Tanzu Community Edition



The following section provides a glossary of the main components and concepts involved in a Tanzu Community Edition deployment.

A | B | C | E | I | K | M | O | P | T | U | V | W | Y |



Same as packages (see below).



In the context of a managed cluster, the bootstrap (noun) machine is the laptop, host, or server on which you download and run the Tanzu CLI. This is where the initial bootstrapping (verb) of a managed cluster occurs before it is pushed to the platform where it will run. In the process of deploying a management cluster, a Kind bootstrap cluster is created on your bootstrap machine. This bootstrap cluster then deploys a cluster on your specified provider. You run tanzu, kubectl and other commands on the bootstrap machine.



Cert-manager is a Kubernetes certificate manager. It helps with issuing certificates from a variety of sources. It simplifies the process of obtaining, renewing, and using certificates.



Same as packages (see below).



imgpkg is a Carvel tool that enables you to package, distribute, and relocate your Kubernetes configuration and OCI images as a bundle. Imgpkg performs operations similar to the docker and crane commands, allowing you to create, push, pull, and operate on OCI images and bundles. A sha256 digest is created for the bundle based on its contents, allowing imgpkg to verify the bundle’s integrity. Bundles are important because they capture your configuration and image references as one discrete unit. As a unit, your configuration and images can be referenced and copied. Referencing your configuration and images as a unit allows for easy operation with air-gaped environments.



kapp-controller is a Carvel tool and is the Tanzu Community Edition package manager. In Tanzu clusters, kapp-controller is constantly watching for package repositories. When a cluster is told about this package repository (likely via the Tanzu package repository command), kapp-controller can pull down that repository and make all the packages available to the cluster.


kbld is a Carvel tool that enables you to ensure that you’re using the correct versions of software when you are creating a package. It allows you to build your package configuration with immutable image references. kbld scans a package configuration for image references and resolves those references to digests. For example, it allows you to specify image cert-manager:1.5.3 which is actually quay.io/jetstack/cert-manager-controller@sha256:7b039d469ed739a652f3bb8a1ddc122942b66cceeb85bac315449724ee64287f.

kbld scans a package configuration for any references to images and creates a mapping of image tags to a URL with a sha256 digest. As images with the same name and tag on different registries are not necessarily the same images, by referring to an image with a digest, you’re guaranteed to get the image that you’re expecting. This is similar to providing a checksum file alongside an executable on a download site.

Kind cluster

During the deployment of the management cluster, either from the installer interface or the CLI, Tanzu Community Edition creates a temporary management cluster using a Kind cluster on the bootstrap machine. Then, Tanzu Community Edition uses it to provision the final management cluster to the platform of your choice, depending on whether you are deploying to vSphere, Amazon EC2, Azure, or Docker. After the deployment of the management cluster finishes successfully, the temporary kind cluster is deleted.


Managed Cluster

Managed clusters is a deployment model that features 1 management cluster and N workload cluster(s). The management cluster provides management and operations for Tanzu. It runs Cluster-API which is used to manage workload clusters and multi-cluster services. The workload cluster(s) are where developer’s workloads run.

When you create a management cluster, a bootstrap cluster is created on your local machine. This is a Kind based cluster, which runs via Docker. The bootstrap cluster creates a management cluster on your specified provider. The information for how to manage clusters in the target environment is then pivoted into the management cluster. At this point, the local bootstrap cluster is deleted.

The management cluster can now create workload clusters. The workload cluster is deployed by the management cluster. The workload cluster is used to run your application workloads. The workload cluster is deployed using the Tanzu CLI.


OCI Registry

During package, and package repository creation, you will upload your package and package repository to an OCI Registry. You can use any public OCI compliant registry, for example:

  • Docker Hub (Note: You can quickly run into rate limiting issues.)
  • GitHub Container Registry
  • Google Container Registry
  • Harbor
  • ttl.sh



Packages extend the functionality of Tanzu Community Edition. You can discover and deploy packages through the Tanzu CLI. A Tanzu package is an aggregation of Kubernetes configurations, and its associated software container image, into a versioned and distributable bundle, that can be deployed as an OCI container image. Packages are installed into a Tanzu cluster.

  • User-Managed packages: Deployed into clusters and the lifecycle of the package is managed independently of the cluster. For example Project Contour.
  • Core packages: Deployed into clusters, typically after cluster is bootstrapped. The lifecycle is managed as part of a cluster. For example, Antrea.

Package Repository

A package repository is a collection of packages. A package repository defines metadata information that makes it possible to discover, install, manage, and upgrade packages on your clusters. Before a package can be deployed in a cluster, it must be made discoverable via a package repository.

A package repository is a collection of Kubernetes custom resources that are handled by the Tanzu Community Edition kapp-controller. Similar to a Linux package repository, a Tanzu package repository declaratively defines metadata information that makes it possible to discover, install, manage, and upgrade software packages on running clusters.

Tanzu Community Edition provides a package repository called tce-repo that provides a collection of packages necessary to start building an application platform on Kubernetes. You can create your own package repository to distribute different software.


Tanzu CLI

Tanzu CLI provides commands that facilitate many of the operations that you can perform with your clusters. However, for certain operations, you still need to use kubectl.

Tanzu Community Edition installer

The Tanzu Community Edition installer (the installer) is a graphical wizard that you launch in your browser by running the tanzu management-cluster create --ui command. The installer runs locally in a browser on the bootstrap machine and provides a user interface to guide you through the process of deploying a management cluster.

Target Platform (Infrastructure Provider)

The target platform is the cloud provider or local Docker where you will deploy your cluster. This is also referred to as your infrastructure provider. There are four available target platforms:

  • AWS
  • Microsoft Azure
  • Docker
  • vSphere


Unmanaged Cluster

Unmanaged clusters offer Tanzu environments for development and experimentation. By default, they run locally via kind (default) or minikube with Tanzu components installed atop. An unmanaged cluster offers a single node, local workstation cluster suitable for a development/test environment. It requires minimal local resources and is fast to deploy. It provides support for running multiple clusters.



Vendir is a Carvel tool used in the package creation process. Use vendir to synchronize the contents of remote data sources into a consistent local directory. Use a YAML file to define the remote data location and how you want to structure that data locally. Vendir will copy the data locally so that you can operate on it. For example, you can indicate in a YAML file that you want to retrieve the manifest for cert-manager v1.5.3 in GitHub, and put it in a local /config/upstream directory.


Workload Cluster

After you deploy the management cluster, you can deploy a workload cluster. The workload cluster is deployed by the management cluster. The workload cluster is used to run your application workloads. The workload cluster is deployed using the Tanzu CLI.



ytt is a Carvel templating tool that dynamically overwrites values used in YAML files. ytt is used to override default values and add custom configurations in yaml files. ytt lets you create templates and patches for YAML file. ytt interacts with YAML files similarly to how XSLT interacts with XML files.

Join us!

Our open community welcomes all users and contributors