VCF 9.0 + Tanzu Platform for Cloud Foundry Deployment Guide
Complete step-by-step installation guide for deploying VCF 9.0 with single-host configuration and Tanzu Platform for Cloud Foundry on existing Intel NUCs.
Prerequisites
Hardware Requirements Met ✅
- MS-A2 Host: 128GB RAM, 3x NVMe drives, dual 10G SFP+ ports
- Intel NUCs: 3x nodes with 64GB RAM each, dual NICs
- Network: 1GbE infrastructure with VLANs configured
Software Downloads Required
- VMware ESXi 8.0 U3 ISO
- VMware Cloud Foundation 9.0 Installer OVA
- Tanzu Platform for Cloud Foundry installation bundle
- Tanzu CLI tools
Phase 1: VCF 9.0 Management Domain Deployment
Step 1: ESXi Installation on MS-A2
-
Create ESXi Installation Media
# Download ESXi 8.0 U3 from VMware Customer Connect # Create bootable USB with Rufus/dd/Ventoy - Install ESXi on MS-A2
- Boot from USB installer
- Install to Samsung 980 Pro 500GB (Slot 1)
- Set initial management IP:
192.168.10.100/24 - Configure root password:
VMware123!
-
Post-Installation ESXi Configuration
# SSH to ESXi host ssh root@192.168.10.100 # Configure hostname esxcli system hostname set --fqdn=esx-ms-a2-01.lab.local # Configure NTP esxcli system ntp set --server=pool.ntp.org esxcli system ntp set --enabled=true # Enable SSH and ESXi Shell (for troubleshooting) vim-cmd hostsvc/enable_ssh vim-cmd hostsvc/enable_esx_shell
Step 2: Network Configuration
- Create VLANs and Port Groups
- Access vSphere Client:
https://192.168.10.100 - Navigate to Networking → Port groups
Create these port groups:
VCF-Management (VLAN 10) - VCF Management traffic VCF-vMotion (VLAN 20) - vMotion traffic VCF-vSAN (VLAN 30) - vSAN storage traffic VCF-NSX-TEP (VLAN 40) - NSX tunnel endpoints TKG-Management (VLAN 100) - TKG management TKG-Workload (VLAN 110) - TKG workload traffic - Access vSphere Client:
-
Configure VMkernel Adapters
vmk0: Management Network (VLAN 10) - 192.168.10.100/24 vmk1: vMotion (VLAN 20) - 192.168.20.100/24 vmk2: vSAN (VLAN 30) - 192.168.30.100/24 vmk3: NSX-TEP (VLAN 40) - 192.168.40.100/24
Step 3: Storage Configuration
-
Verify NVMe Drives
# SSH to ESXi and verify drives esxcli storage core device list | grep naa # Expected output: # naa.xxx (500GB) - ESXi boot # naa.yyy (4TB) - Samsung 990 PRO for NVMe Tiering # naa.zzz (4TB) - WD_BLACK SN850X for vSAN ESA -
Configure vSAN Storage
- Access Storage → vSAN → Configure
- Select vSAN ESA (Express Storage Architecture)
- Use WD_BLACK 4TB for vSAN storage tier
- Use Samsung 990 PRO 4TB for NVMe Tiering (cache)
Step 4: VCF 9.0 Installer Deployment
-
Download and Deploy VCF Installer
# Download VCF 9.0 Installer OVA from VMware Customer Connect # Import to ESXi via vSphere Client -
Configure VCF Installer VM
VM Name: vcf-installer vCPUs: 4 Memory: 16GB Network: VCF-Management (VLAN 10) IP: 192.168.10.10/24 Gateway: 192.168.10.1 DNS: 192.168.10.1 -
Apply Single-Host Override
# SSH to VCF Installer ssh vcf@192.168.10.10 # Apply William Lam's single-host configuration echo "feature.vcf.internal.single.host.domain=true" >> /home/vcf/feature.properties # Restart VCF services echo 'y' | /opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager_restart_services.sh
Step 5: VCF Management Domain JSON Configuration
-
Create VCF Deployment JSON
{ "managementDomain": { "name": "mgmt01", "orgName": "homelab", "hosts": [ { "hostname": "esx-ms-a2-01.lab.local", "ip": "192.168.10.100", "username": "root", "password": "VMware123!", "hostNetworkPoolName": "mgmt-pool" } ], "networkSpecs": { "dnsName": "lab.local", "subdomain": "mgmt", "domainName": "mgmt.lab.local", "management": { "subnet": "192.168.10.0/24", "gateway": "192.168.10.1", "vlanId": 10, "mtu": 1500, "portGroupName": "VCF-Management" }, "vmotion": { "subnet": "192.168.20.0/24", "vlanId": 20, "mtu": 9000, "portGroupName": "VCF-vMotion" }, "vsan": { "subnet": "192.168.30.0/24", "vlanId": 30, "mtu": 9000, "portGroupName": "VCF-vSAN" }, "nsxtOverlay": { "subnet": "192.168.40.0/24", "vlanId": 40, "mtu": 9000, "portGroupName": "VCF-NSX-TEP" } }, "vcenterSpec": { "name": "mgmt-vc01", "datacentername": "mgmt-dc01", "vmSize": "medium", "storageSize": "lstorage", "rootPassword": "VMware123!" }, "nsxSpec": { "nsxManagerSpecs": [ { "name": "mgmt-nsx01", "vmSize": "medium" } ], "rootPassword": "VMware123!", "adminPassword": "VMware123!" }, "vsanSpec": { "datastoreName": "mgmt-vsan-datastore", "licenseKey": "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX", "esaConfig": { "enabled": true } }, "dvsSpecs": [ { "name": "mgmt-vds01", "mtu": 9000, "portGroupSpecs": [ { "name": "VCF-Management", "vlanId": 10 }, { "name": "VCF-vMotion", "vlanId": 20 }, { "name": "VCF-vSAN", "vlanId": 30 }, { "name": "VCF-NSX-TEP", "vlanId": 40 } ] } ], "storageType": "VSAN_ESA" } }
Step 6: Execute VCF Deployment
- Upload JSON Configuration
- Access VCF Installer UI:
https://192.168.10.10 - Use JSON Upload method (bypasses 3-host UI validation)
- Upload the management domain JSON file
- Access VCF Installer UI:
- Validate and Deploy
- Run pre-deployment validation
- Address any validation failures
- Execute deployment (estimated 2-4 hours)
-
Monitor Deployment Progress
# SSH to VCF Installer to monitor logs tail -f /var/log/vmware/vcf/operationsmanager/operationsmanager.log
Phase 2: Intel NUC Workload Domain
Step 7: ESXi Installation on Intel NUCs
-
Install ESXi 8.0 U3 on All 3 NUCs
NUC-01: 192.168.200.101/24 NUC-02: 192.168.200.102/24 NUC-03: 192.168.200.103/24 Gateway: 192.168.200.1 -
Configure Each NUC
# For each NUC, configure hostname and NTP esxcli system hostname set --fqdn=esx-nuc-0X.lab.local esxcli system ntp set --server=pool.ntp.org esxcli system ntp set --enabled=true
Step 8: Create VCF Workload Domain
- Access SDDC Manager
- URL:
https://192.168.10.10(VCF Installer becomes SDDC Manager) - Login with administrator@vsphere.local
- URL:
- Add NUC Hosts to VCF
- Navigate to Inventory → Hosts
- Commission the 3 Intel NUC hosts
- Create host pool:
nuc-pool
-
Create Workload Domain
{ "workloadDomain": { "name": "wld01", "orgName": "homelab", "hosts": [ { "hostname": "esx-nuc-01.lab.local", "ip": "192.168.200.101" }, { "hostname": "esx-nuc-02.lab.local", "ip": "192.168.200.102" }, { "hostname": "esx-nuc-03.lab.local", "ip": "192.168.200.103" } ], "vcenterSpec": { "name": "wld-vc01", "datacentername": "wld-dc01", "vmSize": "medium" }, "computeSpec": { "clusterSpecs": [ { "name": "wld-cluster01", "hostSpecs": [ {"hostname": "esx-nuc-01.lab.local"}, {"hostname": "esx-nuc-02.lab.local"}, {"hostname": "esx-nuc-03.lab.local"} ] } ] }, "storageType": "NFS" } }
Phase 3: Tanzu Platform for Cloud Foundry Deployment
Step 9: TKG Management Cluster
-
Install Tanzu CLI
# Download Tanzu CLI from VMware Customer Connect # Install on jump box or local machine # Verify installation tanzu version tanzu plugin list -
Deploy TKG Management Cluster
# Create TKG management cluster configuration tanzu management-cluster create --file mgmt-cluster-config.yaml -
Management Cluster Config (mgmt-cluster-config.yaml)
CLUSTER_NAME: tkg-mgmt CLUSTER_PLAN: dev INFRASTRUCTURE_PROVIDER: vsphere # vSphere Configuration VSPHERE_SERVER: wld-vc01.lab.local VSPHERE_USERNAME: administrator@vsphere.local VSPHERE_PASSWORD: VMware123! VSPHERE_DATACENTER: /wld-dc01 VSPHERE_RESOURCE_POOL: /wld-dc01/host/wld-cluster01/Resources VSPHERE_DATASTORE: /wld-dc01/datastore/nfs-datastore VSPHERE_FOLDER: /wld-dc01/vm/tkg VSPHERE_NETWORK: TKG-Management # Control Plane Configuration CONTROL_PLANE_MACHINE_COUNT: 1 CONTROL_PLANE_DISK_GIB: 40 CONTROL_PLANE_MEM_MIB: 8192 CONTROL_PLANE_NUM_CPUS: 2 # Worker Node Configuration WORKER_MACHINE_COUNT: 2 WORKER_DISK_GIB: 40 WORKER_MEM_MIB: 8192 WORKER_NUM_CPUS: 2 # Kubernetes Configuration KUBERNETES_VERSION: v1.28.8+vmware.1 CNI: antrea
Step 10: Tanzu Platform for Cloud Foundry Installation
-
Create Workload Cluster for Cloud Foundry
# Create workload cluster for CF tanzu cluster create cf-workload --file cf-workload-config.yaml -
Workload Cluster Config (cf-workload-config.yaml)
CLUSTER_NAME: cf-workload CLUSTER_PLAN: prod INFRASTRUCTURE_PROVIDER: vsphere # vSphere Configuration VSPHERE_SERVER: wld-vc01.lab.local VSPHERE_USERNAME: administrator@vsphere.local VSPHERE_PASSWORD: VMware123! VSPHERE_DATACENTER: /wld-dc01 VSPHERE_RESOURCE_POOL: /wld-dc01/host/wld-cluster01/Resources VSPHERE_DATASTORE: /wld-dc01/datastore/nfs-datastore VSPHERE_FOLDER: /wld-dc01/vm/tkg VSPHERE_NETWORK: TKG-Workload # Control Plane Configuration CONTROL_PLANE_MACHINE_COUNT: 3 CONTROL_PLANE_DISK_GIB: 40 CONTROL_PLANE_MEM_MIB: 8192 CONTROL_PLANE_NUM_CPUS: 2 # Worker Node Configuration WORKER_MACHINE_COUNT: 3 WORKER_DISK_GIB: 80 WORKER_MEM_MIB: 16384 WORKER_NUM_CPUS: 4 # Kubernetes Configuration KUBERNETES_VERSION: v1.28.8+vmware.1 CNI: antrea -
Install Cloud Foundry Components
# Get cluster credentials tanzu cluster kubeconfig get cf-workload --admin # Switch to CF workload cluster context kubectl config use-context cf-workload-admin@cf-workload # Install CF Operator kubectl apply -f https://raw.githubusercontent.com/cloudfoundry/cf-operator/main/deploy/cf-operator.yaml # Install Cloud Foundry kubectl apply -f cf-deployment.yaml -
Cloud Foundry Deployment Configuration (cf-deployment.yaml)
apiVersion: v1 kind: Namespace metadata: name: cf-system --- apiVersion: quarks.cloudfoundry.org/v1alpha1 kind: BOSHDeployment metadata: name: cf namespace: cf-system spec: manifest: ref: name: cf-manifest type: configmap vars: - name: system_domain value: cf.lab.local - name: app_domains value: ["apps.cf.lab.local"] - name: cf_admin_password value: "admin" ops: - type: replace path: /instance_groups/name=router/networks/0/static_ips value: ["192.168.110.10"]
Step 11: Post-Installation Configuration
-
Configure DNS Resolution
# Add DNS entries to your DNS server or /etc/hosts 192.168.110.10 cf.lab.local 192.168.110.10 apps.cf.lab.local 192.168.110.10 api.cf.lab.local 192.168.110.10 login.cf.lab.local 192.168.110.10 uaa.cf.lab.local -
Install CF CLI
# Download and install CF CLI curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=v8&source=github" | tar -zx sudo mv cf8 /usr/local/bin/cf # Verify installation cf version -
Target and Login to Cloud Foundry
# Target CF API cf api https://api.cf.lab.local --skip-ssl-validation # Login as admin cf login -u admin -p admin # Create organization and space cf create-org homelab cf create-space development -o homelab cf target -o homelab -s development
Phase 4: Validation and Testing
Step 12: Component Verification
-
VCF Management Domain Health
# Access SDDC Manager https://192.168.10.10 # Verify component status: # - vCenter Server: Running # - NSX Manager: Running # - vSAN Cluster: Healthy # - ESXi Host: Connected -
TKG Cluster Health
# Check management cluster tanzu management-cluster get # Check workload cluster tanzu cluster list tanzu cluster get cf-workload # Verify Kubernetes nodes kubectl get nodes kubectl get pods --all-namespaces -
Cloud Foundry Validation
# Check CF health cf marketplace cf orgs cf spaces # Deploy test application cf push test-app -b staticfile_buildpack --random-route
Step 13: Performance Optimization
-
vSAN Tuning for 1GbE
# SSH to ESXi host ssh root@192.168.10.100 # Optimize vSAN for network constraints esxcli vsan cluster unicastinfo set -m multicast esxcli vsan cluster unicastinfo set -a 224.2.3.4 - NSX Optimization
- Reduce MTU to 1500 for 1GbE compatibility
- Configure GENEVE overhead appropriately
- Optimize tunnel endpoint placement
- TKG Resource Allocation
- Monitor resource utilization on Intel NUCs
- Adjust worker node sizing based on workload requirements
- Implement pod resource limits and requests
Implementation Order Summary
Week 1: Foundation
- ✅ Rack MS-A2 in new cabinet
- ✅ Install ESXi on MS-A2
- ✅ Deploy VCF 9.0 Management Domain
- ✅ Validate VCF components
Week 2: Workload Infrastructure
- ✅ Install ESXi on Intel NUCs
- ✅ Create VCF Workload Domain
- ✅ Deploy TKG Management Cluster
- ✅ Validate TKG deployment
Week 3: Cloud Foundry
- ✅ Deploy TKG Workload Cluster
- ✅ Install Tanzu Platform for CF
- ✅ Configure DNS and networking
- ✅ Validate CF functionality
Week 4: Optimization & Production
- ✅ Performance tuning
- ✅ Backup configuration
- ✅ Monitoring setup
- ✅ Documentation completion
Troubleshooting Common Issues
VCF Deployment Issues
Single Host Validation Errors:
- Ensure feature flag is properly set
- Use JSON deployment method only
- Verify network connectivity between components
Storage Configuration:
- Confirm NVMe drives are properly detected
- Verify vSAN ESA compatibility
- Check disk space requirements (minimum 10GB free)
TKG Cluster Issues
Network Connectivity:
- Verify VLAN configuration on switches
- Test connectivity between management and workload VLANs
- Confirm DNS resolution for vCenter
Resource Constraints:
- Monitor memory usage on Intel NUCs
- Adjust cluster sizing for available resources
- Implement resource quotas and limits
Cloud Foundry Issues
Application Deployment:
- Check buildpack availability
- Verify application quotas
- Monitor Diego cell health
Networking:
- Confirm GoRouter configuration
- Verify load balancer setup
- Test application routing
This comprehensive guide provides a complete deployment roadmap for VCF 9.0 with single-host configuration and Tanzu Platform for Cloud Foundry, optimized for your current 1GbE infrastructure while preparing for future 10GbE upgrades.