The Tanzu CLI can be installed either from pre-built binary releases from its GitHub project, or via popular package managers like Homebrew, apt and yum/dnf.
Note: The following instructions assume the user does not have any legacy
version of the Tanzu CLI installed. The use of package managers for
installation typically means they would manage the installation of the CLI
binary to a path specific to the package managers. There is a chance in some
cases that the path of the binary could conflict with an already installed
legacy tanzu binary of the same name. Hence, should the user wish to retain
the use of the legacy CLI, the user should take the necessary steps to maintain
a separate copy of the binary and adjust the paths to these multiple binaries
accordingly.
Every release of the Tanzu CLI provides separate binary releases for a variety of OS's and machine architectures. You only need to install the CLI itself. Note that the other assets present in each release provide access to the administrative plugins; however, the CLI can install these plugins directly without having to manually download these particular assets, which are only provided for convenience.
- Download the desired version. We recommend picking the latest release of the major version of the CLI you want to use. You should choose the asset of the form
tanzu-cli-OS-ARCH.tar.gz. - Unpack it (e.g.
tar -zxvf tanzu-cli-darwin-amd64.tar.gz) - Find the
tanzubinary in the unpacked directory, move it to its desired location in your $PATH destination (mv v0.90.0/tanzu-cli-darwin_amd64 /usr/local/bin/tanzu), provide it executable permission (chmod u+x /usr/local/bin/tanzu) if necessary. - Verify the correct version of CLI is properly installed:
tanzu version
A recent, supported version of the Tanzu CLI is also available for install through the following package managers:
(Available at the first alpha release)
brew update
brew install vmware-tanzu/tanzu/tanzu-cliThe Chocolatey package is not available yet.
choco install tanzu-cli(Available at the first alpha release)
Note: The current APT package is not signed and will cause security warnings. This will be fixed very soon.
sudo apt-get update
sudo apt-get install -y ca-certificates
echo "deb https://storage.googleapis.com/tanzu-cli-os-packages/apt tanzu-cli-jessie main" | sudo tee /etc/apt/sources.list.d/tanzu.list
sudo apt update --allow-insecure-repositories
sudo apt-get install tanzu-cli(Available at the first alpha release)
Note: The current yum/dnf package is not signed and will cause security warnings. This will be fixed very soon.
cat << EOF | sudo tee /etc/yum.repos.d/tanzu-cli.repo
[tanzu-cli]
name=Tanzu CLI
baseurl=https://storage.googleapis.com/tanzu-cli-os-packages/rpm/tanzu-cli
enabled=1
gpgcheck=0
EOF
sudo yum install tanzu-cli # dnf install can also be usedCustomer Experience Improvement Program (CEIP) Prompt :
The Tanzu CLI prompts the user for CEIP participation on their first use of any tanzu command
except for tanzu version, tanzu ceip-participation set and tanzu config set commands.
Users installing/using the CLI through CI or by any automation means should be able to skip the prompt by
calling tanzu ceip-participation set <true/false> as their first command to set the CEIP participation status.
You can install the Tanzu CLI in the internet-restricted environments by downloading the Tanzu CLI Binary from Github Release and copy it to the internet-restricted environment. Once copied follow the steps mentioned here to install the Tanzu CLI.
The Tanzu CLI allows users to install and run CLI plugins in internet-restricted environments (which means air-gapped environments, with no physical connection to the Internet). To run the Tanzu CLI in internet-restricted environments a private Docker-compatible container registry such as Harbor, Docker, or Artifactory is required.
Once the private registry is set up, the operator of the private registry can migrate plugins from the publicly available registry to the private registry using the below-mentioned steps:
- Download the plugin-inventory image along with all selected plugin images
as a
tar.gzfile on the local disk of a machine which has internet access using thetanzu plugin download-bundlecommand. - Copy this
tar.gzfile to the air-gapped network (using a USB drive or other mechanism). - Upload the plugin bundle
tar.gzto the air-gapped private registry using thetanzu plugin upload-bundlecommand.
You can download all plugins within the default central repository by running the following command:
tanzu plugin download-bundle --to-tar /tmp/plugin_bundle_complete.tar.gzHowever, If you want to just migrate plugins within specific plugin groups
(e.g. vmware-tkg/default:v2.1.0) you can run the below command to download
the plugin bundle containing only plugins from specified groups:
tanzu plugin download-bundle --group vmware-tkg/default:v2.1.0 --to-tar /tmp/plugin_bundle_tkg_v2_1_0.tar.gzTo migrate plugins from the specific plugin repository and not use the default
plugin repository you can provide a --image flag with the above command. Example:
tanzu plugin download-bundle
--image custom.repo.example.com/tanzu-cli/plugins/plugin-inventory:latest
--group vmware-tkg/default:v2.1.0
--to-tar /tmp/plugin_bundle_tkg_v2_1_0.tar.gzOnce you download the plugin bundle as a tar.gz file and copy the file to the
air-gapped network, you can run the following command to migrate plugins to the
private registry (e.g. registry.example.com/tanzu-cli/plugin).
Note: If you private registry is using self-signed certificates please configure certs for the registry as mentioned here.
tanzu plugin upload-bundle --tar /tmp/plugin_bundle_complete.tar.gz --to-repo `registry.example.com/tanzu-cli/plugin`The above-mentioned command uploads the plugin bundle to the provided private
repository location with the image name plugin-inventory:latest. So for the
above example, the plugin inventory image will be published to
registry.example.com/tanzu-cli/plugin/plugin-inventory:latest.
Please note that tanzu plugin upload-bundle uploads the plugins by adding them
to any plugin-inventory already present in the private registry. That means if you have already uploaded
any plugins to the specified private repository, it will keep the existing
plugins and append new plugins from the plugin bundle provided.
You can use this image and configure the default discovery source to point to this image by running the following command:
tanzu plugin source update default --uri registry.example.com/tanzu-cli/plugin/plugin-inventory:latestNow, the Tanzu CLI should be able to discover plugins from this newly configured
private plugin discovery source. Verify that plugins are discoverable by
running the tanzu plugin search, tanzu plugin group search, and
tanzu plugin install commands.
If a user has configured a central repository on a custom registry (e.g. air-gaped environment) with a self-signed CA or
if the
registry CA
certificate is expired, the user can execute the tanzu config cert family of commands to configure the certificate for
the registry host.
# If the registry host is self-signed add CA certificate for the registry
tanzu config cert add --host test.registry.com --ca-certificate path/to/ca/cert
# If the registry is self-signed and is serving on non-default port add CA certificate for the registry
tanzu config cert add --host test.registry.com:8443 --ca-certificate path/to/ca/cert
# If the registry is self-signed or CA cert is expired, add cert configuration for the registry host with
# skip-cert-verify option
tanzu config cert add --host test.registry.com --skip-cert-verify true
# Set to allow insecure (http) connection while interacting with host
tanzu config cert add --host test.registry.com --insecure true
The CLI uses the certificate configuration added for the registry host (using tanzu config cert add command ) while
interacting with the registry.
Users can update or delete the certificate configuration using the tanzu config cert update
and tanzu config cert delete commands.
Also, users can list the certificate configuration using the tanzu config cert list command.