSphere 8 as an upgrade path, however only images whose name ends in "zshippable" contain the new packaging format and functionality. You can only use "zshippable" images to create clusters on vSphere 8 updated Supervisors. For complete information on compatibility check out the VMware Tanzu Kubernetes Releases release notes
What's New in vSphere 8 "zshippable" TKRs?
Multi-OS Support in Single TKR
A single TKR can contain all supported operating system images for a particular Kubernetes release through the OSImage format. Currently we are supporting PhotonOS and Ubuntu based images. You can see the supported OSs in the TKR by running: kubectl tkr "tkr-name" -o yaml
ownerReferences:
- apiVersion: vmoperator.vmware.com/v1alpha1
kind: VirtualMachineImage
name: ob-20611104-ubuntu-2004-amd64-vmi-k8s-v1.23.8---vmware.2-tkg.1-zshippable
uid: 8eeac7c0-fa87-4d41-b4c2-615484c92b60
- apiVersion: vmoperator.vmware.com/v1alpha1
kind: VirtualMachineImage
name: ob-20611023-photon-3-amd64-vmi-k8s-v1.23.8---vmware.2-tkg.1-zshippable
uid: 98f6bccb-c6f9-4cf0-8851-6cce8332b560
Under the ownerReferences section, you see the names of the OSImages contained in this TKR. You can further drill into those OSImages with: kubectl get osimages
/home/ubuntu: kubectl get osimages
NAME K8S VERSION OS NAME OS VERSION ARCH TYPE COMPATIBLE CREATED
ob-15957779-photon-3-k8s-v1.16.8---vmware.1-tkg.3.60d2ffd v1.16.8+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-16466772-photon-3-k8s-v1.17.7---vmware.1-tkg.1.154236c v1.17.7+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-16545581-photon-3-k8s-v1.16.12---vmware.1-tkg.1.da7afe7 v1.16.12+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-16551547-photon-3-k8s-v1.17.8---vmware.1-tkg.1.5417466 v1.17.8+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-16897056-photon-3-k8s-v1.16.14---vmware.1-tkg.1.ada4837 v1.16.14+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-16924026-photon-3-k8s-v1.18.5---vmware.1-tkg.1.c40d30d v1.18.5+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-16924027-photon-3-k8s-v1.17.11---vmware.1-tkg.1.15f1e18 v1.17.11+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-17010758-photon-3-k8s-v1.17.11---vmware.1-tkg.2.ad3d374 v1.17.11+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-17332787-photon-3-k8s-v1.17.13---vmware.1-tkg.2.2c133ed v1.17.13+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-17419070-photon-3-k8s-v1.18.10---vmware.1-tkg.1.3a6cd48 v1.18.10+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-17654937-photon-3-k8s-v1.18.15---vmware.1-tkg.1.600e412 v1.18.15+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-17658793-photon-3-k8s-v1.17.17---vmware.1-tkg.1.d44d45a v1.17.17+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-17660956-photon-3-k8s-v1.19.7---vmware.1-tkg.1.fc82c41 v1.19.7+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-17861429-photon-3-k8s-v1.20.2---vmware.1-tkg.1.1d4f79a v1.20.2+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18035533-photon-3-k8s-v1.18.15---vmware.1-tkg.2.ebf6117 v1.18.15+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18035534-photon-3-k8s-v1.19.7---vmware.1-tkg.2.f52f85a v1.19.7+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18037317-photon-3-k8s-v1.20.2---vmware.1-tkg.2.3e10706 v1.20.2+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18186591-photon-3-k8s-v1.20.7---vmware.1-tkg.1.7fb9067 v1.20.7+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18284400-photon-3-k8s-v1.18.19---vmware.1-tkg.1.17af790 v1.18.19+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18324108-photon-3-k8s-v1.19.11---vmware.1-tkg.1.9d9b236 v1.19.11+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18461281-photon-3-k8s-v1.20.9---vmware.1-tkg.1.a4cee5b v1.20.9+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18532793-photon-3-k8s-v1.19.14---vmware.1-tkg.1.8753786 v1.19.14+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18592554-photon-3-k8s-v1.21.2---vmware.1-tkg.1.ee25d55 v1.21.2+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18807685-tkgs-ova-ubuntu-2004-v1.20.8---vmware.1-tkg.2 v1.20.8+vmware.1 ubuntu 20.04 amd64 vmi 4d3h
ob-18895415-photon-3-k8s-v1.19.16---vmware.1-tkg.1.df910e2 v1.19.16+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18900476-photon-3-k8s-v1.21.6---vmware.1-tkg.1.b3d708a v1.21.6+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-18903450-photon-3-k8s-v1.20.12---vmware.1-tkg.1.b9a42f3 v1.20.12+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-19344082-tkgs-ova-ubuntu-2004-v1.21.6---vmware.1-tkg.1 v1.21.6+vmware.1 ubuntu 20.04 amd64 vmi 4d3h
ob-19930037-photon-3-k8s-v1.22.9---vmware.1-tkg.1.cc71bc8 v1.22.9+vmware.1 photon 3.0 amd64 vmi 4d3h
ob-20611023-photon-3-amd64-vmi-k8s-v1.23.8---vmware.2-tkg.1-zshippable v1.23.8+vmware.2 photon 3 amd64 vmi 4d3h
ob-20611104-ubuntu-2004-amd64-vmi-k8s-v1.23.8---vmware.2-tkg.1-zshippable v1.23.8+vmware.2 ubuntu 20.04 amd64 vmi 4d3h
When creating a TKG cluster, selecting the appropriate image in the manifest involves two specifications. You must add the name of the TKR and you must add an annotation to choose the OSImage you want to use from that TKR. Note that you might even choose to run different images for control plane nodes and workers, or even break workers into separate nodePools and choose different OSImages for each nodePool. An example would be when deploying GPU enabled clusters, NVIDIA currently does not support PhotonOS for its GPU Operator, so GPU nodes could run Ubuntu, while the other workers could be PhotonOS. Notice the annotation "run.tanzu.vmware.com/resolve-os-image.gpuworkers: os-name=ubuntu". This specifies that the workers in the gpuworkers nodepool will get ubuntu and since there is no annotation for the nogpuworker nodepool, it gets the default PhotonOS.
apiVersion: run.tanzu.vmware.com/v1alpha3
kind: TanzuKubernetesCluster
metadata:
name: tkc-2
namespace: utilities
annotations:
run.tanzu.vmware.com/resolve-os-image.gpuworkers: os-name=ubuntu
spec:
distribution:
fullVersion: v1.23.8---vmware.2-tkg.2-zshippable
topology:
controlPlane:
replicas: 1
storageClass: kubernetes-policy
tkr:
reference:
name: v1.23.8---vmware.2-tkg.2-zshippable
vmClass: best-effort-small
nodePools:
- name: gpuworkers
replicas: 1
storageClass: kubernetes-policy
tkr:
reference:
name: v1.23.8---vmware.2-tkg.2-zshippable
vmClass: gpuclass-a100
volumes:
- capacity:
storage: 50Gi
mountPath: /var/lib/containerd
name: containerd
- capacity:
storage: 50Gi
mountPath: /var/lib/kubelet
name: kubelet
- name: nogpuworker
replicas: 1
storageClass: kubernetes-policy
vmClass: best-effort-small
Support New Package Based Framework
Another capability in the new TKRs is standardization on a package based format. You can see the packages included in the TKR with : kubectl get tkr -o yaml |grep -A 10
/home/ubuntu: kubectl get tkr -o yaml |grep -A 10 bootstrapPackages
bootstrapPackages:
- name: antrea.tanzu.vmware.com.1.5.3+tkg.2-zshippable
- name: vsphere-pv-csi.tanzu.vmware.com.2.6.0+vmware.1-tkg.1-zshippable
- name: vsphere-cpi.tanzu.vmware.com.1.23.1+vmware.1-tkg.2-zshippable
- name: kapp-controller.tanzu.vmware.com.0.41.2+vmware.1-tkg.1-zshippable
- name: guest-cluster-auth-service.tanzu.vmware.com.1.0.0+tkg.2-zshippable
- name: metrics-server.tanzu.vmware.com.0.6.1+vmware.1-tkg.3-zshippable
- name: secretgen-controller.tanzu.vmware.com.0.11.0+vmware.2-tkg.1-zshippable
- name: pinniped.tanzu.vmware.com.0.12.1+vmware.2-tkg.2-zshippable
- name: capabilities.tanzu.vmware.com.0.28.0-dev-19-g0e3cb04b+vmware.1
- name: calico.tanzu.vmware.com.3.22.1+vmware.1-tkg.2-zshippable
Notice that this TKR includes both antrea and calico CNI packages. So a user could choose to deploy their cluster using either of these for overlay networking. TKG 2 supports the enablement of these packages at deployment time but also provides a new capability for package management after deployment through the Tanzu CLI and Tanzu Package Repository
The new Tanzu Kubernetes Release (TKR) provides flexibility and cross infrastructure standardization that was not available with the legacy TKR.