vmware-tanzu-labs / tanzu-validated-solutions Goto Github PK

Example of an image (png) using transparency for no reason - TMC Global Policy Control Plane - visible on this page. Consider scaling images down that are unnecessarily large as well.

Files with graphics in dark background that should be light

• #108
• #109
• #110
• #111
• #112
• #113
• #114

We should provide guidance for how customers decide on the appropriate Node sizings.

• What do we recommend for instance sizing? Why would I choose one size over another?
• Node sizing affects your blast radius when hardware fails/performs lifecycle operations
• How many Pods will fit on a Node?
• A consideration: each Node requires some control plane Pods to be running
• Are there other considerations when choosing Node sizes?
• Description of NodeAllocatable and its impact on sizing.
• How can customers ensure that they are efficiently operating these Nodes (ie. mostly full to reduce cost, but also enough slack to handle new workload requirements)

Initial sentence (vSphere with Tanzu transforms vSphere into a platform for running Kubernetes workloads natively on the hypervisor layer.) is misleading since vSphere pods is not supported with VDS networking.

Again in first bullet point of "Supervisor Cluster" definition

When AVI Controller is already deployed using the name and ip address given in vsphere.json, arcas displays an error and does not continue.

I'd expected the process to detect the existing Controller and apply any missing and necessary configurations.

Error message details:
arcas --env vsphere --file vsphere.json --avi_configuration --tkg_mgmt_configuration --shared_service_configuration --workload_preconfig --workload_deploy
Session: Performing prechecks
Session: Pre-check performed Successfully
AVI_Configuration: Configuring AVI
Avi configuration {'ERROR_CODE': 500, 'msg': 'Failed to deploy avi Failed to deploy and configure avi Failed to deploy the vm from library due to Failed 1', 'responseType': 'ERROR'}

We need an extension to show how to use Avi Enterprise for integrated L4-L7.

The doc mentions NSX Advanced Load Balancer Essentials but TKO also includes NSX Advanced Load Balancer Enterprise in the bundle. This is a key use case that is part of TKO. We have validation from the field team that some customers do get value in using AVI for L7 Ingress.
Because we are telling customers that we can support this use case via TKO, we will need to show them how they can do this and ensure Avi Enterprise is tested and interoperable with the other TKO components for this use case.

We agree with the decision to focus first on the "base" RA that would include Avi Essentials for L4 + Contour as an ingress controller. And AVI L7 should be a fast follow up.

In case it helps here's some existing docs and assets. We should document the ClusterIP mode. The NodePortLocal mode will be default soon but it will be supported on TKG 1.5 only. NodePort mode might be the choice for smaller customers (Commercial sector):

• L7 Ingress in the TKG 1.4 Docs: https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.4/vmware-tanzu-kubernetes-grid-14/GUID-networking-configure-l7.html
• Confluence page (predecessor of the docs page above): https://confluence.eng.vmware.com/pages/viewpage.action?pageId=862154915
• Miro Board with diagrams for L7 Ingress options: https://miro.com/app/board/o9J_lUj0Bnw=/
• Presentation with diagrams, pros-cons of each L7 option, and examples of the experience with each case: https://onevmw-my.sharepoint.com/:p:/g/personal/jgonzalezagu_vmware_com/ESUrAoUqmMxBhsXK8pWY1R0BYNJSCUMZY4tL-b0rBIvWAw?e=bVK6JY

Desired ETA is February end.

• VMC
  • #98
  • #101
  • VMC Refresh automation to match deployment guide
• vSphere
  • vSphere Refresh reference architecture for TKGm 1.5
  • vSphere Refresh deployment guide for TKGm 1.5
  • vSphere Refresh automation to match deployment guide
• VCF
  • VCF Refresh reference architecture for TKGm 1.5
  • VCF Refresh deployment guide for TKGm 1.5
  • VCF Refresh automation to match deployment guide
• AWS
  • AWS Refresh reference architecture for TKGm 1.5
  • AWS Refresh deployment guide for TKGm 1.5
  • AWS Refresh automation to match deployment guide
• Azure
  • Azure Refresh reference architecture for TKGm 1.5
  • Azure Refresh deployment guide for TKGm 1.5
  • Azure Refresh automation to match deployment guide

Velero instructions should point to the TKGm downloads section in my.vmware.com (scroll to bottom) instead of describing how to install the OSS bits via Golang; and the deployment examples should explicitly use the built and signed images from our repo.

Referring to this document here:
https://github.com/vmware-tanzu-labs/tanzu-validated-solutions/blob/main/src/reference-designs/tko-on-aws.md

A few points:

1. I think it's well known at this point that this document does not capture reality for most of the Federal-side TKG deployments. TMC, Observability, and anything SaaS like service mesh are usually a no-go. I think it's worth presenting recommendations around those realities.
2. Another issue is quasi-competitor products being used to deliver many of the same services that TKG delivers. While we can't call out those services specifically maybe we can point out 'TKG can run those platforms too and here's what it might look like when metrics/logging is managed by a different vendor'.
3. Without observability there is a large gap around log aggregation from the base TKG offerings. While we've got a few PoCs floating around using Thanos and Loki, they're obviously not supported from a licensing perspective. This may be more for the R&D team, but we really need a log aggregation solution that doesn't involve SaaS in order to better serve our customers. Otherwise they will resort to using unsupported non-VMware products (and the ecosystems around those tools)
4. The VPC and foundation diagrams below don't seem to reflect any particular environment that I've seen in production yet. JSF is using a migration-friendly path where TAS-foundation and estate concepts are applied to the TKG environment. The classic control-plane, sandbox, dev, and prod foundations in TAS-land that formally had their own VPCs are replicated for TKG with the same naming conventions. Unlike TAS however, these foundations can be capable of deploying N clusters; so we define kind of a cluster template for each foundation that can be cloned when building a new single-tenant cluster in a specific foundation.
5. Gitops seems to be missing here. While I realize it is a larger topic that may be out of scope here, I think it would be useful to tell the SE/SA doing this work what tools they have at their disposal out of the box and maybe link to some docs that explain those tools. For instance, TKG 1.4 operates under the hood using kapp-controller as the main gitops orchestrator. It is a Carvel tool and works VERY well with existing Carvel tools being used elsewhere (ytt, kbld, imgpkg, and vendir).

The network diagram Clearly shows the following network names: NSX ALB Management Port Group, TKG Management Port Group, TKG Management VIP Port Group, TKG Cluster VIP Port Group, TKG Workload Data VIP Port Group and TKG Workload Port Group 01.

Example Network Entries in the install guide matches except uses "Network" instead of Port Group, except "TCG Workload Segment"

The Arcas Wizard mixes the terms DHCP Start/End Range and Cluster VIP Start/End Range in the VMware NSX ALB Section
The Arcas Wizard prompts for a segment name under TKG Management Data Network, but it is unclear whether "TKG Management Data Network" is the "TKG Management Port Group" or the "TKG Management Data VIP Port Group"
The Arcas Wizard under Management Cluster Settings prompts for "Network Segment Name" rather than "TKG Management Port Group"
The Arcas Wizard prompts for a segment name under TKG Workload Data Network, but it is unclear whether "TKG Management Data Network" is the "TKG Workload Port Group" or the "TKG Workload Data VIP Port Group"
The Arcas Wizard prompts for a DHCP Start/End Range under TKG Workload Data Network, but it is unclear whether the is teh EXTERNALLY-CONFIGURED DHCP scope or will be used as the usable range for this network.

1. Should be more specific in destination for the TMC,TO and TSM row.
2. Also need to reference required access to projects.registry.vmware.com for TKCs (this is for installation of tanzu standard repo and harbor OSS helm)
3. Should mention that vCenter requires access OVA subscripion URL for content library

For 2 and 3 above, may also have a note and appropriate references for how this would work in air gap.

1. Should lead with deployment through TMC
2. Should cover integrations with Avi

Let's make following changes to the RA landing page https://docs.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-TKG-reference-architecture-overview.html.

Consult with Simone Morellato on below (Simone leads Tanzu Marketing).

1. First paragraph is referring to TKO-specific value prop - replace with generic Tanzu marketing messaging - let's obtain from Simone

2. Before the second paragraph - insert a new para that informs the reader that the current set of RAs are focused on TKO, more to follow soon on other Tanzu "bundles" (TAP, etc.). Needs to be worded in market-friendly language (again consult with Simone on how/what to say

3. Replace the diagram below second paragraph with whatever Simone recommends. For example - current diagram is missing TSM.

4. Delete the "Networking Overview" section. Its high-level and serves no value existing at this level.

Test issue

Therear currently YAML formatting issues with the AKODeploymentConfig snippets in vmware-tanzu-deployment-on-vsphere.md. These should be fixed for both style as well as schema accuracy.

We have a customer request for TKG with F5 as load balancer, NSX-T, Calico as CNI.

It seems like lots of customers will already have an enterprise load balancer, so integration with existing LB would be a good section to add.

The Parameters in the AKODeploymentConfig do not fully mesh with the AKO Tunables found here: https://github.com/vmware/load-balancer-and-ingress-services-for-kubernetes/blob/release-1.5.1/docs/values.md#l7settingsservicetype
Specifically interested in configuration of AKO in ClusterIP mode in addition to L7 capabilities vs AKO in NodePort Mode

Emulate in vSphere RAs how TO is presented as a preferred option visa-vis P/G in AWS RA - https://docs.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-TKO-on-aws-ref-design.html.

In vSphere RAs we are mapping TO to Tanzu Advanced and P/G to Standard. While that's technically accurate, we want to re-word as is done in AWS RA (search for TO and P/G to see the difference).

P.S. Minor related bug fix - in vSphere/vDS RA - remove last line in Summary - "Observability is quickly established and easily consumed with Tanzu Observability."

TSM is now officially certified with TKGm 1.4. We need to include TSM into all the RAs.

Document all the constraints/changes in deployment of the RA when deploying to an internet-restricted environment:

1. vSphere envs with Proxy-based internet access
2. vSphere envs with no internet access
3. Public Clouds with Proxy-based access that require you to list allowed URLs that you'll connect out to
4. Usage of Prometheus/Grafana instead of TO
5. Document config/setup of MITM proxy as a aid to the user
6. Test & document Pinniped behavior in clusters w/o internet connectivity

TBD - any solutions to replace TMC & TSM functionality?

Enhance RA to include outbound network connectivity so that TKGm clusters can talk to TO/TMC/TSM, that run on AWS.

n order for mgmt and workload cluster to get LB ip for there Application , we need the worker node nsg to be in the form of "ClusterName-node-nsg", otherwise svc external ip for app will be in state.

This change is required to be made for RA azure .

https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.4/vmware-tanzu-kubernetes-grid-14/GUID-mgmt-clusters-azure.html#network-security-groups-on-azure-2

Here is review of the content in the install guide through the AVI configuration.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html
- Consider versioning these guides and refarchs so customers can switch between them to view previous versions (perhaps this is the start of an "edition release"?).
- For all the networking details, I've often seen customers have a need to collect up the entirety of their networking requests and make them into one big request to their networking team. It might be useful to restructure the instructions to have followers of the guide fill out a worksheet with all the details needed, and then just refer back to that worksheet in the instructions.

Near: https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#gen-requirements
- "A datastore with sufficient capacity for the control plane and worker node VM files"
○ Consider adding an actual size here as this is very vague and has no instructions on how someone might go about finding the proper sizing for those files.
- "Depending on the OS flavor of the bootstrap VM, downloadand"
○ Needs a space between "download" and "and".
- "Download and import NSX ALB 20.1.6 OVA to Content Library."
○ Consider providing a link to download.
- "Download the following OVA and import to vCenter. Convert the imported VMs to templates."
○ Consider pluralizing "OVA" to "OVAs" as there are two to download.
- Mulitple links in this section are not directly going to the intended locations, and are instead linking through google.com.

Near: https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#ex-net-entr
- The title of this section as "Network Entries" is a little vague. "Network Entries" to what? If the intent here is to have folks create a table, let's be specific about that. Consider "Planning Networking" or "Networking Worksheet" or something like that, and then rework the top paragraph to support the idea of the work we're expecting followers of the guide to do.

Near: https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#firewall-req
- Consider adding some supporting detail here to note that we're talking about any firewall that governs the networking between the port groups identified in the above table.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=in%20Firewall%20Recommendations.-,Resource%20Pools,-Ensure%20that%20resource
- Consider changing the title of this section to be "Resource Pools and Folders".

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Ensure%20that%20resource%20pools%20and%20folders%20are%20created%20in%20vCenter.
- Consider changing to "Ensure that the following resource pools and folders are created in vCenter".
- Also consider pulling the table in this section into a centralized worksheet that the guide follower fills out.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=availability%20and%20resiliency.-,**Note%3A**Tanzu,-Essential%20licensing%20only
- "**Note:Tanzu Essential licensing on"
○ It seems like the intent here was to "bold" the "Note:" part, but there is no space between the formatting markup ( characters) and the subsequent text (Tanzu).

Near: https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#dep-nsx-alb
- In this section, consider turning the table with "sample IP and FQDN" into an instruction to fill out a worksheet to capture that info.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=imported%20to%20the%20content%20library.
- Should probably reword to say "import into a content library" and mention one could be created for NSX-ALB, or an existing library could be created.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=%E2%80%9Cnsx-alb-components%E2%80%9Dand%20place%20it%20under%20the%20folder%E2%80%9Cnsx-alb-components%E2%80%9D%20.
- Spacing on this line between quote characters and the period seems wrong.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=vCenter%3E%20Home%3E%20ContentLibraries
- Spacing between greater-than symbols and surrounding text, and "ContentLibraries".

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Login%20to%20vCenter%3E%20Home%3E%20ContentLibraries
- This step needs to be broken out into more instructions. Seems like there should be a "Login to vCenter" step, and then a "Navigate to Content Libraries" step that tells someone to click the triple horizontal line menu icon, and select "Content Libraries" from the left side menu.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Select%20name%20and%20Folder
- Capitalization needs to match the capitalization of this screen name in vCenter when referring to the screen name. "Select a name and folder".
- Also consider bolding or quoting this phrase as it refers to a specific screen name.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=select%20a%20Folder%C2%A0for%20the%20NSX%20ALB%20VM%20as%20%E2%80%9Cnsx-alb-components%E2%80%9D
- Folder should not be capitalized.
- The folder name listed here is the "sample" folder name and so should be changed to reference the name of the folder that the guide follower has chosen for their install back in the "Resource Pools" section.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Select%20a%20Compute%20resource
- Capitalization needs to match the capitalization of this screen name in vCenter when referring to the screen name. "Select a compute resource".
- Also consider bolding or quoting this phrase as it refers to a specific screen name.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=select%20the%20resourcepool%C2%A0%E2%80%9Cnsx-alb-components%E2%80%9D
- "resourcepool" should be "resource pool".
- This resource pool name is just the sample one and so should be changed to reference the name of the resource pool that the guide follower has chosen for their install back in the "Resource Pools" section.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=On%20the-,Review%20details,-page%2C%20verify%20the
- Consider bolding or quoting this phrase as it refers to a specific screen name.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=On%20the%20Selectstorage%C2%A0page%2C%20select%20a%20storage%20policy%20from%20the%20VM%20Storage%20Policy%20drop-down%20menu%20and%20choose%20the%20%C2%A0datastore%20location%20where%20you%20want%20to%20store%20the%20virtual%20machine%20files
- "Selectstorage" should be "Select storage". Also consider bolding or quoting this phrase as it refers to a specific screen name.
- Check spacing between "choose the datastore location".
- Where we refer to selecting a storage policy, consider adjusting these instructions to something like "adjust the VM Storage Policy setting if needed to find the datastore you wish to use to store the VM files for the NSX Advanced Load Balancer. Then select the datastore you wish to use by clicking the radio button on the line for that datastore in the table list."

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=select%20the%20network%20%E2%80%9Cnsx_alb_management_pg%E2%80%9D
- The portgroup name here is the sample portgroup name and should refer back to the name the guide follower has chosen for their portgroup for the "NSX ALB Mgmt Network" network.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=On%20the-,Customize%20Template,-page%2C%20provide%20the
- Change case to match UI "Customize template".
- Consider bolding or quoting this phrase as it refers to a specific screen name.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=NSX%20ALB%20Management-,networkdetails,-%2C%20such%20as%20IP
- "network details".

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Note%3A%20If%20you%20choose%20to%20use%20DHCP%2C%20these%20entries%20can%20be%20left%20blank
- Should we promote the use of DHCP for the controllers? This seems like an antipattern as they won't know the MAC addresses for the VMs ahead of time to provide fixed IPs for them.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Note%3A%20While%20the%20system%20is%20booting%20up%2C%20a%20blank%20web%20page%20or%20a%20503%20status%20code%20may%20appear.
- Consider calling out this note more prominently so that guide followers will more likely see this note and not panic when they see it when accessing the controller.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Set%20backup%20Passphraseand%20provide%20DNSinformation%20and%20click%20Next
- This line seems really garbled and doesn't exactly line up with the text in the UI.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Under%20Emal/SMTP%3A%20Provide%20Emailor%20SMTP%C2%A0information
- This line seems really garbled, and probably needs to provide more guidance to the guide follower about their options in the screen.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=IP%20Route%20Domain%3A%20Share%20IP%20route%20domain%20across%20tenants
- Consider indenting, or making this section a table to make the setting names and values easier to read.
- Also it feels like we're missing a step to tell the guide follower to click "Ok" or "Save" or something to commit these initial settings for AVI.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=To%20Configure%20NTP%2C%20navigate%20to%20Administration%3E%20Settings%3E%20DNS/NTP%20%3E%20Edit%20and%20add%20your%20NTP%20server%20details%20and%20Save
- Consider adding something like "After the initial welcome setup steps, click on the triple horizontal lines in the upper left of the screen to access the menu. Navigate to…"
- The spacing between greater-than signs and titles is inconsistent.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=This%20document%20focuses%20on%20enabling%20NSX%20ALB%20using%20the%20license%20model%3A%20Essentials%20License%20(NSX%20ALB%20essentials%20for%20Tanzu)
- No period on this first line.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=By%20default%20evaluation%20license%20will%20be%20making%20use%20of%20Enterprise%20license%2C%20if%20you%20intend%20to%20use%20the%20Enterprise%20Licensing%20features%2C%20you%20may%20add%20your%20license%20key%20in%20the%20licensing%20section%20or%20change%20the%20license%20model%20to%20%E2%80%9CEssentials%E2%80%9D
- Consider reducing the complexity of this line to something like "If you have a different license you want to apply, make sure to select the appropriate license type, and enter any license keys you want to apply for that type in the "Licensing" section.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Refer%20NSX%20Advanced%20Load%20balancer%20Editions%C2%A0for%20comparison%20of%20available%20editions.
- Capitalization of NSX Advanced Load Balancer.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=To%20change%20the%20license%20edition%20to%20Essentials%2C
- Consider "To change the NSX Advanced Load Balancer license model to the Essentials license,".

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Login%20to%20NSX%20ALB%20%3E%20Administration%3E%20Settings%3E%20Licensing%2C%20on%20licensing%20page%20click%20on%20gearicon%C2%A0next%20to%20Licensing
- Inconsistent spacing between greater-than symbols and terms.
- We've already "logged in" so we probably want to change the term to "Via the triple horizontal line menu at the upper left side of the screen, navigate to… Select the Settings menu item from the top screen menu, and then select "Licensing" from the sub-menu".
- Separate the click on gear icon instructions into a separate instruction.
- Also, be specific and tell the guide follower to "click the gear icon next to the "Licensing heading in the resulting page".

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=steps%20to%20configure-,AVI%20ALB%20HA,-%3A
- Should be NSX ALB High Availability.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Set%20the%20Cluster%20IP%20for%20the%20NSX%20ALB%20controllerLog%20in%20to%20the%20primary%20NSX%20ALB%20controller%20%3E%20Navigate%20to%20Administrator%3E%20Controller%3E%20Nodes%2C%20and%20click%20Edit.%20The%20Edit%20Controller%20Configuration%20popup%20appears
- Inconsistent spacing between terms and greater-than symbols.
- Needs to end with a period.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=In%20the%20Controller%20Cluster%20IP%20field%2C%20enter%20the%C2%A0Controller%20Cluster%20IPfor%20the%20Controller%20and%20click%20on%20save
- Check spacing for "IPfor".
- We should call out that this "Controller Cluster IP" is the "HA Address" from the IP/FQDN table earlier in the instructions. And consider changing both terms to be "Controller Cluster IP" so that they are consistent.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Now%20deploy%202nd%20and%203rd%20NSX%20ALB%20Node%2C%20using%20steps%20provided%20here
- The link in this sentence doesn't seem to link to what was intended.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Log%20into%20the%20Primary%20NSX%20ALB%20controller%20using%20the%20Controller%20Cluster%20IP/FQDN%2C%20navigate%20to%20Administrator%3E%20Controller%C2%A0%3E%20%C2%A0Nodes%2C%20and%20click%20Edit.%20The%20Edit%20Controller%20Configuration%20popup%20appears
- Inconsistent spacing between greater-than symbols and terms.
- No period at the end.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Going%20forward%20all-,NSXL%20ALB,-configurations%20will%20be
- Should be "NSX ALB".

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Follow%20the%20below%20steps%20to%20create%20a%20Controller%20certificate
- Consider a colon at the end of this statement as it leads into a list.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=a%20Controller%20certificate-,Login,-to%20NSX%20ALB
- We've already "logged in" so we probably want to change the phrase to something like "Via the triple horizontal line menu at the upper left side of the screen and select "Templates." Select the "Security" menu item from the top screen menu, and then select "SSL/TLS Certificates" option from the sub-menu".

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Click%20on%20Createand%20Select%20Controller%20Certificate
- Spacing issue.
- Consider elaborating more on the location of items to click. "Click on the "Create" button on the right side of the screen above the list of SSL/TLS Certificates. In the resulting drop down menu, select "Controller Certificate."

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Provide%20all%20required%20details%20as%20per%20your%20infrastructure%20requirements%2C%20and%20under%20the%20Subject%20Alternate%20Name%20(SAN)%20section%2C%20provide%20IP%20and%20FQDN%20of%20all%20NSX%20ALB%20controllers%20including%20NSX%20ALB%20cluster%20IP%20and%20FQDN%2C%20and%20click%20on%20Save
- Consider referring back to a worksheet table back in the beginning that captured the FQDNs and IP Addresses for NSX ALB the guide follower

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=and%20then%20click%20on%20%E2%80%9CCopy%20to%20clipboard%E2%80%9D%20under%20the%20certificate%20section
- Consider specifically suggesting the guide follower paste the contents of their clipboard to a file, and give them a suggested name and path so they can reference it later on when needed.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=To%20replace%20the%20certificate%20navigate%20to%20Administration%3E%20Settings%3E%20AccessSettings%2C%20and%20click%20the%20pencil%20icon%20at%20the%20top%20right%20to%20editthe%20System%20Access%20Settings%2C%20replace%20the%20SSL/TSL%20certificate%20and%20click%20on%20Save
- Start off by explaining that although the guide follower has generated a new certificate, they still need to set the Avi Controller Cluster to use that certificate.
- Spacing issues between two words and greater-than symbols and menu terms.
- Direct guide followers to the right spot with a little more elaboration on the instructions. "Via the triple horizontal line menu at the upper left side of the screen and select "Administration." Select the "Settings" menu item from the top screen menu, and then select "Access Settings" option from the sub-menu". Then follow on with the rest of the instructions.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=called%20a%20%E2%80%9Ccloud%E2%80%9D.-,Below%20procedure,-provides%20steps%20on
- "The procedure below"

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=VMware%20vCenter%20cloud-,%2C,-and%20as%20shown
- Change to period and separate into two sentences

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Login%20to%20NSX%20ALB%20%3E%20Infrastructure%20%3E%20Clouds%20%3E%20Create%20%3E%20VMware%20vCenter/vSphere%20ESX
- Separate login from the navigation
- Direct guide followers to the right spot with a little more elaboration on the instructions. "Via the triple horizontal line menu at the upper left side of the screen and select "Infrastructure." Select the "Clouds" menu item from the top screen menu. Next, click on the "Create" button on the right side of the screen above the list of Clouds. In the resulting drop down menu, select "VMware vCenter/vSphere ESX"

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Under%20the%20Infrastructure%20pane%2C%20provide%20vCenter%20Address%2C%20username%2C%20and%20passwordand%20set%20AccessPermission%C2%A0to%20%22Write%22%20and%20click%20on%20Next
- Split into multiple statements and fix spacing.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Under%20the%20Datacenter%C2%A0pane%2C%20Choose%20the%20Datacenter%20for%20NSX%20ALB%20to%20discover%20Infrastructure%20resources
- Too many references to "Datacenter" make this statement confusing. Consider: "Under the Data Center step of the wizard, click the drop down list labeled "Data Center" to select the vSphere Data Center you plan to install your Tanzu Kubernetes Grid Management Cluster and workload clusters to."
- Also, this screen shot looks like it was taken "outside" of the creation wizard. This could lead to confusion as it wouldn't match what a guide follower would actually see.
- Tell the user to click next.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Under%20the%20Networkpane%2C%20choose%20the%20NSX%20ALB%20ManagementNetworkfor%20Service%20Engines%20and%20provide%20a%20StaticIPpoolfor%20SEs%20and%20VIP%20and%20click%20on%20Complete
- Spacing issues
- Consider: "Under the Network step of the wizard, click the drop down list labeled "Management Network" and select the network labelled "NSX ALB Management" in the worksheet at the beginning of this guide."
- Also, this screen shot looks like it was taken "outside" of the creation wizard. This could lead to confusion as it wouldn't match what a guide follower would actually see.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Service%20Engine%20Grouptab
- Spacing

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=To%20create%20a%20Service%20Engine%20group%20for%20TKG%20management%20clusters%2C%20click%20on%20the%20Service%20Engine%20Grouptab%2C%20under%20Select%20Cloud%2C%20choose%20the%20Cloud%20created%20in%20the%20previous%20step%2C%20and%20click%20Create
- Consider: "Next, we need to create a Service Engine group for the TKG Management Cluster. Click on the "Service Engine Group" menu item at the top of the screen. In the drop down list at the top of the page labeled "Select Cloud:", select the name of the Cloud that you created in the previous step. Click the "Create" button on the far right side of the screen.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=only%20management%20Network%20has%20been%20configured%20in%20NSX%20ALB%2C%20follow%20the%20below%20procedure%20to%20configure%20the%20following%20networks
- Consider changing to: "only the NSX ALB Management Network has been configured so far. Follow the procedure below to configure the remaining networks:"

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Login%20to%20NSX%20ALB%20%3E%20Infrastructure%3E%20Networks
- Consider changing to: "Login to the NSX ALB Controller if needed. Then, click on the triple horizontal line menu at the upper left side of the screen and select "Infrastructure." Select the "Networks" menu item from the top screen menu."

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Click%20on%20the%20edit%20icon%20next%20for%20the%20network%20and%20configure%20as%20below.%20Change%20the%20details%20provided%20below%20as%20per%20tour%20SDDC%20configuration
- Consider changing to: "For each of the additional networks to configure from the list in the start of this section, click the edit icon next to the cooresponding port group for each network. Change the settings of each network using the below table as a guide. The subnet and static IP pool will be unique to your particular networking requirements."

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=networks%2C%20for%20example%3A-,%E2%80%9Ctkg_cluster_vip_pg%E2%80%9D,-Once%20the%20networks
- Use the network name here instead of the port group.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Once%20the%20networks%20are%20configured%2C%20set%20the%20default%20routes%20for%20all%20VIP/Data%20networks
- Consider: "Now you need to set the default routes for all VIP Networks.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=add%20default%20routes-,for%20below%20networks,-Change%20the%20gateway
- Consider: "for the port groups cooresponding with the VIP networks identified at the beginning of this guide."

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Change%20the%20gateway%20for%20VIP%20networks%20as%20per%20your%20network%20configurations
- Consider: "The table below is just an example. You port group, gateway and next hop settings will be unique to your installation environment"

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=in%20NSX%20ALB%2C-,expect,-for%20TKG%20Management
- Should be "except"

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=At%20this%20point%20all%20the%20required%20networks%20related%20to%20Tanzu%20functionality%20are%20configured%20in%20NSX%20ALB%2C%20expect%20for%20TKG%20Management%20and%20Workload%20Network%20which%20uses%20DHCP%2C%20NSX%20ALB%20provides%20IPAM%20service%20for%20TKG%20Cluster%20VIP%20Network%2C%20TKG%20Mgmt%20VIP%20Network%20and%20TKG%20Workload%20VIP%20Network
- This sentence needs to be broken out into multiple sentences.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Follow%20below%20procedure%20to%20create%20IPAM%20profile%20and%20once%20created%20attach%20it%20to%20the%20vCenter%20cloud%20created%20earlier
- Consider: "Follow the procedure below to create an IPAM profile and attach it the the vCenter Cloud you created earlier."

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Login%20to%20NSX%20ALB%20%3E%20Infrastructure%3E%20Templates%3E%20IPAM/DNS%20Profiles%3E%20Create%C2%A0%3E%C2%A0IPAM%20Profileand%20provide%20below%20details%20and%20click%20on%20Save
- Consider: "Login to the NSX ALB Controller if needed. Then, click on the triple horizontal line menu at the upper left side of the screen and select "Templates." Select the "Profiles" menu item from the top screen menu. Select the "IPAM/DNS Profiles" sub menu item from the top screen menu.
Next, click on the "Create" button, and select "IPAM Profile" from the drop down list.
Use the settings below to fill out the resulting form."

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Tanzu-vcenter-01%2C%20created%20here
- This should reference whatever cloud name the guide follower chose for their cloud.

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Now%20attach%20the%20IPAM%20profile%20to%20the%20%E2%80%9Ctanzu-vcenter-01%E2%80%9D%20cloud
- Consider: "Now you need to attach the IPAM profile you just created to the Cloud you created earlier."

https://docs-staging.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-vmware-tanzu-deployment-on-vsphere.html#:~:text=Navigate%20to%20Infrastructure%3E%20Clouds%3E%20Edit%20the%20tanzu-vcenter-01cloud%20%3E%20Under%20IPAM%20Profile%20choose%20the%20profile%20created%20in%20previous%20step%20and%20Save%C2%A0the%20configuration
- Consider: "Click on the triple horizontal line menu at the upper left side of the screen and select "Infrastructure." Select the "Clouds" menu item from the top screen menu. Edit the Cloud you created earlier by clicking the pencil icon on the right side of the screen that cooresponds to the row that contains your Cloud name.
At the bottom of the "Infrastructure" tab in the resulting dialog, click the drop down list labeled "IPAM-Profile" and select the IPAM Profile you just created.
Click the "Save" button at the bottom right corner of the dialog."

vmware-tanzu-deployment-on-vsphere.md has a large number of broken anchor links in the Markdown. Ensure that these links are correct.

I was viewing the instructions here:
https://github.com/vmware-tanzu-labs/tanzu-validated-solutions/blob/main/src/deployment-guides/tko-aws.md

I think a better delivery artifact here would be a base terraform that does all of these things. A best practice and validated solution in my opinion should be showing how to build the system using configuration-as-code concepts so they may be easily adapted in new and existing engagements. While manual aws-cli commands are useful in illustrating the dependencies, I think walking through a Terraform module would be more useful and applicable to how these systems are used in the real world.

There's been multiple engagements where this has already been done so I suspect it could be copied and adapted with minimal changes. I have non-scrubbed Terraform code over in vmware-tanzu-labs/tkg-ag-solution. It expects a pre-existing transit-gateway to bind to, but should be adaptable enough if you need a starting point.

For eg: this section has 12 steps and its not easy to find where the user has to find this option and which portal he has to be on etc. Through out the documentation there is no screenshots or images for users to follow it easily.

Verbose steps are overwhelming for users to follow.

Re Deploy Tanzu for Kubernetes Operations using vSphere with Tanzu deployment guide, need to update the Controller Node configuration section with current screen shot for changing Default-Cloud type to Vmware vCenter/vSphere ESX. See attached image.

All references to "Tanzu for Kubernetes Operations" should have a capital "O" for operations.

@z4ce - as per our discussion, these are the additions I was recommending to include for IPAM and IP considerations

In the NSX Advanced Load Balancer Operator (AVI Kubernetes Operator) section of the docs I think we could clarify further where it says:
Ensure that, during network planning, you allocate additional IP space for the Service Engines to obtain DHCP leases. If your Service Engine is also providing load balancing services for your management cluster you must account for two IP addresses per Service Engine on the management network.

You must account for two IP addresses per Service Engine, one management plane and one data plane:

• If the Service Engine is providing load balancing services a workload cluster then you must account for 1 IP address on the management network and 1 IP address on the corresponding TKG guest cluster network.
• If the Service Engine is providing load balancing services for your management cluster you must account for two IP addresses per Service Engine on the management network.

The VIP addresses are to be accounted on top of that.

Once the base RA & Deployment Guides have been published, the documents should be updated to include Azure native options from an integration perspective. The following Azure services should be considered as part of this update.

• Azure KeyVault (SSH Key storage)
• Azure Data Disks (Shared Storage Pools for Workload Cluster)
• Azure Log Analytics (Replacement for Observability)
• Azure DNS for Node naming (Private DNS Zones)
• Azure Bastion as a Jump Box into a locked down Bootstrap
• Azure Database Services with Private Link or Private Endpoint (Azure SQL, MySQL, MariaDB, or PostgreSQL and CosmosDB)
• VM Scale Sets and AutoScaling

Needs to include details on TMC/TO/TSM consumption through CPN (Cloud Partner Navigator).

Phase 1 should be focused on Tanzu Standard (TKGm) + VCD + CPN.
Phase 2 should expand to include remaining parts of TKO (TMC, TO, NSX ALB).

I noticed we mention LDAP in the title of the Pinniped section, but there is no other mention in the doc. Everything is OIDC related only.

Also here's a more detailed diagram that shows the differences that exist today on how the LDAP and OIDC integrations happen. Also more detail on the client component to reflect the Tanzu CLI involvement
https://onevmw.sharepoint.com/:i:/s/TKG-TSL/EZph_9wBnMRNnRXzh0E7e6EBAjR68AIjUMQsXEGg3iws9w?e=1f6h55
This is compliant with both TKGm 1.3.1 and 1.4.0 versions

1. Why talk about prometheus and grafana. TKO includes TO. Assume full TKO purchase in the RA.
2. Should be clear in terms of deploy TO via TMC
3. Should talk about the Avi TO Integration and setting that up

Pinniped Content is not there into Reference design of - VMC/AWS , vSphere with vds /nsx-t versions. Please add Pinniped section into RA design doc

We should have an architecture where TKG node networks are in private, non-routable networks and the only corporate or routable IPs are ingress through through AVI and egress through SNAT.

Per conversations with field, we should stop recommending a network per cluster for TKG. Instead, we should recommend a network per boundary. For example, a network for general internal apps, PCI apps, DMZ apps, etc

1. Says you should "attach" supervisor cluster and TKCs. Should actually register and mange.
2. Why reference Tanzu Mission Control Standard when you are talking about TKO which includes TMC Advanced.

The Readme file contains overview content for RA. The content needs to be replaced with content that provides context and structure of the repository and relevant information for a contributor.

Once the base RA & Deployment Guides have been published, the documents should be updated to include AWS native options from an integration perspective. The following AWS services should be considered as part of this update.

• Key Management Service (SSH Key storage)
• Elastic Block Store (Shared Storage Pools for Workload Cluster)
• AWS CloudWatch (Replacement for Observability)
• Database Services with Private Link or Private Endpoint (SQL Server, MySQL, MariaDB, or PostgreSQL and Document DB)
• EC2 AutoScaling
• Multi-AZ Deployment

This is feedback for the content published here: https://docs.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-reference-designs-tko-on-vsphere.html

The diagram under The following diagram shows the architecture of Tanzu for Kubernetes Operations: should be corrected on a couple of items:

• There is no component called NSX-ALB Ingress Operator The component name is AKO (AVI Kubernetes Operator)
• That AKO component also runs in the Management Cluster on TKG 1.4
• The Management Cluster also as an AKO Operator (AKOO) component (core add-on since TKG 1.4)

Avi Enterprise key value proposition is ingress services.

TKO includes Avi Enterprise and for this RA specifically, it should be written based upon Avi Enterprise use for Layer 7 load balancing.

I recognize that the integrations are a big confusing right now, but this RA should show the current state of how to work within the current integrations.

1. I don't think the following sentence is true "The Supervisor Cluster leverages NSX Advanced Load Balancer (NSX ALB) to provide L4 load balancing for the Tanzu Kubernetes Clusters and L7 ingress to the applications deployed in the Tanzu Kubernetes Clusters"
2. Need better explanation of deploying AKO on workload clusters. And recommendation to use ClusterIP for Layer 7. Then that you need to create service engine groups for each vSphere namespace. And that each TKC within the vSphere namespace should have non-overlapping cluster IP CIDR. The network overview picture should show AVI SEs in the workload /24 for layer 7
3. Should be overt and opinionated about using AVI for ingress. The intro to https://docs.vmware.com/en/VMware-Tanzu/services/tanzu-reference-architecture/GUID-reference-designs-tko-on-vsphere-with-tanzu.html#kubernetes-ingress-routing-16 is weak in this opinion. Given this is TKO and TKO includes Avi Enterprise, it should not be weak.

https://github.com/vmware-tanzu-labs/tanzu-validated-solutions/blob/main/src/deployment-guides/tko-on-azure.md

For TKG 1.4 this should be using the tanzu package install and not the extensions from 1.3.

Unpack the manifest using the following command.
tar -xzf tkg-extensions-manifests-v1.3.1-vmware.1.tar.gz

Many links, particularly in vmware-tanzu-deployment-on-vsphere.md, are wrapped in google URL redirects:

Go to the [Tanzu Kubernetes Grid downloads](https://www.google.com/url?q=https://customerconnect.vmware.com/en/downloads/details?downloadGroup%3DTKG-140%26productId%3D988%26rPId%3D49705&sa=D&source=editors&ust=1635189097976000&usg=AOvVaw2FaUWoKxaojWynsUGAFoRa) page, and download a Tanzu Kubernetes Grid OVA for the cluster nodes.

Remove google redirects from these links.

We should provide additional guidance concerning the management cluster.

• What are the functions handled by the management cluster?
• Can users add workloads to this cluster?
• Are there business continuity concerns to think about? (ie. backup and restore)

I think it would be handy to have some additional contribution guidelines for PR's:

• do we need commits squashed?
• detailed summary and description for PR?
• how many reviews, and/or by whom?

https://github.com/vmware-tanzu-labs/tanzu-validated-solutions/blob/main/src/deployment-guides/tko-on-azure.md

Please provide and example set of quota specific requirements, similar to the published Azure getting started guide here:

https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.4/vmware-tanzu-kubernetes-grid-14/GUID-mgmt-clusters-azure.html#general-requirements-1

Current text of "When deploying TKG to Azure you will need to make sure your quotas are sufficient to support both the Management Cluster and Workload Cluster deployments otherwise the deployments will fail. The following quotas will likely need to be increased from their default values." is vague.