This topic tells you how to install, upgrade, and uninstall Cluster Essentials v1.10.
Supported Kubernetes versions
Installation requires Kubernetes cluster v1.26, v1.27, v1.28, v1.29 or 1.30 on one of the following Kubernetes providers:
- Azure Kubernetes Service
- Amazon Elastic Kubernetes Service
- Google Kubernetes Engine
- Red Hat OpenShift v4.14 or v4.15 running on vSphere and baremetal clusters
- Minikube
- Kind
Supported Platforms
The Cluster Essentials install script can only be run on AMD64 CPUs with macOS, Windows or Linux.
Install
If you are using a VMware Tanzu Kubernetes Grid cluster, you do not need to install Cluster Essentials because the contents of Cluster Essentials are already installed on your cluster.
For all other clusters, install Cluster Essentials using the following steps.
Download artifacts from the Broadcom Support Portal
-
Sign in to the Broadcom Support Portal.
-
Go to Cluster Essentials for VMware Tanzu in Tanzu > My Downloads.
-
Expand the Cluster Essentials for VMWare Tanzu section.
-
Retrieve your Broadcom registry API token:
-
Click the Token Download icon next to the Cluster Essentials version you want to download.

-
Follow the instructions in the dialog box. Save the token as a variable named
MY_BROADCOM_SUPPORT_ACCESS_TOKEN. For example:export MY_BROADCOM_SUPPORT_ACCESS_TOKEN=API-TOKENWhere
API-TOKENis your token from the Broadcom Support Portal.
-
-
Click 1.10.1.
-
Select the I agree to Terms and Conditions check box.
-
Choose a download according to your Kubernetes provider and operating system:
- For macOS, download
tanzu-cluster-essentials-darwin-amd64-1.10.1.tgz. - For Linux, download
tanzu-cluster-essentials-linux-amd64-1.10.1.tgz. - For Windows, download
tanzu-cluster-essentials-windows-amd64-1.10.1.tgz.
- For macOS, download
-
Unpack the TAR file into the
tanzu-cluster-essentialsdirectory:-
On macOS or Linux:
mkdir $HOME/tanzu-cluster-essentials tar -xvf DOWNLOADED-CLUSTER-ESSENTIALS-BUNDLE -C $HOME/tanzu-cluster-essentialsWhere
DOWNLOADED-CLUSTER-ESSENTIALS-BUNDLEis the name of the bundle you downloaded. -
On Windows, in Command Prompt:
:: Ensure you are in the directory where you have downloaded DOWNLOADED-CLUSTER-ESSENTIALS-BUNDLE mkdir tanzu-cluster-essentials tar -xvf DOWNLOADED-CLUSTER-ESSENTIALS-BUNDLE -C tanzu-cluster-essentialsWhere
DOWNLOADED-CLUSTER-ESSENTIALS-BUNDLEis the name of the bundle you downloaded.
-
-
For air-gapped installation, download the bundle:
-
On macOS or Linux:
$ cd tanzu-cluster-essentials $ IMGPKG_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com \ IMGPKG_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME \ IMGPKG_REGISTRY_PASSWORD=${MY_BROADCOM_SUPPORT_ACCESS_TOKEN} \ ./imgpkg copy \ -b cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:887788e1ff359fe110e95f36455d4ebb6e5136bbd455d3756b4bfb4616fc1663 \ --to-tar cluster-essentials-bundle-1.10.1.tar \ --include-non-distributable-layersWhere
BROADCOM-REGISTRY-USERNAMEis your username for Broadcom registry. -
On Windows, in Command Prompt:
cd tanzu-cluster-essentials set IMGPKG_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com set IMGPKG_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME set /p IMGPKG_REGISTRY_PASSWORD=password: :: Interactively enter $MY_BROADCOM_SUPPORT_ACCESS_TOKEN imgpkg copy ^ -b cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:887788e1ff359fe110e95f36455d4ebb6e5136bbd455d3756b4bfb4616fc1663 ^ --to-tar cluster-essentials-bundle-1.10.1.tar ^ --include-non-distributable-layersWhere
BROADCOM-REGISTRY-USERNAMEis your username for Broadcom registry.
-
Set Kubernetes cluster context
-
List the existing contexts by running:
kubectl config get-contexts -
Set the context to the cluster that you want to use for the Cluster Essentials install.
kubectl config use-context CONTEXT-NAMEWhere
CONTEXT-NAMEcan be retrieved from the outputs of the previous step.
Deploy onto the cluster
To deploy to your cluster, create a configuration secret if your registry requires a custom certificate then run the script to install Cluster Essentials.
(Optional) Set your custom certificate
If your registry needs a custom certificate, you must load that configuration into the cluster before installing kapp-controller.
If your registry uses a public certificate, these steps are not required.
-
Create the
kapp-controllernamespace:kubectl create namespace kapp-controller -
Create a configuration secret by using the registry’s
ca.crtstored on local disk:kubectl create secret generic kapp-controller-config \ --namespace kapp-controller \ --from-file caCerts=ca.crt
Deploy using macOS or Linux
Configure and run install.sh, which installs kapp-controller and secretgen-controller on your cluster:
-
For online installation, run:
export INSTALL_BUNDLE=cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:887788e1ff359fe110e95f36455d4ebb6e5136bbd455d3756b4bfb4616fc1663 export INSTALL_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com export INSTALL_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME export INSTALL_REGISTRY_PASSWORD=${MY_BROADCOM_SUPPORT_ACCESS_TOKEN} export CA_PATH=/PATH-TO-CA-CERT/ca.crt cd $HOME/tanzu-cluster-essentials ./install.sh --yesWhere:
BROADCOM-REGISTRY-USERNAMEis your username for Broadcom registry.-
PATH-TO-CA-CERTis the location of your custom CA certificate.CA_PATHis only required if your registry needs the custom certificate you optionally provided earlier to pull the image and deploy kapp-controller.
-
For air-gapped installation:
Upload the previously downloaded bundle to the air-gapped registry and install Cluster Essentials by running:
$ cd tanzu-cluster-essentials $ IMGPKG_REGISTRY_HOSTNAME=MY-REGISTRY \ IMGPKG_REGISTRY_USERNAME=MY-REGISTRY-USER \ IMGPKG_REGISTRY_PASSWORD=MY-REGISTRY-PASSWORD \ CA_PATH=/PATH-TO-CA-CERT/ca.crt \ ./imgpkg copy \ --tar cluster-essentials-bundle-1.10.1.tar \ --to-repo MY-REGISTRY/cluster-essentials-bundle \ --include-non-distributable-layers \ --registry-ca-cert-path CA_PATH $ INSTALL_BUNDLE=MY-REGISTRY/cluster-essentials-bundle@sha256:887788e1ff359fe110e95f36455d4ebb6e5136bbd455d3756b4bfb4616fc1663 \ INSTALL_REGISTRY_HOSTNAME=MY-REGISTRY \ INSTALL_REGISTRY_USERNAME=MY-REGISTRY-USER \ INSTALL_REGISTRY_PASSWORD=MY-REGISTRY-PASSWORD \ ./install.shWhere:
MY-REGISTRYis your air-gapped container registry.MY-REGISTRY-USERis the user with write access toMY-REGISTRY.MY-REGISTRY-PASSWORDis the password forMY-REGISTRY-USER.-
PATH-TO-CA-CERTis the location of your custom CA certificate.CA_PATHis only required if your registry needs the custom certificate you optionally provided earlier to pull the image and deploy kapp-controller.
Deploy using Windows
Configure and run install.bat, which installs kapp-controller and secretgen-controller on your cluster:
-
For online installation, run:
cd tanzu-cluster-essentials set INSTALL_BUNDLE=cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:887788e1ff359fe110e95f36455d4ebb6e5136bbd455d3756b4bfb4616fc1663 set INSTALL_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com set INSTALL_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME set /p INSTALL_REGISTRY_PASSWORD=password: :: Interactively enter $MY_BROADCOM_SUPPORT_ACCESS_TOKEN set CA_PATH=/PATH-TO-CA-CERT/ca.crt install.batWhere:
BROADCOM-REGISTRY-USERNAMEis your username for Broadcom registry.-
PATH-TO-CA-CERTis the location of your custom CA certificate.CA_PATHis only required if your registry needs the custom certificate you provided earlier to pull the image and deploy kapp-controller.
-
For air-gapped installation:
Upload the previously downloaded bundle to the air-gapped registry and install Cluster Essentials by running:
cd tanzu-cluster-essentials set IMGPKG_REGISTRY_HOSTNAME=MY-REGISTRY set IMGPKG_REGISTRY_USERNAME=MY-REGISTRY-USER set IMGPKG_REGISTRY_PASSWORD=password: :: Interactive enter MY-REGISTRY-PASSWORD set CA_PATH=/PATH-TO-CA-CERT/ca.crt imgpkg copy ^ --tar cluster-essentials-bundle-1.10.1.tar ^ --to-repo MY-REGISTRY/cluster-essentials-bundle ^ --include-non-distributable-layers ^ --registry-ca-cert-path CA_PATH set INSTALL_BUNDLE=MY-REGISTRY/cluster-essentials-bundle@sha256:887788e1ff359fe110e95f36455d4ebb6e5136bbd455d3756b4bfb4616fc1663 set INSTALL_REGISTRY_HOSTNAME=MY-REGISTRY set INSTALL_REGISTRY_USERNAME=MY-REGISTRY-USER set /p INSTALL_REGISTRY_PASSWORD=password: :: Interactively enter MY-REGISTRY-PASSWORD install.batWhere:
MY-REGISTRYis your air-gapped container registry.MY-REGISTRY-USERis the user with write access toMY-REGISTRY.MY-REGISTRY-PASSWORDis the password forMY-REGISTRY-USER.-
PATH-TO-CA-CERTis the location of your custom CA certificate.CA_PATHis only required if your registry needs the custom certificate you provided earlier to pull the image and deploy kapp-controller.
(Optional) Install CLIs onto your $PATH
-
(Optional) Several Tanzu products, such as Tanzu Application Platform, use the
kappCLI to deploy. For convenience, you can install thekappCLI onto your$PATH:sudo cp $HOME/tanzu-cluster-essentials/kapp /usr/local/bin/kapp -
(Optional) Several Tanzu products, such as Tanzu Application Platform, use the
imgpkgCLI to relocate packages. For convenience, you can install theimgpkgCLI onto your$PATH:sudo cp $HOME/tanzu-cluster-essentials/imgpkg /usr/local/bin/imgpkg
Upgrade
Cluster Essentials components (such as kapp-controller and secretgen-controller) cannot be upgraded on clusters provisioned using VMware Tanzu Kubernetes Grid and VMware Tanzu Mission Control.
For all other clusters, if you already have Cluster Essentials v1.0 or later installed on your target cluster, you can upgrade to Cluster Essentials v1.10 using the following steps. Running this upgrade updates the kapp-controller version on your cluster to v0.53.1 and secretgen-controller version to v0.18.1.
-
Follow the steps in Download artifacts from the Broadcom Support Portal and Set Kubernetes cluster context.
-
Configure and run
install.sh, which installskapp-controllerandsecretgen-controlleron your cluster:-
On macOS or Linux:
cd $HOME/tanzu-cluster-essentials export INSTALL_BUNDLE=cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:887788e1ff359fe110e95f36455d4ebb6e5136bbd455d3756b4bfb4616fc1663 export INSTALL_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com export INSTALL_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME export INSTALL_REGISTRY_PASSWORD=${MY_BROADCOM_SUPPORT_ACCESS_TOKEN} ./install.sh --yesWhere
BROADCOM-REGISTRY-USERNAMEis your username for Broadcom registry. -
On Windows, in Command Prompt:
cd tanzu-cluster-essentials set INSTALL_BUNDLE=cluster-essentials.packages.broadcom.com/tanzu-cluster-essentials/cluster-essentials-bundle@sha256:887788e1ff359fe110e95f36455d4ebb6e5136bbd455d3756b4bfb4616fc1663 set INSTALL_REGISTRY_HOSTNAME=cluster-essentials.packages.broadcom.com set INSTALL_REGISTRY_USERNAME=BROADCOM-REGISTRY-USERNAME set /p INSTALL_REGISTRY_PASSWORD=password: :: Interactively enter $MY_BROADCOM_SUPPORT_ACCESS_TOKEN install.batWhere
BROADCOM-REGISTRY-USERNAMEis your username for Broadcom registry.
-
-
(Optional) Follow the steps in Install CLIs onto your $PATH to install newer versions of the
kappandimgpkgCLIs to your path.
Rollback
Uninstalling Cluster Essentials when the upgrade fails will cause an unrepairable state for your cluster.
To rollback to the previously installed version, follow the previous version of Cluster Essentials deployment instructions.
Uninstall
Uninstalling Cluster Essentials when the installation fails will cause an unrepairable state for your cluster.
You must uninstall all the Custom Resources created by
kapp-controllerandsecretgen-controllerbefore running the uninstall script for Cluster Essentials.
-
Follow the steps in Set Kubernetes cluster context.
-
Run
uninstall.sh, which uninstallskapp-controllerandsecretgen-controlleron your cluster:On macOS or Linux:
cd $HOME/tanzu-cluster-essentials ./uninstall.sh --yesOn Windows (in “Command Prompt” app):
cd tanzu-cluster-essentials uninstall.bat
Content feedback and comments