Tanzu Kubernetes Grid in your

VMware Cloud on Dell

SDDC is similar to TKG on-premises with NSX-T network. However, some

and

Tanzu

components are managed by VMware and therefore, a few of the on-premises administrative workflows aren't required for

Tanzu

in

VMware Cloud on Dell

.

For information about

Tanzu

administration in

VMware Cloud on Dell

, refer to the VMware Tanzu Documentation, but consider the following high-level differences when reading the VMware Tanzu documentation.

VMware Cloud on Dell

users don't have physical access to access ESXi host hardware and cannot log in to the ESXi host operating system. Procedures that require this kind of access are performed by VMware staff.

Global Permissions are not replicated from your on-premises

vCenter Server

and the

vCenter Server

in your SDDC. Global permissions do not apply to objects that VMware manages for you, like SDDC hosts and datastores.

VMware Cloud on Dell

users don’t have access to the supervisor clusters that are deployed in the management cluster after activating Tanzu.

In

VMware Cloud on Dell

, the Tanzu workload control plane can be activated only through the

VMware Cloud on Dell

console.

In addition to the high-level differences we've noted, many topics in the VMware Tanzu Documentation are written specifically for on-premises users, and don't include some of the information you need when using

Tanzu Kubernetes Grid

in

VMware Cloud on Dell

.

Topic Content Differences Between On-Premises and SDDC Tanzu

Topic	Content Highlights
Creating and Managing Content Libraries for Tanzu Kubernetes releases Migrate Tanzu Kubernetes Clusters to a New Content Library	Tanzu Kubernetes Grid for VMware Cloud on Dell is pre-provisioned with a VMC-specific content library that you cannot modify.
vSphere with Tanzu User Roles and Workflows	The vCenter Server in your SDDC includes a predefined CloudAdmin role that is not present in your on-premises vCenter. This role has privileges required to create and manage workloads on your SDDC, but does not allow access to SDDC management components that are supported and managed by VMware, such as hosts, clusters, and management virtual machines.
Deploying Workloads to vSphere Pods	Tanzu Kubernetes Grid for VMware Cloud on Dell does not support vSphere Pods.
Provision a Self-Service Namespace Template	Creation of Tanzu Kubernetes Grid Supervisor Namespace templates is not supported by VMware Cloud on Dell .
Configure a vSphere Namespace for Tanzu Kubernetes releases Create and Configure a vSphere Namespace	vSphere namespaces for Kubernetes releases are configured automatically during Tanzu Kubernetes Grid activation.
Using a Container Registry for vSphere with Tanzu Workloads	The embedded Harbor registry is enabled automatically during Tanzu Kubernetes Grid activation.
Workflow for Provisioning Tanzu Kubernetes Clusters	Step 10 of this procedure, "Monitor the deployment of cluster nodes using the vSphere Client", does not apply to Tanzu Kubernetes Grid for VMware Cloud on Dell .
Virtual Machine Classes for Tanzu Kubernetes Clusters	In Tanzu Kubernetes Grid for VMware Cloud on Dell , the VM Service allows probe definitions only for port 6443.

Each

Tanzu

namespace requires an SDDC network segment. To preserve isolation between namespaces, the workload control plane creates a Tier 1 router in your SDDC network for each

Tanzu

namespace you create. These routers, which are listed in the

Tier-1 Gateways

page of the SDDC

Networking & Security

tab handle east-west traffic between containers connected to the namespace segment, and route north-south traffic through namespace egress and ingress points. They function much like the Compute Gateway (CGW) in your SDDC, but unlike the CGW, which is created as part of the SDDC and persists for the life of the SDDC, these per-namespace tier-1 gateways are created and destroyed along with the

Tanzu

namespaces they support.

When you activate

Tanzu Kubernetes Grid

in a

VMware Cloud on Dell

SDDC, the system creates several additional Tier 1 routers for use by the Workload Control Plane. After activation, vSphere creates additional Tier 1 routers for each

Tanzu

namespace you create.

In an SDDC that uses Direct Connect, ingress and egress CIDRs are advertised to the DX connection. In an SDDC that is a member of an SDDC group, these CIDRs are advertised to the

.