VMware Kubernetes Service (VKS): Kubernetes Without the Complexity

One of the headline announcements at VMware Explore 2025 was the evolution of Kubernetes within VMware Cloud Foundation through the VMware Kubernetes Service (VKS).

For years, Kubernetes adoption has been hindered by complexity. Enterprises struggled with multi-cluster sprawl, uneven compliance, patching headaches, and the lack of operational expertise. VKS directly tackles these challenges by embedding Kubernetes as a fully managed, enterprise-grade service within vCF 9.0.

Why VKS Matters

Lifecycle Automation: VKS automates the full Kubernetes lifecycle—from cluster provisioning to patching, upgrades, and decommissioning—without requiring manual intervention. Consistency Across Environments: Whether running in a central data center, regional hub, or edge location, VKS provides a consistent operational model. Integrated Security: Security is enforced at the platform level, including RBAC, identity integration via Pinniped, network policies, and continuous compliance checks. Unified Developer Experience: Developers interact with Kubernetes the same way they would in the public cloud, but IT operations are unified and simplified under vCF.

Image suggestion: Screenshot or diagram of the VKS lifecycle workflow (cluster creation → monitoring → scaling → upgrade).

Developer Velocity at Scale

With VKS, developers can:

Spin up CNCF-compliant clusters directly through self-service portals or GitOps workflows. Use familiar toolchains such as VS Code, GitHub, Helm, and CI/CD pipelines without disruption. Seamlessly move between containerized workloads and traditional VMs on the same vCF platform.

Meanwhile, IT teams maintain centralized visibility and governance—ensuring developers move fast without creating compliance or security risks.

VKS in the Real World

Imagine a financial services company running trading apps and AI models side by side. With VKS:

Dev teams deploy microservices in Kubernetes for real-time transaction monitoring. Data teams spin up GPU-enabled clusters for AI-driven risk analysis. IT maintains audit trails, compliance enforcement, and disaster recovery policies automatically.

The result is not just agility, but confidence—something enterprises can’t afford to compromise.

Key Point on VKS: By embedding Kubernetes directly into vCF 9.0, VMware has eliminated the barriers to enterprise-scale adoption—turning what was once a fragmented, complex ecosystem into a streamlined, policy-driven service.

.

This unified approach reduces operational overhead while empowering organizations to focus on innovation, not integration.

Canonical – Ubuntu embedded into VCF

The partnership with Canonical, the company behind Ubuntu, was another major highlight. By directly embedding Ubuntu into vCF, VMware strengthens both performance and security for enterprise cloud-native environments.

Key benefits include:

Chiseled Containers: Minimal, purpose-built containers containing only essential components—reducing attack surface and improving security posture. vGPU-ready Infrastructure: AI/ML workloads can now run with native GPU drivers pre-integrated, making vCF the fastest path to AI-ready infrastructure. Long-Term Supported (LTS) Ubuntu Images: Enterprises get fully maintained, hardened Ubuntu releases supported by Canonical—eliminating patching and upgrade guesswork.

This collaboration ensures developers and IT teams benefit from the best of both worlds: VMware’s enterprise-grade infrastructure with Ubuntu’s cloud-native agility.

Empowering Developer Autonomy with IT Governance

One of the most important themes of the session was balance: developers need freedom to innovate, while IT needs control to maintain compliance and governance. VMware’s vCF delivers exactly that.

Robust multi-tenancy: Business units like legal, finance, engineering, and operations can each consume resources independently under central IT policy. Self-service consumption: Developers gain direct access to Kubernetes, VMs, storage, and networking resources without waiting for IT tickets. Policy-driven governance: IT admins can predefine guardrails while still enabling flexibility for developers.

Examples included services like:

Private AI as a Service – Secure access to AI images and toolchains, ready to deploy in private environments. Database-as-a-Service (DBaaS) – Pre-approved versions of Postgres, MySQL, and SQL Server delivered instantly with compliance controls.

Image suggestion: Demo screenshot showing developers launching Kubernetes + AI services from a self-service catalog.

This dual approach makes it possible for enterprises to move fast without breaking things—a recurring theme throughout the keynote.

Conclusion: A New Era of Cloud-Native Infrastructure

The message from VMware Explore was clear: Kubernetes isn’t just an add-on to vCF—it’s a first-class citizen. With seamless integration, CNCF compliance, Ubuntu collaboration, and AI-ready infrastructure, VMware is positioning vCF as the most secure, most complete, and easiest-to-manage private cloud platform for cloud-native workloads.

As organizations embrace containers, microservices, and AI-driven applications, vCF with Kubernetes and Ubuntu provides a future-proof foundation that scales without sacrificing security or governance.

Image suggestion: Closing keynote slide with “Cloud-Native at Scale” headline.

Key Takeaway: VMware is delivering a streamlined, enterprise-ready Kubernetes platform with vCF 9.0—uniting the developer’s need for speed with IT’s need for control.

Introduction

Today we are hitting on a key shift in how vSphere Administrators can interact with and empower developers (DevOps). Let’s expand on this and why VMware Tanzu Kubernetes Grid (TKG) is a compelling solution.

The Traditional vSphere Admin/Developer Workflow (and its Pain Points):

The traditional model often involves a ticketing system. Developers need resources (VMs, storage, networking) and file a request. The vSphere admin then has to manually provision these resources. This leads to:

• Slow Turnaround: Delays in provisioning can slow down development cycles.
• Administrative Overhead: Managing individual requests is time-consuming for the vSphere admin.
• Lack of Agility: Developers lack the ability to quickly experiment and iterate.
• Configuration Drift: Manual configuration can lead to inconsistencies and errors.

Kubernetes and Tanzu Kubernetes Grid (TKG) as a Solution:

Kubernetes, and specifically TKG, offer a different paradigm. They provide a self-service model for developers, while still giving the vSphere admin control and visibility.

Why TKG?

• Consistent Kubernetes: TKG delivers a consistent, conformant Kubernetes experience across vSphere environments (and even on public clouds). This means developers can use the same tools and workflows regardless of where their applications are deployed.
• Integrated with vSphere: TKG is deeply integrated with vSphere. This allows you to leverage your existing vSphere infrastructure (compute, storage, networking) and management tools. You’re not replacing vSphere; you’re enhancing it.
• Centralized Management: While developers gain self-service capabilities, you retain centralized control over the Kubernetes clusters. You can set resource quotas, limits, and security policies to ensure compliance and prevent resource abuse.
• Simplified Operations: TKG simplifies the deployment and management of Kubernetes clusters. It automates many of the tasks that would otherwise be manual, reducing your operational overhead.
• Developer Self-Service: Developers can use kubectl and YAML files to define their infrastructure needs (as you mentioned). They can request and provision resources on demand, without having to go through a ticketing system.

Why is this Interesting for the vSphere Administrator?

• Reduced Ticket Volume: By empowering developers with self-service capabilities, you can significantly reduce the number of resource requests you have to handle.
• Increased Efficiency: You can focus on higher-level tasks, such as capacity planning, security, and infrastructure optimization.
• Improved Developer Satisfaction: Developers are happier because they can get the resources they need quickly and easily.
• Modernization of Your Skillset: Managing Kubernetes environments is a valuable skill in today’s IT landscape. TKG provides a way for you to expand your expertise and stay relevant.
• Strategic Role: You become an enabler of innovation, rather than a bottleneck. You can help your organization adopt modern application development practices and accelerate its digital transformation.

In short, TKG allows you to provide a “paved road” for developers to consume infrastructure resources while maintaining governance and control. It’s a win-win for both developers and vSphere administrators.

Elephent in the Room ( Permissions and empowerment)

The conflict between platform stability and developer autonomy is more apparent than ever in today’s cloud-native environment. Businesses that move to shared Tanzu Application Platform (TAP) and Tanzu Kubernetes Grid (TKG) environments must strike a careful balance between giving developers the self-service tools they require and avoiding resource sprawl, which can throw operations and budgets off course.

An exciting path towards containerised microservices can easily turn into the “wild west” of Kubernetes resources, where storage volumes remain long after their usefulness has gone, namespaces proliferate unchecked, and CPU and memory requirements far outweigh real needs.

The ramifications are more than just hypothetical. Uncontrolled resource usage results in rapidly increasing cloud expenses, deteriorated performance for important workloads, and possible outages when platform limitations are suddenly reached.

However, tight limitations are also not the solution. Developers eventually find workarounds or, worse, give up on platform adoption completely when they encounter too much bureaucracy when allocating resources. When teams are unable to iterate rapidly, the very efficiencies Tanzu promised vanish.

Let’s discuss a problem that every DevOps team encounters: how can you allow developers the latitude they require on a shared Tanzu platform without allowing resource utilisation to get out of hand? Working with platform teams and following industry best practices, we have found governance strategies that preserve this important equilibrium. The following is a useful guide for setting up rules that safeguard your environment while maintaining the developer experience that first makes Tanzu worthwhile.

Resource Management – The Foundation

Namespaces are essential. Namespaces are the cornerstone of resource management in Kubernetes (and hence Tanzu). Every project or team ought to have its own namespace. This gives you solitude and lets you set limitations and quotas on your own.

Resource quotas limit how much memory, CPU, persistent storage, and other resources can be used in a namespace overall. Establish quotas that avoid excessive consumption while yet satisfying the team’s or project’s acceptable needs. For instance:

Namespace isolation is essential, not optional. Create dedicated namespaces for each team or project to establish clean boundaries for applying controls and maintaining accountability.

Resource quotas should be tailored to each team’s actual workflow patterns:

yaml
apiVersion: v1
kind: ResourceQuota
metadata:
  name: dev-quota
  namespace: dev-team-a
spec:
  hard:
    cpu: "4"
    memory: "8Gi"
    pods: "20"
    persistentvolumeclaims: "5"
    services: "10"
    configmaps: "30"
    secrets: "30"

Limit Ranges: These specify the standard resource requests and restrictions that containers in a namespace are subject to. Additionally, they stop users from building deployments or pods without defining resource needs or restrictions. This guarantees that the resource boundaries of each container are clearly defined. For instance:

Implement granular limit ranges that prevent resource hogging while still accommodating legitimate workload spikes:

yaml
apiVersion: v1
kind: LimitRange
metadata:
  name: limits-dev
  namespace: dev-team-a
spec:
  limits:
  - default:
      cpu: 500m
      memory: 256Mi
    defaultRequest:
      cpu: 250m
      memory: 128Mi
    max:
      cpu: "2"
      memory: "2Gi"
    min:
      cpu: 50m
      memory: 64Mi
    type: Container

Beyond Resources – Security Boundaries

Network policies should be designed as a comprehensive mesh. Start with a default-deny policy, then explicitly allow only required communication paths between namespaces and external services.

For Pod Security, embrace the shift to Pod Security Admission with customized profiles that match your security posture. Consider implementing:

• Development namespaces: Baseline with select exceptions
• Staging environments: Restricted with limited exceptions
• Production: Fully restricted profiles with no exceptions

Network Policy:
Control Communication: Network traffic between pods and namespaces is restricted by network policies. This can lessen the effect of a compromised or misbehaving application and is essential for security. You may, for instance, limit communication between the production and development namespaces.

Pod Security Policies:

Although they are no longer in use, it’s nevertheless crucial to comprehend the idea for shifting.

Security Contexts: Although Pod Security Admission has replaced Pod Security Policies, the fundamental ideas are still applicable. To limit what a container can do, you can set security contexts (e.g., executing as root, accessing host filesystems). These days, Pod Security Admission is used to handle them.
PSPs have been replaced by Pod Security Admission (PSA). Various security profile levels (Privilege, Baseline, and Restricted) are defined by PSA that you can

These are now managed through Pod Security Admission.  

• Pod Security Admission (PSA): This is the replacement for PSPs. PSA defines different levels of security profiles (Privileged, Baseline, Restricted) that you can apply to namespaces. This is a more declarative and easier-to-manage way to enforce pod security.  

Image Registries and Scanning:

• Approved Images Only: Use a private image registry and only allow developers to deploy images that have been scanned for vulnerabilities and approved. This prevents the introduction of malicious or insecure software into the cluster.
• Image Scanning: Integrate image scanning into your CI/CD pipeline. Reject images that fail the scan.

Monitoring and Alerting:

• Real-time Visibility: Set up monitoring and alerting to track resource usage. Alert on namespaces that are approaching or exceeding their quotas. Tools like Prometheus and Grafana are excellent for this.
• Cost Monitoring: If you’re using a cloud provider, use their cost monitoring tools to track spending by namespace or project.

Automation and GitOps:

• Infrastructure as Code (IaC): Manage your Kubernetes resources (quotas, limits, network policies) as code using tools like Terraform or Flux. This allows you to version control your configurations and automate their deployment.  
• GitOps: Use Git as the source of truth for your Kubernetes configurations. Changes are made through pull requests, reviewed, and then automatically deployed. This provides an audit trail and helps to prevent unauthorized changes.  

Developer Training and Guidelines:

• Education is Key: Train developers on Kubernetes best practices, resource management, and the importance of adhering to quotas and limits.
• Clear Guidelines: Establish clear guidelines for resource usage and application deployment. Make sure developers understand the consequences of over-provisioning.

Tiered Access Control (RBAC):

• Principle of Least Privilege: Grant developers only the permissions they need to do their jobs. Avoid giving them cluster-admin privileges. Use RBAC to define roles and assign them to users or groups.

Example RBAC Setup (Simplified):

• dev-role: Allows developers to create, update, and delete resources within their assigned namespace, but restricts them from creating namespaces or managing cluster-wide resources.
• dev-team-a group: Developers in this group are assigned the dev-role for the dev-team-a namespace.

Practical Controls

Image governance should be proactive. Implement Kyverno or OPA Gatekeeper policies that automatically reject images:

• From unapproved registries
• With critical CVEs
• Without proper labeling
• Lacking resource specifications

Enhance your monitoring with predictive analytics. Track resource consumption trends over time to identify potential issues before they become problems. Set up multi-level alerts (warning at 70%, critical at 90%) with automatic notifications to both DevOps, development teams, and the management team for awareness.

Process Matters

Evolve beyond basic GitOps to policy-as-code. Define organizational standards as enforceable policies that automatically validate changes against best practices. This creates guardrails that prevent problematic configurations from being applied.

Develop a comprehensive education program that includes:

• Hands-on workshops for resource optimization
• Peer review sessions for deployment configurations
• Case studies from actual production incidents
• Recognition for teams demonstrating resource efficiency

Tiered Access Model

Implement a sophisticated RBAC structure with contextual permissions:

• Namespace-specific developer roles with granular permissions
• Time-bound elevated access for debugging and deployments
• Audit-focused roles for compliance and security teams
• Pipeline service accounts with scoped permissions

For larger organizations, consider namespace federation where teams can request resources through a self-service portal with built-in governance checks.

Remember that effective governance requires continuous refinement based on actual usage patterns and feedback. The most successful Tanzu environments balance controls with developer agility through data-driven policies and transparent processes.

Conclusion

In summary, the adoption of DevOps and microservices demands a fundamental transformation in our approach to infrastructure management. The dynamic and fluid nature of morden application development is simply too much for the ticket-based, traditional method of a decade ago. We now orchestrate sophisticated microservices deployments that need scalability and rapid iteration, rather than deploying monolithic applications on static infrastructure. Encouraging DevOps engineers is now a need for businesses to stay competitive, not just a “nice-to-have.” The provision of self-service infrastructure access, in conjunction with strong governance and control, is essential to this empowerment. The platform to close this gap is offered by tools like VMware Tanzu Kubernetes Grid (TKG), which empowers vSphere administrators to act as innovators rather than gatekeepers. Through the use of Kubernetes and an infrastructure-as-code methodology, We can simplify processes, cut down on administrative burdens, and allow developers to concentrate on creating and implementing applications—what they do best. In addition to increasing developer satisfaction and speeding up time-to-market, this change enables vSphere administrators to update their skill set and take on a more strategic role in the digital transformation of their company. Automation, self-service, and cooperation between development and operations teams are key components of the future of IT. In the era of microservices, embracing these changes is essential to maximising DevOps’ potential and achieving business success.

Sources:

https://blogs.vmware.com/vsphere/2020/03/vsphere-7-tanzu-kubernetes-clusters.html

In order to understand VMware Tanzu, we must first understand the problem it solves. Let’s start with a quick introduction to Kubernetes.

Kubernetes is an open-source platform for automating deployment, scaling, and management of containerized applications. It was originally designed by Google engineers and came into being in 2014 as an open-source project under the CNCF (Cloud Native Computing Foundation).

Kubernetes is often referred to as a “platform” because it’s flexible and can run on a wide variety of hardware or cloud. Although there are other container platforms such as Docker Swarm or Apache Mesos, Kubernetes is considered one of the most powerful and mature options.

As Kubernetes uses containers, it has no dependencies on the infrastructure that runs it. This allows you to run Kubernetes anywhere – from cloud providers like AWS or Google Cloud Platform (GCP), to your own private datacenter. You could even deploy Kubernetes in multiple places for high availability, but we will focus on the basics of Kubernetes in this article.

As mentioned earlier, Kubernetes is an open source project comprised of a few individual components such as the kubernetes manager (kube-apiserver), scheduler (kube-controller-manager) and node (kubelet). The kube manager is responsible for communicating with kubernetes nodes and storing information about the cluster, while the scheduling component schedules containers to run on nodes.

The node is simply a worker that carries out the instructions of the scheduler and kube-manager. 

Now that we’ve covered what Kubernetes is as a platform, let’s take a look at VMware Tanzu.

What is VMware Tanzu?

VMware Tanzu is a tool for deploying Kubernetes clusters on VMware vSphere. It’s similar to kubeadm and The main advantage of using VMware Tanzu over kubeadm is the ability to deploy Kubernetes clusters directly on vSphere, while kubeadm requires a dedicated Linux system.

VMware Tanzu , formerly kubo , is a production-grade Kubernetes distribution for the enterprise. It automates deployment, operations and lifecycle management of Kubernetes clusters on VMware platforms. VMware Tanzu delivers high availability, resilience, scalability and security for containerized applications that run on hypervisors and bare metal infrastructure in public clouds or on-premises. VMware Tanzu is the fastest, easiest way to run Kubernetes on VMware platforms and supports all major Linux distributions as well as Microsoft Windows Server.

It’s 100% free and open-source

The VMware Tanzu community edition is free with no feature limitations or time restrictions. It can be used for development, testing, demos or free production workloads. VMware welcomes your contributions and feedback on the project, which you can share through GitHub .

Full visibility with vRealize Operations for Containers

Originally known as kubo , VMware Tanzu is now evolved with new features and enhancements based on customer feedback such as full Kubernetes support, heat integration and cloud-based installation. Now part of VMware’s Cloud Native Applications business led by Raghu Raghuram, Tanzu is being offered in conjunction with vRealize Operations for Containers (vROC), which provides deep container insights into the applications deployed on VMware infrastructure.

Introducing Rocky , a Kubernetes Operator for Docker Registries

VMware Tanzu , formerly kubo , is a production-grade Kubernetes distribution for the enterprise. It automates deployment, operations and lifecycle management of Kubernetes clusters on VMware platforms. VMware Tanzu delivers high availability, resilience, scalability and security for containerized applications that run on hypervisors and bare metal infrastructure in public clouds or on-premises. VMware Tanzu is the fastest, easiest way to run Kubernetes on VMware platforms and supports all major Linux distributions as well as Microsoft Windows Server.

The VMware Tanzu community edition is free with no feature limitations or time restrictions. It can be used for development, testing, demos or free production workloads. VMware welcomes your contributions and feedback on the project, which you can share through GitHub .

Full visibility with vRealize Operations for Containers

Originally known as kubo , VMware Tanzu is now evolved with new features and enhancements based on customer feedback such as full Kubernetes support, heat integration and cloud-based installation. Now part of VMware’s Cloud Native Applications business led by Raghu Raghuram, Tanzu is being offered in conjunction with vRealize Operations for Containers (vROC), which provides deep container insights into the applications deployed on VMware infrastructure.

The latest release of VMware Tanzu also includes Rocky , a Kubernetes Operator for Docker registries. With this operator, users can pull container images from public or private Docker registries into their clusters without having to alter their production workflow. Rocky automates image pulling by creating, updating and deleting objects in the registry with tags, and image pushing by automatically adding images to the registry.

The VMware Tanzu installer can be downloaded from GitHub , and it’s recommended that you do this on a separate Linux machine for best results. After installing the required dependencies (see prerequisites section in README), we can move onto installing the installer.

VMware Tanzu uses a Go binary, so make sure you have GOBIN in your PATH , and then run the following commands to install VMware Tanzu:

$ go get -u github.com/vmware/tanzu       $GOPATH /bin/tanzu install –cluster-name tkp –cluster-version 1.8

Once VMware Tanzu has been installed, we are ready to set up a Kubernetes cluster using the CLI. Before doing so, let’s take a quick look at the prerequisites:

Docker and Docker Compose must be installed on your system.

At least three ESXi servers must be available to run the Kubernetes master, scheduler and worker nodes. These can be physical systems or virtual machines (VMs). Each VM should have at least 6 GB of RAM . Ideally, you would want more than 12-16GB for each machine, but this will vary based on your requirements.

At least three network interfaces should be available on the VMware ESXi servers (one for each Kubernetes node, and one for kube-master). In the examples below we’ll create a separate vSwitch for each interface. If you wish to run VMware Tanzu in production, it’s recommended that you setup an isolated network for your Kubernetes cluster to ensure high availability.

The VMware Tanzu binary comes as a tar file, so you’ll have to unpack it if you download it directly onto your ESXi server. If you use vSphere Client to install the binary, then this step is taken care of for you. Make sure that after unpacking the tar file, VMware Tanzu is started by running ./start.sh . 

Create a Kubernetes Cluster with VMware Tanzu

To install your first Kubernetes cluster using VMware Tanzu, we will run several commands in a terminal session on an ESXi server with direct access to kubectl (as opposed to running kubectl commands over SSH). Run the following command on one of your ESXi servers:

$ kubectl cluster-info          

A Kubernetes cluster will require 3 masters. The default size for a master node is at least 2 vCPU and 8GB of RAM. In case you are wondering

Tanzu Key Features:

» VMware Tanzu has been updated with a new, streamlined deployment experience that is quicker, easier and more personalized than before. VMware guarantees you will have your Kubernetes cluster up and running in 30 minutes or less. » The new release brings support for the Kubernetes cluster to run on bare metal infrastructure. Use VMware PowerCLI and other vSphere/VCSA tools for managing your Tanzu environment. » The new release offers a cloud-based installation, which provides preconfigured images via the VMware Cloud Marketplace . Now you can deploy clusters with just one click without any additional customization. » VMware Tanzu now supports all major Linux distributions: Ubuntu, RedHat, SUSE and Debian. Choose the operating system that matches your requirements. Refer to this compatibility matrix for details about supported versions .

» VMware Tanzu offers a simplified update process that applies new features and bug fixes without disrupting running workloads. You can control which updates you want to apply so you can retain your configurations and prevent unintended data loss.

» VMware Tanzu offers a centralized CLI for Kubernetes cluster, edge gateway and Istio-related commands to make it as easy as possible to monitor and manage the system from anywhere in your network using SSH or WinRM .

» VMware TKG provides seamless integration with VMware vSphere and vRealize Automation for managing Kubernetes clusters. » VMware Tanzu can be deployed in multiple environments, including a standalone cluster on physical infrastructure, VMs or bare metal servers; a mixed environment consisting of both virtual machines and physical machines; and a hybrid cloud environment that includes local containers as well as those in remote clouds. » VMware Tanzu has been tested and optimized on the latest VMs, bare metal servers from Supermicro, Dell EMC and HPE , as well as cloud instances from AWS Marketplace . For more information about system requirements , visit the official GitHub repository .

» Tanzu leverages Kubernetes for managing applications and containers and Istio to provide service meshes for microservices. It also offers several other capabilities, including a centralized CLI for managing the system, REST-based APIs to deploy applications and access logs and metrics via Prometheus , distributed tracing through Jaeger , monitoring through vROC (which now supports Istio service mesh) and management via VMware vSphere and vRealize Automation .

» VMware Tanzu is available in three editions: Standard, Advanced and Enterprise. The Standard edition offers the basic functionality while providing enterprise-grade security and support; the Advanced edition adds additional monitoring and logging capabilities as well as a centralized CLI that extends Kubernetes’ commands via APIs to users outside the cluster; and the Enterprise edition adds features that enable high availability, disaster recovery and automated upgrades.

Conclusion :

You’ve already seen how VMware TKG can be used to deploy Kubernetes, and VMware Tanzu is the latest tool in the family. You can download VMware Tanzu free of charge from VMware official website https://vmware.com . And if you want to dive deeper into applications running on the cluster, I highly recommend that you use vRealize Log Insight . Stay tuned for more information about VMware TKG and VMware Tanzu in upcoming blog posts. Until then, share your thoughts with us in the comment section below or tweet me @ibrahimquraishi .

Want to learn more, check out this post : How to Get Started with VMware Tanzu Community Edition