TKG 1.4 on Azure – Part 1: Prepare the resources

Reading Time: 6 mins

I am very thrilled to login to Azure portal to deploy TKG, I previously worked on Azure extensively for more than 2 years when I was working in Horizon cloud on Azure and really loved the way how microsoft constantly keeps updating its functionality. This post explains how to prepare Microsoft Azure for running Tanzu Kubernetes Grid. We’ll walk through the steps as mentioned below where I have written separate posts for each content:

Table of Contents: 

General Requirements: 

  • Install Docker
  • Install Tanzu CLI, Kubectl and Carvel tools
  • A Microsoft Azure account with:
    • Permissions required to create a service principal and assign the Contributor role to it.
    • Sufficient VM core (vCPU) quotas for your clusters
    • Sufficient public IP address quotas
  • OpenSSL installed locally, to create a new keypair

Now lets go through each step in detailed: 

Install Docker:

Docker is one of the important pre requisite to be deployed in your boot strap machine before deploying management cluster, detailed steps are given below:

Once installed, increase the resources of docker to min 6 cpu’s and 4 GB memory.

In Mac, open Docker desktop > click on settings > Resources > Advanced

Install Tanzu CLI, Kubectl and Carvel Tools:

This topic explains how to install and initialize the Tanzu command line interface (CLI), Kubectl on a bootstrap machine. The bootstrap machine is the laptop, host, or server that you deploy management and workload clusters from, and that keeps the Tanzu and Kubernetes configuration files for your deployments. The bootstrap machine is typically local, but it can also be a physical machine or VM that you access remotely. In this case I am using my workstation(mac) as bootstrap machine. If you are using any other machine like windows etc.. please refer to url

  • Download the VMware Tanzu CLI 1.4.0 CLI from myvmware using your my vmware credentials and navigate to Tanzu Kubernetes Grid Downloads page
  • In the select version drop-down, select 1.4.0. or latest (if available)
  • Under Product Downloads, scroll to the section labeled VMware Tanzu CLI 1.4.0 CLI > Download Now
  • In the same page, scroll down to Kubectl 1.21.2 > Download Now
  • On your system, create a new directory named tanzu. If you previously unpacked artifacts for previous releases to this folder, delete the folder’s existing contents.
  • Copy the downloaded CLI files into tanzu directory
  • In tanzu folder, unpack the bundle Tanzu CLI and kubectl bundle files for your operating system using tar -xvf command
  • Navigate to the tanzu/cli folder that you unpacked in the previous section.
  • Make the CLI available to the system by installing the binary to /usr/local/bin:
    sudo install core/v1.4.0/tanzu-core-darwin_amd64 /usr/local/bin/tanzu

    # At the command line, run tanzu version to check that the correct version of the CLI is properly installed.

    # After you have installed the tanzu core executable, you must install the CLI plugins

    # Navigate to the tanzu folder that contains the cli folder.

    tanzu plugin install --local cli all
    tanzu plugin list

Install Kubectl: 

  • Navigate to the kubectl binary that you unpacked earlier into tanzu directory
  • Make the CLI available to the system by installing the binary to /usr/local/bin
sudo install kubectl-mac-v1.21.2+vmware.1 /usr/local/bin/kubectl

Install Carvel Tools: 

Carvel provides a set of reliable, single-purpose, composable tools that aid in application building, configuration, and deployment to Kubernetes.

  • ytt – a command-line tool for templating and patching YAML files. You can also use ytt to collect fragments and piles of YAML into modular chunks for easy re-use.
  • kapp – the applications deployment CLI for Kubernetes. It allows you to install, upgrade, and delete multiple Kubernetes resources as one application.
  • kbld – an image-building and resolution tool.
  • imgpkg – a tool that enables Kubernetes to store configurations and the associated container images as OCI images, and to transfer these images.


# Navigate to cli directory
#Unpack the ytt binary and make it executable.
gunzip ytt-darwin-amd64-v0.34.0+vmware.1.gz
chmod ugo+x ytt-darwin-amd64-v0.34.0+vmware.1

#Move the binary to /usr/local/bin and rename it to ytt:

mv ./ytt-darwin-amd64-v0.34.0+vmware.1 /usr/local/bin/ytt

# At the command line in a new terminal, run ytt version to check that the correct version of ytt is properly installed.


#Unpack the kapp binary and make it executable.

gunzip kapp-darwin-amd64-v0.37.0+vmware.1.gz
chmod ugo+x kapp-darwin-amd64-v0.37.0+vmware.1

#Move the binary to /usr/local/bin and rename it to kapp:

mv ./kapp-darwin-amd64-v0.37.0+vmware.1 /usr/local/bin/kapp

# At the command line, run kapp version to check that the correct version of kapp is properly installed.


# Unpack the kbld binary and make it executable.

gunzip kbld-darwin-amd64-v0.30.0+vmware.1.gz
chmod ugo+x kbld-darwin-amd64-v0.30.0+vmware.1

# Move the binary to /usr/local/bin and rename it to kbld:

mv ./kbld-darwin-amd64-v0.30.0+vmware.1 /usr/local/bin/kbld

# At the command line, run kbld version to check that the correct version of kbld is properly installed.


#Unpack the imgpkg binary and make it executable.

gunzip imgpkg-darwin-amd64-v0.10.0+vmware.1.gz
chmod ugo+x imgpkg-darwin-amd64-v0.10.0+vmware.1

# Move the binary to /usr/local/bin and rename it to imgpkg:

mv ./imgpkg-darwin-amd64-v0.10.0+vmware.1 /usr/local/bin/imgpkg

# At the command line, run imgpkg version to check that the correct version of imgpkg is properly installed.


Prepare Azure account:

  • Login to Azure portal > Azure Active Directory > App registrations > New registration – Give a Name

  • Click on newly cleared application (service principal) and copy below req info in notepad, this will be used while creating management cluster:
    • Application (client) ID
    • Subscription ID:

  • Navigate to Subscriptions > IAM > Add role assignment > Contributor > Next > + Select members > search for application created earlier > Select > Next > Review + assign

Navigate to Azure Active Directory > App registrations > click on application created earlier > Certificates & secrets > + New client secret > give a description > Add

Copy the value and save in notepad


Download and Install Azure CLI in boot strap machine:

Click here to find the steps to install azure cli in boot strap machine.

Accept the Base Image License:

# Sign in to the Azure CLI with your tkg service principal.

az login --service-principal --username AZURE_CLIENT_ID --password AZURE_CLIENT_SECRET --tenant AZURE_TENANT_ID

# where AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and AZURE_TENANT_ID values are collected earlier and saved into notepad.

az vm image terms accept --publisher vmware-inc --offer tkg-capi --plan k8s-1dot21dot2-ubuntu-2004 --subscription <subscription id collected earler>

# Ex: az vm image terms accept --publisher vmware-inc --offer tkg-capi --plan k8s-1dot21dot2-ubuntu-2004 --subscription 82711231-y7y2-456b-a9b-45d344

Create new key pair:

To connect to Azure TKG vm’s (management cluster or workload vm’s), the bootstrap machine must provide the public key part of an SSH key pair. If your bootstrap machine does not already have an SSH key pair, you can use a tool such as ssh-keygen to generate one.

# On your bootstrap machine, run the following ssh-keygen command.

ssh-keygen -t rsa -b 4096 -C ""

# At the prompt Enter file in which to save the key (/root/.ssh/id_rsa): press Enter to accept the default.

#Enter and repeat a password for the key pair.

#Add the private key to the SSH agent running on your machine, and enter the password you created in the previous step.

ssh-add ~/.ssh/id_rsa

click here to refer official doc from VMware